source-git / libselinux

Clone
Source Code
GIT

Files

  1.   10cefc0d0ec1b4a2305c35d87e594a31d141e9eb
  2.   include
  3.   selinux
  4.   get_context_list.h
Blob Blame History Raw 
#ifndef _SELINUX_GET_SID_LIST_H_
#define _SELINUX_GET_SID_LIST_H_

#include <selinux/selinux.h>

#ifdef __cplusplus
extern "C" {
#endif

#define SELINUX_DEFAULTUSER "user_u"

/* Get an ordered list of authorized security contexts for a user session
   for 'user' spawned by 'fromcon' and set *conary to refer to the 
   NULL-terminated array of contexts.  Every entry in the list will
   be authorized by the policy, but the ordering is subject to user
   customizable preferences.  Returns number of entries in *conary.
   If 'fromcon' is NULL, defaults to current context.
   Caller must free via freeconary. */
	extern int get_ordered_context_list(const char *user,
					    char * fromcon,
					    char *** list);

/* As above, but use the provided MLS level rather than the
   default level for the user. */
	int get_ordered_context_list_with_level(const char *user,
						const char *level,
						char * fromcon,
						char *** list);

/* Get the default security context for a user session for 'user'
   spawned by 'fromcon' and set *newcon to refer to it.  The context
   will be one of those authorized by the policy, but the selection
   of a default is subject to user customizable preferences.
   If 'fromcon' is NULL, defaults to current context.
   Returns 0 on success or -1 otherwise.
   Caller must free via freecon. */
	extern int get_default_context(const char *user,
				       char * fromcon,
				       char ** newcon);

/* As above, but use the provided MLS level rather than the
   default level for the user. */
	int get_default_context_with_level(const char *user,
					   const char *level,
					   char * fromcon,
					   char ** newcon);

/* Same as get_default_context, but only return a context
   that has the specified role.  If no reachable context exists
   for the user with that role, then return -1. */
	int get_default_context_with_role(const char *user,
					  const char *role,
					  char * fromcon,
					  char ** newcon);

/* Same as get_default_context, but only return a context
   that has the specified role and level.  If no reachable context exists
   for the user with that role, then return -1. */
	int get_default_context_with_rolelevel(const char *user,
					       const char *role,
					       const char *level,
					       char * fromcon,
					       char ** newcon);

/* Given a list of authorized security contexts for the user, 
   query the user to select one and set *newcon to refer to it.
   Caller must free via freecon.
   Returns 0 on sucess or -1 otherwise. */
	extern int query_user_context(char ** list,
				      char ** newcon);

/* Allow the user to manually enter a context as a fallback
   if a list of authorized contexts could not be obtained. 
   Caller must free via freecon.
   Returns 0 on success or -1 otherwise. */
	extern int manual_user_enter_context(const char *user,
					     char ** newcon);

#ifdef __cplusplus
}
#endif
#endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation