Module policy 

Re-exports

pub use arrays::FsUseType;

pub use arrays::XpermsBitmap;

pub use index::FsUseLabelAndType;

pub use parser::PolicyCursor;

Modules

arrays

error

index

metadata

parsed_policy

parser

view

Structs

AccessDecision

Encapsulates the result of a permissions calculation, between source & target domains, for a specific class. Decisions describe which permissions are allowed, and whether permissions should be audit-logged when allowed, and when denied.

AccessVector

The set of permissions that may be granted to sources accessing targets of a particular class, as defined in an SELinux policy.

CategoryId

Identifies a security category within a policy.

ClassId

Identifies a class within a policy. Note that ClassIds may be created for arbitrary Ids supplied by userspace, so implementation should never assume that a ClassId must be valid.

ClassInfo

Information on a Class. This struct is used for sharing Class information outside this crate.

ClassPermissionId

Identifies a permission within a class.

Policy

RoleId

Identifies a role within a policy.

SecurityContext

The security context, a variable-length string associated with each SELinux object in the system. The security context contains mandatory user:role:type components and an optional [:range] component.

SensitivityId

Identifies a sensitivity level within a policy.

TypeId

Identifies a type within a policy.

Unvalidated

A Policy that has been successfully parsed, but not validated.

UserId

Identifies a user within a policy.

XpermsAccessDecision

Encapsulates the result of an extended permissions calculation, between source & target domains, for a specific class, a specific kind of extended permissions, and for a specific xperm prefix byte. Decisions describe which 16-bit xperms are allowed, and whether xperms should be audit-logged when allowed, and when denied.

Enums

SecurityContextError

Errors that may be returned when attempting to parse or validate a security context.

XpermsKind

A kind of extended permission, corresponding to the base permission that should trigger a check of an extended permission.

Constants

SUPPORTED_POLICY_VERSION

Maximum SELinux policy version supported by this implementation.

Traits

AccessVectorComputer

An owner of policy information that can translate [sc::Permission] values into AccessVector values that are consistent with the owned policy.

Parse

A data structure that can be parsed as a part of a binary policy.

Functions

parse_policy_by_value

Parses binary_policy by value; that is, copies underlying binary data out in addition to building up parser output structures. This function returns (unvalidated_parser_output, binary_policy) on success, or an error if parsing failed. Note that the second component of the success case contains precisely the same bytes as the input. This function depends on a uniformity of interface between the “by value” and “by reference” strategies, but also requires an unvalidated_parser_output type that is independent of the binary_policy lifetime. Taken together, these requirements demand the “move-in + move-out” interface for binary_policy.