selabel_lookup_best_match(3) — Linux manual page
selabel_...est_match(3) SELinux API documentationselabel_...est_match(3)
NAME
selabel_lookup_best_match - obtain a best match SELinux security
context - Only supported on file backend.
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/label.h>
int selabel_lookup_best_match(struct selabel_handle *hnd,
char **context,
const char *key,
const char **links,
int type);
int selabel_lookup_best_match_raw(struct selabel_handle *hnd,
char **context,
const char *key,
const char **links,
int type);
DESCRIPTION
selabel_lookup_best_match() performs a best match lookup
operation on the handle hnd, returning the result in the memory
pointed to by context, which must be freed by the caller using
freecon(3). The key parameter is a file path to check for best
match using zero or more link (aliases) parameters. The order of
precedence for best match is:
1. An exact match for the real path (key) or
2. An exact match for any of the links (aliases), or
3. The longest fixed prefix match.
The type parameter is an optional file mode argument that should
be set to the mode bits of the file, as determined by lstat(2).
mode may be zero, however full matching may not occur.
selabel_lookup_best_match_raw() behaves identically to
selabel_lookup_best_match() but does not perform context
translation.
RETURN VALUE
On success, zero is returned. On error, -1 is returned and errno
is set appropriately.
ERRORS
ENOENT No context corresponding to the input key and type was
found.
EINVAL The key and/or type inputs are invalid, or the context
being returned failed validation.
ENOMEM An attempt to allocate memory failed.
NOTES
Example usage - When a service creates a device node, it may also
create one or more symlinks to the device node. These symlinks
may be the only stable name for the device, e.g. if the partition
is dynamically assigned. The file label backend supports this by
looking up the "best match" for a device node based on its real
path (key) and any links to it (aliases). The order of precedence
for best match is described above.
SEE ALSO
selabel_open(3), selabel_stats(3), selinux_set_callback(3),
selinux(8), lstat(2), selabel_file(5)
COLOPHON
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the
project can be found at
⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a
bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2024-06-14. (At
that time, the date of the most recent commit that was found in
the repository was 2023-05-11.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org