but may you explain your tricky solution a bit more.
Regards.
On Wed, Nov 11, 2009 at 8:34 PM, Chad Sellers <csellers@xxxxxxxxxx> wrote:
You generally figure out that third parameter by usingOn 11/11/09 7:15 AM, "michel m" <michel.mcgregor@xxxxxxxxx> wrote:
> Hi,
> as an userspace object manager which uses libselinux, I am trying to use
> avc_has_perm(3) for determining access decisions. when I open a file, I can
> get its security context and change it to SID by using fgetfilecon(3) and
> avc_context_to_sid(3), respectively. but when I want to have access decision
> by calling avc_has_perm(3), I am not sure what to pass as the third
> argument,that is security_class_t. I would like to know if there is any API by
> which I can determine an already opened file`s class. may some one direct me
> to a sample code please
>
string_to_security_class() (found in libselinux, discussed in the
selinux_check_passwd_access thread a few days ago). That will convert a
string class name to a security_class_t. As far as an API to determine the
class of an already opened file, fstat() combined with S_ISREG/S_ISDIR/etc.
should do the trick. A bit more work than you might like, but that's how I'd
do it.
Thanks,
Chad
