mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-05 04:59:42 +00:00
9eb9c93275
In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
75 lines
1.2 KiB
Groff
75 lines
1.2 KiB
Groff
.TH "selinux_file_context_cmp" "3" "08 March 2011" "SELinux API documentation"
|
|
.SH "NAME"
|
|
selinux_file_context_cmp \- Compare two SELinux security contexts excluding the 'user' component
|
|
.
|
|
.SH "SYNOPSIS"
|
|
.B #include <selinux/selinux.h>
|
|
.sp
|
|
.BI "int selinux_file_context_cmp(const char * " a ", "
|
|
.RS
|
|
.BI "const char * " b ");"
|
|
.RE
|
|
.
|
|
.SH "DESCRIPTION"
|
|
.BR selinux_file_context_cmp ()
|
|
compares two context strings excluding the user component with
|
|
.BR strcmp (3)
|
|
as shown in the
|
|
.B EXAMPLE
|
|
section.
|
|
.sp
|
|
This is useful as for most object contexts, the user component is not relevant.
|
|
.
|
|
.SH "RETURN VALUE"
|
|
The return values follow the
|
|
.BR strcmp (3)
|
|
function, where:
|
|
.RS
|
|
0 if they are equal.
|
|
.RE
|
|
.RS
|
|
1 if
|
|
.I a
|
|
is greater than
|
|
.I b
|
|
.RE
|
|
.RS
|
|
\-1 if
|
|
.I a
|
|
is less than
|
|
.I b
|
|
.RE
|
|
.
|
|
.SH "ERRORS"
|
|
None.
|
|
.
|
|
.SH "NOTES"
|
|
The contexts being compared do not specifically need to be file contexts.
|
|
.
|
|
.SH "EXAMPLE"
|
|
If context
|
|
.I a
|
|
is:
|
|
.RS
|
|
user_u:user_r:user_t:s0
|
|
.RE
|
|
.sp
|
|
and context
|
|
.I b
|
|
is:
|
|
.RS
|
|
root:user_r:user_t:s0
|
|
.RE
|
|
.sp
|
|
then the actual strings compared are:
|
|
.RS
|
|
:user_r:user_t:s0 and :user_r:user_t:s0
|
|
.RE
|
|
.sp
|
|
Therefore they will match and
|
|
.BR selinux_file_context_cmp ()
|
|
will return zero.
|
|
.
|
|
.SH "SEE ALSO"
|
|
.BR selinux "(8)"
|