secpol_get_permission()

Returns a handle to a permission associated with a custom class

Synopsis:

#include <secpol/secpol.h>

secpol_permission_t* secpol_get_permission(secpol_file_t *handle,
                                           const char *class,
                                           const char *permission,
                                           unsigned flags)

Arguments:

handle: Handle to the security policy file. Usually NULL, which specifies that the default security policy file is used (either the system default or one set using secpol_open()).
class: Name of the class associated with the permission.
permission: Name of the permission.
flags: Zero or more flags taken from the secpol_get_permission_flags_e enumeration.

Library:

libsecpol

Description:

By default, the secpol_get_permission() function will succeed even when no security policy is in use or if the class or permission cannot be found. However, the permission will always be denied. This behavior may be changed by passing appropriate flags.

The possible errors are:

ENOTSUP - No security policy is in use.
ENOSYS - The class or permission is not in the policy file or the policy ID is wrong.
EINVAL - Parameters are not valid for the specified policy file.
ENOMEM - Out of memory.
ENOENT - Unable to open the policy file.

Returns:

A handle to the permission, or NULL if the call failed (errno is set).