This file is indexed.

/usr/include/apol/mls_range.h is in libapol-dev 3.3.6.ds-7.2ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
/**
 *  @file
 *  Public interface for representing and manipulating the
 *  apol_mls_range object.
 *
 *  @author Jeremy A. Mowery jmowery@tresys.com
 *  @author Jason Tang jtang@tresys.com
 *
 *  Copyright (C) 2006-2007 Tresys Technology, LLC
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#ifndef APOL_MLS_RANGE_H
#define APOL_MLS_RANGE_H

#ifdef	__cplusplus
extern "C"
{
#endif

#include "mls_level.h"
#include "policy.h"
#include "vector.h"
#include <qpol/policy.h>

	typedef struct apol_mls_range apol_mls_range_t;

/**
 * Allocate and return a new MLS range structure.  All fields are
 * initialized to nothing.  The caller must call
 * apol_mls_range_destroy() upon the return value afterwards.
 *
 * @return An initialized MLS range structure, or NULL upon error.
 */
	extern apol_mls_range_t *apol_mls_range_create(void);

/**
 * Allocate and return a new MLS range structure, initialized by an
 * existing apol_mls_range_t.  The caller must call
 * apol_mls_range_destroy() upon the return value afterwards.
 *
 * @param range Range to copy.  If NULL then the returned MLS range
 * will be initialized to nothing.
 *
 * @return An initialized MLS range structure, or NULL upon error.
 */
	extern apol_mls_range_t *apol_mls_range_create_from_mls_range(const apol_mls_range_t * range);

/**
 * Take a MLS range string (e.g., <b>S0:C0.C10-S1:C0.C127</b>) and
 * parse it.  Fill in a newly allocated apol_mls_range_t and return
 * it.  This function needs a policy to resolve dots within categories
 * and to ensure that the high level dominates the low.  If the string
 * represents an illegal range then return NULL.  The caller must call
 * apol_mls_range_destroy() upon the returned value afterwards.
 *
 * @param p Policy within which to validate mls_range_string.
 * @param mls_range_string Pointer to a string representing a valid
 * MLS range.
 *
 * @return A filled in MLS range structure, or NULL upon error.
 */
	extern apol_mls_range_t *apol_mls_range_create_from_string(const apol_policy_t * p, const char *mls_range_string);

/**
 * Take a literal MLS range string (e.g.,
 * <b>S0:C0.C10-S1:C0.C127</b>), fill in a newly allocated
 * apol_mls_range_t and return it.  The category portions of the
 * levels will <strong>not</strong> be expanded (i.e., dots will not
 * be resolved); likewise there is no check that the high level
 * dominates the low.  The caller must call apol_mls_range_destroy()
 * upon the returned value afterwards.
 *
 * Because this function creates a range without the benefit of a
 * policy, its levels are "incomplete" and thus most operations will
 * fail.  Call apol_mls_range_convert() to make a literal MLS range
 * complete, so that it can be used in all functions.
 *
 * @param mls_range_string Pointer to a string representing a
 * (possibly invalid) MLS range.
 *
 * @return A filled in MLS range structure, or NULL upon error.
 */
	extern apol_mls_range_t *apol_mls_range_create_from_literal(const char *mls_range_string);

/**
 * Create a new apol_mls_range_t and initialize it with a
 * qpol_mls_range_t.  The caller must call apol_mls_range_destroy()
 * upon the return value afterwards.
 *
 * @param p Policy from which the qpol_mls_range_t was obtained.
 * @param qpol_range The libqpol range for which to create a new
 * apol range.	This range will not be altered by this call.
 *
 * @return A MLS range structure initialized to the value of
 * qpol_range, or NULL upon error.
 */
	extern apol_mls_range_t *apol_mls_range_create_from_qpol_mls_range(const apol_policy_t * p,
									   const qpol_mls_range_t * qpol_range);

/**
 * Deallocate all memory associated with a MLS range structure and
 * then set it to NULL.	 This function does nothing if the range is
 * already NULL.
 *
 * @param range Reference to a MLS range structure to destroy.
 */
	extern void apol_mls_range_destroy(apol_mls_range_t ** range);

/**
 * Set the low level component of a MLS range structure.  This
 * function takes ownership of the level, such that the caller must
 * not modify nor destroy it afterwards.  It is legal to pass in the
 * same pointer for the range's low and high level.
 *
 * @param p Error reporting handler, or NULL to use default handler.
 * @param range MLS range to modify.
 * @param level New low level for range, or NULL to unset this field.
 *
 * @return 0 on success or < 0 on failure.
 */
	extern int apol_mls_range_set_low(const apol_policy_t * p, apol_mls_range_t * range, apol_mls_level_t * level);

/**
 * Set the high level component of a MLS range structure.  This
 * function takes ownership of the level, such that the caller must
 * not modify nor destroy it afterwards.  It is legal to pass in the
 * same pointer for the range's low and high level.
 *
 * @param p Error reporting handler, or NULL to use default handler.
 * @param range MLS range to modify.
 * @param level New high level for range, or NULL to unset this field.
 *
 * @return 0 on success or < 0 on failure.
 */
	extern int apol_mls_range_set_high(const apol_policy_t * p, apol_mls_range_t * range, apol_mls_level_t * level);

/**
 * Get the low level component of a MLS range structure.
 *
 * @param range MLS range to query.
 *
 * @return Low level, or NULL upon error or if not yet set.  Do not
 * modify the return value.
 */
	extern const apol_mls_level_t *apol_mls_range_get_low(const apol_mls_range_t * range);

/**
 * Get the high level component of a MLS range structure.
 *
 * @param range MLS range to query.
 *
 * @return High level, or NULL upon error or if not yet set.  Do not
 * modify the return value.
 */
	extern const apol_mls_level_t *apol_mls_range_get_high(const apol_mls_range_t * range);

/**
 * Compare two ranges, determining if one matches the other.  The
 * fifth parameter gives how to match the ranges.  For APOL_QUERY_SUB,
 * if search is a subset of target.  For APOL_QUERY_SUPER, if search
 * is a superset of target.  Other valid compare types are
 * APOL_QUERY_EXACT and APOL_QUERY_INTERSECT.  If a range is not valid
 * according to the policy then this function returns -1.  If search
 * is NULL then comparison always succeeds.
 *
 * @param p Policy within which to look up MLS information.
 * @param target Target MLS range to compare.
 * @param search Source MLS range to compare.
 * @param range_compare_type Specifies how to compare the ranges.
 *
 * @return 1 If comparison succeeds, 0 if not; -1 on error.
 */
	extern int apol_mls_range_compare(const apol_policy_t * p,
					  const apol_mls_range_t * target, const apol_mls_range_t * search,
					  unsigned int range_compare_type);

/**
 * Determine if a range completely contains a subrange given a certain
 * policy.  If a range is not valid according to the policy then this
 * function returns -1.
 *
 * @param p Policy within which to look up MLS information.
 * @param range Parent range to compare.
 * @param subrange Child range to which compare.
 *
 * @return 1 If comparison succeeds, 0 if not; -1 on error.
 */
	extern int apol_mls_range_contain_subrange(const apol_policy_t * p, const apol_mls_range_t * range,
						   const apol_mls_range_t * subrange);
/**
 * Given a range, determine if it is legal according to the supplied
 * policy.  This function will convert from aliases to canonical forms
 * as necessary.
 *
 * @param p Policy within which to look up MLS information.
 * @param range Range to check.
 *
 * @return 1 If range is legal, 0 if not; -1 on error.
 */
	extern int apol_mls_range_validate(const apol_policy_t * p, const apol_mls_range_t * range);

/**
 * Given a range, return a vector of levels (type apol_mls_level_t *)
 * that constitutes that range.  The vector will be sorted in policy order.
 *
 * @param p Policy from which the level and category definitions reside.
 * @param range Range to expand.
 *
 * @return Vector of levels, or NULL upon error.  The caller is
 * responsible for calling apol_vector_destroy() upon the returned
 * value, passing apol_mls_level_free() as the second parameter.
 */
	extern apol_vector_t *apol_mls_range_get_levels(const apol_policy_t * p, const apol_mls_range_t * range);

/**
 * Creates a string containing the textual representation of
 * a MLS range.
 *
 * @param p Policy from which the MLS range is a member.  If NULL,
 * then attempt to treat the range's levels as incomplete levels (as
 * per apol_mls_level_create_from_literal()).
 * @param range MLS range to render.
 *
 * @return A newly allocated string, or NULL upon error.  The caller
 * is responsible for calling free() upon the return value.
 */
	extern char *apol_mls_range_render(const apol_policy_t * p, const apol_mls_range_t * range);

/**
 * Given a range, convert any literal MLS levels within it (as per
 * apol_mls_level_convert()) to a complete level.  If the range has no
 * levels or has no literal levels then do nothing.
 *
 * @param p Policy containing category information.
 * @param range Range to convert.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int apol_mls_range_convert(const apol_policy_t * p, apol_mls_range_t * range);

/**
 * Determine if the range contains any literal levels.  (Levels that
 * have been converted are still considered literal.)
 *
 * @param range Range to query.
 *
 * @return > 0 value if the range has a literal level, 0 if not, < 0
 * if unknown or upon error.
 */
	extern int apol_mls_range_is_literal(const apol_mls_range_t * range);

#ifdef	__cplusplus
}
#endif

#endif				       /* APOL_MLS_RANGE_H */