Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: attributes on the other end of a network connection
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Thu, 05 May 2005 07:28:12 -0400
Yes. There are two interfaces for doing this: 1) avc_has_perm(3). This performs permission checks based on SIDs (obtained via avc_context_to_sid(3)) and caches the results for subsequent permission checks. You need to invoke avc_init(3) to perform initial setup. These functions are part of the interface to the userspace AVC (access vector cache), which is the userspace equivalent to the kernel AVC used by the SELinux module for its permission checking. The userspace AVC is discussed in the selinux-doc/uavc report. See dbus for an example of using this interface. 2) security_compute_av(3). This is the lower level interface for computing an access vector (set of permissions) based on contexts, without any caching of decisions. It requires no setup to use, and may be simpler if you don't need caching of the decisions for performance. Internally, avc_has_perm(3) ends up calling this interface if the decision is not already in the cache. Example callers include: - libselinux/src/checkAccess.c - libselinux/utils/compute_av.c - SELinux patch for cron -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 5 May 2005 - 07:38:48 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |