SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [PATCH] libselinux: reindent selinux.h This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Thu, 31 May 2007 10:13:39 -0400 On Wed, 2007-05-30 at 19:41 -0400, Eamon Walsh wrote: > We say that C++ is considered harmful, yet we have allowed "extern C" > declarations to infect our header files and eat up 10% of every line. > > This claustrophobic madness must be stopped. While I don't object to the change, note that the next time someone runs 'make indent' on the tree, we'll be right back to where we were before. Unless we can make Lindent a bit smarter. > > Signed-off by: Eamon Walsh <ewalsh@tycho.nsa.gov> > > --- > > selinux.h \| 393 ++++++++++++++++++++++++++++++-------------------------------- > 1 file changed, 196 insertions(+), 197 deletions(-) > > Index: include/selinux/selinux.h > =================================================================== > --- include/selinux/selinux.h (revision 2445) > +++ include/selinux/selinux.h (working copy) > @@ -9,24 +9,24 @@ > #endif > > / Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. / > - extern int is_selinux_enabled(void); > +extern int is_selinux_enabled(void); > / Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. / > - extern int is_selinux_mls_enabled(void); > +extern int is_selinux_mls_enabled(void); > > - typedef char security_context_t;* > +typedef char security_context_t;* > > / Free the memory allocated for a context by any of the below get* calls. / > - extern void freecon(security_context_t con); > +extern void freecon(security_context_t con); > > / Free the memory allocated for a context array by security_compute_user. / > - extern void freeconary(security_context_t con);* > +extern void freeconary(security_context_t con);* > > / Wrappers for the /proc/pid/attr API. / > > / Get current context, and set con to refer to it. > Caller must free via freecon. /* > - extern int getcon(security_context_t con);* > - extern int getcon_raw(security_context_t con);* > +extern int getcon(security_context_t con);* > +extern int getcon_raw(security_context_t con);* > > / Set the current security context to con.* > Note that use of this function requires that the entire application > @@ -36,165 +36,165 @@ > instead. Note that the application may lose access to its open descriptors > as a result of a setcon() unless policy allows it to use descriptors opened > by the old context. /* > - extern int setcon(security_context_t con); > - extern int setcon_raw(security_context_t con); > +extern int setcon(security_context_t con); > +extern int setcon_raw(security_context_t con); > > / Get context of process identified by pid, and* > set con to refer to it. Caller must free via freecon. / > - extern int getpidcon(pid_t pid, security_context_t con);* > - extern int getpidcon_raw(pid_t pid, security_context_t con);* > +extern int getpidcon(pid_t pid, security_context_t con);* > +extern int getpidcon_raw(pid_t pid, security_context_t con);* > > / Get previous context (prior to last exec), and set con to refer to it. > Caller must free via freecon. /* > - extern int getprevcon(security_context_t con);* > - extern int getprevcon_raw(security_context_t con);* > +extern int getprevcon(security_context_t con);* > +extern int getprevcon_raw(security_context_t con);* > > / Get exec context, and set con to refer to it. > Sets con to NULL if no exec context has been set, i.e. using default.* > If non-NULL, caller must free via freecon. /* > - extern int getexeccon(security_context_t con);* > - extern int getexeccon_raw(security_context_t con);* > +extern int getexeccon(security_context_t con);* > +extern int getexeccon_raw(security_context_t con);* > > / Set exec security context for the next execve.* > Call with NULL if you want to reset to the default. /* > - extern int setexeccon(security_context_t con); > - extern int setexeccon_raw(security_context_t con); > +extern int setexeccon(security_context_t con); > +extern int setexeccon_raw(security_context_t con); > > / Get fscreate context, and set con to refer to it. > Sets con to NULL if no fs create context has been set, i.e. using default.* > If non-NULL, caller must free via freecon. /* > - extern int getfscreatecon(security_context_t con);* > - extern int getfscreatecon_raw(security_context_t con);* > +extern int getfscreatecon(security_context_t con);* > +extern int getfscreatecon_raw(security_context_t con);* > > / Set the fscreate security context for subsequent file creations.* > Call with NULL if you want to reset to the default. /* > - extern int setfscreatecon(security_context_t context); > - extern int setfscreatecon_raw(security_context_t context); > +extern int setfscreatecon(security_context_t context); > +extern int setfscreatecon_raw(security_context_t context); > > / Get keycreate context, and set con to refer to it. > Sets con to NULL if no key create context has been set, i.e. using default.* > If non-NULL, caller must free via freecon. /* > - extern int getkeycreatecon(security_context_t con);* > - extern int getkeycreatecon_raw(security_context_t con);* > +extern int getkeycreatecon(security_context_t con);* > +extern int getkeycreatecon_raw(security_context_t con);* > > / Set the keycreate security context for subsequent key creations.* > Call with NULL if you want to reset to the default. /* > - extern int setkeycreatecon(security_context_t context); > - extern int setkeycreatecon_raw(security_context_t context); > +extern int setkeycreatecon(security_context_t context); > +extern int setkeycreatecon_raw(security_context_t context); > > / Get sockcreate context, and set con to refer to it. > Sets con to NULL if no socket create context has been set, i.e. using default.* > If non-NULL, caller must free via freecon. /* > - extern int getsockcreatecon(security_context_t con);* > - extern int getsockcreatecon_raw(security_context_t con);* > +extern int getsockcreatecon(security_context_t con);* > +extern int getsockcreatecon_raw(security_context_t con);* > > / Set the sockcreate security context for subsequent socket creations.* > Call with NULL if you want to reset to the default. /* > - extern int setsockcreatecon(security_context_t context); > - extern int setsockcreatecon_raw(security_context_t context); > +extern int setsockcreatecon(security_context_t context); > +extern int setsockcreatecon_raw(security_context_t context); > > / Wrappers for the xattr API. / > > / Get file context, and set con to refer to it. > Caller must free via freecon. /* > - extern int getfilecon(const char path, security_context_t * con);* > - extern int getfilecon_raw(const char path, security_context_t * con);* > - extern int lgetfilecon(const char path, security_context_t * con);* > - extern int lgetfilecon_raw(const char path, security_context_t * con);* > - extern int fgetfilecon(int fd, security_context_t con);* > - extern int fgetfilecon_raw(int fd, security_context_t con);* > +extern int getfilecon(const char path, security_context_t * con);* > +extern int getfilecon_raw(const char path, security_context_t * con);* > +extern int lgetfilecon(const char path, security_context_t * con);* > +extern int lgetfilecon_raw(const char path, security_context_t * con);* > +extern int fgetfilecon(int fd, security_context_t con);* > +extern int fgetfilecon_raw(int fd, security_context_t con);* > > / Set file context / > - extern int setfilecon(const char path, security_context_t con);* > - extern int setfilecon_raw(const char path, security_context_t con);* > - extern int lsetfilecon(const char path, security_context_t con);* > - extern int lsetfilecon_raw(const char path, security_context_t con);* > - extern int fsetfilecon(int fd, security_context_t con); > - extern int fsetfilecon_raw(int fd, security_context_t con); > +extern int setfilecon(const char path, security_context_t con);* > +extern int setfilecon_raw(const char path, security_context_t con);* > +extern int lsetfilecon(const char path, security_context_t con);* > +extern int lsetfilecon_raw(const char path, security_context_t con);* > +extern int fsetfilecon(int fd, security_context_t con); > +extern int fsetfilecon_raw(int fd, security_context_t con); > > / Wrappers for the socket API / > > / Get context of peer socket, and set con to refer to it. > Caller must free via freecon. /* > - extern int getpeercon(int fd, security_context_t con);* > - extern int getpeercon_raw(int fd, security_context_t con);* > +extern int getpeercon(int fd, security_context_t con);* > +extern int getpeercon_raw(int fd, security_context_t con);* > > / Wrappers for the selinuxfs (policy) API. / > > - typedef unsigned int access_vector_t; > - typedef unsigned short security_class_t; > +typedef unsigned int access_vector_t; > +typedef unsigned short security_class_t; > > - struct av_decision { > - access_vector_t allowed; > - access_vector_t decided; > - access_vector_t auditallow; > - access_vector_t auditdeny; > - unsigned int seqno; > - }; > +struct av_decision { > + access_vector_t allowed; > + access_vector_t decided; > + access_vector_t auditallow; > + access_vector_t auditdeny; > + unsigned int seqno; > +}; > > / Compute an access decision. / > - extern int security_compute_av(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - access_vector_t requested, > - struct av_decision avd);* > - extern int security_compute_av_raw(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - access_vector_t requested, > - struct av_decision avd);* > +extern int security_compute_av(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + access_vector_t requested, > + struct av_decision avd);* > +extern int security_compute_av_raw(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + access_vector_t requested, > + struct av_decision avd);* > > / Compute a labeling decision and set newcon to refer to it. > Caller must free via freecon. /* > - extern int security_compute_create(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - security_context_t newcon);* > - extern int security_compute_create_raw(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - security_context_t newcon);* > +extern int security_compute_create(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + security_context_t newcon);* > +extern int security_compute_create_raw(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + security_context_t newcon);* > > / Compute a relabeling decision and set newcon to refer to it. > Caller must free via freecon. /* > - extern int security_compute_relabel(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - security_context_t newcon);* > - extern int security_compute_relabel_raw(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - security_context_t newcon);* > +extern int security_compute_relabel(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + security_context_t newcon);* > +extern int security_compute_relabel_raw(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + security_context_t newcon);* > > / Compute a polyinstantiation member decision and set newcon to refer to it. > Caller must free via freecon. /* > - extern int security_compute_member(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - security_context_t newcon);* > - extern int security_compute_member_raw(security_context_t scon, > - security_context_t tcon, > - security_class_t tclass, > - security_context_t newcon);* > +extern int security_compute_member(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + security_context_t newcon);* > +extern int security_compute_member_raw(security_context_t scon, > + security_context_t tcon, > + security_class_t tclass, > + security_context_t newcon);* > > / Compute the set of reachable user contexts and set con to refer to > the NULL-terminated array of contexts. Caller must free via freeconary. /* > - extern int security_compute_user(security_context_t scon, > - const char username,* > - security_context_t * con);* > - extern int security_compute_user_raw(security_context_t scon, > - const char username,* > - security_context_t * con);* > +extern int security_compute_user(security_context_t scon, > + const char username,* > + security_context_t * con);* > +extern int security_compute_user_raw(security_context_t scon, > + const char username,* > + security_context_t * con);* > > / Load a policy configuration. / > - extern int security_load_policy(void data, size_t len);* > +extern int security_load_policy(void data, size_t len);* > > / Get the context of an initial kernel security identifier by name.* > Caller must free via freecon /* > - extern int security_get_initial_context(const char name,* > - security_context_t con);* > - extern int security_get_initial_context_raw(const char name,* > - security_context_t con);* > +extern int security_get_initial_context(const char name,* > + security_context_t con);* > +extern int security_get_initial_context_raw(const char name,* > + security_context_t con);* > > /* > Make a policy image and load it.* > @@ -210,7 +210,7 @@ > default for policy reloads, while the latter case is an option for policy* > reloads but is primarily for the initial policy load.* > /* > - extern int selinux_mkload_policy(int preservebools); > +extern int selinux_mkload_policy(int preservebools); > > /* > Perform the initial policy load.* > @@ -227,109 +227,109 @@ > determine how to proceed. If enforcing (enforce > 0), then init should > halt the system. Otherwise, init may proceed normally without a re-exec.* > /* > - extern int selinux_init_load_policy(int enforce);* > +extern int selinux_init_load_policy(int enforce);* > > / Translate boolean strict to name value pair. / > - typedef struct { > - char name;* > - int value; > - } SELboolean; > - / save a list of booleans in a single transaction. / > - extern int security_set_boolean_list(size_t boolcnt, > - SELboolean boollist,* > - int permanent); > +typedef struct { > + char name;* > + int value; > +} SELboolean; > +/ save a list of booleans in a single transaction. / > +extern int security_set_boolean_list(size_t boolcnt, > + SELboolean boollist,* > + int permanent); > > / Load policy boolean settings.* > Path may be NULL, in which case the booleans are loaded from > the active policy boolean configuration file. /* > - extern int security_load_booleans(char path);* > +extern int security_load_booleans(char path);* > > / Check the validity of a security context. / > - extern int security_check_context(security_context_t con); > - extern int security_check_context_raw(security_context_t con); > +extern int security_check_context(security_context_t con); > +extern int security_check_context_raw(security_context_t con); > > / Canonicalize a security context. / > - extern int security_canonicalize_context(security_context_t con, > - security_context_t canoncon);* > - extern int security_canonicalize_context_raw(security_context_t con, > - security_context_t * > - canoncon); > +extern int security_canonicalize_context(security_context_t con, > + security_context_t canoncon);* > +extern int security_canonicalize_context_raw(security_context_t con, > + security_context_t * > + canoncon); > > / Get the enforce flag value. / > - extern int security_getenforce(void); > +extern int security_getenforce(void); > > / Set the enforce flag value. / > - extern int security_setenforce(int value); > +extern int security_setenforce(int value); > > / Disable SELinux at runtime (must be done prior to initial policy load). / > - extern int security_disable(void); > +extern int security_disable(void); > > / Get the policy version number. / > - extern int security_policyvers(void); > +extern int security_policyvers(void); > > / Get the boolean names / > - extern int security_get_boolean_names(char *names, int len);* > +extern int security_get_boolean_names(char *names, int len);* > > / Get the pending value for the boolean / > - extern int security_get_boolean_pending(const char name);* > +extern int security_get_boolean_pending(const char name);* > > / Get the active value for the boolean / > - extern int security_get_boolean_active(const char name);* > +extern int security_get_boolean_active(const char name);* > > / Set the pending value for the boolean / > - extern int security_set_boolean(const char name, int value);* > +extern int security_set_boolean(const char name, int value);* > > / Commit the pending values for the booleans / > - extern int security_commit_booleans(void); > +extern int security_commit_booleans(void); > > / Common helpers / > > / Convert between security class values and string names / > - extern security_class_t string_to_security_class(const char name);* > - extern const char security_class_to_string(security_class_t cls);* > +extern security_class_t string_to_security_class(const char name);* > +extern const char security_class_to_string(security_class_t cls);* > > / Convert between individual access vector permissions and string names / > - extern const char security_av_perm_to_string(security_class_t tclass,* > - access_vector_t perm); > - extern access_vector_t string_to_av_perm(security_class_t tclass, > - const char name);* > +extern const char security_av_perm_to_string(security_class_t tclass,* > + access_vector_t perm); > +extern access_vector_t string_to_av_perm(security_class_t tclass, > + const char name);* > > / Returns an access vector in a string representation. User must free the* > returned string via free(). / > - extern int security_av_string(security_class_t tclass, > - access_vector_t av, char result); > +extern int security_av_string(security_class_t tclass, > + access_vector_t av, char result); > > / Display an access vector in a string representation. / > - extern void print_access_vector(security_class_t tclass, > - access_vector_t av); > +extern void print_access_vector(security_class_t tclass, > + access_vector_t av); > > / Set the function used by matchpathcon_init when displaying* > errors about the file_contexts configuration. If not set, > then this defaults to fprintf(stderr, fmt, ...). /* > - extern void set_matchpathcon_printf(void (f) (const char fmt, ...)); > +extern void set_matchpathcon_printf(void (f) (const char fmt, ...)); > > / Set the function used by matchpathcon_init when checking the* > validity of a context in the file contexts configuration. If not set, > then this defaults to a test based on security_check_context(). > The function is also responsible for reporting any such error, and > may include the 'path' and 'lineno' in such error messages. /* > - extern void set_matchpathcon_invalidcon(int (f) (const char path, > - unsigned lineno, > - char context));* > +extern void set_matchpathcon_invalidcon(int (f) (const char path, > + unsigned lineno, > + char context));* > > / Same as above, but also allows canonicalization of the context,* > by changing context to refer to the canonical form. If not set,* > and invalidcon is also not set, then this defaults to calling > security_canonicalize_context(). /* > - extern void set_matchpathcon_canoncon(int (f) (const char path, > - unsigned lineno, > - char context)); > +extern void set_matchpathcon_canoncon(int (f) (const char path, > + unsigned lineno, > + char context)); > > / Set flags controlling operation of matchpathcon_init or matchpathcon. / > #define MATCHPATHCON_BASEONLY 1 / Only process the base file_contexts file. / > #define MATCHPATHCON_NOTRANS 2 / Do not perform any context translation. / > #define MATCHPATHCON_VALIDATE 4 / Validate/canonicalize contexts at init time. / > - extern void set_matchpathcon_flags(unsigned int flags); > +extern void set_matchpathcon_flags(unsigned int flags); > > / Load the file contexts configuration specified by 'path'* > into memory for use by subsequent matchpathcon calls. > @@ -339,15 +339,15 @@ > function also checks for a 'path'.homedirs file and > a 'path'.local file and loads additional specifications > from them if present. /* > - extern int matchpathcon_init(const char path);* > +extern int matchpathcon_init(const char path);* > > / Same as matchpathcon_init, but only load entries with* > regexes that have stems that are prefixes of 'prefix'. /* > - extern int matchpathcon_init_prefix(const char path,* > - const char prefix);* > +extern int matchpathcon_init_prefix(const char path,* > + const char prefix);* > > / Free the memory allocated by matchpathcon_init. / > - extern void matchpathcon_fini(void); > +extern void matchpathcon_fini(void); > > / Match the specified pathname and mode against the file contexts* > configuration and set con to refer to the resulting context.* > @@ -355,136 +355,135 @@ > Caller must free via freecon. > If matchpathcon_init has not already been called, then this function > will call it upon its first invocation with a NULL path. /* > - extern int matchpathcon(const char path,* > - mode_t mode, security_context_t con);* > +extern int matchpathcon(const char path,* > + mode_t mode, security_context_t con);* > > / Same as above, but return a specification index for* > later use in a matchpathcon_filespec_add() call - see below. /* > - extern int matchpathcon_index(const char path,* > - mode_t mode, security_context_t con);* > +extern int matchpathcon_index(const char path,* > + mode_t mode, security_context_t con);* > > / Maintain an association between an inode and a specification index,* > and check whether a conflicting specification is already associated > with the same inode (e.g. due to multiple hard links). If so, then > use the latter of the two specifications based on their order in the > file contexts configuration. Return the used specification index. /* > - extern int matchpathcon_filespec_add(ino_t ino, int specind, > - const char file);* > +extern int matchpathcon_filespec_add(ino_t ino, int specind, > + const char file);* > > / Destroy any inode associations that have been added, e.g. to restart* > for a new filesystem. /* > - extern void matchpathcon_filespec_destroy(void); > +extern void matchpathcon_filespec_destroy(void); > > / Display statistics on the hash table usage for the associations. / > - extern void matchpathcon_filespec_eval(void); > +extern void matchpathcon_filespec_eval(void); > > / Check to see whether any specifications had no matches and report them.* > The 'str' is used as a prefix for any warning messages. /* > - extern void matchpathcon_checkmatches(char str);* > +extern void matchpathcon_checkmatches(char str);* > > / Match the specified media and against the media contexts* > configuration and set con to refer to the resulting context.* > Caller must free con via freecon. /* > - extern int matchmediacon(const char media, security_context_t * con);* > +extern int matchmediacon(const char media, security_context_t * con);* > > /* > selinux_getenforcemode reads the /etc/selinux/config file and determines > whether the machine should be started in enforcing (1), permissive (0) or > disabled (-1) mode. > /* > - extern int selinux_getenforcemode(int enforce);* > +extern int selinux_getenforcemode(int enforce);* > > /* > selinux_getpolicytype reads the /etc/selinux/config file and determines > what the default policy for the machine is. Calling application must > free policytype. > /* > - extern int selinux_getpolicytype(char policytype); > +extern int selinux_getpolicytype(char policytype); > > /* > selinux_policy_root reads the /etc/selinux/config file and returns > the directory path under which the compiled policy file and context > configuration files exist. > /* > - extern const char selinux_policy_root(void);* > +extern const char selinux_policy_root(void);* > > / These functions return the paths to specific files under the* > policy root directory. /* > - extern const char selinux_binary_policy_path(void);* > - extern const char selinux_failsafe_context_path(void);* > - extern const char selinux_removable_context_path(void);* > - extern const char selinux_default_context_path(void);* > - extern const char selinux_user_contexts_path(void);* > - extern const char selinux_file_context_path(void);* > - extern const char selinux_file_context_homedir_path(void);* > - extern const char selinux_file_context_local_path(void);* > - extern const char selinux_homedir_context_path(void);* > - extern const char selinux_media_context_path(void);* > - extern const char selinux_contexts_path(void);* > - extern const char selinux_securetty_types_path(void);* > - extern const char selinux_booleans_path(void);* > - extern const char selinux_customizable_types_path(void);* > - extern const char selinux_users_path(void);* > - extern const char selinux_usersconf_path(void);* > - extern const char selinux_translations_path(void);* > - extern const char selinux_netfilter_context_path(void);* > - extern const char selinux_path(void);* > +extern const char selinux_binary_policy_path(void);* > +extern const char selinux_failsafe_context_path(void);* > +extern const char selinux_removable_context_path(void);* > +extern const char selinux_default_context_path(void);* > +extern const char selinux_user_contexts_path(void);* > +extern const char selinux_file_context_path(void);* > +extern const char selinux_file_context_homedir_path(void);* > +extern const char selinux_file_context_local_path(void);* > +extern const char selinux_homedir_context_path(void);* > +extern const char selinux_media_context_path(void);* > +extern const char selinux_contexts_path(void);* > +extern const char selinux_securetty_types_path(void);* > +extern const char selinux_booleans_path(void);* > +extern const char selinux_customizable_types_path(void);* > +extern const char selinux_users_path(void);* > +extern const char selinux_usersconf_path(void);* > +extern const char selinux_translations_path(void);* > +extern const char selinux_netfilter_context_path(void);* > +extern const char selinux_path(void);* > > / Check a permission in the passwd class.* > Return 0 if granted or -1 otherwise. /* > - extern int selinux_check_passwd_access(access_vector_t requested); > - extern int checkPasswdAccess(access_vector_t requested); > +extern int selinux_check_passwd_access(access_vector_t requested); > +extern int checkPasswdAccess(access_vector_t requested); > > / Check if the tty_context is defined as a securetty* > Return 0 if secure, < 0 otherwise. /* > - extern int selinux_check_securetty_context(security_context_t > - tty_context); > +extern int selinux_check_securetty_context(security_context_t tty_context); > > / Set the path to the selinuxfs mount point explicitly.* > Normally, this is determined automatically during libselinux > initialization, but this is not always possible, e.g. for /sbin/init > which performs the initial mount of selinuxfs. /* > - void set_selinuxmnt(char mnt);* > +void set_selinuxmnt(char mnt);* > > / Execute a helper for rpm in an appropriate security context. / > - extern int rpm_execcon(unsigned int verified, > - const char filename,* > - char const argv[], char const envp[]); > +extern int rpm_execcon(unsigned int verified, > + const char filename,* > + char const argv[], char const envp[]); > > / Returns whether a file context is customizable, and should not* > be relabeled . /* > - extern int is_context_customizable(security_context_t scontext); > +extern int is_context_customizable(security_context_t scontext); > > / Perform context translation between the human-readable format* > ("translated") and the internal system format ("raw"). > Caller must free the resulting context via freecon. > Returns -1 upon an error or 0 otherwise. > If passed NULL, sets the returned context to NULL and returns 0. /* > - extern int selinux_trans_to_raw_context(security_context_t trans, > - security_context_t rawp);* > - extern int selinux_raw_to_trans_context(security_context_t raw, > - security_context_t transp);* > +extern int selinux_trans_to_raw_context(security_context_t trans, > + security_context_t rawp);* > +extern int selinux_raw_to_trans_context(security_context_t raw, > + security_context_t transp);* > > / Get the SELinux username and level to use for a given Linux username.* > These values may then be passed into the get_ordered_context_list* > and get_default_context functions to obtain a context for the user.* > Returns 0 on success or -1 otherwise. > Caller must free the returned strings via free. /* > - extern int getseuserbyname(const char linuxuser, char *seuser, > - char level); > +extern int getseuserbyname(const char linuxuser, char *seuser, > + char level); > > / Compare two file contexts, return 0 if equivalent. / > - int selinux_file_context_cmp(const security_context_t a, > - const security_context_t b); > +int selinux_file_context_cmp(const security_context_t a, > + const security_context_t b); > > /* > Verify the context of the file 'path' against policy.* > Return 0 if correct.* > /* > - int selinux_file_context_verify(const char path, mode_t mode);* > +int selinux_file_context_verify(const char path, mode_t mode);* > > / This function sets the file context on to the system defaults returns 0 on success / > - int selinux_lsetfilecon_default(const char path);* > +int selinux_lsetfilecon_default(const char path);* > > #ifdef __cplusplus > } > > -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 31 May 2007 - 10:13:42 EDT This message: [ Message body ] Next message: Stephen Smalley: "Re: pipefs issue" Previous message: James Morris: "Re: [PATCH] SELinux protection for exploiting null dereference using mmap" In reply to: Eamon Walsh: "[PATCH] libselinux: reindent selinux.h" Next in thread: Eamon Walsh: "Re: [PATCH] libselinux: reindent selinux.h" Reply: Eamon Walsh: "Re: [PATCH] libselinux: reindent selinux.h" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom