RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-05-11 03:58:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
00f0d550d5
selinux/libselinux/man/man3/security_compute_av.3
KaiGai Kohei 55ed6e7fa6 This patch enables applications to handle permissive domain correctly. 
Since the v2.6.26 kernel, SELinux has supported an idea of permissive
domain which allows certain processes to work as if permissive mode,
even if the global setting is enforcing mode.
However, we don't have an application program interface to inform
what domains are permissive one, and what domains are not.
It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL
and so on) cannot handle permissive domain correctly.

This patch add the sixth field (flags) on the reply of the /selinux/access
interface which is used to make an access control decision from userspace.
If the first bit of the flags field is positive, it means the required
access control decision is on permissive domain, so application should
allow any required actions, as the kernel doing.

This patch also has a side benefit. The av_decision.flags is set at
context_struct_compute_av(). It enables to check required permissions
without read_lock(&policy_rwlock).

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2009-04-07 22:10:30 -04:00

83 lines
3.1 KiB
Groff
Raw Blame History

.TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
.SH "NAME"
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_relabel,
security_compute_member, security_compute_user, security_get_initial_context \- query
the SELinux policy database in the kernel.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.B #include <selinux/flask.h>
.sp
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
.sp
.BI "int security_compute_av_flags(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
.sp
.BI "int security_compute_create(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
.BI "int security_compute_member(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
.sp
.BI "int security_get_initial_context(const char *" name ", security_context_t
"con );
.sp
.BI "int checkPasswdAccess(access_vector_t " requested );
.SH "DESCRIPTION"
.B security_compute_av
queries whether the policy permits the source context
.B scon
to access the target context
.B tcon
via class
.B tclass
with the
.B requested
access vector. The decision is returned in
.BR avd .
.B security_compute_av_flags
is identical to
.B security_compute_av
but additionally sets the
.B flags
field of
.BR avd .
Currently one flag is supported:
.BR SELINUX_AVD_FLAGS_PERMISSIVE ,
which indicates the decision is computed on a permissive domain.
.B security_compute_create
is used to compute a context to use for labeling a new object in a particular
class based on a SID pair.
.B security_compute_relabel
is used to compute the new context to use when relabeling an object, it is used
in the pam_selinux.so source and the newrole source to determine the correct
label for the tty at login time, but can be used for other things.
.B security_compute_member
is used to compute the context to use when labeling a polyinstantiated object
instance.
.B security_compute_user
is used to determine the set of user contexts that can be reached from a
source context. Is mainly used by
.B get_ordered_context_list.
.B security_get_initial_context
is used to get the context of a kernel initial security identifier specified by
.I name
.B checkPasswdAccess
This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
.SH "RETURN VALUE"
0 for success and on error -1 is returned.
.SH "SEE ALSO"
.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
Reference in New Issue View Git Blame Copy Permalink