55 lines
2.1 KiB
Groff
55 lines
2.1 KiB
Groff
|
.TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"
|
||
|
.SH "NAME"
|
||
|
security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query
|
||
|
the SE Linux policy database in the kernel.
|
||
|
|
||
|
.SH "SYNOPSIS"
|
||
|
.B #include <selinux/selinux.h>
|
||
|
.br
|
||
|
.B #include <selinux/flask.h>
|
||
|
.sp
|
||
|
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
|
||
|
.sp
|
||
|
.BI "int security_compute_create(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
|
||
|
.sp
|
||
|
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
|
||
|
.sp
|
||
|
.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
|
||
|
.sp
|
||
|
.BI "int checkPasswdAccess(access_vector_t " requested );
|
||
|
|
||
|
.SH "DESCRIPTION"
|
||
|
.B security_compute_av
|
||
|
queries whether the policy permits the source context
|
||
|
.B scon
|
||
|
to access the target context
|
||
|
.B tcon
|
||
|
via class
|
||
|
.B tclass
|
||
|
with the
|
||
|
.B requested
|
||
|
access vector. See the cron source for a usage example.
|
||
|
|
||
|
.B security_compute_create
|
||
|
is used to compute a context to use for labeling a new object in a particular
|
||
|
class based on a SID pair.
|
||
|
|
||
|
.B security_compute_relabel
|
||
|
is used to compute the new context to use when relabeling an object, it is used
|
||
|
in the pam_selinux.so source and the newrole source to determine the correct
|
||
|
label for the tty at login time, but can be used for other things.
|
||
|
|
||
|
.B security_compute_user
|
||
|
is used to determine the set of user contexts that can be reached from a
|
||
|
source context. Is mainly used by
|
||
|
.B get_ordered_context_list.
|
||
|
|
||
|
.B checkPasswdAccess
|
||
|
This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
|
||
|
|
||
|
.SH "RETURN VALUE"
|
||
|
0 for success and on error -1 is returned.
|
||
|
|
||
|
.SH "SEE ALSO"
|
||
|
.BR getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
|