selinux/libselinux/man/man3/selinux_set_callback.3
Stephen Smalley 9eb9c93275 Get rid of security_context_t and fix const declarations.
In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller.   Easiest fix is to replace them all with
const char *.  And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them.  typedef left to permit
building legacy users until such a time as all are updated.

This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
2014-02-19 16:11:48 -05:00

119 lines
2.6 KiB
Groff

.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
.TH "selinux_set_callback" "3" "20 Jun 2007" "" "SELinux API documentation"
.SH "NAME"
selinux_set_callback \- userspace SELinux callback facilities
.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "void selinux_set_callback(int " type ", union selinux_callback " callback ");"
.
.SH "DESCRIPTION"
.BR selinux_set_callback ()
sets the callback indicated by
.I type
to the value of
.IR callback ,
which should be passed as a function pointer cast to type
.B union
.BR selinux_callback .
All callback functions should return a negative value with
.I errno
set appropriately on error.
The available values for
.I type
are:
.TP
.B SELINUX_CB_LOG
.BI "int (*" func_log ") (int " type ", const char *" fmt ", ...);"
This callback is used for logging and should process the
.BR printf (3)
style
.I fmt
string and arguments as appropriate. The
.I type
argument indicates the type of message and will be set to one of the following:
.B SELINUX_ERROR
.B SELINUX_WARNING
.B SELINUX_INFO
.B SELINUX_AVC
.
.TP
.B SELINUX_CB_AUDIT
.BI "int (*" func_audit ") (void *" auditdata ", security_class_t " cls ,
.in +\w'int (*func_audit) ('u
.BI "char *" msgbuf ", size_t " msgbufsize ");"
.in
This callback is used for supplemental auditing in AVC messages. The
.I auditdata
and
.I cls
arguments are the values passed to
.BR avc_has_perm (3).
A human-readable interpretation should be printed to
.I msgbuf
using no more than
.I msgbufsize
characters.
.
.TP
.B SELINUX_CB_VALIDATE
.BI "int (*" func_validate ") (char **" ctx ");"
This callback is used for context validation. The callback may optionally modify the input context by setting the target of the
.I ctx
pointer to a new context. In this case, the old value should be freed with
.BR freecon (3).
The value of
.I errno
should be set to
.B EINVAL
to indicate an invalid context.
.
.TP
.B SELINUX_CB_SETENFORCE
.BI "int (*" func_setenforce ") (int " enforcing ");"
This callback is invoked when the system enforcing state changes.
The
.I enforcing
argument indicates the new value and is set to
.I 1
for enforcing mode, and
.I 0
for permissive mode.
.
.TP
.B SELINUX_CB_POLICYLOAD
.BI "int (*" func_policyload ") (int " seqno ");"
This callback is invoked when the system security policy is reloaded.
The
.I seqno
argument is the current sequential number of the policy generation in the system.
.
.SH "RETURN VALUE"
None.
.
.SH "ERRORS"
None.
.
.SH "AUTHOR"
Eamon Walsh <ewalsh@tycho.nsa.gov>
.
.SH "SEE ALSO"
.BR selabel_open (3),
.BR avc_init (3),
.BR avc_netlink_open (3),
.BR selinux (8)