1 #ifndef _SELINUX_GET_SID_LIST_H_ 2 #define _SELINUX_GET_SID_LIST_H_ 3 4 #include <selinux/selinux.h> 5 6 #ifdef __cplusplus 7 extern "C" { 8 #endif 9 10 #define SELINUX_DEFAULTUSER "user_u" 11 12 /* Get an ordered list of authorized security contexts for a user session 13 for 'user' spawned by 'fromcon' and set *conary to refer to the 14 NULL-terminated array of contexts. Every entry in the list will 15 be authorized by the policy, but the ordering is subject to user 16 customizable preferences. Returns number of entries in *conary. 17 If 'fromcon' is NULL, defaults to current context. 18 Caller must free via freeconary. */ 19 extern int get_ordered_context_list(const char *user, 20 char * fromcon, 21 char *** list); 22 23 /* As above, but use the provided MLS level rather than the 24 default level for the user. */ 25 extern int get_ordered_context_list_with_level(const char *user, 26 const char *level, 27 char * fromcon, 28 char *** list); 29 30 /* Get the default security context for a user session for 'user' 31 spawned by 'fromcon' and set *newcon to refer to it. The context 32 will be one of those authorized by the policy, but the selection 33 of a default is subject to user customizable preferences. 34 If 'fromcon' is NULL, defaults to current context. 35 Returns 0 on success or -1 otherwise. 36 Caller must free via freecon. */ 37 extern int get_default_context(const char *user, 38 char * fromcon, 39 char ** newcon); 40 41 /* As above, but use the provided MLS level rather than the 42 default level for the user. */ 43 extern int get_default_context_with_level(const char *user, 44 const char *level, 45 char * fromcon, 46 char ** newcon); 47 48 /* Same as get_default_context, but only return a context 49 that has the specified role. If no reachable context exists 50 for the user with that role, then return -1. */ 51 extern int get_default_context_with_role(const char *user, 52 const char *role, 53 char * fromcon, 54 char ** newcon); 55 56 /* Same as get_default_context, but only return a context 57 that has the specified role and level. If no reachable context exists 58 for the user with that role, then return -1. */ 59 extern int get_default_context_with_rolelevel(const char *user, 60 const char *role, 61 const char *level, 62 char * fromcon, 63 char ** newcon); 64 65 /* Given a list of authorized security contexts for the user, 66 query the user to select one and set *newcon to refer to it. 67 Caller must free via freecon. 68 Returns 0 on success or -1 otherwise. */ 69 extern int query_user_context(char ** list, 70 char ** newcon); 71 72 /* Allow the user to manually enter a context as a fallback 73 if a list of authorized contexts could not be obtained. 74 Caller must free via freecon. 75 Returns 0 on success or -1 otherwise. */ 76 extern int manual_user_enter_context(const char *user, 77 char ** newcon); 78 79 #ifdef __cplusplus 80 } 81 #endif 82 #endif 83