avc_compute_create, avc_compute_member - obtain SELinux label for new object

       Eamon Walsh <ewalsh@tycho.nsa.gov>

avc_compute_create()  is  used  to  compute  a SID to use for labeling a new object in a particular class
       based on a SID pair.   This  call  is  identical  to  security_compute_create(),  but  does  not  require
       converting from userspace SID's to contexts and back again.

       avc_compute_member() is used to compute a SID to use for labeling a polyinstantiated object instance of a
       particular  class based on a SID pair.  This call is identical to security_compute_member(), but does not
       require converting from userspace SID's to contexts and back again.

       These functions return a SID for the computed context in the memory referenced by sid.

EINVAL The tclass and/or the security contexts referenced by ssid and tsid  are  not  recognized  by  the
              currently loaded policy.

       ENOMEM An attempt to allocate memory failed.

       avc_compute_create, avc_compute_member - obtain SELinux label for new object

       On success, zero is returned.  On error, -1 is returned and errno is set appropriately.

avc_init(3), avc_context_to_sid(3), security_compute_create(3), selinux(8)

                                                   30 Mar 2007                             avc_compute_create(3)

#include<selinux/selinux.h>#include<selinux/avc.h>intavc_compute_create(security_id_tssid,security_id_ttsid,security_class_ttclass,security_id_t*newsid);intavc_compute_member(security_id_tssid,security_id_ttsid,security_class_ttclass,security_id_t*newsid);