Package libselinux-devel

Header files and libraries used to build SELinux

https://github.com/SELinuxProject/selinux/wiki

The libselinux-devel package contains the libraries and header files
needed for developing SELinux applications.

Library Functions (Section 3)
avc_add_callback
avc_add_callback() is used to register callback functions on security events. The purpose of this functionality is to allow userspace object managers to take...
avc_cache_stats
The userspace AVC maintains two internal hash tables, one to store security ID's and one to cache access decisions. avc_av_stats() and avc_sid_stats() produce...
avc_compute_create
avc_compute_create() is used to compute a SID to use for labeling a new object in a particular class based on a SID pair. This call is identical to...
avc_context_to_sid
Security ID's (SID's) are opaque representations of security contexts, managed by the userspace AVC. avc_context_to_sid() returns a SID for the given context in...
avc_has_perm
avc_entry_ref_init() initializes an avc_entry_ref structure; see Entry References below. This function may be implemented as a macro. avc_has_perm() checks...
avc_init
avc_init() is deprecated; please use avc_open(3) in conjunction with selinux_set_callback(3) in all new code. avc_init() initializes the userspace AVC and must...
avc_netlink_loop
These functions enable applications to handle notification of SELinux events via netlink. The userspace AVC normally checks for netlink messages on each call to...
avc_open
avc_open() initializes the userspace AVC and must be called before any other AVC operation can be performed. avc_destroy() destroys the userspace AVC, freeing...
context_new
These functions allow an application to manipulate the fields of a security context string without requiring it to know the format of the string. context_new()...
getcon
getcon() retrieves the context of the current process, which must be free'd with freecon. getprevcon() same as getcon but gets the context before the last exec...
getexeccon
getexeccon() retrieves the context used for executing a new process. This returned context should be freed with freecon(3) if non-NULL. getexeccon() sets...
getfilecon
getfilecon() retrieves the context associated with the given path in the file system, the length of the context is returned. lgetfilecon() is identical to...
getfscreatecon
getfscreatecon() retrieves the context used for creating a new file system object. This returned context should be freed with freecon(3) if non-NULL...
getkeycreatecon
getkeycreatecon() retrieves the context used for creating a new kernel keyring. This returned context should be freed with freecon(3) if non-NULL...
get_ordered_context_list
get_ordered_context_list() invokes the security_compute_user(3) function to obtain the list of contexts for the specified user that are reachable from the...
getseuserbyname
getseuserbyname() retrieves the SELinux username and security level associated with a given Linux username. The SELinux username and security level can then be...
getsockcreatecon
getsockcreatecon() retrieves the context used for creating a new labeled network socket. This returned context should be freed with freecon(3) if non-NULL...
init_selinuxmnt
init_selinuxmnt() initializes the global variable selinux_mnt to the selinuxfs mountpoint. fini_selinuxmnt() deinitializes the global variable selinux_mnt that...
is_context_customizable
This function checks whether the type of scon is in the /etc/selinux/{SELINUXTYPE}/context/customizable_types file. A customizable type is a file context type...
is_selinux_enabled
is_selinux_enabled() returns 1 if SELinux is running or 0 if it is not. On error, -1 is returned. is_selinux_mls_enabled() returns 1 if SELinux is capable of...
matchmediacon
matchmediacon() matches the specified media type with the media contexts configuration and sets the security context con to refer to the resulting context...
matchpathcon
This family of functions is deprecated. For new code, please use selabel_open(3) with the SELABEL_CTX_FILE backend in place of matchpathcon_init(), use...
matchpathcon_checkmatches
matchpathcon_checkmatches() checks whether any specification has no matches and reports them. The str argument is used as a prefix for any warning messages...
security_check_context
security_check_context() returns 0 if SELinux is running and the context is valid, otherwise it returns -1. security_check_context_raw() behaves identically to...
security_class_to_string
security_class_to_string() returns a string name for class tclass, or NULL if the class is invalid. The returned string must not be modified or freed...
security_compute_av
security_compute_av() queries whether the policy permits the source context scon to access the target context tcon via class tclass with the requested access...
security_disable
security_disable() disables the SELinux kernel code, unregisters selinuxfs from /proc/filesystems, and then unmounts /sys/fs/selinux. This function can only be...
security_getenforce
security_getenforce() returns 0 if SELinux is running in permissive mode, 1 if it is running in enforcing mode, and -1 on error. security_setenforce() sets...
security_load_booleans
The SELinux policy can include conditional rules that are enabled or disabled based on the current values of a set of policy booleans. These policy booleans...
security_load_policy
security_load_policy() loads a new policy, returns 0 for success and -1 for error. selinux_mkload_policy() makes a policy image and loads it. This function...
security_policyvers
security_policyvers() returns the version of the policy (a positive integer) on success, or -1 on error.
selabel_digest
selabel_digest() performs an operation on the handle hnd, returning the results of the SHA1 digest pointed to by digest, whose length will be digest_len. The...
selabel_lookup
selabel_lookup() performs a lookup operation on the handle hnd, returning the result in the memory pointed to by context, which must be freed by the caller...
selabel_lookup_best_match
selabel_lookup_best_match() performs a best match lookup operation on the handle hnd, returning the result in the memory pointed to by context, which must be...
selabel_open
selabel_open() is used to initialize a labeling handle to be used for lookup operations. The backend argument specifies which backend is to be opened; the list...
selabel_partial_match
selabel_partial_match() performs a partial match operation on the handle hnd, returning TRUE or FALSE. The key parameter is a file path to check for a direct or...
selabel_stats
selabel_stats() causes zero or more messages to be printed containing backend-specific information about number of queries performed, number of unused entries...
selinux_binary_policy_path
These functions return the paths to the active policy configuration directories and files based on the settings in /etc/selinux/config. selinux_path() returns...
selinux_boolean_sub
selinux_boolean_sub() searches the /etc/selinux/{POLICYTYPE}/booleans.subs_dist file for a maching boolean_name record. If the record exists the boolean...
selinux_check_securetty_context
selinux_check_securetty_context() returns 0 if tty_context is a securetty context, returns < 0 otherwise.
selinux_colors_path
selinux_colors_path() returns the path to the active policy color configuration file. The path is built from the path returned by selinux_policy_root(3) with...
selinux_file_context_cmp
selinux_file_context_cmp() compares two context strings excluding the user component with strcmp(3) as shown in the Example section. This is useful as for most...
selinux_file_context_verify
selinux_file_context_verify() compares the context of the specified path that is held on disk (in the extended attribute), to the system default entry held in...
selinux_getenforcemode
selinux_getenforcemode() Reads the contents of the /etc/selinux/config file to determine how the system was setup to run SELinux. Sets the value of enforce to 1...
selinux_getpolicytype
selinux_getpolicytype() Reads the contents of the /etc/selinux/config file to determine the SELinux policy used on the system, and sets policytype accordingly...
selinux_lsetfilecon_default
selinux_lsetfilecon_default() sets the file context to the system defaults.
selinux_policy_root
selinux_policy_root() reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine...
selinux_raw_context_to_color
selinux_raw_context_to_color() returns a color_str associated to the raw context raw provided that the mcstransd(8) daemon is running, the policy is an MLS type...
selinux_restorecon
restore file(s) default SELinux security contexts
selinux_restorecon_default_handle
selinux_restorecon_default_handle() sets default parameters for selinux_restorecon(3) by calling selabel_open(3) with the SELABEL_OPT_DIGEST option only. This...
selinux_restorecon_set_exclude_list
selinux_restorecon_set_exclude_list() passes to selinux_restorecon(3) a pointer containing a NULL terminated list of one or more directories or files that are...
selinux_restorecon_set_sehandle
selinux_restorecon_set_sehandle() sets the handle to be use by selinux_restorecon(3) when relabeling files. selinux_restorecon_set_sehandle() is generally used...
selinux_set_callback
selinux_set_callback() sets the callback indicated by type to the value of callback, which should be passed as a function pointer cast to type union...
selinux_set_mapping
selinux_set_mapping() establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system...
selinux_status_open
Linux 2.6.37 or later provides a SELinux kernel status page; being mostly placed on /sys/fs/selinux/status entry. It enables userspace applications to mmap this...
setfilecon
setfilecon() sets the security context of the file system object. lsetfilecon() is identical to setfilecon, except in the case of a symbolic link, where the...
set_matchpathcon_flags
set_matchpathcon_flags() sets the flags controlling the operation of matchpathcon_init(3) and subsequently matchpathcon_index(3) or matchpathcon(3). If the...