NAME
sepol_genusers - Generate a new binary policy image with a customized
user configuration
SYNOPSIS
#include <sepol/sepol.h>
int sepol_genusers(void *data, size_t len, const char *usersdir, void
*newdata, size_t *newlen);
void sepol_set_delusers(int on);
DESCRIPTION
sepol_genusers generates a new binary policy image from an existing
binary policy image stored in the memory region described by the
starting address data and the length len and a pair of user
configuration files named system.users and local.users from the
directory specified by usersdir. The resulting binary policy is placed
into dynamically allocated memory and the variables newdata and newlen
are set to refer to the new binary image’s starting address and length.
The original binary policy image is not modified.
By default, sepol_genusers will preserve user entries that are defined
in the original binary policy image but not defined in the user
configuration files. If such user entries should instead by omitted
entirely from the new binary policy image, then the sepol_set_delusers
function may be called with on set to 1 prior to calling sepol_genusers
in order to enable deletion of such users.
RETURN VALUE
Returns 0 on success or -1 otherwise, with errno set appropriately. An
errno of ENOENT indicates that one or both of the user configuration
files did not exist. An errno of EINVAL indicates that either the
original binary policy image or the generated one were invalid. An
errno of ENOMEM indicates that insufficient memory was available to
process the original binary policy image or to generate the new policy
image. Invalid entries in the user configuration files are skipped
with a warning.