Returns a handle to a permission associated with a custom class
Synopsis:
#include <secpol/secpol.h>
secpol_permission_t* secpol_get_permission(secpol_file_t *_handle,
const char *_class,
const char *permission,
unsigned flags)
Arguments:
- handle
- Handle to the security policy file. Usually NULL, which specifies that the default security policy file is used (either the system default or one set using secpol_open()).
- class
- Name of the class associated with the permission.
- permission
- Name of the permission.
- flags
- Zero or more flags taken from the secpol_get_permission_flags_e enumeration.
Library:
libsecpol
Description:
By default, the secpol_get_permission() function will succeed even when
no security policy is in use or if the class or permission cannot be found. However, if the
system uses security policies, the permission will always be denied. If the system is not
using security policies, the function checks whether the process is
root. This behavior may be changed by passing appropriate flags.
Returns:
A handle to the permission, or NULL if the call failed. On failure,
errno is set to one of
the following values:
- ENOTSUP No security policy is in use.
- ENOSYS The class or permission is not in the policy file or the policy ID is
wrong.
- EINVAL Parameters are not valid for the specified policy file.
- ENOMEM Out of memory.
- ENOENT Unable to open the policy file.