selinux/libselinux/man/man3/selabel_digest.3
Richard Haines e40bbea95f libselinux: Add selabel_digest function
selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during
selabel_open(3) will return an SHA1 digest of the spec files, plus
a list of the specfiles used to calculate the digest. There is a
test utility supplied that will demonstrate the functionality.

The use case for selabel_digest(3) is to implement an selinux_restorecon
function based on the Android version that writes a hash of the
file_contexts files to an extended attribute to enhance performance
(see external/libselinux/src/android.c selinux_android_restorecon()).

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-10-13 17:13:24 -04:00

62 lines
1.3 KiB
Groff

.TH "selabel_digest" "3" "16 Sept 2015" "" "SELinux API documentation"
.SH "NAME"
selabel_digest \- Return digest of specfiles and list of files used
.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.br
.B #include <selinux/label.h>
.sp
.BI "int selabel_digest(struct selabel_handle *" hnd ,
.in +\w'int selabel_digest('u
.BI "unsigned char **" digest ,
.BI "size_t *" digest_len ,
.br
.BI "char ***" specfiles,
.BI "size_t *" num_specfiles ");"
.in
.
.SH "DESCRIPTION"
.BR selabel_digest ()
performs an operation on the handle
.IR hnd ,
returning the results of the SHA1 digest pointed to by
.IR digest ,
whose length will be
.IR digest_len .
The list of specfiles used in the SHA1 digest calculation is returned in
.I specfiles
with the number of entries in
.IR num_specfiles .
.sp
To enable
.BR selabel_digest ()
to return this information the
.B SELABEL_OPT_DIGEST
option must be enable in
.BR selabel_open (3).
.sp
The result of
.BR selabel_digest ()
must not be used after
.BR selabel_close (3).
.
.SH "RETURN VALUE"
On success, zero is returned. On error, \-1 is returned and
.I errno
is set appropriately.
.
.SH "ERRORS"
.TP
.B EINVAL
No digest available (returned if
.B SELABEL_OPT_DIGEST
option not enabled).
.TP
.B ENOMEM
An attempt to allocate memory failed.
.
.SH "SEE ALSO"
.BR selabel_open (3),
.BR selinux (8)