| .\" Hey Emacs! This file is -*- nroff -*- source. |
| .\" |
| .\" Author: KaiGai Kohei (kaigai@ak.jp.nec.com) 2009 |
| .TH "avc_netlink_loop" "3" "30 Mar 2009" "" "SELinux API documentation" |
| .SH "NAME" |
| avc_netlink_open, avc_netlink_close, avc_netlink_acquire_fd, |
| avc_netlink_release_fd, avc_netlink_check_nb, avc_netlink_loop \- SELinux |
| netlink processing. |
| .SH "SYNOPSIS" |
| .B #include <selinux/selinux.h> |
| |
| .B #include <selinux/avc.h> |
| .sp |
| .BI "int avc_netlink_open(int " blocking ");" |
| .sp |
| .BI "void avc_netlink_close(void);" |
| .sp |
| .BI "int avc_netlink_acquire_fd(void);" |
| .sp |
| .BI "void avc_netlink_release_fd(void);" |
| .sp |
| .BI "void avc_netlink_loop(void);" |
| .sp |
| .BI "int avc_netlink_check_nb(void);" |
| .sp |
| .SH "DESCRIPTION" |
| These functions enable applications to handle notification of SELinux events |
| via netlink. The userspace AVC normally checks for netlink messages on each |
| call to |
| .BR avc_has_perm (3). |
| Applications may wish to override this behavior and check for notification |
| separately, for example in a |
| .BR select (2) |
| loop. These functions also permit netlink monitoring without requiring a |
| call to |
| .BR avc_open (3). |
| |
| .B avc_netlink_open |
| opens a netlink socket to receive SELinux notifications. The socket |
| descriptor is stored internally; use |
| .BR avc_netlink_acquire_fd (3) |
| to take ownership of it in application code. The |
| .I blocking |
| argument specifies whether read operations on the socket will block. |
| .BR avc_open (3) |
| calls this function internally, specifying non-blocking behavior (unless |
| threading callbacks were explicitly set using the deprecated |
| .BR avc_init (3) |
| interface, in which case blocking behavior is set). |
| |
| .B avc_netlink_close |
| closes the netlink socket. This function is called automatically by |
| .BR avc_destroy (3). |
| |
| .B avc_netlink_acquire_fd |
| returns the netlink socket descriptor number and informs the userspace AVC |
| not to check the socket descriptor automatically on calls to |
| .BR avc_has_perm (3). |
| |
| .B avc_netlink_release_fd |
| returns control of the netlink socket to the userspace AVC, re-enabling |
| automatic processing of notifications. |
| |
| .B avc_netlink_check_nb |
| checks the netlink socket for pending messages and processes them. |
| Callbacks for policyload and enforcing changes will be called; |
| see |
| .BR selinux_set_callback (3). |
| This function does not block unless |
| .BR avc_netlink_open (3) |
| specified blocking behavior. |
| |
| .B avc_netlink_loop |
| enters a loop blocking on the netlink socket and processing messages as they |
| are received. This function will not return unless an error occurs on |
| the socket, in which case the socket is closed. |
| |
| .SH "RETURN VALUE" |
| .B avc_netlink_acquire_fd |
| returns a non-negative file descriptor number on success. Other functions |
| with a return value return zero on success. On error, -1 is returned and |
| .I errno |
| is set appropriately. |
| |
| .SH "SEE ALSO" |
| .BR avc_open (3), |
| .BR selinux_set_callback (3), |
| .BR selinux (8) |