.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "AA_QUERY_LABEL 2" .TH AA_QUERY_LABEL 2 2024-10-14 "AppArmor 4.0.3" AppArmor .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME aa_query_label \- query access permission associated with a label .PP aa_query_file_path, aa_query_file_path_len \- query access permissions of a file path .PP aa_query_link_path, aa_query_link_path_len \- query access permissions of a link path .SH SYNOPSIS .IX Header "SYNOPSIS" \&\fB#include \fR .PP \&\fBint aa_query_label(uint32_t mask, char *query, size_t size, int *allowed, int *audited);\fR .PP \&\fBint aa_query_file_path(uint32_t mask, const char *label, size_t label_len, const char *path, int *allowed, int *audited);\fR .PP \&\fBint aa_query_file_path_len(uint32_t mask, const char *label, size_t label_len, const char *path, size_t path_len, int *allowed, int *audited);\fR .PP \&\fBint aa_query_link_path(const char *label, const char *target, const char *link, int *allowed, int *audited);\fR .PP \&\fBint aa_query_link_path_len(const char *label, size_t label_len, const char *target, size_t target_len, const char *link, size_t link_len, int *allowed, int *audited);\fR .PP Link with \fB\-lapparmor\fR when compiling. .SH DESCRIPTION .IX Header "DESCRIPTION" The \fBaa_query_label\fR function fetches the current permissions granted by the specified \fIlabel\fR in the \fIquery\fR string. .PP The query is a raw binary formatted query, containing the label and permission query to make. The returned \fIallowed\fR and \fIaudited\fR values are interpreted boolean values, simply stating whether the query is allowed and if it is audited. .PP The mask of the query string is a bit mask of permissions to query and is class type dependent (see \fBAA_CLASS_xxx\fR entries in \fIsys/apparmor.h\fR). .PP The format of the query string is also dependent on the \fBAA_CLASS\fR and as such the \fBaa_query_xxx\fR helper functions should usually be used instead of directly using \fBaa_query_label\fR. If directly using the interface the \&\fIquery\fR string is required to have a header of \fBAA_QUERY_CMD_LABEL_SIZE\fR that will be used by \fBaa_query_label\fR. .PP The \fBaa_query_file_path\fR and \fBaa_query_file_path_len\fR functions are helper function that assemble a properly formatted file path query for the \&\fBaa_query_label\fR function. The \fIlabel\fR is a valid apparmor label as returned by \fIaa_splitcon\fR with \fIlabel_len\fR being the length of the \fIlabel\fR. The \fIpath\fR is any valid filesystem path to query permissions for. For the \&\fBaa_query_file_path_len\fR variant the \fIpath_len\fR parameter specifies the number of bytes in the \fIpath\fR to use as part of the query. .PP The \fBaa_query_link_path\fR and \fBaa_query_link_path_len\fR functions are helper functions that assemble a properly formatted link path query for the \&\fBaa_query_label\fR function. The \fIlink_len\fR and \fItarget_len\fR parameters specify the number of bytes in the \fIlink\fR and \fItarget\fR to use as part of the query. .SH "RETURN VALUE" .IX Header "RETURN VALUE" On success 0 is returned, and the \fIallowed\fR and \fIaudited\fR parameters contain a boolean value of 0 not allowed/audited or 1 allowed/audited. On error, \-1 is returned, and \fBerrno\fR\|(3) is set appropriately. .SH ERRORS .IX Header "ERRORS" .IP \fBEINVAL\fR 4 .IX Item "EINVAL" The requested \fImask\fR is empty. .Sp The \fIsize\fR of the query is less than the query \fBAA_QUERY_CMD_LABEL_SIZE\fR .Sp The apparmor kernel module is not loaded or the kernel interface access interface is not available .IP \fBENOMEM\fR 4 .IX Item "ENOMEM" Insufficient memory was available. .IP \fBEACCES\fR 4 .IX Item "EACCES" Access to the specified \fIlabel\fR or query interface was denied. .IP \fBENOENT\fR 4 .IX Item "ENOENT" The specified \fIlabel\fR does not exist or is not visible. .IP \fBERANGE\fR 4 .IX Item "ERANGE" The confinement data is too large to fit in the supplied buffer. .SH NOTES .IX Header "NOTES" The label permissions returned are only valid for the time of the query and can change at any point in the future. .SH BUGS .IX Header "BUGS" None known. If you find any, please report them at . .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBapparmor_parser\fR\|(8), \fBaa_getcon\fR\|(2), \fBaa_splitcon\fR\|(3) and .