1security_compute_av(3)    SE Linux API documentation    security_compute_av(3)
2
3
4

NAME

6       security_compute_av, security_compute_create, security_compute_relabel,
7       security_compute_user, security_get_initial_context - query the SELinux
8       policy database in the kernel.
9
10

SYNOPSIS

12       #include <selinux/selinux.h>
13
14       #include <selinux/flask.h>
15
16       int   security_compute_av(security_context_t  scon,  security_context_t
17       tcon,  security_class_t  tclass,  access_vector_t   requested,   struct
18       av_decision *avd);
19
20       int security_compute_create(security_context_t scon, security_context_t
21       tcon, security_class_t tclass, security_context_t *newcon);
22
23       int  security_compute_relabel(security_context_t  scon,   security_con‐
24       text_t tcon, security_class_t tclass, security_context_t *newcon);
25
26       int  security_compute_user(security_context_t  scon,  const char *user‐
27       name, security_context_t **con);
28
29       int security_get_initial_context(const char  *name,  security_context_t
30       "con );
31
32       int checkPasswdAccess(access_vector_t requested);
33
34

DESCRIPTION

36       security_compute_av  queries whether the policy permits the source con‐
37       text scon to access the target context tcon via class tclass  with  the
38       requested access vector. See the cron source for a usage example.
39
40       security_compute_create  is used to compute a context to use for label‐
41       ing a new object in a particular class based on a SID pair.
42
43       security_compute_relabel is used to compute the new context to use when
44       relabeling  an  object, it is used in the pam_selinux.so source and the
45       newrole source to determine the correct label  for  the  tty  at  login
46       time, but can be used for other things.
47
48       security_compute_user  is  used  to  determine the set of user contexts
49       that  can  be  reached  from  a  source  context.  Is  mainly  used  by
50       get_ordered_context_list.
51
52       security_get_initial_context  is  used  to  get the context of a kernel
53       initial security identifier specified by name
54
55       checkPasswdAccess This functions is a helper functions that allows  you
56       to  check  for a permission in the passwd class. checkPasswdAccess uses
57       getprevcon() for the source and target security contexts.
58
59

RETURN VALUE

61       0 for success and on error -1 is returned.
62
63

SEE ALSO

65       selinux(8), getcon(3), getfilecon(3), get_ordered_context_list(3)
66
67
68
69russell@coker.com.au            1 January 2004          security_compute_av(3)
Impressum