1selinux_set_callback(3)    SELinux API documentation   selinux_set_callback(3)
2
3
4

NAME

6       selinux_set_callback - userspace SELinux callback facilities
7

SYNOPSIS

9       #include <selinux/selinux.h>
10
11       void selinux_set_callback(int type, union selinux_callback callback);
12

DESCRIPTION

14       selinux_set_callback() sets the callback indicated by type to the value
15       of callback, which should be passed as a function pointer cast to  type
16       union selinux_callback.
17
18       All  callback  functions  should return a negative value with errno set
19       appropriately on error.
20
21       The available values for type are:
22
23       SELINUX_CB_LOG
24              int (*func_log) (int type, const char *fmt, ...);
25
26              This callback  is  used  for  logging  and  should  process  the
27              printf(3)  style  fmt  string and arguments as appropriate.  The
28              type argument indicates the type of message and will be  set  to
29              one of the following:
30
31              SELINUX_ERROR
32
33              SELINUX_WARNING
34
35              SELINUX_INFO
36
37              SELINUX_AVC
38
39              SELINUX_POLICYLOAD
40
41              SELINUX_SETENFORCE
42
43              SELINUX_ERROR,  SELINUX_WARNING, and SELINUX_INFO indicate stan‐
44              dard log severity levels and are not auditable messages.
45
46              The SELINUX_AVC, SELINUX_POLICYLOAD, and SELINUX_SETENFORCE mes‐
47              sage   types   can   be   audited   with   AUDIT_USER_AVC,   AU‐
48              DIT_USER_MAC_POLICY_LOAD, and AUDIT_USER_MAC_STATUS values  from
49              libaudit,  respectively.   If  they are not audited, SELINUX_AVC
50              should be considered  equivalent  to  SELINUX_ERROR;  similarly,
51              SELINUX_POLICYLOAD  and  SELINUX_SETENFORCE should be considered
52              equivalent to SELINUX_INFO.
53
54
55       SELINUX_CB_AUDIT
56              int (*func_audit) (void *auditdata, security_class_t cls,
57                                 char *msgbuf, size_t msgbufsize);
58
59              This callback is used for supplemental auditing in AVC messages.
60              The  auditdata  and  cls  arguments  are  the  values  passed to
61              avc_has_perm(3).   A  human-readable  interpretation  should  be
62              printed to msgbuf using no more than msgbufsize characters.
63
64       SELINUX_CB_VALIDATE
65              int (*func_validate) (char **ctx);
66
67              This  callback is used for context validation.  The callback may
68              optionally modify the input context by setting the target of the
69              ctx  pointer  to  a  new  context.   In this case, the old value
70              should be freed with freecon(3).  The value of errno  should  be
71              set to EINVAL to indicate an invalid context.
72
73       SELINUX_CB_SETENFORCE
74              int (*func_setenforce) (int enforcing);
75
76              This  callback  is  invoked  when  the  system  enforcing  state
77              changes.  The enforcing argument indicates the new value and  is
78              set to 1 for enforcing mode, and 0 for permissive mode.
79
80       SELINUX_CB_POLICYLOAD
81              int (*func_policyload) (int seqno);
82
83              This  callback  is  invoked  when  the system security policy is
84              reloaded.  The seqno argument is the current  sequential  number
85              of the policy generation in the system.
86

RETURN VALUE

88       None.
89

ERRORS

91       None.
92

AUTHOR

94       Eamon Walsh <ewalsh@tycho.nsa.gov>
95

SEE ALSO

97       selabel_open(3), avc_init(3), avc_netlink_open(3), selinux(8)
98
99
100
101                                  20 Jun 2007          selinux_set_callback(3)
Impressum