Hey Emacs! This file is -*- nroff -*- source.

Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
avc_compute_create, avc_compute_member - obtain SELinux label for new object . #include <selinux/selinux.h>

#include <selinux/avc.h> "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid , "security_class_t " tclass ", security_id_t *" newsid ");" "int avc_compute_member(security_id_t " ssid ", security_id_t " tsid , "security_class_t " tclass ", security_id_t *" newsid ");" .

avc_compute_create () is used to compute a SID to use for labeling a new object in a particular class based on a SID pair. This call is identical to security_compute_create (), but does not require converting from userspace SID's to contexts and back again. avc_compute_member () is used to compute a SID to use for labeling a polyinstantiated object instance of a particular class based on a SID pair. This call is identical to security_compute_member (), but does not require converting from userspace SID's to contexts and back again. These functions return a SID for the computed context in the memory referenced by sid . . On success, zero is returned. On error, -1 is returned and errno is set appropriately. .

EINVAL The tclass and/or the security contexts referenced by ssid and tsid are not recognized by the currently loaded policy.

ENOMEM An attempt to allocate memory failed. .

Eamon Walsh <ewalsh@tycho.nsa.gov> . avc_init (3), avc_context_to_sid (3), security_compute_create (3), selinux (8)