1get_ordered_context_list(3)         SELinux        get_ordered_context_list(3)
2
3
4

NAME

6       get_ordered_context_list,  get_ordered_context_list_with_level, get_de‐
7       fault_context,     get_default_context_with_level,     get_default_con‐
8       text_with_role, get_default_context_with_rolelevel, query_user_context,
9       manual_user_enter_context, get_default_role -  determine  SELinux  con‐
10       text(s) for user sessions
11

SYNOPSIS

13       #include <selinux/selinux.h>
14       #include <selinux/get_context_list.h>
15
16       int  get_ordered_context_list(const  char  *user,  const char *fromcon,
17       char ***list);
18
19       int get_ordered_context_list_with_level(const char  *user,  const  char
20       *level, const char *fromcon, char ***list);
21
22       int  get_default_context(const  char  *user,  const char *fromcon, char
23       **newcon);
24
25       int get_default_context_with_level(const char *user, const char *level,
26       const char *fromcon, char **newcon);
27
28       int  get_default_context_with_role(const  char *user, const char *role,
29       const char *fromcon, char **newcon);
30
31       int get_default_context_with_rolelevel(const  char  *user,  const  char
32       *role, const char *level, const char *fromcon, char **newcon);
33
34       int query_user_context(char **list, char **newcon);
35
36       int manual_user_enter_context(const char *user, char **newcon);
37
38       int get_default_type(const char *role, char **type);
39

DESCRIPTION

41       This  family  of  functions  can be used to obtain either a prioritized
42       list of all reachable security contexts for a given SELinux user  or  a
43       single  default (highest priority) context for a given SELinux user for
44       use by login-like programs.  These functions takes a SELinux user iden‐
45       tity  that  must be defined in the SELinux policy as their input, not a
46       Linux username.  Most callers should typically first call  getseuserby‐
47       name(3)  to  look  up  the  SELinux user identity and level for a given
48       Linux   username   and   then   invoke    one    of    get_ordered_con‐
49       text_list_with_level() or get_default_context_with_level() with the re‐
50       turned SELinux user and level as inputs.
51
52       get_ordered_context_list() obtains the list of contexts for the  speci‐
53       fied  SELinux user identity that are reachable from the specified from‐
54       con         context         based         on         the         global
55       /etc/selinux/{SELINUXTYPE}/contexts/default_contexts  file and the per-
56       user /etc/selinux/{SELINUXTYPE}/contexts/users/<username>  file  if  it
57       exists.  The fromcon parameter may be NULL to indicate that the current
58       context should be used.  The function returns the number of contexts in
59       the  list,  or  -1  upon  errors.   The  list  must  be freed using the
60       freeconary(3) function.
61
62       get_ordered_context_list_with_level()            invokes            the
63       get_ordered_context_list() function and applies the specified level.
64
65       get_default_context()  is  the  same  as get_ordered_context_list() but
66       only returns a single context which has to be freed with freecon(3).
67
68       get_default_context_with_level()  invokes   the   get_default_context()
69       function and applies the specified level.
70
71       get_default_context_with_role()  is  the  same as get_default_context()
72       but only returns a context with the specified role, returning -1 if  no
73       such context is reachable for the user.
74
75       get_default_context_with_rolelevel()             invokes            the
76       get_default_context_with_role()  function  and  applies  the  specified
77       level.
78
79       query_user_context()  takes  a  list  of contexts, queries the user via
80       stdin/stdout as to which context they want, and returns a  new  context
81       as selected by the user (which has to be freed with freecon(3)).
82
83       manual_user_enter_context() allows the user to manually enter a context
84       as a fallback if a list of authorized contexts could not  be  obtained.
85       Caller must free via freecon(3).
86
87       get_default_type()  Get the default type (domain) for role and set type
88       to refer to it, which has to be freed with free.
89

RETURN VALUE

91       get_ordered_context_list()  and   get_ordered_context_list_with_level()
92       return  the  number of contexts in the list upon success or -1 upon er‐
93       rors.  The other functions return 0 for success or -1 for errors.
94

SEE ALSO

96       selinux(8), freeconary(3), freecon(3), security_compute_av(3),
97       getseuserbyname(3)
98
99
100
101russell@coker.com.au            1 January 2004     get_ordered_context_list(3)
Impressum