Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   17783 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

selinux_set_mapping(3)	   SELinux API documentation	selinux_set_mapping(3)

NAME
       selinux_set_mapping  -  establish  dynamic  object class and permission
       mapping

SYNOPSIS
       #include <selinux/selinux.h>

       struct security_class_mapping {
	    const char *name;
	    const char *perms[];
       };

       int selinux_set_mapping(struct security_class_mapping *map);

DESCRIPTION
       selinux_set_mapping() establishes a mapping from a user-provided order‐
       ing  of	object classes and permissions to the numbers actually used by
       the loaded system policy.  Use of this  function	 is  highly  preferred
       over  the  generated  constants in the libselinux header files, as this
       method allows the policy's class and permission values to  change  over
       time.

       After the mapping is established, all libselinux functions that operate
       on class and permission values take the	user-provided  numbers,	 which
       are determined as follows:

       The  map argument consists of an array of security_class_mapping struc‐
       tures, which must be terminated by  a  structure	 having	 a  NULL  name
       field.	Except for this last structure, the name field should refer to
       the string name of an object class, and the corresponding  perms	 field
       should  refer  to an array of permission bit names terminated by a NULL
       string.

       The object classes named in the mapping and the bit indexes of each set
       of  permission bits named in the mapping are numbered in order starting
       from 1.	These numbers are the values that should be passed  to	subse‐
       quent libselinux calls.

RETURN VALUE
       Zero is returned on success.  On error, -1 is returned and errno is set
       appropriately.

ERRORS
       EINVAL One of the class or permission names requested in the mapping is
	      not present in the loaded policy.

       ENOMEM An attempt to allocate memory failed.

EXAMPLE
	      struct security_class_mapping map[] = {
		  { "file", { "create", "unlink", "read", "write", NULL } },
		  { "socket", { "bind", NULL } },
		  { "process", { "signal", NULL } },
		  { NULL }
	      };

	      if (selinux_set_mapping(map) < 0)
		  exit(1);

       In  this	 example,  after the call has succeeded, classes file, socket,
       and process will be identified by 1, 2 and  3,  respectively.   Permis‐
       sions  create,  unlink,	read,  and  write (for the file class) will be
       identified by 1, 2, 4, and 8 respectively.  Classes and permissions not
       listed in the mapping cannot be used.

AUTHOR
       Eamon Walsh <ewalsh@tycho.nsa.gov>

SEE ALSO
       avc_open(8), selinux(8)

				  12 Jun 2008		selinux_set_mapping(3)

Vote for polarhome