security_compute_av(3)

NAME

security_compute_av, security_compute_create, security_compute_relabel, security_compute_member, security_compute_user, security_get_initial_context - query the SELinux policy database in the kernel.

SYNOPSIS

#include <selinux/selinux.h>
#include <selinux/flask.h>
int   security_compute_av(security_context_t  scon,  security_context_t
tcon,  security_class_t  tclass,  access_vector_t   requested,   struct
av_decision *avd);
int security_compute_create(security_context_t scon, security_context_t
tcon, security_class_t tclass, security_context_t *newcon);
int  security_compute_relabel(security_context_t  scon,   security_context_t tcon, security_class_t tclass, security_context_t *newcon);
int security_compute_member(security_context_t scon, security_context_t
tcon, security_class_t tclass, security_context_t *newcon);
int security_compute_user(security_context_t scon,  const  char  *username, security_context_t **con);
int  security_get_initial_context(const  char *name, security_context_t
"con );
int checkPasswdAccess(access_vector_t requested);

DESCRIPTION

security_compute_av queries whether the policy permits the source context scon to access the target context tcon via class tclass with the requested access vector. See the cron source for a usage example.

security_compute_create is used to compute a context to use for labeling a new object in a particular class based on a SID pair.

security_compute_relabel is used to compute the new context to use when relabeling an object, it is used in the pam_selinux.so source and the newrole source to determine the correct label for the tty at login time, but can be used for other things.

security_compute_member is used to compute the context to use when labeling a polyinstantiated object instance.

security_compute_user is used to determine the set of user contexts that can be reached from a source context. Is mainly used by get_ordered_context_list.

security_get_initial_context is used to get the context of a kernel initial security identifier specified by name

checkPasswdAccess This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.

RETURN VALUE

0 for success and on error -1 is returned.

SEE ALSO

selinux(8), getcon(3), getfilecon(3), get_ordered_context_list(3)

russell@coker.com.au 1 January 2004 security_compute_av(3)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout