avc_sid_to_context
avc_context_to_sid(3) SE Linux API documentation avc_context_to_sid(3)
NAME
avc_context_to_sid, avc_sid_to_context, sidput, sidget - obtain and
manipulate security ID’s.
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/avc.h>
int avc_context_to_sid(security_context_t ctx, security_id_t *sid);
int avc_sid_to_context(security_id_t sid, security_context_t *ctx);
int sidget(security_id_t sid);
int sidput(security_id_t sid);
DESCRIPTION
Security ID’s (SID’s) are reference-counted, opaque representations of
security contexts.
avc_context_to_sid returns a SID for the given context in the memory
referenced by sid, incrementing its reference count by 1.
avc_sid_to_context returns a copy of the context represented by sid in
the memory referenced by ctx. The user must free the copy with
freecon(3).
sidget increments the reference count of sid by 1.
sidput decrements the reference count of sid by 1. If the count ever
reaches zero, the SID becomes invalid and must not be used any fur-
ther.
RETURN VALUE
sidget and sidput return the new reference count. A return value of
zero indicates an invalid SID.
avc_context_to_sid and avc_sid_to_context return zero on success. On
error, -1 is returned and errno is set appropriately.
ERRORS
EINVAL The provided sid has a zero reference count and is invalid.
ENOMEM An attempt to allocate memory failed.
NOTES
The expected usage pattern for these functions is that avc_con-
text_to_sid will be called once to obtain a SID for a newly created
object, sidget will be called on a SID when its object is duplicated,
and sidput will be called on a SID when its object is destroyed.
Proper reference counting is necessary to ensure that SID’s and asso-
ciated cache entries are reclaimed from memory when no longer needed.
AUTHOR
Eamon Walsh <ewalsh@epoch.ncsc.mil>
SEE ALSO
avc_init(3), avc_has_perm(3), avc_cache_stats(3), avc_add_callback(3),
getcon(3), freecon(3)
27 May 2004 avc_context_to_sid(3)
