1 #ifndef _SELINUX_GET_SID_LIST_H_
2 #define _SELINUX_GET_SID_LIST_H_
3 
4 #include <selinux/selinux.h>
5 
6 #ifdef __cplusplus
7 extern "C" {
8 #endif
9 
10 #define SELINUX_DEFAULTUSER "user_u"
11 
12 /* Get an ordered list of authorized security contexts for a user session
13    for 'user' spawned by 'fromcon' and set *conary to refer to the
14    NULL-terminated array of contexts.  Every entry in the list will
15    be authorized by the policy, but the ordering is subject to user
16    customizable preferences.  Returns number of entries in *conary.
17    If 'fromcon' is NULL, defaults to current context.
18    Caller must free via freeconary. */
19 	extern int get_ordered_context_list(const char *user,
20 					    char * fromcon,
21 					    char *** list);
22 
23 /* As above, but use the provided MLS level rather than the
24    default level for the user. */
25 	int get_ordered_context_list_with_level(const char *user,
26 						const char *level,
27 						char * fromcon,
28 						char *** list);
29 
30 /* Get the default security context for a user session for 'user'
31    spawned by 'fromcon' and set *newcon to refer to it.  The context
32    will be one of those authorized by the policy, but the selection
33    of a default is subject to user customizable preferences.
34    If 'fromcon' is NULL, defaults to current context.
35    Returns 0 on success or -1 otherwise.
36    Caller must free via freecon. */
37 	extern int get_default_context(const char *user,
38 				       char * fromcon,
39 				       char ** newcon);
40 
41 /* As above, but use the provided MLS level rather than the
42    default level for the user. */
43 	int get_default_context_with_level(const char *user,
44 					   const char *level,
45 					   char * fromcon,
46 					   char ** newcon);
47 
48 /* Same as get_default_context, but only return a context
49    that has the specified role.  If no reachable context exists
50    for the user with that role, then return -1. */
51 	int get_default_context_with_role(const char *user,
52 					  const char *role,
53 					  char * fromcon,
54 					  char ** newcon);
55 
56 /* Same as get_default_context, but only return a context
57    that has the specified role and level.  If no reachable context exists
58    for the user with that role, then return -1. */
59 	int get_default_context_with_rolelevel(const char *user,
60 					       const char *level,
61 					       const char *role,
62 					       char * fromcon,
63 					       char ** newcon);
64 
65 /* Given a list of authorized security contexts for the user,
66    query the user to select one and set *newcon to refer to it.
67    Caller must free via freecon.
68    Returns 0 on sucess or -1 otherwise. */
69 	extern int query_user_context(char ** list,
70 				      char ** newcon);
71 
72 /* Allow the user to manually enter a context as a fallback
73    if a list of authorized contexts could not be obtained.
74    Caller must free via freecon.
75    Returns 0 on success or -1 otherwise. */
76 	extern int manual_user_enter_context(const char *user,
77 					     char ** newcon);
78 
79 #ifdef __cplusplus
80 }
81 #endif
82 #endif
83