DOKK / manpages / debian 11 / libselinux1-dev / selinux_file_context_cmp.3.en
selinux_file_context_cmp(3) Library Functions Manual selinux_file_context_cmp(3)

selinux_file_context_cmp - Compare two SELinux security contexts excluding the 'user' component

#include <selinux/selinux.h>

int selinux_file_context_cmp(const char *a,

const char *b);

selinux_file_context_cmp() compares two context strings excluding the user component with strcmp(3) as shown in the EXAMPLE section.

This is useful as for most object contexts, the user component is not relevant.

The return values follow the strcmp(3) function, where:

0 if they are equal.
1 if a is greater than b
-1 if a is less than b

None.

The contexts being compared do not specifically need to be file contexts.

If context a is:

user_u:user_r:user_t:s0

and context b is:

root:user_r:user_t:s0

then the actual strings compared are:

:user_r:user_t:s0 and :user_r:user_t:s0

Therefore they will match and selinux_file_context_cmp() will return zero.

selinux(8)

08 March 2011 SELinux API documentation