|
|
6142796 |
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/get_context_list.h libselinux-1.27.10/include/selinux/get_context_list.h
|
|
|
6142796 |
--- nsalibselinux/include/selinux/get_context_list.h 2005-09-19 13:36:06.000000000 -0400
|
|
|
6142796 |
+++ libselinux-1.27.10/include/selinux/get_context_list.h 2005-10-17 13:48:00.000000000 -0400
|
|
|
6142796 |
@@ -54,6 +54,15 @@
|
|
|
6142796 |
security_context_t fromcon,
|
|
|
6142796 |
security_context_t *newcon);
|
|
|
4dc4d10 |
|
|
|
6142796 |
+/* Same as get_default_context, but only return a context
|
|
|
6142796 |
+ that has the specified role and level. If no reachable context exists
|
|
|
6142796 |
+ for the user with that role, then return -1. */
|
|
|
6142796 |
+int get_default_context_with_rolelevel(const char* user,
|
|
|
6142796 |
+ const char *level,
|
|
|
6142796 |
+ const char *role,
|
|
|
6142796 |
+ security_context_t fromcon,
|
|
|
6142796 |
+ security_context_t *newcon);
|
|
|
6142796 |
+
|
|
|
6142796 |
/* Given a list of authorized security contexts for the user,
|
|
|
6142796 |
query the user to select one and set *newcon to refer to it.
|
|
|
6142796 |
Caller must free via freecon.
|
|
|
6142796 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_context_with_level.3 libselinux-1.27.10/man/man3/get_default_context_with_level.3
|
|
|
6142796 |
--- nsalibselinux/man/man3/get_default_context_with_level.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
6142796 |
+++ libselinux-1.27.10/man/man3/get_default_context_with_level.3 2005-10-17 13:58:54.000000000 -0400
|
|
|
6142796 |
@@ -0,0 +1 @@
|
|
|
6142796 |
+.so man3/get_ordered_context_list.3
|
|
|
6142796 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_context_with_rolelevel.3 libselinux-1.27.10/man/man3/get_default_context_with_rolelevel.3
|
|
|
6142796 |
--- nsalibselinux/man/man3/get_default_context_with_rolelevel.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
6142796 |
+++ libselinux-1.27.10/man/man3/get_default_context_with_rolelevel.3 2005-10-17 13:58:41.000000000 -0400
|
|
|
6142796 |
@@ -0,0 +1 @@
|
|
|
6142796 |
+.so man3/get_ordered_context_list.3
|
|
|
6142796 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-1.27.10/man/man3/get_ordered_context_list.3
|
|
|
6142796 |
--- nsalibselinux/man/man3/get_ordered_context_list.3 2005-04-29 14:06:50.000000000 -0400
|
|
|
6142796 |
+++ libselinux-1.27.10/man/man3/get_ordered_context_list.3 2005-10-17 13:57:48.000000000 -0400
|
|
|
6142796 |
@@ -1,6 +1,6 @@
|
|
|
6142796 |
.TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux"
|
|
|
6142796 |
.SH "NAME"
|
|
|
6142796 |
-get_ordered_context_list, get_default_context, get_default_context_with_role, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
|
|
|
6142796 |
+get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
|
|
|
017ea0e |
|
|
|
6142796 |
.SH "SYNOPSIS"
|
|
|
6142796 |
.B #include <selinux/selinux.h>
|
|
|
6142796 |
@@ -9,10 +9,16 @@
|
|
|
6142796 |
.sp
|
|
|
6142796 |
.BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
|
|
|
6142796 |
.sp
|
|
|
6142796 |
+.BI "int get_ordered_context_list_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t **" list );
|
|
|
4dc4d10 |
+.sp
|
|
|
6142796 |
.BI "int get_default_context(const char *" user ", security_context_t "fromcon ", security_context_t *" newcon );
|
|
|
6142796 |
.sp
|
|
|
6142796 |
+.BI "int get_default_context_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t *" newcon );
|
|
|
6142796 |
+.sp
|
|
|
6142796 |
.BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
|
|
|
6142796 |
.sp
|
|
|
6142796 |
+.BI "int get_default_context_with_rolelevel(const char* " user ", const char* " level ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
|
|
|
6142796 |
+.sp
|
|
|
6142796 |
.BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );
|
|
|
6142796 |
.sp
|
|
|
6142796 |
.BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );
|
|
|
6142796 |
@@ -27,7 +33,7 @@
|
|
|
6142796 |
.I user
|
|
|
6142796 |
that are reachable from the specified
|
|
|
6142796 |
.I fromcon
|
|
|
6142796 |
-context and then orders the resulting list based on the global
|
|
|
6142796 |
+context. The function then orders the resulting list based on the global
|
|
|
6142796 |
.B /etc/selinux/<SELINUXTYPE>/contexts/default_contexts
|
|
|
6142796 |
file and the per-user
|
|
|
6142796 |
.B /etc/selinux/<SELINUXTYPE>/contexts/users/<username>
|
|
|
6142796 |
@@ -39,13 +45,22 @@
|
|
|
6142796 |
.B freeconary
|
|
|
6142796 |
function.
|
|
|
6142796 |
|
|
|
6142796 |
+.B get_ordered_context_list_with_level
|
|
|
6142796 |
+invokes the get_ordered_context_list function and applies the specified level.
|
|
|
4dc4d10 |
+
|
|
|
6142796 |
.B get_default_context
|
|
|
6142796 |
is the same as get_ordered_context_list but only returns a single context
|
|
|
6142796 |
which has to be freed with freecon.
|
|
|
4dc4d10 |
|
|
|
6142796 |
+.B get_default_context_with_level
|
|
|
6142796 |
+invokes the get_default_context function and applies the specified level.
|
|
|
4dc4d10 |
+
|
|
|
6142796 |
.B get_default_context_with_role
|
|
|
6142796 |
is the same as get_default_context but only returns a context with the specified role, returning -1 if no such context is reachable for the user.
|
|
|
4dc4d10 |
|
|
|
6142796 |
+.B get_default_context_with_rolelevel
|
|
|
6142796 |
+invokes the get_default_context_with_role function and applies the specified level.
|
|
|
6142796 |
+
|
|
|
6142796 |
.B query_user_context
|
|
|
6142796 |
takes a list of contexts, queries the user via stdin/stdout as to which context
|
|
|
6142796 |
they want, and returns a new context as selected by the user (which has to be
|
|
|
6142796 |
@@ -58,9 +73,8 @@
|
|
|
6142796 |
Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.
|
|
|
4dc4d10 |
|
|
|
6142796 |
.SH "RETURN VALUE"
|
|
|
6142796 |
-get_ordered_context_list returns the number of contexts in the list upon
|
|
|
6142796 |
-success or -1 upon errors.
|
|
|
6142796 |
+get_ordered_context_list and get_ordered_context_list_with_level return the number of contexts in the list upon success or -1 upon errors.
|
|
|
6142796 |
The other functions return 0 for success or -1 for errors.
|
|
|
6142796 |
|
|
|
6142796 |
.SH "SEE ALSO"
|
|
|
6142796 |
-.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)"
|
|
|
6142796 |
+.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
|
|
|
6142796 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list_with_level.3 libselinux-1.27.10/man/man3/get_ordered_context_list_with_level.3
|
|
|
6142796 |
--- nsalibselinux/man/man3/get_ordered_context_list_with_level.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
6142796 |
+++ libselinux-1.27.10/man/man3/get_ordered_context_list_with_level.3 2005-10-17 13:59:03.000000000 -0400
|
|
|
6142796 |
@@ -0,0 +1 @@
|
|
|
6142796 |
+.so man3/get_ordered_context_list.3
|
|
|
6142796 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-1.27.10/src/get_context_list.c
|
|
|
6142796 |
--- nsalibselinux/src/get_context_list.c 2005-10-14 14:45:05.000000000 -0400
|
|
|
6142796 |
+++ libselinux-1.27.10/src/get_context_list.c 2005-10-17 13:45:55.000000000 -0400
|
|
|
6142796 |
@@ -48,6 +48,49 @@
|
|
|
6142796 |
return rc;
|
|
|
6142796 |
}
|
|
|
6142796 |
|
|
|
6142796 |
+int get_default_context_with_rolelevel(const char* user,
|
|
|
6142796 |
+ const char *role,
|
|
|
6142796 |
+ const char *level,
|
|
|
6142796 |
+ security_context_t fromcon,
|
|
|
6142796 |
+ security_context_t *newcon)
|
|
|
6142796 |
+{
|
|
|
bebb529 |
+
|
|
|
6142796 |
+ int rc=0;
|
|
|
6142796 |
+ int freefrom = 0;
|
|
|
6142796 |
+ context_t con;
|
|
|
6142796 |
+ char *newfromcon;
|
|
|
6142796 |
+ if (!level)
|
|
|
6142796 |
+ return get_default_context_with_role(user, role, fromcon, newcon);
|
|
|
6142796 |
+
|
|
|
6142796 |
+ if (!fromcon) {
|
|
|
6142796 |
+ rc = getcon(&fromcon);
|
|
|
6142796 |
+ if (rc < 0)
|
|
|
6142796 |
+ return rc;
|
|
|
6142796 |
+ freefrom = 1;
|
|
|
6142796 |
+ }
|
|
|
6142796 |
+
|
|
|
6142796 |
+ rc = -1;
|
|
|
6142796 |
+ con=context_new(fromcon);
|
|
|
6142796 |
+ if (!con)
|
|
|
6142796 |
+ goto out;
|
|
|
6142796 |
+
|
|
|
6142796 |
+ if (context_range_set(con, level))
|
|
|
6142796 |
+ goto out;
|
|
|
6142796 |
+
|
|
|
6142796 |
+ newfromcon = context_str(con);
|
|
|
6142796 |
+ if (!newfromcon)
|
|
|
6142796 |
+ goto out;
|
|
|
6142796 |
+
|
|
|
6142796 |
+ rc = get_default_context_with_role(user, role, newfromcon, newcon);
|
|
|
6142796 |
+
|
|
|
6142796 |
+out:
|
|
|
6142796 |
+ context_free(con);
|
|
|
6142796 |
+ if (freefrom)
|
|
|
6142796 |
+ freecon(fromcon);
|
|
|
6142796 |
+ return rc;
|
|
|
bebb529 |
+
|
|
|
bebb529 |
+}
|
|
|
bebb529 |
+
|
|
|
6142796 |
int get_default_context(const char* user,
|
|
|
6142796 |
security_context_t fromcon,
|
|
|
6142796 |
security_context_t *newcon)
|