Rechercher une page de manuel
security_compute_av
Langue: en
Version: 340012 (ubuntu - 24/10/10)
Section: 3 (Bibliothèques de fonctions)
NAME
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_relabel, security_compute_member, security_compute_user, security_get_initial_context - query the SELinux policy database in the kernel.SYNOPSIS
#include <selinux/selinux.h>#include <selinux/flask.h>
int security_compute_av(security_context_t scon, security_context_t tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd);
int security_compute_av_flags(security_context_t scon, security_context_t tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd);
int security_compute_create(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t *newcon);
int security_compute_relabel(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t *newcon);
int security_compute_member(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t *newcon);
int security_compute_user(security_context_t scon, const char *username, security_context_t **con);
int security_get_initial_context(const char *name, security_context_t "con );
int selinux_check_passwd_access(access_vector_t requested);
int checkPasswdAccess(access_vector_t requested);
DESCRIPTION
security_compute_av queries whether the policy permits the source context scon to access the target context tcon via class tclass with the requested access vector. The decision is returned in avd.security_compute_av_flags is identical to security_compute_av but additionally sets the flags field of avd. Currently one flag is supported: SELINUX_AVD_FLAGS_PERMISSIVE, which indicates the decision is computed on a permissive domain.
security_compute_create is used to compute a context to use for labeling a new object in a particular class based on a SID pair.
security_compute_relabel is used to compute the new context to use when relabeling an object, it is used in the pam_selinux.so source and the newrole source to determine the correct label for the tty at login time, but can be used for other things.
security_compute_member is used to compute the context to use when labeling a polyinstantiated object instance.
security_compute_user is used to determine the set of user contexts that can be reached from a source context. It is mainly used by get_ordered_context_list.
security_get_initial_context is used to get the context of a kernel initial security identifier specified by name
selinux_check_passwd_access is used to check for a permission in the passwd class. selinux_check_passwd_access uses getprevcon() for the source and target security contexts.
checkPasswdAccess is a deprecated alias of the selinux_check_passwd_access function.
RETURN VALUE
Returns zero on success or -1 on error.SEE ALSO
selinux(8), getcon(3), getfilecon(3), get_ordered_context_list(3)Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre