secpol_get_permission()

Returns a handle to a permission associated with a custom class

Synopsis:

#include <secpol/secpol.h>

secpol_permission_t* secpol_get_permission(secpol_file_t *_handle,
                                           const char *_class,
                                           const char *permission,
                                           unsigned flags)

Arguments:

handle: Handle to the security policy file. Usually NULL, which specifies that the default security policy file is used (either the system default or one set using secpol_open()).
class: Name of the class associated with the permission.
permission: Name of the permission.
flags: Zero or more flags taken from the secpol_get_permission_flags_e enumeration.

Library:

libsecpol

Description:

By default, the secpol_get_permission() function will succeed even when no security policy is in use or if the class or permission cannot be found. However, if the system uses security policies, the permission will always be denied. If the system is not using security policies, the function checks whether the process is root. This behavior may be changed by passing appropriate flags.

Returns:

A handle to the permission, or NULL if the call failed. On failure, errno is set to one of the following values:

ENOTSUP No security policy is in use.
ENOSYS The class or permission is not in the policy file or the policy ID is wrong.
EINVAL Parameters are not valid for the specified policy file.
ENOMEM Out of memory.
ENOENT Unable to open the policy file.