Home | History | Annotate | Download | only in selinux 
      1 #ifndef _SELINUX_GET_SID_LIST_H_
      2 #define _SELINUX_GET_SID_LIST_H_
      3 
      4 #include <selinux/selinux.h>
      5 
      6 #ifdef __cplusplus
      7 extern "C" {
      8 #endif
      9 
     10 #define SELINUX_DEFAULTUSER "user_u"
     11 
     12 /* Get an ordered list of authorized security contexts for a user session
     13    for 'user' spawned by 'fromcon' and set *conary to refer to the
     14    NULL-terminated array of contexts.  Every entry in the list will
     15    be authorized by the policy, but the ordering is subject to user
     16    customizable preferences.  Returns number of entries in *conary.
     17    If 'fromcon' is NULL, defaults to current context.
     18    Caller must free via freeconary. */
     19 	extern int get_ordered_context_list(const char *user,
     20 					    char * fromcon,
     21 					    char *** list);
     22 
     23 /* As above, but use the provided MLS level rather than the
     24    default level for the user. */
     25 	int get_ordered_context_list_with_level(const char *user,
     26 						const char *level,
     27 						char * fromcon,
     28 						char *** list);
     29 
     30 /* Get the default security context for a user session for 'user'
     31    spawned by 'fromcon' and set *newcon to refer to it.  The context
     32    will be one of those authorized by the policy, but the selection
     33    of a default is subject to user customizable preferences.
     34    If 'fromcon' is NULL, defaults to current context.
     35    Returns 0 on success or -1 otherwise.
     36    Caller must free via freecon. */
     37 	extern int get_default_context(const char *user,
     38 				       char * fromcon,
     39 				       char ** newcon);
     40 
     41 /* As above, but use the provided MLS level rather than the
     42    default level for the user. */
     43 	int get_default_context_with_level(const char *user,
     44 					   const char *level,
     45 					   char * fromcon,
     46 					   char ** newcon);
     47 
     48 /* Same as get_default_context, but only return a context
     49    that has the specified role.  If no reachable context exists
     50    for the user with that role, then return -1. */
     51 	int get_default_context_with_role(const char *user,
     52 					  const char *role,
     53 					  char * fromcon,
     54 					  char ** newcon);
     55 
     56 /* Same as get_default_context, but only return a context
     57    that has the specified role and level.  If no reachable context exists
     58    for the user with that role, then return -1. */
     59 	int get_default_context_with_rolelevel(const char *user,
     60 					       const char *role,
     61 					       const char *level,
     62 					       char * fromcon,
     63 					       char ** newcon);
     64 
     65 /* Given a list of authorized security contexts for the user,
     66    query the user to select one and set *newcon to refer to it.
     67    Caller must free via freecon.
     68    Returns 0 on sucess or -1 otherwise. */
     69 	extern int query_user_context(char ** list,
     70 				      char ** newcon);
     71 
     72 /* Allow the user to manually enter a context as a fallback
     73    if a list of authorized contexts could not be obtained.
     74    Caller must free via freecon.
     75    Returns 0 on success or -1 otherwise. */
     76 	extern int manual_user_enter_context(const char *user,
     77 					     char ** newcon);
     78 
     79 #ifdef __cplusplus
     80 }
     81 #endif
     82 #endif
     83