|
Chris PeBenito |
473ea7 |
.TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"
|
|
Chris PeBenito |
473ea7 |
.SH "NAME"
|
|
Chris PeBenito |
473ea7 |
security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query
|
|
Chris PeBenito |
473ea7 |
the SE Linux policy database in the kernel.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "SYNOPSIS"
|
|
Chris PeBenito |
473ea7 |
.B #include <selinux/selinux.h>
|
|
Chris PeBenito |
473ea7 |
.br
|
|
Chris PeBenito |
473ea7 |
.B #include <selinux/flask.h>
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int security_compute_create(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
|
|
Chris PeBenito |
473ea7 |
.sp
|
|
Chris PeBenito |
473ea7 |
.BI "int checkPasswdAccess(access_vector_t " requested );
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "DESCRIPTION"
|
|
Chris PeBenito |
473ea7 |
.B security_compute_av
|
|
Chris PeBenito |
473ea7 |
queries whether the policy permits the source context
|
|
Chris PeBenito |
473ea7 |
.B scon
|
|
Chris PeBenito |
473ea7 |
to access the target context
|
|
Chris PeBenito |
473ea7 |
.B tcon
|
|
Chris PeBenito |
473ea7 |
via class
|
|
Chris PeBenito |
473ea7 |
.B tclass
|
|
Chris PeBenito |
473ea7 |
with the
|
|
Chris PeBenito |
473ea7 |
.B requested
|
|
Chris PeBenito |
473ea7 |
access vector. See the cron source for a usage example.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B security_compute_create
|
|
Chris PeBenito |
473ea7 |
is used to compute a context to use for labeling a new object in a particular
|
|
Chris PeBenito |
473ea7 |
class based on a SID pair.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B security_compute_relabel
|
|
Chris PeBenito |
473ea7 |
is used to compute the new context to use when relabeling an object, it is used
|
|
Chris PeBenito |
473ea7 |
in the pam_selinux.so source and the newrole source to determine the correct
|
|
Chris PeBenito |
473ea7 |
label for the tty at login time, but can be used for other things.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B security_compute_user
|
|
Chris PeBenito |
473ea7 |
is used to determine the set of user contexts that can be reached from a
|
|
Chris PeBenito |
473ea7 |
source context. Is mainly used by
|
|
Chris PeBenito |
473ea7 |
.B get_ordered_context_list.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.B checkPasswdAccess
|
|
Chris PeBenito |
473ea7 |
This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "RETURN VALUE"
|
|
Chris PeBenito |
473ea7 |
0 for success and on error -1 is returned.
|
|
Chris PeBenito |
473ea7 |
|
|
Chris PeBenito |
473ea7 |
.SH "SEE ALSO"
|
|
Chris PeBenito |
473ea7 |
.BR getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
|