Add man pages for selinux_raw_context_to_color(5), selinux_colors_path(3) and secolors.conf(5). Signed-off-by: root Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> --- libselinux/man/man3/selinux_colors_path.3 | 36 ++++ libselinux/man/man3/selinux_raw_context_to_color.3 | 124 +++++++++++++ libselinux/man/man5/secolors.conf.5 | 181 ++++++++++++++++++++ 3 files changed, 341 insertions(+), 0 deletions(-) create mode 100644 libselinux/man/man3/selinux_colors_path.3 create mode 100644 libselinux/man/man3/selinux_raw_context_to_color.3 create mode 100644 libselinux/man/man5/secolors.conf.5 diff --git a/libselinux/man/man3/selinux_colors_path.3 b/libselinux/man/man3/selinux_colors_path.3 new file mode 100644 index 0000000..2a117d1 --- /dev/null +++ b/libselinux/man/man3/selinux_colors_path.3 @@ -0,0 +1,36 @@ +.TH "selinux_colors_path" "3" "08 April 2011" "SELinux API documentation" + +.SH "NAME" +selinux_colors_path \- Return a path to the active SELinux policy color configuration file. +.SH "SYNOPSIS" +.B #include <selinux/selinux.h> +.sp +.B const char *selinux_colors_path(void); + +.SH "DESCRIPTION" +.B selinux_colors_path +returns the path to the active policy color configuration file. +.sp +The path is built from the path returned by +.BR selinux_policy_root "(3)" +with +.B /secolor.conf +appended. +.sp +This optional configuration file whose format is shown in +.BR secolor.conf "(5)," +controls the colors to be associated with the +.I raw +context components of the +.BR selinux_raw_context_to_color "(3)" +function when information is to be displayed by an SELinux color-aware application. + +.SH "RETURN VALUE" +On success, the path to the active policy color configuration file is returned. If a path is not available NULL is returned. + +.SH "ERRORS" +None. + +.SH "SEE ALSO" +.BR selinux "(8), " selinux_policy_root "(3), " selinux_config "(5), " selinux_raw_context_to_color "(3), " secolor.conf "(5)" + diff --git a/libselinux/man/man3/selinux_raw_context_to_color.3 b/libselinux/man/man3/selinux_raw_context_to_color.3 new file mode 100644 index 0000000..af12877 --- /dev/null +++ b/libselinux/man/man3/selinux_raw_context_to_color.3 @@ -0,0 +1,124 @@ +.TH "selinux_raw_context_to_color" "3" "08 April 2011" "SELinux API documentation" + +.SH "NAME" +selinux_raw_context_to_color \- Return RGB color string for an SELinux security context. + +.SH "SYNOPSIS" +.B #include <selinux/selinux.h> +.sp +.BI "int selinux_raw_context_to_color(security_context_t " raw ", " +.RS +.BI "char **" color_str ");" +.RE + +.SH "DESCRIPTION" +.B selinux_raw_context_to_color +returns a +.I color_str +associated to the raw context +.I raw +provided that the +.BR mcstransd "(8)" +daemon is running, the policy is an MLS type policy (MCS or MLS) and there is a color configuration file +.BR secolors.conf "(5)" +(see the +.B FILES +section). +.sp +The +.I color_str +string is a space separated list of eight hexadecimal RGB triples, each prefixed by a hash character (#). These represent the user:role:type:range components of the foreground and background colors. An example string is shown in the +.B EXAMPLE +section. + +The returned +.I color_str +string must be freed with +.BR free "(3)." + +If a color has not been configured for a specific user, role, type and/or range component of context +.IR raw "," +then +.B selinux_raw_context_to_color +will select the color returned in +.I color_str +in order of precedence as follows: +.RS +role, type, range +.br +user, type, range +.br +user, role, range +.br +user, role, type +.br +.RE + +If there are no entries in the +.B secolor.conf +file for any of the components of context +.I raw +(or the file is not present), then the default string returned in +.I color_str +is: +.sp +.RS +----- user ---- ---- role ---- ---- type ---- ---- range ---- +.br +#000000 #ffffff #000000 #ffffff #000000 #ffffff #000000 #ffffff +.sp +.RE + +.SH "RETURN VALUE" +On success, zero is returned. +.br +On failure, \-1 is returned with +.I errno +set appropriately. + +.SH "ERRORS" +.B ENOENT +If the +.BR mcstransd "(8)" +daemon is not running. + +.SH "FILES" +.B selinux_raw_context_to_color +obtains the translated entry from the active policy +.BR secolors.conf "(5)" +file as returned by +.BR selinux_colors_path "(3)." +The file format is described in +.BR secolors.conf "(5)." + +.SH "NOTES" +1. The primary use of +.B selinux_raw_context_to_color +is to return a color that corresponds to a range, that can then be used to highlight information at different MLS levels. +.sp +2. The +.BR mcstransd "(8)" +daemon process security level must dominate the +.I raw +security level passed to it by the +.B selinux_raw_context_to_color +function. If not, the range color selected will be as defined by the order of precedence. + +.SH "EXAMPLE" +.B selinux_raw_context_to_color +returns the foreground and background colors of the context string components (user:role:type:range) as RGB triples as follows: +.sp + + user : role : type : range +.br + fg bg : fg bg : fg bg : fg bg +.br +#000000 #ffffff #ffffff #000000 #d2b48c #ffa500 #000000 #008000 +.br + black white : white black : tan orange : black green +.br + +.SH "SEE ALSO" +.BR selinux "(8), " selinux_colors_path "(3), " mcstransd "(8), " secolor.conf "(5), " selinux_raw_to_trans_context "(3), " selinux_trans_to_raw_context "(3), " free "(3)" + + diff --git a/libselinux/man/man5/secolors.conf.5 b/libselinux/man/man5/secolors.conf.5 new file mode 100644 index 0000000..91cb4cb --- /dev/null +++ b/libselinux/man/man5/secolors.conf.5 @@ -0,0 +1,181 @@ +.TH "secolors.conf" "5" "08 April 2011" "SELinux API documentation" + +.SH "NAME" +secolors.conf \- The SELinux color configuration file. + +.SH "DESCRIPTION" +This optional file controls the color to be associated to the context components associated to the +.I raw +context passed by +.BR selinux_raw_context_to_color "(3)," +when context related information is to be displayed in color by an SELinux-aware application. +.sp +.BR selinux_raw_context_to_color "(3)" +obtains this color information from the active policy +.B secolor.conf +file as returned by +.BR selinux_colors_path "(3)." + +.SH "FILE FORMAT" +The file format is as follows: +.RS +.B color +.I color_name +.BI "= #"color_mask +.br +[...] +.sp +.I context_component string +.B = +.I fg_color_name bg_color_name +.br +[...] +.sp +.RE + +Where: +.br +.B color +.RS +The color keyword. Each color entry is on a new line. +.RE +.I color_name +.RS +A single word name for the color (e.g. red). +.RE +.I color_mask +.RS +A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #ffffff and white being #000000. +.RE +.I context_component +.RS +The context component name that must be one of the following: +.br +.RS +user, role, type or range +.RE +Each +.IR context_component " " string " ..." +entry is on a new line. +.RE +.I string +.RS +This is the +.I context_component +string that will be matched with the +.I raw +context component passed by +.BR selinux_raw_context_to_color "(3)." +.br +A wildcard '*' may be used to match any undefined string for the user, role and type +.I context_component +entries only. +.RE + +.I fg_color_name +.RS +The color_name string that will be used as the foreground color. +A +.I color_mask +may also be used. +.RE +.I bg_color_name +.RS +The color_name string that will be used as the background color. +A +.I color_mask +may also be used. +.RE + +.SH "EXAMPLES" +Example 1 entries are: +.RS +color black = #000000 +.br +color green = #008000 +.br +color yellow = #ffff00 +.br +color blue = #0000ff +.br +color white = #ffffff +.br +color red = #ff0000 +.br +color orange = #ffa500 +.br +color tan = #D2B48C +.sp +user * = black white +.br +role * = white black +.br +type * = tan orange +.br +range s0-s0:c0.c1023 = black green +.br +range s1-s1:c0.c1023 = white green +.br +range s3-s3:c0.c1023 = black tan +.br +range s5-s5:c0.c1023 = white blue +.br +range s7-s7:c0.c1023 = black red +.br +range s9-s9:c0.c1023 = black orange +.br +range s15:c0.c1023 = black yellow +.RE + +.sp +Example 2 entries are: +.RS +color black = #000000 +.br +color green = #008000 +.br +color yellow = #ffff00 +.br +color blue = #0000ff +.br +color white = #ffffff +.br +color red = #ff0000 +.br +color orange = #ffa500 +.br +color tan = #d2b48c +.sp +user unconfined_u = #ff0000 green +.br +role unconfined_r = red #ffffff +.br +type unconfined_t = red orange +.br +user user_u = black green +.br +role user_r = white black +.br +type user_t = tan red +.br +user xguest_u = black yellow +.br +role xguest_r = black red +.br +type xguest_t = black green +.br +user sysadm_u = white black +.br +range s0:c0.c1023 = black white +.br +user * = black white +.br +role * = black white +.br +type * = black white +.RE + +.SH "SEE ALSO" +.BR selinux "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)" + + -- 1.7.3.2 Richard -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
