1security_compute_av(3) SELinux API documentation security_compute_av(3)
2
3
4
6 security_compute_av, security_compute_av_flags, security_compute_cre‐
7 ate, security_compute_create_name, security_compute_relabel, secu‐
8 rity_compute_member, security_compute_user, security_validatetrans,
9 security_get_initial_context - query the SELinux policy database in the
10 kernel
11
13 #include <selinux/selinux.h>
14
15 int security_compute_av(char *scon, char *tcon, security_class_t
16 tclass, access_vector_t requested, struct av_decision *avd);
17
18 int security_compute_av_raw(char *scon, char *tcon, security_class_t
19 tclass, access_vector_t requested, struct av_decision *avd);
20
21 int security_compute_av_flags(char *scon, char *tcon, security_class_t
22 tclass, access_vector_t requested, struct av_decision *avd);
23
24 int security_compute_av_flags_raw(char *scon, char *tcon, secu‐
25 rity_class_t tclass, access_vector_t requested, struct av_decision
26 *avd);
27
28 int security_compute_create(char *scon, char *tcon, security_class_t
29 tclass, char **newcon);
30
31 int security_compute_create_raw(char *scon, char *tcon, secu‐
32 rity_class_t tclass, char **newcon);
33
34 int security_compute_create_name(char *scon, char *tcon, secu‐
35 rity_class_t tclass, const char *objname, char **newcon);
36
37 int security_compute_create_name_raw(char *scon, char *tcon, secu‐
38 rity_class_t tclass, const char *objname, char **newcon);
39
40 int security_compute_relabel(char *scon, char *tcon, security_class_t
41 tclass, char **newcon);
42
43 int security_compute_relabel_raw(char *scon, char *tcon, secu‐
44 rity_class_t tclass, char **newcon);
45
46 int security_compute_member(char *scon, char *tcon, security_class_t
47 tclass, char **newcon);
48
49 int security_compute_member_raw(char *scon, char *tcon, secu‐
50 rity_class_t tclass, char **newcon);
51
52 int security_compute_user(char *scon, const char *username, char
53 ***con);
54
55 int security_compute_user_raw(char *scon, const char *username, char
56 ***con);
57
58 int security_validatetrans(char *scon, const char *tcon, secu‐
59 rity_class_t tclass, char *newcon);
60
61 int security_validatetrans_raw(char *scon, const char *tcon, secu‐
62 rity_class_t tclass, char *newcon);
63
64 int security_get_initial_context(const char *name, char **con);
65
66 int security_get_initial_context_raw(const char *name, char **con);
67
68 int selinux_check_access(const char *scon, const char *tcon, const char
69 *class, const char *perm, void *auditdata);
70
71 int selinux_check_passwd_access(access_vector_t requested);
72
73 int checkPasswdAccess(access_vector_t requested);
74
76 This family of functions is used to obtain policy decisions from the
77 SELinux kernel security server (policy engine). In general, direct use
78 of security_compute_av() and its variant interfaces is discouraged in
79 favor of using selinux_check_access() since the latter automatically
80 handles the dynamic mapping of class and permission names to their pol‐
81 icy values, initialization and use of the Access Vector Cache (AVC),
82 and proper handling of per-domain and global permissive mode and
83 allow_unknown.
84
85 When using any of the functions that take policy integer values for
86 classes or permissions as inputs, use string_to_security_class(3) and
87 string_to_av_perm(3) to map the class and permission names to their
88 policy values. These values may change across a policy reload, so they
89 should be re-acquired on every use or using a SELINUX_CB_POLICYLOAD
90 callback set via selinux_set_callback(3).
91
92 An alternative approach is to use selinux_set_mapping(3) to create a
93 mapping from class and permission index values used by the application
94 to the policy values, thereby allowing the application to pass its own
95 fixed constants for the classes and permissions to these functions and
96 internally mapping them on demand. However, this also requires setting
97 up a callback as above to address policy reloads.
98
99 security_compute_av() queries whether the policy permits the source
100 context scon to access the target context tcon via class tclass with
101 the requested access vector. The decision is returned in avd.
102
103 security_compute_av_flags() is identical to security_compute_av but
104 additionally sets the flags field of avd. Currently one flag is sup‐
105 ported: SELINUX_AVD_FLAGS_PERMISSIVE, which indicates the decision is
106 computed on a permissive domain.
107
108 security_compute_create() is used to compute a context to use for
109 labeling a new object in a particular class based on a SID pair.
110
111 security_compute_create_name() is identical to
112 security_compute_create() but also takes name of the new object in cre‐
113 ation as an argument. When TYPE_TRANSITION rule on the given class and
114 a SID pair has object name extension, we shall be able to obtain a cor‐
115 rect newcon according to the security policy. Note that this interface
116 is only supported on the linux 2.6.40 or later. In the older kernel,
117 the object name will be simply ignored.
118
119 security_compute_relabel() is used to compute the new context to use
120 when relabeling an object, it is used in the pam_selinux.so source and
121 the newrole source to determine the correct label for the tty at login
122 time, but can be used for other things.
123
124 security_compute_member() is used to compute the context to use when
125 labeling a polyinstantiated object instance.
126
127 security_compute_user() is used to determine the set of user contexts
128 that can be reached from a source context. This function is deprecated;
129 use get_ordered_context_list(3) instead.
130
131 security_validatetrans() is used to determine if a transition from scon
132 to newcon using tcon as the object is valid for object class tclass.
133 This checks against the mlsvalidatetrans and validatetrans constraints
134 in the loaded policy. Returns 0 if allowed, and -1 if an error occurred
135 with errno set.
136
137 security_get_initial_context() is used to get the context of a kernel
138 initial security identifier specified by name
139
140 security_compute_av_raw(), security_compute_av_flags_raw(),
141 security_compute_create_raw(), security_compute_create_name_raw(),
142 security_compute_relabel_raw(), security_compute_member_raw(),
143 security_compute_user_raw() security_validatetrans_raw() and
144 security_get_initial_context_raw() behave identically to their non-raw
145 counterparts but do not perform context translation.
146
147 selinux_check_access() is used to check if the source context has the
148 access permission for the specified class on the target context.
149
150 selinux_check_passwd_access() is used to check for a permission in the
151 passwd class. selinux_check_passwd_access() uses getprevcon(3) for the
152 source and target security contexts.
153
154 checkPasswdAccess() is a deprecated alias of the
155 selinux_check_passwd_access() function.
156
158 Returns zero on success or -1 on error.
159
161 string_to_security_class(3), string_to_av_perm(3), selinux_set_call‐
162 back(3), selinux_set_mapping(3), getprevcon(3), get_ordered_con‐
163 text_list(3), selinux(8)
164
165
166
167russell@coker.com.au 1 January 2004 security_compute_av(3)