selinux_raw_context_to_color(3) [debian man page]
selinux_raw_context_to_color(3) Library Functions Manual selinux_raw_context_to_color(3) NAME
selinux_raw_context_to_color - Return RGB color string for an SELinux security context. SYNOPSIS
#include <selinux/selinux.h> int selinux_raw_context_to_color(security_context_t raw, char **color_str); DESCRIPTION
selinux_raw_context_to_color returns a color_str associated to the raw context raw provided that the mcstransd(8) daemon is running, the policy is an MLS type policy (MCS or MLS) and there is a color configuration file secolor.conf(5) (see the FILES section). The color_str string is a space separated list of eight hexadecimal RGB triples, each prefixed by a hash character (#). These represent the user:role:type:range components of the foreground and background colors. An example string is shown in the EXAMPLE section. The returned color_str string must be freed with free(3). If a color has not been configured for a specific user, role, type and/or range component of context raw, then selinux_raw_context_to_color will select the color returned in color_str in order of precedence as follows: role, type, range user, type, range user, role, range user, role, type If there are no entries in the secolor.conf file for any of the components of context raw (or the file is not present), then the default string returned in color_str is: ----- user ---- ---- role ---- ---- type ---- ---- range ---- #000000 #ffffff #000000 #ffffff #000000 #ffffff #000000 #ffffff RETURN VALUE
On success, zero is returned. On failure, -1 is returned with errno set appropriately. ERRORS
ENOENT If the mcstransd(8) daemon is not running. FILES
selinux_raw_context_to_color obtains the translated entry from the active policy secolor.conf(5) file as returned by selinux_col- ors_path(3). The file format is described in secolor.conf(5). NOTES
1. The primary use of selinux_raw_context_to_color is to return a color that corresponds to a range, that can then be used to highlight information at different MLS levels. 2. The mcstransd(8) daemon process security level must dominate the raw security level passed to it by the selinux_raw_context_to_color function. If not, the range color selected will be as defined by the order of precedence. EXAMPLE
selinux_raw_context_to_color returns the foreground and background colors of the context string components (user:role:type:range) as RGB triples as follows: user : role : type : range fg bg : fg bg : fg bg : fg bg #000000 #ffffff #ffffff #000000 #d2b48c #ffa500 #000000 #008000 black white : white black : tan orange : black green SEE ALSO
selinux(8), selinux_colors_path(3), mcstransd(8), secolor.conf(5), selinux_raw_to_trans_context(3), selinux_trans_to_raw_context(3), free(3) SELinux API documentation 08 April 2011 selinux_raw_context_to_color(3)
Check Out this Related Man Page
secolor.conf(8) System Manager's Manual secolor.conf(8) NAME
secolor.conf - The SELinux color configuration file DESCRIPTION
The /etc/selinux/{SELINUXTYPE}/secolor.conf configuation file controls the color to be associated to the context components associated to the raw context passed by selinux_raw_context_to_color(3), when context related information is to be displayed in color by an SELinux-aware application. selinux_raw_context_to_color(3) obtains this color information from the active policy secolor.conf file as returned by selinux_col- ors_path(3). FILE FORMAT
The file format is as follows: color color_name = #color_mask [...] context_component string = fg_color_name bg_color_name [...] Where: color The color keyword. Each color entry is on a new line. color_name A single word name for the color (e.g. red). color_mask A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #000000 and white being #ffffff. context_component The context component name that must be one of the following: user, role, type or range Each context_component string ... entry is on a new line. string This is the context_component string that will be matched with the raw context component passed by selinux_raw_context_to_color(3). A wildcard '*' may be used to match any undefined string for the user, role and type context_component entries only. fg_color_name The color_name string that will be used as the foreground color. A color_mask may also be used. bg_color_name The color_name string that will be used as the background color. A color_mask may also be used. EXAMPLES
Example 1 entries are: color black = #000000 color green = #008000 color yellow = #ffff00 color blue = #0000ff color white = #ffffff color red = #ff0000 color orange = #ffa500 color tan = #D2B48C user * = black white role * = white black type * = tan orange range s0-s0:c0.c1023 = black green range s1-s1:c0.c1023 = white green range s3-s3:c0.c1023 = black tan range s5-s5:c0.c1023 = white blue range s7-s7:c0.c1023 = black red range s9-s9:c0.c1023 = black orange range s15:c0.c1023 = black yellow Example 2 entries are: color black = #000000 color green = #008000 color yellow = #ffff00 color blue = #0000ff color white = #ffffff color red = #ff0000 color orange = #ffa500 color tan = #d2b48c user unconfined_u = #ff0000 green role unconfined_r = red #ffffff type unconfined_t = red orange user user_u = black green role user_r = white black type user_t = tan red user xguest_u = black yellow role xguest_r = black red type xguest_t = black green user sysadm_u = white black range s0:c0.c1023 = black white user * = black white role * = black white type * = black white SEE ALSO
mcstransd(8), selinux_raw_context_to_color(3), selinux_colors_path(3) SELinux API documentation 08 April 2011 secolor.conf(8)