security_compute_relabel
security_compute_av(3) SE Linux API documentation security_compute_av(3)
NAME
security_compute_av, security_compute_create, security_compute_rela-
bel, security_compute_user - query the SE Linux policy database in the
kernel.
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/flask.h>
int security_compute_av(security_context_t scon, security_context_t
tcon, security_class_t tclass, access_vector_t requested, struct
av_decision *avd);
int security_compute_create(security_context_t scon, security_con-
text_t tcon, security_class_t tclass, security_context_t *newcon);
int security_compute_relabel(security_context_t scon, security_con-
text_t tcon, security_class_t tclass, security_context_t *newcon);
int security_compute_user(security_context_t scon, const char *user-
name, security_context_t **con);
int checkPasswdAccess(access_vector_t requested);
DESCRIPTION
security_compute_av queries whether the policy permits the source con-
text scon to access the target context tcon via class tclass with the
requested access vector. See the cron source for a usage example.
security_compute_create is used to compute a context to use for label-
ing a new object in a particular class based on a SID pair.
security_compute_relabel is used to compute the new context to use
when relabeling an object, it is used in the pam_selinux.so source and
the newrole source to determine the correct label for the tty at login
time, but can be used for other things.
security_compute_user is used to determine the set of user contexts
that can be reached from a source context. Is mainly used by
get_ordered_context_list.
checkPasswdAccess This functions is a helper functions that allows you
to check for a permission in the passwd class. checkPasswdAccess uses
getprevcon() for the source and target security contexts.
RETURN VALUE
0 for success and on error -1 is returned.
SEE ALSO
getcon(3), getfilecon(3), get_ordered_context_list(3)
russell@coker.com.au 1 January 2004 security_compute_av(3)
