Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   8420 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

security_compute_av(3)	   SELinux API documentation	security_compute_av(3)

NAME
       security_compute_av, security_compute_create, security_compute_relabel,
       security_compute_member,	   security_compute_user,    security_get_ini‐
       tial_context - query the SELinux policy database in the kernel.

SYNOPSIS
       #include <selinux/selinux.h>

       #include <selinux/flask.h>

       int   security_compute_av(security_context_t  scon,  security_context_t
       tcon,  security_class_t	tclass,	 access_vector_t   requested,	struct
       av_decision *avd);

       int security_compute_create(security_context_t scon, security_context_t
       tcon, security_class_t tclass, security_context_t *newcon);

       int  security_compute_relabel(security_context_t	 scon,	 security_con‐
       text_t tcon, security_class_t tclass, security_context_t *newcon);

       int security_compute_member(security_context_t scon, security_context_t
       tcon, security_class_t tclass, security_context_t *newcon);

       int security_compute_user(security_context_t scon,  const  char	*user‐
       name, security_context_t **con);

       int  security_get_initial_context(const	char *name, security_context_t
       "con );

       int checkPasswdAccess(access_vector_t requested);

DESCRIPTION
       security_compute_av queries whether the policy permits the source  con‐
       text  scon  to access the target context tcon via class tclass with the
       requested access vector. See the cron source for a usage example.

       security_compute_create is used to compute a context to use for	label‐
       ing a new object in a particular class based on a SID pair.

       security_compute_relabel is used to compute the new context to use when
       relabeling an object, it is used in the pam_selinux.so source  and  the
       newrole	source	to  determine  the  correct label for the tty at login
       time, but can be used for other things.

       security_compute_member is used to compute  the	context	 to  use  when
       labeling a polyinstantiated object instance.

       security_compute_user  is  used	to  determine the set of user contexts
       that  can  be  reached  from  a	source	context.  Is  mainly  used  by
       get_ordered_context_list.

       security_get_initial_context  is	 used  to  get the context of a kernel
       initial security identifier specified by name

       checkPasswdAccess This functions is a helper functions that allows  you
       to  check  for a permission in the passwd class. checkPasswdAccess uses
       getprevcon() for the source and target security contexts.

RETURN VALUE
       0 for success and on error -1 is returned.

SEE ALSO
       selinux(8), getcon(3), getfilecon(3), get_ordered_context_list(3)

russell@coker.com.au		1 January 2004		security_compute_av(3)

Vote for polarhome