Introduction¶

SELinux provider model is displayed in the following figure. Classes with the blue mark are part of the provider.

SELinux provider model

Basic SELinux entities are represented by LMI_SELinuxElement. It is a basic class from which concrete SELinux items are derived. All SELinux elements use their InstanceID as a primary identifier. Concrete cases are describe below.

LMI_SELinuxBoolean represents an SELinux boolean on a system. Concrete boolean instances are uniquely identified by their InstanceID in the form of LMI:LMI_SELinuxBoolean:<boolean name>.

LMI_SELinuxPort is a class encompassing multiple individual network ports, or even their ranges. Its InstanceID is in the form of LMI:LMI_SELinuxPort:<type>:<port name>. Port type can be either TCP or UDP.

To read SELinux file labels, the LMI_UnixFile has to be used. This class is part of the LogicalFile provider.

LMI_SELinuxService is the main class that allows users to modify SELinux state on the system. The class also provides some basic information about SELinux. It is connected to the computer system on which the provider resides by LMI_HostedSELinuxService. All instances of LMI_SELinuxElement are associated with the service via LMI_SELinuxServiceHasElement.

Every method that is provided by LMI_SELinuxService returns an LMI_SELinuxJob instance, because the actions that are executed by those methods are expected to take a long time. Which of the concrete LMI_SELinuxElement instances are operated on by a job instance is determined by LMI_AffectedSELinuxJobElement.