NAME¶
sepol_genusers - Generate a new binary policy image with a customized user
configuration
SYNOPSIS¶
#include <sepol/sepol.h>
int sepol_genusers(void *data, size_t len, const
char *usersdir, void *newdata, size_t
*newlen);
void sepol_set_delusers(int on);
DESCRIPTION¶
sepol_genusers generates a new binary policy image from an existing
binary policy image stored in the memory region described by the starting
address
data and the length
len and a pair of user configuration
files named
system.users and
local.users from the directory
specified by
usersdir. The resulting binary policy is placed into
dynamically allocated memory and the variables
newdata and
newlen are set to refer to the new binary image's starting address and
length. The original binary policy image is not modified.
By default,
sepol_genusers will preserve user entries that are defined in
the original binary policy image but not defined in the user configuration
files. If such user entries should instead by omitted entirely from the new
binary policy image, then the
sepol_set_delusers function may be called
with
on set to 1 prior to calling
sepol_genusers in order to
enable deletion of such users.
RETURN VALUE¶
Returns 0 on success or -1 otherwise, with errno set appropriately. An errno of
ENOENT indicates that one or both of the user configuration files did not
exist. An errno of EINVAL indicates that either the original binary policy
image or the generated one were invalid. An errno of ENOMEM indicates that
insufficient memory was available to process the original binary policy image
or to generate the new policy image. Invalid entries in the user configuration
files are skipped with a warning.