Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Structures | Macros | Functions | Variables
avc.c File Reference
#include <linux/types.h>
#include <linux/stddef.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/dcache.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/percpu.h>
#include <net/sock.h>
#include <linux/un.h>
#include <net/af_unix.h>
#include <linux/ip.h>
#include <linux/audit.h>
#include <linux/ipv6.h>
#include <net/ipv6.h>
#include "avc.h"
#include "avc_ss.h"
#include "classmap.h"

Go to the source code of this file.

Data Structures

struct  avc_entry
 
struct  avc_node
 
struct  avc_cache
 
struct  avc_callback_node
 

Macros

#define AVC_CACHE_SLOTS   512
 
#define AVC_DEF_CACHE_THRESHOLD   512
 
#define AVC_CACHE_RECLAIM   16
 
#define avc_cache_stats_incr(field)   do {} while (0)
 

Functions

void __init avc_init (void)
 
int avc_get_hash_stats (char *page)
 
noinline int slow_avc_audit (u32 ssid, u32 tsid, u16 tclass, u32 requested, u32 audited, u32 denied, struct common_audit_data *a, unsigned flags)
 
int __init avc_add_callback (int(*callback)(u32 event), u32 events)
 
int avc_ss_reset (u32 seqno)
 
int avc_has_perm_noaudit (u32 ssid, u32 tsid, u16 tclass, u32 requested, unsigned flags, struct av_decision *avd)
 
int avc_has_perm_flags (u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata, unsigned flags)
 
u32 avc_policy_seqno (void)
 
void avc_disable (void)
 

Variables

unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD
 

Macro Definition Documentation

#define AVC_CACHE_RECLAIM   16

Definition at line 38 of file avc.c.

#define AVC_CACHE_SLOTS   512

Definition at line 36 of file avc.c.

#define avc_cache_stats_incr (   field)    do {} while (0)

Definition at line 43 of file avc.c.

#define AVC_DEF_CACHE_THRESHOLD   512

Definition at line 37 of file avc.c.

Function Documentation

int __init avc_add_callback ( int(*)(u32 event callback,
u32  events 
)

avc_add_callback - Register a callback for security events. : callback function : security events

Register a callback function for events in the set . Returns %0 on success or -ENOMEM if insufficient memory exists to add the callback.

Definition at line 501 of file avc.c.

void avc_disable ( void  )

Definition at line 787 of file avc.c.

int avc_get_hash_stats ( char page)

Definition at line 178 of file avc.c.

int avc_has_perm_flags ( u32  ssid,
u32  tsid,
u16  tclass,
u32  requested,
struct common_audit_data auditdata,
unsigned  flags 
)

avc_has_perm - Check permissions and perform any appropriate auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : auxiliary audit data : VFS walk flags

Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Audit the granting or denial of permissions in accordance with the policy. Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors.

Definition at line 766 of file avc.c.

int avc_has_perm_noaudit ( u32  ssid,
u32  tsid,
u16  tclass,
u32  requested,
unsigned  flags,
struct av_decision avd 
)
inline

avc_has_perm_noaudit - Check permissions but perform no auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : AVC_STRICT or 0 : access vector decisions

Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Return a copy of the decisions in . Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors. This function is typically called by avc_has_perm(), but may also be called directly to separate permission checking from auditing, e.g. in cases where a lock must be held for the check but should be released for the auditing.

Definition at line 720 of file avc.c.

void __init avc_init ( void  )

avc_init - Initialize the AVC.

Initialize the access vector cache.

Definition at line 161 of file avc.c.

u32 avc_policy_seqno ( void  )

Definition at line 782 of file avc.c.

int avc_ss_reset ( u32  seqno)

avc_ss_reset - Flush the cache and revalidate migrated permissions. : policy sequence number

Definition at line 644 of file avc.c.

noinline int slow_avc_audit ( u32  ssid,
u32  tsid,
u16  tclass,
u32  requested,
u32  audited,
u32  denied,
struct common_audit_data a,
unsigned  flags 
)

Definition at line 455 of file avc.c.

Variable Documentation

unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD

Definition at line 74 of file avc.c.