Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / selinux / 4f289b50ac1aa32e228e06ee0d29e2e472c8a661 / . / libselinux / man / man3 / getexeccon.3
blob: 54fb873a8a91361ad41f4383ff20a90cdf1dc5c5 [file] [log] [blame]
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]1.TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
2.SH "NAME"
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]3getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]4
5rpm_execcon \- run a helper for rpm in an appropriate security context
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]6.
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]7.SH "SYNOPSIS"
8.B #include <selinux/selinux.h>
9.sp
10.BI "int getexeccon(security_context_t *" context );
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]11.sp
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]12.BI "int setexeccon(security_context_t "context );
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]13.sp
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]14.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]15.
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]16.SH "DESCRIPTION"
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]17.BR getexeccon ()
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]18retrieves the context used for executing a new process.
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]19This returned context should be freed with
20.BR freecon (3)
21if non-NULL.
22.BR getexeccon ()
23sets
24.BI * context
25to NULL if no exec context has been explicitly
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]26set by the program (i.e. using the default policy behavior).
27
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]28.BR setexeccon ()
29sets the context used for the next
30.BR execve (2)
31call.
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]32NULL can be passed to
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]33.BR setexeccon ()
34to reset to the default policy behavior.
35The exec context is automatically reset after the next
36.BR execve (2),
37so a program doesn't need to explicitly sanitize it upon startup.
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]38
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]39.BR setexeccon ()
40can be applied prior to library
41functions that internally perform an
42.BR execve (2),
43e.g.
44.BR execl *(3),
45.BR execv *(3),
46.BR popen (3),
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]47in order to set an exec context for that operation.
48
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]49.B Note:
50Signal handlers that perform an
51.BR execve (2)
52must take care to
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]53save, reset, and restore the exec context to avoid unexpected behavior.
54
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]55.BR rpm_execcon ()
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]56runs a helper for rpm in an appropriate security context. The
57verified parameter should contain the return code from the signature
58verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
59nottrusted, 4 == nokey), although this information is not yet used by
60the function. The function determines the proper security context for
61the helper based on policy, sets the exec context accordingly, and
62then executes the specified filename with the provided argument and
63environment arrays.
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]64.
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]65.SH "RETURN VALUE"
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]66On error \-1 is returned.
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]67
Guillem Jover6ef13ee2012-11-13 21:15:34 +0100[diff] [blame]68On success
69.BR getexeccon ()
70and
71.BR setexeccon ()
72returns 0.
73.BR rpm_execcon ()
74only returns upon errors, as it calls
75.BR execve (2).
76.
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]77.SH "SEE ALSO"
78.BR selinux "(8), " freecon "(3), " getcon "(3)"