query_user_context(3) -- Linux man page

 

NAME

get_ordered_context_list, get_default_context, get_default_context_with_role, query_user_context, manual_user_enter_context, get_default_role - determine context(s) for user login sessions

 

SYNOPSIS

#include <selinux/selinux.h>
#include <selinux/get_context_list.h>

int get_ordered_context_list(const char *user, security_context_t fromcon, security_context_t **list);

int get_default_context(const char *user, security_context_t fromcon, security_context_t *newcon);

int get_default_context_with_role(const char* user, const char *role, security_context_t fromcon, security_context_t *newcon);

int query_user_context(security_context_t *list, security_context_t *newcon);

int manual_user_enter_context(const char *user, security_context_t *newcon);

int get_default_type(const char *role, char **type);

 

DESCRIPTION

get_ordered_context_list queries the SE Linux policy database in the kernel and some configuration files to determine an ordered list of contexts that may be used for login sessions. The list must be freed with freeconary. The possible roles and domains will be read from /etc/security/default_contexts and .default_contexts in the home directory of the user in question.

get_default_context is the same as get_ordered_context_list but only returns a single context which has to be freed with freecon.

get_default_context_with_role Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.

NOTE get_default_context_with_role is the same as get_default_context except that it only returns a context with the specified role, returning -1 if no such context is reachable for that user.

query_user_context takes a list of contexts, queries the user via stdin/stdout as to which context they want, and returns a new context as selected by the user (which has to be freed with freecon).

manual_user_enter_context allows the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon.

get_default_type Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.

get_default_context_with_role Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.

 

RETURN VALUE

0 for success and on error -1 is returned.

 

SEE ALSO

freeconary(3), freecon(3), security_compute_av(3)