Struct selinux_policy::Policy

source · 
pub struct Policy<PS: ParseStrategy>(/* private fields */);

Implementations§

source§

impl<PS: ParseStrategy> Policy<PS>

source

pub fn policy_version(&self) -> u32

The policy version stored in the underlying binary policy.

source

pub fn handle_unknown(&self) -> &HandleUnknown

The way “unknown” policy decisions should be handed according to the underlying binary policy.

source

pub fn conditional_booleans<'a>(&'a self) -> Vec<(&'a [u8], bool)>

source

pub fn initial_context(&self, id: InitialSid) -> SecurityContext

Returns the SecurityContext defined by this policy for the specified well-known (or “initial”) Id.

source

pub fn parse_security_context( &self, security_context: &[u8] ) -> Result<SecurityContext, SecurityContextError>

Returns a SecurityContext with fields parsed from the supplied Security Context string.

source

pub fn serialize_security_context( &self, security_context: &SecurityContext ) -> Vec<u8>

Returns a byte string describing the supplied SecurityContext.

source

pub fn new_file_security_context( &self, source: &SecurityContext, target: &SecurityContext, class: &FileClass ) -> Result<SecurityContext, NewSecurityContextError>

Returns the security context that should be applied to a newly created file-like SELinux object according to source and target security contexts, as well as the new object’s class. Returns an error if the security context for such an object is not well-defined by this Policy.

source

pub fn new_security_context( &self, source: &SecurityContext, target: &SecurityContext, class: &ObjectClass ) -> Result<SecurityContext, NewSecurityContextError>

Returns the security context that should be applied to a newly created SELinux object according to source and target security contexts, as well as the new object’s class. Defaults to the source security context if the policy does not specify transitions or defaults for the source, target or class components.

Returns an error if the security context for such an object is not well-defined by this Policy.

source

pub fn is_explicitly_allowed( &self, source_type: TypeId, target_type: TypeId, permission: Permission ) -> Result<bool, QueryError>

Returns whether the input types are explicitly granted permission via an allow [...]; policy statement.

§Panics

If supplied with type Ids not previously obtained from the Policy itself; validation ensures that all such Ids have corresponding definitions.

source

pub fn is_explicitly_allowed_custom( &self, source_type: TypeId, target_type: TypeId, target_class_name: &str, permission_name: &str ) -> Result<bool, QueryError>

Returns whether the input types are explicitly granted the permission named permission_name via an allow [...]; policy statement, or an error if looking up the input types fails. This is the “custom” form of this API because permission_name is associated with a selinux_common::AbstractPermission::Custom::permission value.

§Panics

If supplied with type Ids not previously obtained from the Policy itself; validation ensures that all such Ids have corresponding definitions.

source

pub fn compute_explicitly_allowed( &self, source_type: TypeId, target_type: TypeId, object_class: ObjectClass ) -> Result<AccessVector, QueryError>

Computes the access vector that associates type source_type_name and target_type_name via an explicit allow [...]; statement in the binary policy. Computes AccessVector::NONE if no such statement exists.

source

pub fn compute_explicitly_allowed_custom( &self, source_type: TypeId, target_type: TypeId, target_class_name: &str ) -> Result<AccessVector, QueryError>

Computes the access vector that associates type source_type_name and target_type_name via an explicit allow [...]; statement in the binary policy. Computes AccessVector::NONE if no such statement exists. This is the “custom” form of this API because target_class_name is associated with a selinux_common::AbstractObjectClass::Custom value.

Trait Implementations§

source§

impl<PS: ParseStrategy> AccessVectorComputer for Policy<PS>

source§

fn access_vector_from_permission<P: ClassPermission + Into<Permission> + 'static>( &self, permission: P ) -> AccessVector

Returns an AccessVector with a single bit set that corresponds to permission.
source§

fn access_vector_from_permissions<'a, P: ClassPermission + Into<Permission> + 'static, PI: IntoIterator<Item = P>>( &self, permissions: PI ) -> AccessVector

Computes an AccessVector where the only bits set are those that correspond to all permissions. This operation fails if permissions contain permissions that refer to different object classes because an access vector specifies permission bits associated with one specific object class.
source§

impl<PS: Debug + ParseStrategy> Debug for Policy<PS>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<PS> Freeze for Policy<PS>
where PS: PartialEq + Debug, <PS as ParseStrategy>::Output<Magic>: Freeze, <PS as ParseStrategy>::Output<PolicyVersion>: Freeze, <PS as ParseStrategy>::Output<Counts>: Freeze, <PS as ParseStrategy>::Output<U32<LittleEndian>>: Freeze, <PS as ParseStrategy>::Output<SignatureMetadata>: Freeze, <PS as ParseStrategy>::Slice<u8>: Freeze, <PS as ParseStrategy>::Output<Metadata>: Freeze, <PS as ParseStrategy>::Slice<MapItem>: Freeze, <PS as ParseStrategy>::Output<Metadata>: Freeze, <PS as ParseStrategy>::Slice<RoleTransition>: Freeze, <PS as ParseStrategy>::Slice<RoleAllow>: Freeze,

§

impl<PS> RefUnwindSafe for Policy<PS>
where PS: PartialEq + Debug + RefUnwindSafe, <PS as ParseStrategy>::Output<Magic>: RefUnwindSafe, <PS as ParseStrategy>::Output<PolicyVersion>: RefUnwindSafe, <PS as ParseStrategy>::Output<Counts>: RefUnwindSafe, <PS as ParseStrategy>::Output<U32<LittleEndian>>: RefUnwindSafe, <PS as ParseStrategy>::Output<SignatureMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Slice<u8>: RefUnwindSafe, <PS as ParseStrategy>::Output<Metadata>: RefUnwindSafe, <PS as ParseStrategy>::Slice<MapItem>: RefUnwindSafe, <PS as ParseStrategy>::Output<Metadata>: RefUnwindSafe, <PS as ParseStrategy>::Slice<RoleTransition>: RefUnwindSafe, <PS as ParseStrategy>::Slice<RoleAllow>: RefUnwindSafe, <PS as ParseStrategy>::Output<AccessVectorMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<PortMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<[U32<LittleEndian>; 4]>: RefUnwindSafe, <PS as ParseStrategy>::Output<RangeTransitionMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ClassDefaults>: RefUnwindSafe, <PS as ParseStrategy>::Output<SpecifiedDriverPermissions>: RefUnwindSafe, <PS as ParseStrategy>::Output<DeprecatedFilenameTransitionMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ContextMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<FsUseMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<TypeMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ConditionalBooleanMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<CategoryMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ConditionalNodeMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Slice<ConditionalNodeDatum>: RefUnwindSafe, <PS as ParseStrategy>::Output<InfinitiBandEndPortMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ClassValidateTransitionsCount>: RefUnwindSafe, <PS as ParseStrategy>::Output<RoleStaticMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<UserMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<SensitivityStaticMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<CommonSymbolStaticMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<PermissionMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ConstraintMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ClassMetadata>: RefUnwindSafe, <PS as ParseStrategy>::Output<ConstraintCount>: RefUnwindSafe,

§

impl<PS> Send for Policy<PS>
where PS: PartialEq + Debug + Send, <PS as ParseStrategy>::Output<Magic>: Send, <PS as ParseStrategy>::Output<PolicyVersion>: Send, <PS as ParseStrategy>::Output<Counts>: Send, <PS as ParseStrategy>::Output<U32<LittleEndian>>: Send, <PS as ParseStrategy>::Output<SignatureMetadata>: Send, <PS as ParseStrategy>::Slice<u8>: Send, <PS as ParseStrategy>::Output<Metadata>: Send, <PS as ParseStrategy>::Slice<MapItem>: Send, <PS as ParseStrategy>::Output<Metadata>: Send, <PS as ParseStrategy>::Slice<RoleTransition>: Send, <PS as ParseStrategy>::Slice<RoleAllow>: Send, <PS as ParseStrategy>::Output<AccessVectorMetadata>: Send, <PS as ParseStrategy>::Output<PortMetadata>: Send, <PS as ParseStrategy>::Output<[U32<LittleEndian>; 4]>: Send, <PS as ParseStrategy>::Output<RangeTransitionMetadata>: Send, <PS as ParseStrategy>::Output<ClassDefaults>: Send, <PS as ParseStrategy>::Output<SpecifiedDriverPermissions>: Send, <PS as ParseStrategy>::Output<DeprecatedFilenameTransitionMetadata>: Send, <PS as ParseStrategy>::Output<ContextMetadata>: Send, <PS as ParseStrategy>::Output<FsUseMetadata>: Send, <PS as ParseStrategy>::Output<TypeMetadata>: Send, <PS as ParseStrategy>::Output<ConditionalBooleanMetadata>: Send, <PS as ParseStrategy>::Output<CategoryMetadata>: Send, <PS as ParseStrategy>::Output<ConditionalNodeMetadata>: Send, <PS as ParseStrategy>::Slice<ConditionalNodeDatum>: Send, <PS as ParseStrategy>::Output<InfinitiBandEndPortMetadata>: Send, <PS as ParseStrategy>::Output<ClassValidateTransitionsCount>: Send, <PS as ParseStrategy>::Output<RoleStaticMetadata>: Send, <PS as ParseStrategy>::Output<UserMetadata>: Send, <PS as ParseStrategy>::Output<SensitivityStaticMetadata>: Send, <PS as ParseStrategy>::Output<CommonSymbolStaticMetadata>: Send, <PS as ParseStrategy>::Output<PermissionMetadata>: Send, <PS as ParseStrategy>::Output<ConstraintMetadata>: Send, <PS as ParseStrategy>::Output<ClassMetadata>: Send, <PS as ParseStrategy>::Output<ConstraintCount>: Send,

§

impl<PS> Sync for Policy<PS>
where PS: PartialEq + Debug + Sync, <PS as ParseStrategy>::Output<Magic>: Sync, <PS as ParseStrategy>::Output<PolicyVersion>: Sync, <PS as ParseStrategy>::Output<Counts>: Sync, <PS as ParseStrategy>::Output<U32<LittleEndian>>: Sync, <PS as ParseStrategy>::Output<SignatureMetadata>: Sync, <PS as ParseStrategy>::Slice<u8>: Sync, <PS as ParseStrategy>::Output<Metadata>: Sync, <PS as ParseStrategy>::Slice<MapItem>: Sync, <PS as ParseStrategy>::Output<Metadata>: Sync, <PS as ParseStrategy>::Slice<RoleTransition>: Sync, <PS as ParseStrategy>::Slice<RoleAllow>: Sync, <PS as ParseStrategy>::Output<AccessVectorMetadata>: Sync, <PS as ParseStrategy>::Output<PortMetadata>: Sync, <PS as ParseStrategy>::Output<[U32<LittleEndian>; 4]>: Sync, <PS as ParseStrategy>::Output<RangeTransitionMetadata>: Sync, <PS as ParseStrategy>::Output<ClassDefaults>: Sync, <PS as ParseStrategy>::Output<SpecifiedDriverPermissions>: Sync, <PS as ParseStrategy>::Output<DeprecatedFilenameTransitionMetadata>: Sync, <PS as ParseStrategy>::Output<ContextMetadata>: Sync, <PS as ParseStrategy>::Output<FsUseMetadata>: Sync, <PS as ParseStrategy>::Output<TypeMetadata>: Sync, <PS as ParseStrategy>::Output<ConditionalBooleanMetadata>: Sync, <PS as ParseStrategy>::Output<CategoryMetadata>: Sync, <PS as ParseStrategy>::Output<ConditionalNodeMetadata>: Sync, <PS as ParseStrategy>::Slice<ConditionalNodeDatum>: Sync, <PS as ParseStrategy>::Output<InfinitiBandEndPortMetadata>: Sync, <PS as ParseStrategy>::Output<ClassValidateTransitionsCount>: Sync, <PS as ParseStrategy>::Output<RoleStaticMetadata>: Sync, <PS as ParseStrategy>::Output<UserMetadata>: Sync, <PS as ParseStrategy>::Output<SensitivityStaticMetadata>: Sync, <PS as ParseStrategy>::Output<CommonSymbolStaticMetadata>: Sync, <PS as ParseStrategy>::Output<PermissionMetadata>: Sync, <PS as ParseStrategy>::Output<ConstraintMetadata>: Sync, <PS as ParseStrategy>::Output<ClassMetadata>: Sync, <PS as ParseStrategy>::Output<ConstraintCount>: Sync,

§

impl<PS> Unpin for Policy<PS>
where PS: PartialEq + Debug + Unpin, <PS as ParseStrategy>::Output<Magic>: Unpin, <PS as ParseStrategy>::Output<PolicyVersion>: Unpin, <PS as ParseStrategy>::Output<Counts>: Unpin, <PS as ParseStrategy>::Output<U32<LittleEndian>>: Unpin, <PS as ParseStrategy>::Output<SignatureMetadata>: Unpin, <PS as ParseStrategy>::Slice<u8>: Unpin, <PS as ParseStrategy>::Output<Metadata>: Unpin, <PS as ParseStrategy>::Slice<MapItem>: Unpin, <PS as ParseStrategy>::Output<Metadata>: Unpin, <PS as ParseStrategy>::Slice<RoleTransition>: Unpin, <PS as ParseStrategy>::Slice<RoleAllow>: Unpin, <PS as ParseStrategy>::Output<AccessVectorMetadata>: Unpin, <PS as ParseStrategy>::Output<PortMetadata>: Unpin, <PS as ParseStrategy>::Output<[U32<LittleEndian>; 4]>: Unpin, <PS as ParseStrategy>::Output<RangeTransitionMetadata>: Unpin, <PS as ParseStrategy>::Output<ClassDefaults>: Unpin, <PS as ParseStrategy>::Output<SpecifiedDriverPermissions>: Unpin, <PS as ParseStrategy>::Output<DeprecatedFilenameTransitionMetadata>: Unpin, <PS as ParseStrategy>::Output<ContextMetadata>: Unpin, <PS as ParseStrategy>::Output<FsUseMetadata>: Unpin, <PS as ParseStrategy>::Output<TypeMetadata>: Unpin, <PS as ParseStrategy>::Output<ConditionalBooleanMetadata>: Unpin, <PS as ParseStrategy>::Output<CategoryMetadata>: Unpin, <PS as ParseStrategy>::Output<ConditionalNodeMetadata>: Unpin, <PS as ParseStrategy>::Slice<ConditionalNodeDatum>: Unpin, <PS as ParseStrategy>::Output<InfinitiBandEndPortMetadata>: Unpin, <PS as ParseStrategy>::Output<ClassValidateTransitionsCount>: Unpin, <PS as ParseStrategy>::Output<RoleStaticMetadata>: Unpin, <PS as ParseStrategy>::Output<UserMetadata>: Unpin, <PS as ParseStrategy>::Output<SensitivityStaticMetadata>: Unpin, <PS as ParseStrategy>::Output<CommonSymbolStaticMetadata>: Unpin, <PS as ParseStrategy>::Output<PermissionMetadata>: Unpin, <PS as ParseStrategy>::Output<ConstraintMetadata>: Unpin, <PS as ParseStrategy>::Output<ClassMetadata>: Unpin, <PS as ParseStrategy>::Output<ConstraintCount>: Unpin,

§

impl<PS> UnwindSafe for Policy<PS>
where PS: PartialEq + Debug + UnwindSafe, <PS as ParseStrategy>::Output<Magic>: UnwindSafe, <PS as ParseStrategy>::Output<PolicyVersion>: UnwindSafe, <PS as ParseStrategy>::Output<Counts>: UnwindSafe, <PS as ParseStrategy>::Output<U32<LittleEndian>>: UnwindSafe, <PS as ParseStrategy>::Output<SignatureMetadata>: UnwindSafe, <PS as ParseStrategy>::Slice<u8>: UnwindSafe, <PS as ParseStrategy>::Output<Metadata>: UnwindSafe, <PS as ParseStrategy>::Slice<MapItem>: UnwindSafe, <PS as ParseStrategy>::Output<Metadata>: UnwindSafe, <PS as ParseStrategy>::Slice<RoleTransition>: UnwindSafe, <PS as ParseStrategy>::Slice<RoleAllow>: UnwindSafe, <PS as ParseStrategy>::Output<AccessVectorMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<PortMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<[U32<LittleEndian>; 4]>: UnwindSafe, <PS as ParseStrategy>::Output<RangeTransitionMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ClassDefaults>: UnwindSafe, <PS as ParseStrategy>::Output<SpecifiedDriverPermissions>: UnwindSafe, <PS as ParseStrategy>::Output<DeprecatedFilenameTransitionMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ContextMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<FsUseMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<TypeMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ConditionalBooleanMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<CategoryMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ConditionalNodeMetadata>: UnwindSafe, <PS as ParseStrategy>::Slice<ConditionalNodeDatum>: UnwindSafe, <PS as ParseStrategy>::Output<InfinitiBandEndPortMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ClassValidateTransitionsCount>: UnwindSafe, <PS as ParseStrategy>::Output<RoleStaticMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<UserMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<SensitivityStaticMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<CommonSymbolStaticMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<PermissionMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ConstraintMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ClassMetadata>: UnwindSafe, <PS as ParseStrategy>::Output<ConstraintCount>: UnwindSafe,

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.