1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
.TH matchpathcon 3 "21 November 2009" stephen.smalley.work@gmail.com \
"SELinux API documentation"
.SH NAME
matchpathcon, matchpathcon_index \- get the default SELinux security context \
for the specified path from the file contexts configuration
.
.SH SYNOPSIS
.B #include <selinux/selinux.h>
.sp
.BI "int matchpathcon_init(const char *" path ");"
.sp
.BI "int matchpathcon_init_prefix(const char *" path ", const char *" prefix ");"
.sp
.B int matchpathcon_fini(void);
.sp
.BI "int matchpathcon(const char *" path ", mode_t " mode ", char **" con );
.sp
.BI "int matchpathcon_index(const char *" name ", mode_t " mode ", char **" con ");"
.
.SH DESCRIPTION
This family of functions is deprecated.
For new code,
please use
.BR selabel_open (3)
with the
.B SELABEL_CTX_FILE
backend in place of
.BR matchpathcon_init (),
use
.BR selabel_close (3)
in place of
.BR matchpathcon_fini (),
and use
.BR selabel_lookup (3)
in place of
.BR matchpathcon ().
The remaining description below is for the legacy interface.
.BR matchpathcon_init ()
loads the file contexts configuration specified by
.I path
into memory for use by subsequent
.BR matchpathcon ()
calls.
If
.I path
is NULL,
then the active file contexts configuration is loaded by default,
i.e., the path returned by
.BR selinux_file_context_path (3).
Unless the
.B MATCHPATHCON_BASEONLY
flag has been set via
.BR \%set_matchpathcon_flags (3),
files with the same path prefix but a
.B \%.homedirs
and
.B .local
suffix are also looked up and loaded if present.
These files provide dynamically generated entries for user home directories
and for local customizations.
.BR matchpathcon_init_prefix ()
is the same as
.BR matchpathcon_init ()
but only loads entries with regular expressions whose first pathname
component is a prefix of
.IR \%prefix ,
e.g., pass "/dev"
if you only intend to call
.BR matchpathcon ()
with pathnames beginning with /dev.
However,
this optimization is no longer necessary due to the use of
.I file_contexts.bin
files with precompiled regular expressions,
so use of this interface is deprecated.
.BR matchpathcon_fini ()
frees the memory allocated by a prior call to
.BR matchpathcon_init ().
This function can be used to free and reset the internal state between multiple
.BR matchpathcon_init ()
calls,
or to free memory when finished using
.BR matchpathcon ().
.BR matchpathcon ()
matches the specified
.IR pathname ,
after transformation via
.BR realpath (3)
excepting any final symbolic link component if S_IFLNK was
specified as the
.IR mode ,
and
.I mode
against the
.I file contexts
configuration and sets the security context
.I con
to refer to the
resulting context.
The caller must free the returned security context
.I con
using
.BR freecon (3)
when finished using it.
.I mode
can be 0 to disable mode matching,
but should be provided whenever possible,
as it may affect the matching.
Only the file format bits
(i.e., the file type)
of the
.I mode
are used.
If
.BR matchpathcon_init ()
has not already been called,
then this function will call it upon
its first invocation with a NULL
.IR path ,
defaulting to the active file contexts configuration.
.BR matchpathcon_index ()
is the same as
.BR matchpathcon ()
but returns a specification index that can later be used in a
.BR matchpathcon_filespec_add (3)
call.
.
.SH "RETURN VALUE"
Returns zero on success or \-1 otherwise.
.
.SH "SEE ALSO"
.ad l
.nh
.BR selinux "(8), " set_matchpathcon_flags "(3), " \
set_matchpathcon_invalidcon "(3), " set_matchpathcon_printf "(3), " \
matchpathcon_filespec_add "(3), " matchpathcon_checkmatches "(3), " freecon \
"(3), " setfilecon "(3), " setfscreatecon (3)
|
