| #ifndef _SELINUX_GET_SID_LIST_H_ |
| #define _SELINUX_GET_SID_LIST_H_ |
| |
| #include <selinux/selinux.h> |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| #define SELINUX_DEFAULTUSER "user_u" |
| |
| /* Get an ordered list of authorized security contexts for a user session |
| for 'user' spawned by 'fromcon' and set *conary to refer to the |
| NULL-terminated array of contexts. Every entry in the list will |
| be authorized by the policy, but the ordering is subject to user |
| customizable preferences. Returns number of entries in *conary. |
| If 'fromcon' is NULL, defaults to current context. |
| Caller must free via freeconary. */ |
| extern int get_ordered_context_list(const char *user, |
| char * fromcon, |
| char *** list); |
| |
| /* As above, but use the provided MLS level rather than the |
| default level for the user. */ |
| int get_ordered_context_list_with_level(const char *user, |
| const char *level, |
| char * fromcon, |
| char *** list); |
| |
| /* Get the default security context for a user session for 'user' |
| spawned by 'fromcon' and set *newcon to refer to it. The context |
| will be one of those authorized by the policy, but the selection |
| of a default is subject to user customizable preferences. |
| If 'fromcon' is NULL, defaults to current context. |
| Returns 0 on success or -1 otherwise. |
| Caller must free via freecon. */ |
| extern int get_default_context(const char *user, |
| char * fromcon, |
| char ** newcon); |
| |
| /* As above, but use the provided MLS level rather than the |
| default level for the user. */ |
| int get_default_context_with_level(const char *user, |
| const char *level, |
| char * fromcon, |
| char ** newcon); |
| |
| /* Same as get_default_context, but only return a context |
| that has the specified role. If no reachable context exists |
| for the user with that role, then return -1. */ |
| int get_default_context_with_role(const char *user, |
| const char *role, |
| char * fromcon, |
| char ** newcon); |
| |
| /* Same as get_default_context, but only return a context |
| that has the specified role and level. If no reachable context exists |
| for the user with that role, then return -1. */ |
| int get_default_context_with_rolelevel(const char *user, |
| const char *level, |
| const char *role, |
| char * fromcon, |
| char ** newcon); |
| |
| /* Given a list of authorized security contexts for the user, |
| query the user to select one and set *newcon to refer to it. |
| Caller must free via freecon. |
| Returns 0 on sucess or -1 otherwise. */ |
| extern int query_user_context(char ** list, |
| char ** newcon); |
| |
| /* Allow the user to manually enter a context as a fallback |
| if a list of authorized contexts could not be obtained. |
| Caller must free via freecon. |
| Returns 0 on success or -1 otherwise. */ |
| extern int manual_user_enter_context(const char *user, |
| char ** newcon); |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| #endif |