secpol_transition_type()

Transition to a new type

Synopsis:

#include <secpol/secpol.h>
int secpol_transition_type(secpol_file_t *handle,
                           const char *name,
                           uint32_t flags)

Arguments:

handle
Handle to the security policy file. Usually NULL, which specifies that the default security policy file is used (either the system default or one set using secpol_open()).
name
Name of type, or name to derive type from based on the current type. If a derived type is used, NULL may be passed to use the default name "run".
flags
Zero or more flags from secpol_flags_e ORred together.

Library:

libsecpol

Description:

The secpol_transition_type() function attempts to switch to a new type that is either specified as a type name, or, more commonly, as a string (e.g., "run") that is used to derive a type from the current type of the process.

If the function is successful, it indicates that there is a security policy in use, the process is now running with whatever capabilities were deemed appropriate, and that the process should not itself attempt to modify abilities as a means of dropping privilege.

If the function fails, the process should instead perform whatever privilege dropping procedure it supports, which in some cases means doing nothing. If the function fails and a policy is in force, system trace events are emitted to allow the problem to be diagnosed.

Behavior should usually be based only on success or failure, not on the specific cause of failure. Failure of this function should not be considered fatal as it will render the program unable to run without security policies.

By default, a derived type is used; that is, the type ID is selected based on the process' current type and the name passed in. The name parameter can also represent the actual type name by passing SECPOL_TYPE_NAME in the flags.

It is expected this function will be called only once following initialization. Multiple calls to the function are unlikely to yield any security benefits.

Example

A security policy has the following rules:

derive_type resmgr1_t run resmgr1_run_t;
derive_type resmgr2_t run resmgr_post_init_t;

If a resource manager is started using the security type resmgr1_t and then calls the following function, it switches its type to resmgr1_run_t:

secpol_transition_type(NULL, NULL, 0); 

Alternatively, if the resource manager is started using the type resmgr2_t, this call switches it to resmgr_post_init_t.

Returns:

0 if the type was successfully switched or -1 if no type change was performed.