1avc_context_to_sid(3)     SE Linux API documentation     avc_context_to_sid(3)
2
3
4

NAME

6       avc_context_to_sid,  avc_sid_to_context,  sidput,  sidget, avc_get_ini‐
7       tial_sid - obtain and manipulate SELinux security ID's.
8

SYNOPSIS

10       #include <selinux/selinux.h>
11
12       #include <selinux/avc.h>
13
14       int avc_context_to_sid(security_context_t ctx, security_id_t *sid);
15
16       int avc_sid_to_context(security_id_t sid, security_context_t *ctx);
17
18       int sidget(security_id_t sid);
19
20       int sidput(security_id_t sid);
21
22       int avc_get_initial_sid(const char *name, security_id_t *sid);
23
24

DESCRIPTION

26       Security ID's (SID's) are reference-counted, opaque representations  of
27       security contexts.
28
29       avc_context_to_sid  returns  a  SID for the given context in the memory
30       referenced by sid, incrementing its reference count by 1.
31
32       avc_sid_to_context returns a copy of the context represented by sid  in
33       the  memory  referenced  by  ctx.   The  user  must  free the copy with
34       freecon(3).
35
36       sidget increments the reference count of sid by 1.
37
38       sidput decrements the reference count of sid by 1.  If the  count  ever
39       reaches zero, the SID becomes invalid and must not be used any further.
40
41       avc_get_initial_sid returns a SID for the kernel initial security iden‐
42       tifier specified by name
43
44

RETURN VALUE

46       sidget and sidput return the new reference count.  A  return  value  of
47       zero indicates an invalid SID.
48
49       avc_context_to_sid  and  avc_sid_to_context return zero on success.  On
50       error, -1 is returned and errno is set appropriately.
51
52

ERRORS

54       EINVAL The provided sid has a zero reference count and is invalid.
55
56       ENOMEM An attempt to allocate memory failed.
57
58

NOTES

60       The expected  usage  pattern  for  these  functions  is  that  avc_con‐
61       text_to_sid  will  be  called  once to obtain a SID for a newly created
62       object, sidget will be called on a SID when its object  is  duplicated,
63       and  sidput  will  be  called  on  a  SID when its object is destroyed.
64       Proper reference counting is necessary to ensure that SID's and associ‐
65       ated cache entries are reclaimed from memory when no longer needed.
66
67

AUTHOR

69       Eamon Walsh <ewalsh@epoch.ncsc.mil>
70
71

SEE ALSO

73       avc_init(3),  avc_has_perm(3), avc_cache_stats(3), avc_add_callback(3),
74       getcon(3), freecon(3) selinux(8)
75
76
77
78                                  27 May 2004            avc_context_to_sid(3)
Impressum