avc_context_to_sid - Man Page
obtain and manipulate SELinux security ID's
Synopsis
#include <selinux/selinux.h>
#include <selinux/avc.h>
int avc_context_to_sid(const char *ctx, security_id_t *sid);
int avc_sid_to_context(security_id_t sid, char **ctx);
int avc_get_initial_sid(const char *name, security_id_t *sid);
Description
Security ID's (SID's) are opaque representations of security contexts, managed by the userspace AVC.
avc_context_to_sid() returns a SID for the given context in the memory referenced by sid.
avc_sid_to_context() returns a copy of the context represented by sid in the memory referenced by ctx. The user must free the copy with freecon(3).
avc_get_initial_sid() returns a SID for the kernel initial security identifier specified by name.
Return Value
avc_context_to_sid() and avc_sid_to_context() return zero on success. On error, -1 is returned and errno is set appropriately.
Errors
- ENOMEM
An attempt to allocate memory failed.
Notes
As of libselinux version 2.0.86, SID's are no longer reference counted. A SID will be valid from the time it is first obtained until the next call to avc_destroy(3). The sidget(3) and sidput(3) functions, formerly used to adjust the reference count, are no-ops and are deprecated.
Author
Eamon Walsh <ewalsh@tycho.nsa.gov>
See Also
avc_init(3), avc_has_perm(3), avc_cache_stats(3), avc_add_callback(3), getcon(3), freecon(3), selinux(8)
Referenced By
avc_add_callback(3), avc_cache_stats(3), avc_compute_create(3), avc_has_perm(3), avc_open(3).
The man pages avc_get_initial_context(3), avc_get_initial_sid(3), avc_sid_to_context(3), sidget(3) and sidput(3) are aliases of avc_context_to_sid(3).