Man Linux: Main Page and Category List

NAME

       security_compute_av,                         security_compute_av_flags,
       security_compute_create,                      security_compute_relabel,
       security_compute_member,                         security_compute_user,
       security_get_initial_context - query the SELinux policy database in the
       kernel.

SYNOPSIS

       #include <selinux/selinux.h>

       #include <selinux/flask.h>

       int   security_compute_av(security_context_t  scon,  security_context_t
       tcon,  security_class_t  tclass,  access_vector_t   requested,   struct
       av_decision *avd);

       int          security_compute_av_flags(security_context_t         scon,
       security_context_t  tcon,  security_class_t   tclass,   access_vector_t
       requested, struct av_decision *avd);

       int security_compute_create(security_context_t scon, security_context_t
       tcon, security_class_t tclass, security_context_t *newcon);

       int          security_compute_relabel(security_context_t          scon,
       security_context_t  tcon,  security_class_t  tclass, security_context_t
       *newcon);

       int security_compute_member(security_context_t scon, security_context_t
       tcon, security_class_t tclass, security_context_t *newcon);

       int    security_compute_user(security_context_t    scon,   const   char
       *username, security_context_t **con);

       int security_get_initial_context(const char  *name,  security_context_t
       "con );

       int selinux_check_passwd_access(access_vector_t requested);

       int checkPasswdAccess(access_vector_t requested);

DESCRIPTION

       security_compute_av  queries  whether  the  policy  permits  the source
       context scon to access the target context tcon via  class  tclass  with
       the requested access vector.  The decision is returned in avd.

       security_compute_av_flags   is  identical  to  security_compute_av  but
       additionally sets the flags  field  of  avd.   Currently  one  flag  is
       supported:  SELINUX_AVD_FLAGS_PERMISSIVE,  which indicates the decision
       is computed on a permissive domain.

       security_compute_create is  used  to  compute  a  context  to  use  for
       labeling a new object in a particular class based on a SID pair.

       security_compute_relabel is used to compute the new context to use when
       relabeling an object, it is used in the pam_selinux.so source  and  the
       newrole  source  to  determine  the  correct label for the tty at login
       time, but can be used for other things.

       security_compute_member is used to compute  the  context  to  use  when
       labeling a polyinstantiated object instance.

       security_compute_user  is  used  to  determine the set of user contexts
       that can be reached from  a  source  context.  It  is  mainly  used  by
       get_ordered_context_list.

       security_get_initial_context  is  used  to  get the context of a kernel
       initial security identifier specified by name

       selinux_check_passwd_access is used to check for a  permission  in  the
       passwd  class.   selinux_check_passwd_access  uses getprevcon() for the
       source and target security contexts.

       checkPasswdAccess     is     a     deprecated     alias     of      the
       selinux_check_passwd_access function.

RETURN VALUE

       Returns zero on success or -1 on error.

SEE ALSO

       selinux(8), getcon(3), getfilecon(3), get_ordered_context_list(3)