avc_context_to_sid(3) SE Linux API documentation avc_context_to_sid(3)
NAME
avc_context_to_sid, avc_sid_to_context, sidput, sidget - obtain and manipulate security
ID's.
SYNOPSIS
#include
#include
int avc_context_to_sid(security_context_t ctx, security_id_t *sid);
int avc_sid_to_context(security_id_t sid, security_context_t *ctx);
int sidget(security_id_t sid);
int sidput(security_id_t sid);
DESCRIPTION
Security ID's (SID's) are reference-counted, opaque representations of security contexts.
avc_context_to_sid returns a SID for the given context in the memory referenced by sid,
incrementing its reference count by 1.
avc_sid_to_context returns a copy of the context represented by sid in the memory refer-
enced by ctx. The user must free the copy with freecon(3).
sidget increments the reference count of sid by 1.
sidput decrements the reference count of sid by 1. If the count ever reaches zero, the
SID becomes invalid and must not be used any further.
RETURN VALUE
sidget and sidput return the new reference count. A return value of zero indicates an
invalid SID.
avc_context_to_sid and avc_sid_to_context return zero on success. On error, -1 is
returned and errno is set appropriately.
ERRORS
EINVAL The provided sid has a zero reference count and is invalid.
ENOMEM An attempt to allocate memory failed.
NOTES
The expected usage pattern for these functions is that avc_context_to_sid will be called
once to obtain a SID for a newly created object, sidget will be called on a SID when its
object is duplicated, and sidput will be called on a SID when its object is destroyed.
Proper reference counting is necessary to ensure that SID's and associated cache entries
are reclaimed from memory when no longer needed.
AUTHOR
Eamon Walsh <>
SEE ALSO
avc_init(3), avc_has_perm(3), avc_cache_stats(3), avc_add_callback(3), getcon(3),
freecon(3)
27 May 2004 avc_context_to_sid(3)
|