selinux/libselinux/man/man3/matchpathcon.3
Stephen Smalley 9eb9c93275 Get rid of security_context_t and fix const declarations.
In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller.   Easiest fix is to replace them all with
const char *.  And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them.  typedef left to permit
building legacy users until such a time as all are updated.

This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
2014-02-19 16:11:48 -05:00

93 lines
2.8 KiB
Groff

.TH "matchpathcon" "3" "21 November 2009" "sds@tycho.nsa.gov" "SELinux API documentation"
.SH "NAME"
matchpathcon, matchpathcon_index \- get the default SELinux security context for the specified path from the file contexts configuration
.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int matchpathcon_init(const char *" path ");"
.sp
.BI "int matchpathcon_init_prefix(const char *" path ", const char *" subset ");"
.sp
.BI "int matchpathcon_fini(void);"
.sp
.BI "int matchpathcon(const char *" path ", mode_t " mode ", char **" con ");
.sp
.BI "int matchpathcon_index(const char *" name ", mode_t " mode ", char **" con ");"
.
.SH "DESCRIPTION"
.BR matchpathcon_init ()
loads the file contexts configuration specified by
.I path
into memory for use by subsequent
.BR matchpathcon ()
calls. If
.I path
is NULL, then the active file contexts configuration is loaded by default,
i.e. the path returned by
.BR selinux_file_context_path (3).
Unless the
.B MATCHPATHCON_BASEONLY
flag has been set via
.BR \%set_matchpathcon_flags (3),
files with the same path prefix but a
.B \%.homedirs
and
.B .local
suffix are also looked up and loaded if present. These files provide
dynamically generated entries for user home directories and for local
customizations.
.BR matchpathcon_init_prefix ()
is the same as
.BR matchpathcon_init ()
but only loads entries with regular expressions that have stems prefixed
by
.I \%prefix.
.BR matchpathcon_fini ()
frees the memory allocated by a prior call to
.BR matchpathcon_init. ()
This function can be used to free and reset the internal state between multiple
.BR matchpathcon_init ()
calls, or to free memory when finished using
.BR matchpathcon ().
.BR matchpathcon ()
matches the specified pathname and mode against the file contexts
configuration and sets the security context
.I con
to refer to the
resulting context. The caller must free the returned security context
.I con
using
.BR freecon (3)
when finished using it.
.I mode
can be 0 to disable mode matching, but
should be provided whenever possible, as it may affect the matching.
Only the file format bits (i.e. the file type) of the
.I mode
are used.
If
.BR matchpathcon_init ()
has not already been called, then this function will call it upon
its first invocation with a NULL
.I path,
defaulting to the active file contexts configuration.
.BR matchpathcon_index ()
is the same as
.BR matchpathcon ()
but returns a specification index that can later be used in a
.BR matchpathcon_filespec_add (3)
call.
.
.SH "RETURN VALUE"
Returns zero on success or \-1 otherwise.
.
.SH "SEE ALSO"
.ad l
.nh
.BR selinux "(8), " set_matchpathcon_flags "(3), " set_matchpathcon_invalidcon "(3), " set_matchpathcon_printf "(3), " matchpathcon_filespec_add "(3), " matchpathcon_checkmatches "(3), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"