/* * Copyright (C) 2014 Red Hat, Inc. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * * Authors: Jan Synacek */ [ Version("0.0.1"), Description("Common superclass for all SELinux classes.") ] class LMI_SELinuxElement: CIM_ManagedElement { }; [ Version("0.0.1"), Description("Common superclass for all SELinux classes which have a context.") ] class LMI_SELinuxElementWithContext : LMI_SELinuxElement { [ Description("Current SELinux context.") ] string CurrentContext; [ Description("Expected SELinux context.") ] string ExpectedContext; }; [ Version("0.0.1"), Description("Class representing an SELinux policy boolean.") ] class LMI_SELinuxBoolean : LMI_SELinuxElement { [ Description("Currently set state.") ] boolean State; [ Description("State value that is set persistently across reboots.") ] boolean DefaultState; }; [ Version("0.0.1"), Description( "Class representing an SELinux port. It can encompass multiple " "individual networking ports, or even their ranges.") ] class LMI_SELinuxPort : LMI_SELinuxElementWithContext { [ Description("Protocol type. Only UDP and TCP are supported."), ValueMap {"0", "1"}, Values {"UDP", "TCP"} ] uint16 Protocol; [ Description( "Array of open ports that the SELinux port corresponds to.\n" "Individual values can be specified either as a single number, or a range.\n" "The range would be represented as '-', e.g. '1024-2048'.") ] string Ports[]; }; [ Version("0.0.1"), Description("Class ") ] class LMI_SELinuxFile : LMI_SELinuxElementWithContext { [ Description("Full path to the actual file.") ] string Name; }; [ Version("0.0.1"), Description( "SELinux on the managed system.\n" "SELinux can be in the following states:\n" " Enforcing - SELinux security policy is enforced.\n" " Permissive - SELinux prints warnings instead of enforcing.\n" " Disabled - No SELinux policy is loaded.\n" "\n" "SELinux can have the following types:\n" " Targeted - Targeted processes are protected.\n" " Minimum - Modification of targeted policy. Only selected processes are protected.\n" " MLS - Multi Level Security protection.") ] class LMI_SELinuxService : CIM_Service { [ Description("Current system-wide state of SELinux."), ValueMap {"1", "2"}, Values {"Permissive", "Enforcing"} ] uint16 State; [ Description("SELinux system-wide state that is set persistently across reboots."), ValueMap {"0", "1", "2"}, Values {"Disabled", "Permissive", "Enforcing"} ] uint16 DefaultState; [ Description("SELinux type."), ValueMap {"0", "1", "2"}, Values {"Targeted", "Minimum", "MLS"} ] uint16 Type; [ Description("Current version of the SELinux system policy.") ] uint32 PolicyVersion; [ Description( "Set SELinux state."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetState( [ IN, Description("New state value."), ValueMap {"0", "1", "2"}, Values {"Disabled", "Permissive", "Enforcing"} ] uint16 NewState, [ IN, Description("If set to True, makes the new state persistent.") ] boolean MakeDefault, [ IN(false), OUT ] CIM_ConcreteJob REF Job ); [ Description( "Set label on an SELinux port."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetPortLabel( [ IN, OUT, Description("An SELinux port to change.") ] LMI_SELinuxPort REF Port, [ IN, Description("New label.") ] string Label, [ IN(false), OUT ] CIM_ConcreteJob REF Job ); [ Description( "Set label on an SELinux file."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetFileLabel( [ IN, OUT, Description("An SELinux file to change.") ] LMI_SELinuxFile REF Target, [ IN, Description("New label.") ] string Label, [ IN(false), OUT ] CIM_ConcreteJob REF Job ); [ Description( "Set a new value of an SELinux boolean."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 SetBoolean( [ IN, OUT, Description("An SELinux boolean to change.") ] LMI_SELinuxBoolean REF Target, [ IN, Description("New value.") ] boolean Value, [ IN, Description("If True, makes the new state persistent.") ] boolean MakeDefault, [ IN(false), OUT ] CIM_ConcreteJob REF Job ); [ Description( "Restore SELinux label on a file to the value specified by the policy."), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 RestoreLabel( [ IN, OUT, Description("An SELinux file to change.") ] LMI_SELinuxFile REF Target, [ IN, Description( "If True, restore labels recursively in case Target is a directory. " "If Target is not a directory, this value is ignored.") ] boolean Recursively, [ IN(false), OUT ] CIM_ConcreteJob REF Job ); [ Description( ""), ValueMap {"0", "1", "2", "3", "4", "5", "6"}, Values {"Job Completed with No Error", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "In Use"} ] uint32 GetMislabeledFiles( [ IN, OUT, Description("An SELinux file to change.") ] LMI_SELinuxFile REF Target, [ IN, Description( "If True, restore labels recursively in case Target is a directory. " "If Target is not a directory, this value is ignored.") ] boolean Recursively, [ IN(false), OUT ] CIM_ConcreteJob REF Job ); }; [ Version("0.0.1"), Description("Association class the connects the SELinux system service with its elements."), Association ] class LMI_SELinuxServiceHasElement : CIM_Dependency { [ Description("The SELinux element.") ] LMI_SELinuxElement REF Antecedent; [ Description("The SELinux system service.") ] LMI_SELinuxService REF Dependent; }; [ Version("0.0.1"), Association ] class LMI_AffectedSELinuxJobElement : CIM_AffectedJobElement { }; [ Version("0.0.1"), Association ] class LMI_HostedSELinuxService : CIM_HostedService { };