Section 3: library functions
security_disable – disable the SELinux kernel code at runtime Synopsis #include <selinux/selinux.h> int security_disable(void); Description security_disable() disables the SELinux kernel code, unregisters selinuxfs from /proc/filesystems, and then unmounts /sys/fs/selinux. This function can only be called at runtime and prior to the initial policy load. After the initial policy load, the SELinux kernel code cannot be…
security_getenforce, security_setenforce, security_deny_unknown, security_reject_unknown, security_get_checkreqprot – get or set the enforcing state of SELinux Synopsis #include <selinux/selinux.h> int security_getenforce(void); int security_setenforce(int value); int security_deny_unknown(void); int security_reject_unknown(void); int security_get_checkreqprot(void); Description security_getenforce() returns 0 if SELinux is running in permissive mode, 1 if it is running in enforcing mode, and -1 on error. security_setenforce() sets SELinux to…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_compute_av, security_compute_av_flags, security_compute_create, security_compute_create_name, security_compute_relabel, security_compute_member, security_compute_user, security_validatetrans, security_get_initial_context – query the SELinux policy database in the kernel Synopsis #include <selinux/selinux.h> int security_compute_av(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_raw(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct av_decision *avd); int security_compute_av_flags(char *scon, char *tcon, security_class_t tclass, access_vector_t requested, struct…
security_set_boolean, security_commit_booleans, security_get_boolean_names, security_get_boolean_active, security_get_boolean_pending – routines for manipulating SELinux boolean values Synopsis #include <selinux/selinux.h> int security_get_boolean_names(char ***names, int *len); int security_get_boolean_pending(const char *name); int security_get_boolean_active(const char *name); int security_set_boolean(const char *name, int value); int security_set_boolean_list(size_t boolcnt, SELboolean *boollist, int permanent); int security_commit_booleans(void); Description The SELinux policy can include conditional rules that are enabled or…
security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string, mode_to_security_class – convert between SELinux class and permission values and string names. print_access_vector – display an access vector in human-readable form. Synopsis #include <selinux/selinux.h> const char *security_class_to_string(security_class_t tclass); const char *security_av_perm_to_string(security_class_t tclass, access_vector_t av); int security_av_string(security_class_t tclass, access_vector_t av, char **result); security_class_t string_to_security_class(const char *name); security_class_t mode_to_security_class(mode_t mode); access_vector_t string_to_av_perm(security_class_t…
security_check_context – check the validity of a SELinux context Synopsis #include <selinux/selinux.h> int security_check_context(char *con); int security_check_context_raw(char *con); Description security_check_context() returns 0 if SELinux is running and the context is valid, otherwise it returns -1. security_check_context_raw() behaves identically to security_check_context() but does not perform context translation. See Also selinux(8)
security_check_context – check the validity of a SELinux context Synopsis #include <selinux/selinux.h> int security_check_context(char *con); int security_check_context_raw(char *con); Description security_check_context() returns 0 if SELinux is running and the context is valid, otherwise it returns -1. security_check_context_raw() behaves identically to security_check_context() but does not perform context translation. See Also selinux(8)