rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   9c6feb63de70da6ffdcecffa77840b0c3dedcf81
  2.   libselinux
  3.   include
  4.   selinux
  5.   get_context_list.h
Blob Blame History Raw 
#ifndef _SELINUX_GET_SID_LIST_H_
#define _SELINUX_GET_SID_LIST_H_

#include <selinux/selinux.h>

#ifdef __cplusplus
extern "C"
{
#endif

#define SELINUX_DEFAULTUSER "user_u"

/* Get an ordered list of authorized security contexts for a user session
   for 'user' spawned by 'fromcon' and set *conary to refer to the 
   NULL-terminated array of contexts.  Every entry in the list will
   be authorized by the policy, but the ordering is subject to user
   customizable preferences.  Returns number of entries in *conary.
   If 'fromcon' is NULL, defaults to current context.
   Caller must free via freeconary. */
extern int get_ordered_context_list(const char *user, 
				    security_context_t fromcon,
				    security_context_t **list);

/* As above, but use the provided MLS level rather than the
   default level for the user. */
int get_ordered_context_list_with_level (const char *user, 
					 const char *level, 
					 security_context_t fromcon, 
					 security_context_t **list);

/* Get the default security context for a user session for 'user'
   spawned by 'fromcon' and set *newcon to refer to it.  The context
   will be one of those authorized by the policy, but the selection
   of a default is subject to user customizable preferences.
   If 'fromcon' is NULL, defaults to current context.
   Returns 0 on success or -1 otherwise.
   Caller must free via freecon. */
extern int get_default_context(const char* user, 
			       security_context_t fromcon,
			       security_context_t *newcon);

/* As above, but use the provided MLS level rather than the
   default level for the user. */
int get_default_context_with_level(const char *user, 
				   const char *level,
				   security_context_t fromcon,
				   security_context_t *newcon);

/* Same as get_default_context, but only return a context
   that has the specified role.  If no reachable context exists
   for the user with that role, then return -1. */
int get_default_context_with_role(const char* user, 
				  const char *role,
				  security_context_t fromcon,
				  security_context_t *newcon);

/* Given a list of authorized security contexts for the user, 
   query the user to select one and set *newcon to refer to it.
   Caller must free via freecon.
   Returns 0 on sucess or -1 otherwise. */
extern int query_user_context(security_context_t *list, 
			      security_context_t *newcon);

/* Allow the user to manually enter a context as a fallback
   if a list of authorized contexts could not be obtained. 
   Caller must free via freecon.
   Returns 0 on success or -1 otherwise. */
extern int manual_user_enter_context(const char *user,
				     security_context_t *newcon);

#ifdef __cplusplus
}
#endif

#endif

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation