|
Chris PeBenito |
473ea7 |
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
Chris PeBenito |
473ea7 |
.\"
|
|
Chris PeBenito |
473ea7 |
.\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004
|
|
Chris PeBenito |
473ea7 |
.TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation"
|
|
Chris PeBenito |
473ea7 |
.SH "NAME"
|
|
Chris PeBenito |
473ea7 |
avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate security ID's.
|
|
Chris PeBenito |
473ea7 |
.SH "SYNOPSIS"
|
|
Chris PeBenito |
473ea7 |
.B #include <selinux/selinux.h>
|
|
Chris PeBenito |
473ea7 |
.br
|
|
Chris PeBenito |
473ea7 |
.B #include <selinux/avc.h>
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int avc_sid_to_context(security_id_t " sid ", security_context_t *" ctx ");"
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int sidget(security_id_t " sid ");"
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int sidput(security_id_t " sid ");"
|
|
Chris PeBenito |
473ea7 |
.SH "DESCRIPTION"
|
|
Chris PeBenito |
473ea7 |
Security ID's (SID's) are reference-counted, opaque representations of security contexts.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B avc_context_to_sid
|
|
Chris PeBenito |
473ea7 |
returns a SID for the given
|
|
Chris PeBenito |
473ea7 |
.I context
|
|
Chris PeBenito |
473ea7 |
in the memory referenced by
|
|
Chris PeBenito |
473ea7 |
.IR sid ,
|
|
Chris PeBenito |
473ea7 |
incrementing its reference count by 1.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B avc_sid_to_context
|
|
Chris PeBenito |
473ea7 |
returns a copy of the context represented by
|
|
Chris PeBenito |
473ea7 |
.I sid
|
|
Chris PeBenito |
473ea7 |
in the memory referenced by
|
|
Chris PeBenito |
473ea7 |
.IR ctx .
|
|
Chris PeBenito |
473ea7 |
The user must free the copy with
|
|
Chris PeBenito |
473ea7 |
.BR freecon (3).
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B sidget
|
|
Chris PeBenito |
473ea7 |
increments the reference count of
|
|
Chris PeBenito |
473ea7 |
.I sid
|
|
Chris PeBenito |
473ea7 |
by 1.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B sidput
|
|
Chris PeBenito |
473ea7 |
decrements the reference count of
|
|
Chris PeBenito |
473ea7 |
.I sid
|
|
Chris PeBenito |
473ea7 |
by 1. If the count ever reaches zero, the SID becomes
|
|
Chris PeBenito |
473ea7 |
invalid and must not be used any further.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "RETURN VALUE"
|
|
Chris PeBenito |
473ea7 |
.B sidget
|
|
Chris PeBenito |
473ea7 |
and
|
|
Chris PeBenito |
473ea7 |
.B sidput
|
|
Chris PeBenito |
473ea7 |
return the new reference count. A return value of zero indicates
|
|
Chris PeBenito |
473ea7 |
an invalid SID.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B avc_context_to_sid
|
|
Chris PeBenito |
473ea7 |
and
|
|
Chris PeBenito |
473ea7 |
.B avc_sid_to_context
|
|
Chris PeBenito |
473ea7 |
return zero on success. On error, \-1 is returned and
|
|
Chris PeBenito |
473ea7 |
.I errno
|
|
Chris PeBenito |
473ea7 |
is set appropriately.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "ERRORS"
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.B EINVAL
|
|
Chris PeBenito |
473ea7 |
The provided
|
|
Chris PeBenito |
473ea7 |
.I sid
|
|
Chris PeBenito |
473ea7 |
has a zero reference count and is invalid.
|
|
Chris PeBenito |
473ea7 |
.TP
|
|
Chris PeBenito |
473ea7 |
.B ENOMEM
|
|
Chris PeBenito |
473ea7 |
An attempt to allocate memory failed.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "NOTES"
|
|
Chris PeBenito |
473ea7 |
The expected usage pattern for these functions is that
|
|
Chris PeBenito |
473ea7 |
.B avc_context_to_sid
|
|
Chris PeBenito |
473ea7 |
will be called once to obtain a SID for a newly created object,
|
|
Chris PeBenito |
473ea7 |
.B sidget
|
|
Chris PeBenito |
473ea7 |
will be called on a SID when its object is duplicated, and
|
|
Chris PeBenito |
473ea7 |
.B sidput
|
|
Chris PeBenito |
473ea7 |
will be called on a SID when its object is destroyed. Proper reference counting is necessary to ensure that SID's and associated cache entries are reclaimed from memory when no longer needed.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "AUTHOR"
|
|
Chris PeBenito |
473ea7 |
Eamon Walsh <ewalsh@epoch.ncsc.mil>
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "SEE ALSO"
|
|
Chris PeBenito |
473ea7 |
.BR avc_init (3),
|
|
Chris PeBenito |
473ea7 |
.BR avc_has_perm (3),
|
|
Chris PeBenito |
473ea7 |
.BR avc_cache_stats (3),
|
|
Chris PeBenito |
473ea7 |
.BR avc_add_callback (3),
|
|
Chris PeBenito |
473ea7 |
.BR getcon (3),
|
|
Chris PeBenito |
473ea7 |
.BR freecon (3)
|