Search For :

in:

All Sections 1. General Commands 2. System Calls 3. Subroutines 4. Special Files 5. File Formats 6. Games and Demos 7. Macros and Conventions 8. Maintenence Commands

 

NAME

security_compute_av, security_compute_create, security_compute_relabel, security_compute_user - query the SE Linux policy database in the kernel.

 

SYNOPSIS

#include <selinux/selinux.h>
#include <selinux/flask.h>

int security_compute_av(security_context_t scon, security_context_t tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd);

int security_compute_create(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t *newcon);

int security_compute_relabel(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t *newcon);

int security_compute_user(security_context_t scon, const char *username, security_context_t **con);

 

DESCRIPTION

security_compute_av queries whether the policy permits the source context scon to access the target context tcon via class tclass with the requested access vector. See the cron source for a usage example.

security_compute_create is used to compute a context to use for labeling a new object in a particular class based on a SID pair.

security_compute_relabel is used to compute the new context to use when relabeling an object, it is used in the pam_selinux.so source and the newrole source to determine the correct label for the tty at login time, but can be used for other things.

security_compute_user is used to determine the set of user contexts that can be reached from a source context. Is mainly used by get_ordered_context_list.

 

RETURN VALUE

0 for success and on error -1 is returned.

 

SEE ALSO

getcon(3), getfilecon(3), get_ordered_context_list(3)

---

 

Index

NAME

SYNOPSIS

DESCRIPTION

RETURN VALUE

SEE ALSO