#include <linux/types.h>
#include <linux/stddef.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/dcache.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/percpu.h>
#include <net/sock.h>
#include <linux/un.h>
#include <net/af_unix.h>
#include <linux/ip.h>
#include <linux/audit.h>
#include <linux/ipv6.h>
#include <net/ipv6.h>
#include "avc.h"
#include "avc_ss.h"
#include "classmap.h"
Go to the source code of this file.
|
| void __init | avc_init (void) |
| |
| int | avc_get_hash_stats (char *page) |
| |
| noinline int | slow_avc_audit (u32 ssid, u32 tsid, u16 tclass, u32 requested, u32 audited, u32 denied, struct common_audit_data *a, unsigned flags) |
| |
| int __init | avc_add_callback (int(*callback)(u32 event), u32 events) |
| |
| int | avc_ss_reset (u32 seqno) |
| |
| int | avc_has_perm_noaudit (u32 ssid, u32 tsid, u16 tclass, u32 requested, unsigned flags, struct av_decision *avd) |
| |
| int | avc_has_perm_flags (u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata, unsigned flags) |
| |
| u32 | avc_policy_seqno (void) |
| |
| void | avc_disable (void) |
| |
| #define AVC_CACHE_RECLAIM 16 |
Definition at line 38 of file avc.c.
| #define AVC_CACHE_SLOTS 512 |
Definition at line 36 of file avc.c.
| #define avc_cache_stats_incr |
( |
|
field | ) |
do {} while (0) |
Definition at line 43 of file avc.c.
| #define AVC_DEF_CACHE_THRESHOLD 512 |
Definition at line 37 of file avc.c.
avc_add_callback - Register a callback for security events. : callback function : security events
Register a callback function for events in the set . Returns %0 on success or -ENOMEM if insufficient memory exists to add the callback.
Definition at line 501 of file avc.c.
| int avc_get_hash_stats |
( |
char * |
page | ) |
|
avc_has_perm - Check permissions and perform any appropriate auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : auxiliary audit data : VFS walk flags
Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Audit the granting or denial of permissions in accordance with the policy. Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors.
Definition at line 766 of file avc.c.
avc_has_perm_noaudit - Check permissions but perform no auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : AVC_STRICT or 0 : access vector decisions
Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Return a copy of the decisions in . Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors. This function is typically called by avc_has_perm(), but may also be called directly to separate permission checking from auditing, e.g. in cases where a lock must be held for the check but should be released for the auditing.
Definition at line 720 of file avc.c.
avc_init - Initialize the AVC.
Initialize the access vector cache.
Definition at line 161 of file avc.c.
avc_ss_reset - Flush the cache and revalidate migrated permissions. : policy sequence number
Definition at line 644 of file avc.c.
Definition at line 74 of file avc.c.
1.8.2