security_compute_user(3)

1security_compute_av(3)     SELinux API documentation    security_compute_av(3)
2
3
4

NAME

6       security_compute_av,  security_compute_av_flags,  security_compute_cre‐
7       ate,  security_compute_create_name,   security_compute_relabel,   secu‐
8       rity_compute_member,   security_compute_user,   security_validatetrans,
9       security_get_initial_context - query the SELinux policy database in the
10       kernel
11

SYNOPSIS

13       #include <selinux/selinux.h>
14
15       int   security_compute_av(char   *scon,  char  *tcon,  security_class_t
16       tclass, access_vector_t requested, struct av_decision *avd);
17
18       int security_compute_av_raw(char *scon,  char  *tcon,  security_class_t
19       tclass, access_vector_t requested, struct av_decision *avd);
20
21       int  security_compute_av_flags(char *scon, char *tcon, security_class_t
22       tclass, access_vector_t requested, struct av_decision *avd);
23
24       int  security_compute_av_flags_raw(char  *scon,   char   *tcon,   secu‐
25       rity_class_t  tclass,  access_vector_t  requested,  struct  av_decision
26       *avd);
27
28       int security_compute_create(char *scon,  char  *tcon,  security_class_t
29       tclass, char **newcon);
30
31       int   security_compute_create_raw(char   *scon,   char   *tcon,   secu‐
32       rity_class_t tclass, char **newcon);
33
34       int  security_compute_create_name(char   *scon,   char   *tcon,   secu‐
35       rity_class_t tclass, const char *objname, char **newcon);
36
37       int  security_compute_create_name_raw(char  *scon,  char  *tcon,  secu‐
38       rity_class_t tclass, const char *objname, char **newcon);
39
40       int security_compute_relabel(char *scon, char  *tcon,  security_class_t
41       tclass, char **newcon);
42
43       int   security_compute_relabel_raw(char   *scon,   char   *tcon,  secu‐
44       rity_class_t tclass, char **newcon);
45
46       int security_compute_member(char *scon,  char  *tcon,  security_class_t
47       tclass, char **newcon);
48
49       int   security_compute_member_raw(char   *scon,   char   *tcon,   secu‐
50       rity_class_t tclass, char **newcon);
51
52       int  security_compute_user(char  *scon,  const  char  *username,   char
53       ***con);
54
55       int  security_compute_user_raw(char  *scon,  const char *username, char
56       ***con);
57
58       int  security_validatetrans(char  *scon,  const   char   *tcon,   secu‐
59       rity_class_t tclass, char *newcon);
60
61       int  security_validatetrans_raw(char  *scon,  const  char  *tcon, secu‐
62       rity_class_t tclass, char *newcon);
63
64       int security_get_initial_context(const char *name, char **con);
65
66       int security_get_initial_context_raw(const char *name, char **con);
67
68       int selinux_check_access(const char *scon, const char *tcon, const char
69       *class, const char *perm, void *auditdata);
70
71       int selinux_check_passwd_access(access_vector_t requested);
72
73       int checkPasswdAccess(access_vector_t requested);
74

DESCRIPTION

76       This  family  of  functions is used to obtain policy decisions from the
77       SELinux kernel security server (policy engine).  In general, direct use
78       of  security_compute_av()  and its variant interfaces is discouraged in
79       favor of using selinux_check_access() since  the  latter  automatically
80       handles the dynamic mapping of class and permission names to their pol‐
81       icy values, initialization and use of the Access  Vector  Cache  (AVC),
82       and  proper  handling  of  per-domain  and  global  permissive mode and
83       allow_unknown.
84
85       When using any of the functions that take  policy  integer  values  for
86       classes  or  permissions as inputs, use string_to_security_class(3) and
87       string_to_av_perm(3) to map the class and  permission  names  to  their
88       policy values.  These values may change across a policy reload, so they
89       should be re-acquired on every use  or  using  a  SELINUX_CB_POLICYLOAD
90       callback set via selinux_set_callback(3).
91
92       An  alternative  approach  is to use selinux_set_mapping(3) to create a
93       mapping from class and permission index values used by the  application
94       to  the policy values, thereby allowing the application to pass its own
95       fixed constants for the classes and permissions to these functions  and
96       internally mapping them on demand.  However, this also requires setting
97       up a callback as above to address policy reloads.
98
99       security_compute_av() queries whether the  policy  permits  the  source
100       context  scon  to  access the target context tcon via class tclass with
101       the requested access vector.  The decision is returned in avd.
102
103       security_compute_av_flags() is  identical  to  security_compute_av  but
104       additionally  sets  the flags field of avd.  Currently one flag is sup‐
105       ported: SELINUX_AVD_FLAGS_PERMISSIVE, which indicates the  decision  is
106       computed on a permissive domain.
107
108       security_compute_create()  is  used  to  compute  a  context to use for
109       labeling a new object in a particular class based on a SID pair.
110
111       security_compute_create_name()         is         identical          to
112       security_compute_create() but also takes name of the new object in cre‐
113       ation as an argument.  When TYPE_TRANSITION rule on the given class and
114       a SID pair has object name extension, we shall be able to obtain a cor‐
115       rect newcon according to the security policy. Note that this  interface
116       is  only  supported on the linux 2.6.40 or later.  In the older kernel,
117       the object name will be simply ignored.
118
119       security_compute_relabel() is used to compute the new  context  to  use
120       when  relabeling an object, it is used in the pam_selinux.so source and
121       the newrole source to determine the correct label for the tty at  login
122       time, but can be used for other things.
123
124       security_compute_member()  is  used  to compute the context to use when
125       labeling a polyinstantiated object instance.
126
127       security_compute_user() is used to determine the set of  user  contexts
128       that can be reached from a source context. This function is deprecated;
129       use get_ordered_context_list(3) instead.
130
131       security_validatetrans() is used to determine if a transition from scon
132       to  newcon  using  tcon as the object is valid for object class tclass.
133       This checks against the mlsvalidatetrans and validatetrans  constraints
134       in the loaded policy. Returns 0 if allowed, and -1 if an error occurred
135       with errno set.
136
137       security_get_initial_context() is used to get the context of  a  kernel
138       initial security identifier specified by name
139
140       security_compute_av_raw(),             security_compute_av_flags_raw(),
141       security_compute_create_raw(),      security_compute_create_name_raw(),
142       security_compute_relabel_raw(),          security_compute_member_raw(),
143       security_compute_user_raw()      security_validatetrans_raw()       and
144       security_get_initial_context_raw()  behave identically to their non-raw
145       counterparts but do not perform context translation.
146
147       selinux_check_access() is used to check if the source context  has  the
148       access permission for the specified class on the target context.
149
150       selinux_check_passwd_access()  is used to check for a permission in the
151       passwd class.  selinux_check_passwd_access() uses getprevcon(3) for the
152       source and target security contexts.
153
154       checkPasswdAccess()     is     a     deprecated     alias     of    the
155       selinux_check_passwd_access() function.
156

RETURN VALUE

158       Returns zero on success or -1 on error.
159

NAME

SYNOPSIS

DESCRIPTION

RETURN VALUE

SEE ALSO