NAME¶
get_ordered_context_list, get_ordered_context_list_with_level,
get_default_context, get_default_context_with_level,
get_default_context_with_role, get_default_context_with_rolelevel,
query_user_context, manual_user_enter_context, get_default_role - determine
SELinux context(s) for user sessions
SYNOPSIS¶
#include <selinux/selinux.h>
#include <selinux/get_context_list.h>
int get_ordered_context_list(const char *user,
security_context_t fromcon, security_context_t
**list);
int get_ordered_context_list_with_level(const char *user, const
char *level, security_context_t fromcon,
security_context_t **list);
int get_default_context(const char *user, security_context_t
fromcon, security_context_t *newcon);
int get_default_context_with_level(const char *user, const char
*level, security_context_t fromcon,
security_context_t *newcon);
int get_default_context_with_role(const char* user, const char
*role, security_context_t fromcon,
security_context_t *newcon);
int get_default_context_with_rolelevel(const char* user, const
char* level, const char *role, security_context_t
fromcon, security_context_t *newcon);
int query_user_context(security_context_t *list,
security_context_t *newcon);
int manual_user_enter_context(const char *user,
security_context_t *newcon);
int get_default_type(const char *role, char
**type);
DESCRIPTION¶
get_ordered_context_list invokes the
security_compute_user
function to obtain the list of contexts for the specified
user that are
reachable from the specified
fromcon context. The function then orders
the resulting list based on the global
/etc/selinux/<SELINUXTYPE>/contexts/default_contexts file and the
per-user
/etc/selinux/<SELINUXTYPE>/contexts/users/<username> file
if it exists. The
fromcon parameter may be NULL to indicate that the
current context should be used. The function returns the number of contexts in
the list, or -1 upon errors. The list must be freed using the
freeconary function.
get_ordered_context_list_with_level invokes the get_ordered_context_list
function and applies the specified level.
get_default_context is the same as get_ordered_context_list but only
returns a single context which has to be freed with freecon.
get_default_context_with_level invokes the get_default_context function
and applies the specified level.
get_default_context_with_role is the same as get_default_context but only
returns a context with the specified role, returning -1 if no such context is
reachable for the user.
get_default_context_with_rolelevel invokes the
get_default_context_with_role function and applies the specified level.
query_user_context takes a list of contexts, queries the user via
stdin/stdout as to which context they want, and returns a new context as
selected by the user (which has to be freed with freecon).
manual_user_enter_context allows the user to manually enter a context as
a fallback if a list of authorized contexts could not be obtained. Caller must
free via freecon.
get_default_type Get the default type (domain) for 'role' and set 'type'
to refer to it, which has to be freed with free.
RETURN VALUE¶
get_ordered_context_list and get_ordered_context_list_with_level return the
number of contexts in the list upon success or -1 upon errors. The other
functions return 0 for success or -1 for errors.
SEE ALSO¶
selinux(8),
freeconary(3),
freecon(3),
security_compute_av(3),getseuserbyname"(3)"