This file is indexed.

/usr/include/seaudit/model.h is in libseaudit-dev 3.3.6.ds-7.2ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
/**
 *  @file
 *
 *  Public interface to a seaudit_model.  This represents a subset of
 *  log messages from one or more seaudit_log, where the subset is
 *  defined by a finite set of seaudit_filter and sorted by some
 *  criterion or criteria.
 *
 *  @author Jeremy A. Mowery jmowery@tresys.com
 *  @author Jason Tang jtang@tresys.com
 *
 *  Copyright (C) 2004-2007 Tresys Technology, LLC
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#ifndef SEAUDIT_MODEL_H
#define SEAUDIT_MODEL_H

#ifdef  __cplusplus
extern "C"
{
#endif

#include "filter.h"
#include "log.h"
#include "message.h"
#include "sort.h"

#include <stdlib.h>

	typedef struct seaudit_model seaudit_model_t;

/**
 * Create a seaudit_model based upon the messages from some particular
 * seaudit_log.  The model will be initialized with the default filter
 * (i.e., accept all of the messages from the log).
 *
 * @param name Name for the model; the string will be duplicated.  If
 * NULL then the model will be assigned a non-unique default name.
 * @param log Initial log for this model to watch.  If NULL then do
 * not watch any log files.
 *
 * @return An initialized model, or NULL upon error.  The caller must
 * call seaudit_model_destroy() afterwards.
 */
	extern seaudit_model_t *seaudit_model_create(const char *name, seaudit_log_t * log);

/**
 * Create a new seaudit_model object, initialized with the data from
 * an existing model.  This will do a deep copy of the original model.
 * The new model will be watch the same logs that the original model
 * was watching.
 *
 * @param model Model to clone.
 *
 * @return A cloned model, or NULL upon error.  The caller must call
 * seaudit_model_destroy() afterwards.
 */
	extern seaudit_model_t *seaudit_model_create_from_model(const seaudit_model_t * model);

/**
 * Create and return a model initialized from the contents of a XML
 * configuration file.  This will also load filters into the model.
 * The model will not be associated with any logs; for that call
 * seaudit_model_append_log().
 *
 * @param filename File containing model data.
 *
 * @return An initialized model, or NULL upon error.  The caller must
 * call seaudit_model_destroy() afterwards.
 *
 * @see seaudit_model_save_to_file()
 */
	extern seaudit_model_t *seaudit_model_create_from_file(const char *filename);

/**
 * Destroy the referenced seadit_model object.
 *
 * @param model Model to destroy.  The pointer will be set to NULL
 * afterwards.  (If pointer is already NULL then do nothing.)
 */
	extern void seaudit_model_destroy(seaudit_model_t ** model);

/**
 * Save to disk, in XML format, the given model's values.  This
 * includes the filters contained within the model as well.  Note that
 * this does not save the messages within the model nor the associated
 * logs.
 *
 * @param model Model to save.
 * @param filename Name of the file to write.  If the file already
 * exists it will be overwritten.
 *
 * @return 0 on success, < 0 on error.
 *
 * @see seaudit_model_create_from_file()
 */
	extern int seaudit_model_save_to_file(const seaudit_model_t * model, const char *filename);

/**
 * Get the name of this model.
 *
 * @param model Model whose name to get.
 *
 * @return Name of the model, or NULL upon error.  Do not modify this
 * string.
 */
	extern const char *seaudit_model_get_name(const seaudit_model_t * model);

/**
 * Set the name of this model, overwriting any previous name.
 *
 * @param model Model whose name to set.
 * @param name New name for the model; the string will be duplicated.
 * If NULL then the model will be assigned a non-unique default name.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_set_name(seaudit_model_t * model, const char *name);

/**
 * Have the given model start watching the given log file, in addition
 * to any other log files the model was watching.
 *
 * @param model Model to modify.
 * @param log Additional log file to watch.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_append_log(seaudit_model_t * model, seaudit_log_t * log);

/**
 * Append a filter to a model.  The next time the model's messages are
 * retrieved only those messages that match this filter will be
 * returned.  Multiple filters may be applied to a model.  Upon
 * success, the model takes ownership of the filter.
 *
 * @param model Model to modify.
 * @param filter Additional filter to be applied.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_append_filter(seaudit_model_t * model, seaudit_filter_t * filter);

/**
 * Get the list of filters for a model.  Whenever a filter is modified
 * the model will be recomputed.  Note: to remove a filter from the
 * model use seaudit_model_remove_filter().
 *
 * @param model Model containing filters.
 *
 * @return Vector of seaudit_filter objects, or NULL upon error.  Note
 * that the vector my be empty.  Do not destroy or otherwise modify
 * this vector.  (It is safe to manipulate the elements within the
 * vector.)
 */
	extern const apol_vector_t *seaudit_model_get_filters(const seaudit_model_t * model);

/**
 * Remove a filter from a model.  The given parameter must match one
 * of the filters stored within the model; call
 * seaudit_model_get_filters() to get a list of the model's filters.
 *
 * @param model Model to modify.
 * @param filter Filter to remove.  Upon success the pointer becomes
 * invalid.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_remove_filter(seaudit_model_t * model, seaudit_filter_t * filter);

/**
 * Set a model to accept a message if all filters are met (default
 * behavior) or if any filter is met.  Note that is independent from
 * the setting given to seaudit_model_set_filter_visible().
 *
 * @param model Model to modify.
 * @param match Matching behavior if model has multiple filters.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_set_filter_match(seaudit_model_t * model, seaudit_filter_match_e match);

/**
 * Get the current filter match value for a model.
 *
 * @param model Model containing filter match value.
 *
 * @return One of SEAUDIT_FILTER_MATCH_ALL or SEAUDIT_FILTER_MATCH_ANY.
 */
	extern seaudit_filter_match_e seaudit_model_get_filter_match(const seaudit_model_t * model);

/**
 * Set a model to either show (default behavior) or hide messages
 * accepted by the filters.  Note that is independent from the setting
 * given to seaudit_model_set_filter_match().
 *
 * @param model Model to modify.
 * @param visible Messages to show if model has any filters.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_set_filter_visible(seaudit_model_t * model, seaudit_filter_visible_e visible);

/**
 * Get the current filter visibility value for a model.
 *
 * @param model Model containing filter visibility value.
 *
 * @return One of SEAUDIT_FILTER_VISIBLE_SHOW or
 * SEAUDIT_FILTER_VISIBLE_HIDE.
 */
	extern seaudit_filter_visible_e seaudit_model_get_filter_visible(const seaudit_model_t * model);

/**
 * Append a sort criterion to a model.  The next time the model's
 * messages are retrieved they will be sorted by this criterion.  If
 * the model already has sort criteria, they will have a higher
 * priority than this new criterion.  Upon success, the model takes
 * ownership of the sort object
 *
 * @param model Model to modify.
 * @param sort Additional sort criterion.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_append_sort(seaudit_model_t * model, seaudit_sort_t * sort);

/**
 * Remove all sort criteria from this model.  The next time the
 * model's messages are retrieved they will be in the same order as
 * provided by the model's log(s).
 *
 * @param model Model to modify.
 *
 * @return 0 on success, < 0 on error.
 */
	extern int seaudit_model_clear_sorts(seaudit_model_t * model);

/**
 * Return a value indicating if this model has changed since the last
 * time seaudit_model_get_messages() was called.  Note that upon a
 * non-zero return value, the vector returned by
 * seaudit_model_get_messages() might contain the same messages.  For
 * example, the user could have removed all sorts but then re-inserted
 * them in the same order.
 *
 * @param model Model to check.
 *
 * @return 0 if the model is unchanged, non-zero if it may have
 * changed.
 */
	extern int seaudit_model_is_changed(const seaudit_model_t * model);

/**
 * Return a sorted list of messages associated with this model.  This
 * will cause the model to recalculate, as necessary, all messages
 * according to its filters and then sort them.
 *
 * @param log Log to which report error messages.
 * @param model Model containing messages.
 *
 * @return A newly allocated vector of seaudit_message_t, pre-filtered
 * and pre-sorted, or NULL upon error.  The caller is responsible for
 * calling apol_vector_destroy() upon this value.
 */
	extern apol_vector_t *seaudit_model_get_messages(const seaudit_log_t * log, seaudit_model_t * model);

/**
 * Return a sorted list of malformed messages associated with this
 * model.  This is the union of all malformed messages from the
 * model's logs.  This will cause the model to recalculate, as
 * necessary, all messages according to its filters.
 *
 * @param log Log to which report error messages.
 * @param model Model containing malformed messages.
 *
 * @return A newly allocated vector of strings, or NULL upon error.
 * Treat the contents of the vector as const char *.  The caller is
 * responsible for calling apol_vector_destroy() upon this value.
 */
	extern apol_vector_t *seaudit_model_get_malformed_messages(const seaudit_log_t * log, seaudit_model_t * model);

/**
 * Hide a message from a model such that the next time
 * seaudit_model_get_messages() is called, the given message will not
 * be returned within the vector.
 *
 * @param model Model containing message to hide.
 * @param message Message to be marked hidden.  If NULL, then do
 * nothing.  It is safe to make duplicate calls to this function with
 * the same message.
 */
	extern void seaudit_model_hide_message(seaudit_model_t * model, const seaudit_message_t * message);

/**
 * Return the number of avc allow messages currently within the model.
 * This will cause the model to recalculate, as necessary, all
 * messages according to its filters.
 *
 * @param log Log to which report error messages.
 * @param model Model to get statistics.
 *
 * @return Number of allow messages in the model.  This could be zero.
 */
	extern size_t seaudit_model_get_num_allows(const seaudit_log_t * log, seaudit_model_t * model);

/**
 * Return the number of avc deny messages currently within the model.
 * This will cause the model to recalculate, as necessary, all
 * messages according to its filters.
 *
 * @param log Log to which report error messages.
 * @param model Model to get statistics.
 *
 * @return Number of deny messages in the model.  This could be zero.
 */
	extern size_t seaudit_model_get_num_denies(const seaudit_log_t * log, seaudit_model_t * model);

/**
 * Return the number of boolean change messages currently within the
 * model.  This will cause the model to recalculate, as necessary, all
 * messages according to its filters.
 *
 * @param log Log to which report error messages.
 * @param model Model to get statistics.
 *
 * @return Number of boolean messages in the model.  This could be
 * zero.
 */
	extern size_t seaudit_model_get_num_bools(const seaudit_log_t * log, seaudit_model_t * model);

/**
 * Return the number of load messages currently within the model.
 * This will cause the model to recalculate, as necessary, all
 * messages according to its filters.
 *
 * @param log Log to which report error messages.
 * @param model Model to get statistics.
 *
 * @return Number of load messages in the model.  This could be zero.
 */
	extern size_t seaudit_model_get_num_loads(const seaudit_log_t * log, seaudit_model_t * model);

#ifdef  __cplusplus
}
#endif

#endif