00001 /** 00002 * @file 00003 * Defines the public interface for searching and iterating over 00004 * classes, commons, and permissions. 00005 * 00006 * @author Kevin Carr kcarr@tresys.com 00007 * @author Jeremy A. Mowery jmowery@tresys.com 00008 * @author Jason Tang jtang@tresys.com 00009 * 00010 * Copyright (C) 2006-2007 Tresys Technology, LLC 00011 * 00012 * This library is free software; you can redistribute it and/or 00013 * modify it under the terms of the GNU Lesser General Public 00014 * License as published by the Free Software Foundation; either 00015 * version 2.1 of the License, or (at your option) any later version. 00016 * 00017 * This library is distributed in the hope that it will be useful, 00018 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00019 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00020 * Lesser General Public License for more details. 00021 * 00022 * You should have received a copy of the GNU Lesser General Public 00023 * License along with this library; if not, write to the Free Software 00024 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 00025 */ 00026 00027 #ifndef QPOL_CLASS_PERM_QUERY_H 00028 #define QPOL_CLASS_PERM_QUERY_H 00029 00030 #ifdef __cplusplus 00031 extern "C" 00032 { 00033 #endif 00034 00035 #include <stddef.h> 00036 #include <stdint.h> 00037 #include <qpol/iterator.h> 00038 #include <qpol/policy.h> 00039 00040 typedef struct qpol_class qpol_class_t; 00041 typedef struct qpol_common qpol_common_t; 00042 00043 /* perms */ 00044 /** 00045 * Get an iterator over the set of classes which contain a permission 00046 * with the name perm. This function does not search for the permission 00047 * in the class's inherited common. 00048 * @param policy The policy from which to query the classes. 00049 * @param perm The name of the permission to be matched. Must be non-NULL. 00050 * @param classes The iterator of type qpol_class_t returned; 00051 * the user is responsible for calling qpol_iterator_destroy 00052 * to free memory used. It is also important to note 00053 * that an iterator is only valid as long as the policy is unchanged. 00054 * @return Returns 0 on success and < 0 on failure; if the call fails, 00055 * errno will be set and *classes will be NULL; 00056 */ 00057 extern int qpol_perm_get_class_iter(const qpol_policy_t * policy, const char *perm, qpol_iterator_t ** classes); 00058 00059 /** 00060 * Get an iterator over the set of commons which contain a permission 00061 * with the name perm. 00062 * @param policy The policy from which to query the commons. 00063 * @param perm The name of the permission to be matched. Must be non-NULL. 00064 * @param commons The iterator of type qpol_common_t returned; 00065 * the user is responsible for calling qpol_iterator_destroy 00066 * to free memory used. It is also important to note 00067 * that an iterator is only valid as long as the policy is unchanged. 00068 * @return Returns 0 on success and < 0 on failure; if the call fails, 00069 * errno will be set and *commons will be NULL; 00070 */ 00071 extern int qpol_perm_get_common_iter(const qpol_policy_t * policy, const char *perm, qpol_iterator_t ** commons); 00072 00073 /* classes */ 00074 /** 00075 * Get an object class by name. 00076 * @param policy The policy from which to get the class. 00077 * @param name The name of the class; searching is case sensitive. 00078 * @param obj_class Pointer in which to store the class. 00079 * Caller should not free this pointer. 00080 * @return Returns 0 for success and < 0 for failure; if the call fails, 00081 * errno will be set and *obj_class will be NULL; 00082 */ 00083 extern int qpol_policy_get_class_by_name(const qpol_policy_t * policy, const char *name, const qpol_class_t ** obj_class); 00084 00085 /** 00086 * Get an iterator for object classes in the policy. 00087 * @param policy The policy database from which to create the iterator. 00088 * @param iter Iterator of type qpol_class_t* returned; the user 00089 * is responsible for calling qpol_iterator_destroy to free memory used. 00090 * It is also important to note that an iterator is only valid as long 00091 * as the policy is unchanged. 00092 * @return Returns 0 for success and < 0 for failure; if the call fails, 00093 * errno will be set and *iter will be NULL. 00094 */ 00095 extern int qpol_policy_get_class_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter); 00096 00097 /** 00098 * Get the integer value associated with a class. Values range from 1 to 00099 * the number of object classes declared in the policy. 00100 * @param policy The policy with which the class is associated. 00101 * @param obj_class Class from which to get the value. Must be non-NULL. 00102 * @param value Pointer to the integer to be set to value. Must be non-NULL. 00103 * @return Returns 0 on success and < 0 on failure; if the call fails, 00104 * errno will be set and *value will be 0. 00105 */ 00106 extern int qpol_class_get_value(const qpol_policy_t * policy, const qpol_class_t * obj_class, uint32_t * value); 00107 00108 /** 00109 * Get the common used by a class. 00110 * @param policy The policy with which the class is associated. 00111 * @param obj_class Class from which to get the value. Must be non-NULL. 00112 * @param common Pointer to the common associated with this 00113 * class; the caller should not free this pointer. Not all classes have an 00114 * associated common so it is possible for *common to be NULL on success. 00115 * @return Returns 0 on success and < 0 on failure; if the call fails, 00116 * errno will be set and *common will be NULL. 00117 */ 00118 extern int qpol_class_get_common(const qpol_policy_t * policy, const qpol_class_t * obj_class, 00119 const qpol_common_t ** common); 00120 00121 /** 00122 * Get an iterator for the set of (unique) permissions for a class. 00123 * @param policy The policy with which the class is associated. 00124 * @param obj_class The class from which to get the permissions. 00125 * @param perms Iterator of type char* returned for the list of 00126 * permissions for this class. The list only contains permissions unique 00127 * to the class not those included from a common. The iterator is only 00128 * valid as long as the policy is unchanged; the caller is responsible 00129 * for calling qpol_iterator_destroy to free memory used. 00130 * @return Returns 0 for success and < 0 for failure; if the call fails, 00131 * errno will be set and *perms will be NULL. 00132 */ 00133 extern int qpol_class_get_perm_iter(const qpol_policy_t * policy, const qpol_class_t * obj_class, qpol_iterator_t ** perms); 00134 00135 /** 00136 * Get the name which identifies a class. 00137 * @param policy The policy with which the class is associated. 00138 * @param datum Class for which to get the name. Must be non-NULL. 00139 * @param name Pointer to the string in which to store the name. 00140 * Must be non-NULL. Caller should not free the string. 00141 * @return Returns 0 on success and < 0 on failure; if the call fails, 00142 * errno will be set and *name will be NULL. 00143 */ 00144 extern int qpol_class_get_name(const qpol_policy_t * policy, const qpol_class_t * obj_class, const char **name); 00145 00146 /* commons */ 00147 /** 00148 * Get a common by name. 00149 * @param policy from which to get the common. 00150 * @param name The name of the common; searching is case sensitive. 00151 * @param common Pointer in which to store the common. 00152 * Caller should not free this pointer. 00153 * @return Returns 0 on success and < 0 on failure; if the call fails, 00154 * errno will be set and *common will be NULL. 00155 */ 00156 extern int qpol_policy_get_common_by_name(const qpol_policy_t * policy, const char *name, const qpol_common_t ** common); 00157 00158 /** 00159 * Get an iterator for commons in the policy 00160 * @param policy The policy from which to create the iterator. 00161 * @param iter Iterator of type qpol_common_t* returned; 00162 * the user is responsible for calling qpol_iterator_destroy to 00163 * free memory used. It is also important to note that an iterator is 00164 * only valid as long as the policy is unchanged. 00165 * @return Returns 0 on success and < 0 on failure; if the call fails, 00166 * errno will be set and *iter will be NULL. 00167 */ 00168 extern int qpol_policy_get_common_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter); 00169 00170 /** 00171 * Get the integer value associated with a common. Values range from 1 to 00172 * the number of commons declared in the policy. 00173 * @param policy The policy associated with the common. 00174 * @param common The common from which to get the value. 00175 * @param value Pointer to the integer to be set to value. Must be non-NULL. 00176 * @return Returns 0 on success and < 0 on failure; if the call fails, 00177 * errno will be set and *value will be 0. 00178 */ 00179 extern int qpol_common_get_value(const qpol_policy_t * policy, const qpol_common_t * common, uint32_t * value); 00180 00181 /** 00182 * Get an iterator for the permissions included in a common. 00183 * @param policy The policy associated with the common. 00184 * @param common The common from which to get permissions. 00185 * @param perms Iterator of type char* returned for the list of 00186 * permissions for this common. The iterator is only valid as long 00187 * as the policy is unchanged; the caller is responsible for calling 00188 * qpol_iterator_destroy to free memory used. 00189 * @return Returns 0 on success and < 0 on failure; if the call fails, 00190 * errno will be set and *perms will be NULL. 00191 */ 00192 extern int qpol_common_get_perm_iter(const qpol_policy_t * policy, const qpol_common_t * common, qpol_iterator_t ** perms); 00193 00194 /** 00195 * Get the name which identifies a common. 00196 * @param policy associated with the common. 00197 * @param common The common from which to get the name. 00198 * @param name Pointer in which to store the name. Must be non-NULL; 00199 * the caller should not free the string. 00200 * @return Returns 0 on success and < 0 on failure; if the call fails, 00201 * errno will be set and *name will be NULL. 00202 */ 00203 extern int qpol_common_get_name(const qpol_policy_t * policy, const qpol_common_t * common, const char **name); 00204 00205 #ifdef __cplusplus 00206 } 00207 #endif 00208 00209 #endif /* QPOL_CLASS_PERM_QUERY_H */
