NAME

       avc_context_to_sid, avc_sid_to_context, avc_get_initial_sid - obtain and manipulate SELinux security ID's

SYNOPSIS

       #include <selinux/selinux.h>
       #include <selinux/avc.h>

       int avc_context_to_sid(security_context_t ctx, security_id_t *sid);

       int avc_sid_to_context(security_id_t sid, security_context_t *ctx);

       int avc_get_initial_sid(const char *name, security_id_t *sid);

DESCRIPTION

       Security ID's (SID's) are opaque representations of security contexts, managed by the userspace AVC.

       avc_context_to_sid() returns a SID for the given context in the memory referenced by sid.

       avc_sid_to_context()  returns  a  copy of the context represented by sid in the memory referenced by ctx.
       The user must free the copy with freecon(3).

       avc_get_initial_sid() returns a SID for the kernel initial security identifier specified by name.

RETURN VALUE

       avc_context_to_sid() and avc_sid_to_context() return zero on success.  On error, -1 is returned and errno
       is set appropriately.

ERRORS

       ENOMEM An attempt to allocate memory failed.

NOTES

       As  of  libselinux  version  2.0.86, SID's are no longer reference counted.  A SID will be valid from the
       time it is first obtained until the next call to avc_destroy(3).  The sidget(3) and sidput(3)  functions,
       formerly used to adjust the reference count, are no-ops and are deprecated.

AUTHOR

       Eamon Walsh <ewalsh@tycho.nsa.gov>

SEE ALSO

       avc_init(3), avc_has_perm(3), avc_cache_stats(3), avc_add_callback(3), getcon(3), freecon(3), selinux(8)

                                                   27 May 2004                             avc_context_to_sid(3)