1selabel_open(3) SELinux API documentation selabel_open(3)
2
3
4
6 selabel_open, selabel_close - userspace SELinux labeling interface
7
9 #include <selinux/selinux.h>
10 #include <selinux/label.h>
11
12 struct selabel_handle *selabel_open(int backend,
13 const struct selinux_opt *options,
14 unsigned nopt);
15
16 void selabel_close(struct selabel_handle *hnd);
17
19 selabel_open() is used to initialize a labeling handle to be used for
20 lookup operations. The backend argument specifies which backend is to
21 be opened; the list of current backends appears in BACKENDS below.
22
23 The options argument should be NULL or a pointer to an array of
24 selinux_opt structures of length nopt:
25
26 struct selinux_opt {
27 int type;
28 const char *value;
29 };
30
31 The available option types are described in GLOBAL OPTIONS below as
32 well as in the documentation for each individual backend. The return
33 value on success is a non-NULL value for use in subsequent label opera‐
34 tions.
35
36 selabel_close() terminates use of a handle, freeing any internal re‐
37 sources associated with it. After this call has been made, the handle
38 must not be used again.
39
41 Global options which may be passed to selabel_open() include the fol‐
42 lowing:
43
44 SELABEL_OPT_UNUSED
45 The option with a type code of zero is a no-op. Thus an array
46 of options may be initizalized to zero and any untouched ele‐
47 ments will not cause an error.
48
49 SELABEL_OPT_VALIDATE
50 A non-null value for this option enables context validation. By
51 default, security_check_context(3) is used; a custom validation
52 function can be provided via selinux_set_callback(3). Note that
53 an invalid context may not be treated as an error unless it is
54 actually encountered during a lookup operation.
55
56 SELABEL_OPT_DIGEST
57 A non-null value for this option enables the generation of an
58 SHA256 digest of the spec files loaded as described in sela‐
59 bel_digest(3)
60
62 SELABEL_CTX_FILE
63 File contexts backend, described in selabel_file(5).
64
65 SELABEL_CTX_MEDIA
66 Media contexts backend, described in selabel_media(5).
67
68 SELABEL_CTX_X
69 X Windows contexts backend, described in selabel_x(5).
70
71 SELABEL_CTX_DB
72 Database objects contexts backend, described in selabel_db(5).
73
75 A non-NULL handle value is returned on success. On error, NULL is re‐
76 turned and errno is set appropriately.
77
79 Eamon Walsh <ewalsh@tycho.nsa.gov>
80
82 selabel_lookup(3), selabel_stats(3), selinux_set_callback(3),
83 selinux(8)
84
85
86
87 18 Jun 2007 selabel_open(3)