On 11/06/2014 08:05 AM, Stephen Smalley wrote:
> On 11/06/2014 07:44 AM, kuangjiou wrote:
>> Hello,everyone!
>> I am learning how to use the selinux userspace apps recent.And I got Segmentation fault when I use the avc_context_to_sid() funtion, dose anyone know how to resolve this problem? Thank you very much!
>>
>> The following is my testing code with avc_context_to_sid() funtion
>>
>> #include <selinux/selinux.h>
>> #include <selinux/avc.h>
>> #include <stdlib.h>
>> #include <stdio.h>
>>
>> int main()
>> {
>> const char *scon = "system_u:object_r:unconfined_t";
>> security_id_t sid;
>> sid->ctx = scon;
>> sid->refcnt = 28;
>>
>> avc_context_to_sid(scon, &sid);
>>
>> return 0;
>> }
>
> Must be preceded by a call to avc_init() or avc_open(). In current
> libselinux, that is asserted on entry to the function.
>
> However, I'd encourage you to consider using selinux_check_access()
> instead for SELinux userspace object managers; it internally handles
> calling avc_init() and avc_context_to_sid() as well as mapping class and
> permission strings to numbers, making it much easier to use the AVC from
> userspace. We have been using it in the Android userspace.
Also, for avc_context_to_sid(), the sid is an output argument; you
aren't supposed to initialize it to anything prior to making the call.
avc_context_to_sid() looks to see if there is already a SID allocated
for the context; if so, it sets sid to reference that SID; if not, it
allocates a new SID and sets sid to reference it. Any assignment you
make to sid prior to the call will be ignored and overridden.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
