security_compute_av man page on Oracle

Man page or keyword search:  
man Server   33470 pages
apropos Keyword Search (all sections)
Output format
Oracle logo
[printable version]

security_compute_av(3)	   SELinux API documentation	security_compute_av(3)

NAME
       security_compute_av,  security_compute_av_flags,	 security_compute_cre‐
       ate,  security_compute_create_name,   security_compute_relabel,	 secu‐
       rity_compute_member,  security_compute_user,  security_get_initial_con‐
       text - query the SELinux policy database in the kernel

SYNOPSIS
       #include <selinux/selinux.h>
       #include <selinux/flask.h>

       int  security_compute_av(security_context_t  scon,   security_context_t
       tcon,   security_class_t	  tclass,  access_vector_t  requested,	struct
       av_decision *avd);

       int security_compute_av_raw(security_context_t scon, security_context_t
       tcon,   security_class_t	  tclass,  access_vector_t  requested,	struct
       av_decision *avd);

       int  security_compute_av_flags(security_context_t  scon,	 security_con‐
       text_t tcon, security_class_t tclass, access_vector_t requested, struct
       av_decision *avd);

       int   security_compute_av_flags_raw(security_context_t	scon,	 secu‐
       rity_context_t	 tcon,	  security_class_t   tclass,   access_vector_t
       requested, struct av_decision *avd);

       int security_compute_create(security_context_t scon, security_context_t
       tcon, security_class_t tclass, security_context_t *newcon);

       int  security_compute_create_raw(security_context_t scon, security_con‐
       text_t tcon, security_class_t tclass, security_context_t *newcon);

       int security_compute_create_name(security_context_t scon, security_con‐
       text_t  tcon,  security_class_t	tclass,	 const	char  *objname,	 secu‐
       rity_context_t *newcon);

       int  security_compute_create_name_raw(security_context_t	 scon,	 secu‐
       rity_context_t  tcon,  security_class_t	tclass,	 const	char *objname,
       security_context_t *newcon);

       int  security_compute_relabel(security_context_t	 scon,	 security_con‐
       text_t tcon, security_class_t tclass, security_context_t *newcon);

       int security_compute_relabel_raw(security_context_t scon, security_con‐
       text_t tcon, security_class_t tclass, security_context_t *newcon);

       int security_compute_member(security_context_t scon, security_context_t
       tcon, security_class_t tclass, security_context_t *newcon);

       int  security_compute_member_raw(security_context_t scon, security_con‐
       text_t tcon, security_class_t tclass, security_context_t *newcon);

       int security_compute_user(security_context_t scon,  const  char	*user‐
       name, security_context_t **con);

       int   security_compute_user_raw(security_context_t   scon,  const  char
       *username, security_context_t **con);

       int security_get_initial_context(const char  *name,  security_context_t
       *con);

       int  security_get_initial_context_raw(const  char  *name, security_con‐
       text_t *con);

       int selinux_check_access(const  security_context_t  scon,  const	 secu‐
       rity_context_t  tcon, const char *class, const char *perm, void *audit‐
       data);

       int selinux_check_passwd_access(access_vector_t requested);

       int checkPasswdAccess(access_vector_t requested);

DESCRIPTION
       security_compute_av() queries whether the  policy  permits  the	source
       context	scon  to  access the target context tcon via class tclass with
       the requested access vector.  The decision is returned in avd.

       security_compute_av_flags() is  identical  to  security_compute_av  but
       additionally  sets  the flags field of avd.  Currently one flag is sup‐
       ported: SELINUX_AVD_FLAGS_PERMISSIVE, which indicates the  decision  is
       computed on a permissive domain.

       security_compute_create()  is  used  to	compute	 a  context to use for
       labeling a new object in a particular class based on a SID pair.

       security_compute_create_name()	      is	 identical	    to
       security_compute_create() but also takes name of the new object in cre‐
       ation as an argument.  When TYPE_TRANSITION rule on the given class and
       a SID pair has object name extension, we shall be able to obtain a cor‐
       rect newcon according to the security policy. Note that this  interface
       is  only	 supported on the linux 2.6.40 or later.  In the older kernel,
       the object name will be simply ignored.

       security_compute_relabel() is used to compute the new  context  to  use
       when  relabeling an object, it is used in the pam_selinux.so source and
       the newrole source to determine the correct label for the tty at	 login
       time, but can be used for other things.

       security_compute_member()  is  used  to compute the context to use when
       labeling a polyinstantiated object instance.

       security_compute_user() is used to determine the set of	user  contexts
       that  can  be  reached  from  a	source	context.  It is mainly used by
       get_ordered_context_list().

       security_get_initial_context() is used to get the context of  a	kernel
       initial security identifier specified by name

       security_compute_av_raw(),	      security_compute_av_flags_raw(),
       security_compute_create_raw(),	   security_compute_create_name_raw(),
       security_compute_relabel_raw(),		security_compute_member_raw(),
       security_compute_user_raw()   and    security_get_initial_context_raw()
       behave  identically  to	their  non-raw counterparts but do not perform
       context translation.

       selinux_check_access() is used to check if the source context  has  the
       access permission for the specified class on the target context.

       selinux_check_passwd_access()  is used to check for a permission in the
       passwd class.  selinux_check_passwd_access() uses getprevcon() for  the
       source and target security contexts.

       checkPasswdAccess()     is     a	    deprecated	   alias     of	   the
       selinux_check_passwd_access() function.

RETURN VALUE
       Returns zero on success or -1 on error.

SEE ALSO
       selinux(8), getcon(3), getfilecon(3), get_ordered_context_list(3)

russell@coker.com.au		1 January 2004		security_compute_av(3)
[top]

List of man pages available for Oracle

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net