int avc_context_to_sid(security_context_t ctx, security_id_t *sid);
int avc_sid_to_context(security_id_t sid, security_context_t *ctx);
int sidget(security_id_t sid);
int sidput(security_id_t sid);
DESCRIPTION
Security ID's (SID's) are reference-counted, opaque representations of security contexts.
avc_context_to_sid
returns a SID for the given
context
in the memory referenced by
sid,
incrementing its reference count by 1.
avc_sid_to_context
returns a copy of the context represented by
sid
in the memory referenced by
ctx.
The user must free the copy with
freecon(3).
sidget
increments the reference count of
sid
by 1.
sidput
decrements the reference count of
sid
by 1. If the count ever reaches zero, the SID becomes
invalid and must not be used any further.
RETURN VALUE
sidget
and
sidput
return the new reference count. A return value of zero indicates
an invalid SID.
avc_context_to_sid
and
avc_sid_to_context
return zero on success. On error, -1 is returned and
errno
is set appropriately.
ERRORS
EINVAL
The provided
sid
has a zero reference count and is invalid.
ENOMEM
An attempt to allocate memory failed.
NOTES
The expected usage pattern for these functions is that
avc_context_to_sid
will be called once to obtain a SID for a newly created object,
sidget
will be called on a SID when its object is duplicated, and
sidput
will be called on a SID when its object is destroyed. Proper reference counting is necessary to ensure that SID's and associated cache entries are reclaimed from memory when no longer needed.
