/* * Copyright (C) 2014 Red Hat, Inc. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * * Authors: Jan Synacek */ [ Version("0.0.1"), Description("Common superclass for all SELinux classes.") ] class LMI_SELinuxElement: CIM_ManagedElement { }; [ Version("0.0.1"), Description("Class representing an SELinux policy boolean.") ] class LMI_SELinuxBoolean : LMI_SELinuxElement { [ Description("Current state.") ] boolean State; [ Description("State on next system boot.") ] boolean DefaultState; }; [ Version("0.0.1"), Description( "Class representing an SELinux port. It can encompass multiple " "individual network ports, or even their ranges.") ] class LMI_SELinuxPort : LMI_SELinuxElement { [ Description("Current SELinux context.") ] string SELinuxCurrentContext; [ Description("Expected SELinux context.") ] string SELinuxExpectedContext; [ Description("Protocol type. Only UDP and TCP are supported."), ValueMap {"0", "1"}, Values {"UDP", "TCP"} ] uint16 Protocol; [ Description( "Array of open ports that the SELinux port corresponds to.\n" "Individual values can be specified either as a single number, or a range.\n" "The range would be represented as '-', e.g. '1024-2048'." "Note that a network port can be labeled with multiple labels at the same time.") ] string Ports[]; }; [ Version("0.0.1"), Description( "SELinux on the managed system.\n" "SELinux can be in the following states:\n" " Enforcing - SELinux security policy is enforced.\n" " Permissive - SELinux prints warnings instead of enforcing.\n" " Disabled - No SELinux policy is loaded.\n") ] class LMI_SELinuxService : CIM_Service { [ Description("Current system-wide state of SELinux."), ValueMap {"0", "1", "2"}, Values {"Disabled", "Permissive", "Enforcing"} ] uint16 SELinuxState; [ Description("SELinux system-wide state on next system boot."), ValueMap {"0", "1", "2"}, Values {"Disabled", "Permissive", "Enforcing"} ] uint16 SELinuxDefaultState; [ Description("SELinux policy type.") ] string PolicyType; [ Description("Current version of the SELinux system policy.") ] uint32 PolicyVersion; [ Description( "Set SELinux state."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetSELinuxState( [ IN, Description("New state value."), ValueMap {"0", "1", "2"}, Values {"Disabled", "Permissive", "Enforcing"} ] uint16 NewState, [ IN, Description("If set to True, makes the new state persistent.") ] boolean MakeDefault, [ IN(false), OUT ] LMI_SELinuxJob REF Job ); [ Description( "Set label on an SELinux port."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetPortLabel( [ IN, OUT, Description("An SELinux port to change.") ] LMI_SELinuxPort REF Target, [ IN, Description( "Network ports to change. Can be specified as a single " "port or as range, for example 1024-2048'.") ] string PortRange, [ IN(false), OUT ] LMI_SELinuxJob REF Job ); [ Description( "Set label on an SELinux file."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetFileLabel( [ IN, OUT, Description("An SELinux file to change.") ] LMI_UnixFile REF Target, [ IN, Description("New label.") ] string Label, [ IN(false), OUT ] LMI_SELinuxJob REF Job ); [ Description( "Set a new value of an SELinux boolean."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetBoolean( [ IN, OUT, Description("An SELinux boolean to change.") ] LMI_SELinuxBoolean REF Target, [ IN, Description("New value.") ] boolean Value, [ IN, Description("If True, makes the new state persistent.") ] boolean MakeDefault, [ IN(false), OUT ] LMI_SELinuxJob REF Job ); [ Description( "Restore default SELinux security contexts on files.\n" "There are two actions that can be taken on the specified files:\n" " Report: List files whose SELinux label is different than the one specified by the policy.\n" " Restore: Restore SELinux label on files to the respective values specified by the policy.\n"), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 RestoreLabels( [ IN, OUT, Description("An SELinux file to change.") ] LMI_UnixFile REF Target, [ IN, Description(""), ValueMap {"0", "1", ".."}, Values {"Report", "Restore", "OpenLMI Reserved"} ] uint16 Action, [ IN, Description( "If True, restore labels recursively in case Target is a directory. " "If Target is not a directory, this value is ignored.") ] boolean Recursively, [ IN(false), OUT ] LMI_SELinuxJob REF Job ); }; [ Version("0.0.1"), Description("Association class the connects the SELinux system service with its elements."), Association ] class LMI_SELinuxServiceHasElement : CIM_Dependency { [ Description("The SELinux element.") ] LMI_SELinuxElement REF Antecedent; [ Description("The SELinux system service.") ] LMI_SELinuxService REF Dependent; }; [ Version("0.0.1"), Association ] class LMI_AffectedSELinuxJobElement : CIM_AffectedJobElement { }; [ Version("0.0.1"), Association ] class LMI_HostedSELinuxService : CIM_HostedService { };