Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Structures | Macros | Functions | Variables
avc.h File Reference
#include <linux/stddef.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/kdev_t.h>
#include <linux/spinlock.h>
#include <linux/init.h>
#include <linux/audit.h>
#include <linux/lsm_audit.h>
#include <linux/in6.h>
#include "flask.h"
#include "av_permissions.h"
#include "security.h"

Go to the source code of this file.

Data Structures

struct  avc_cache_stats
 
struct  selinux_audit_data
 

Macros

#define selinux_enforcing   1
 
#define AVC_STRICT   1 /* Ignore permissive mode. */
 
#define AVC_CALLBACK_GRANT   1
 
#define AVC_CALLBACK_TRY_REVOKE   2
 
#define AVC_CALLBACK_REVOKE   4
 
#define AVC_CALLBACK_RESET   8
 
#define AVC_CALLBACK_AUDITALLOW_ENABLE   16
 
#define AVC_CALLBACK_AUDITALLOW_DISABLE   32
 
#define AVC_CALLBACK_AUDITDENY_ENABLE   64
 
#define AVC_CALLBACK_AUDITDENY_DISABLE   128
 

Functions

void __init avc_init (void)
 
int slow_avc_audit (u32 ssid, u32 tsid, u16 tclass, u32 requested, u32 audited, u32 denied, struct common_audit_data *a, unsigned flags)
 
int avc_has_perm_noaudit (u32 ssid, u32 tsid, u16 tclass, u32 requested, unsigned flags, struct av_decision *avd)
 
int avc_has_perm_flags (u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata, unsigned)
 
u32 avc_policy_seqno (void)
 
int avc_add_callback (int(*callback)(u32 event), u32 events)
 
int avc_get_hash_stats (char *page)
 
void avc_disable (void)
 

Variables

unsigned int avc_cache_threshold
 

Macro Definition Documentation

#define AVC_CALLBACK_AUDITALLOW_DISABLE   32

Definition at line 169 of file avc.h.

#define AVC_CALLBACK_AUDITALLOW_ENABLE   16

Definition at line 168 of file avc.h.

#define AVC_CALLBACK_AUDITDENY_DISABLE   128

Definition at line 171 of file avc.h.

#define AVC_CALLBACK_AUDITDENY_ENABLE   64

Definition at line 170 of file avc.h.

#define AVC_CALLBACK_GRANT   1

Definition at line 164 of file avc.h.

#define AVC_CALLBACK_RESET   8

Definition at line 167 of file avc.h.

#define AVC_CALLBACK_REVOKE   4

Definition at line 166 of file avc.h.

#define AVC_CALLBACK_TRY_REVOKE   2

Definition at line 165 of file avc.h.

#define AVC_STRICT   1 /* Ignore permissive mode. */

Definition at line 144 of file avc.h.

#define selinux_enforcing   1

Definition at line 25 of file avc.h.

Function Documentation

int avc_add_callback ( int(*)(u32 event callback,
u32  events 
)

avc_add_callback - Register a callback for security events. : callback function : security events

Register a callback function for events in the set . Returns %0 on success or -ENOMEM if insufficient memory exists to add the callback.

Definition at line 501 of file avc.c.

void avc_disable ( void  )

Definition at line 787 of file avc.c.

int avc_get_hash_stats ( char page)

Definition at line 178 of file avc.c.

int avc_has_perm_flags ( u32  ssid,
u32  tsid,
u16  tclass,
u32  requested,
struct common_audit_data auditdata,
unsigned  flags 
)

avc_has_perm - Check permissions and perform any appropriate auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : auxiliary audit data : VFS walk flags

Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Audit the granting or denial of permissions in accordance with the policy. Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors.

Definition at line 766 of file avc.c.

int avc_has_perm_noaudit ( u32  ssid,
u32  tsid,
u16  tclass,
u32  requested,
unsigned  flags,
struct av_decision avd 
)
inline

avc_has_perm_noaudit - Check permissions but perform no auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : AVC_STRICT or 0 : access vector decisions

Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Return a copy of the decisions in . Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors. This function is typically called by avc_has_perm(), but may also be called directly to separate permission checking from auditing, e.g. in cases where a lock must be held for the check but should be released for the auditing.

Definition at line 720 of file avc.c.

void __init avc_init ( void  )

avc_init - Initialize the AVC.

Initialize the access vector cache.

Definition at line 161 of file avc.c.

u32 avc_policy_seqno ( void  )

Definition at line 782 of file avc.c.

int slow_avc_audit ( u32  ssid,
u32  tsid,
u16  tclass,
u32  requested,
u32  audited,
u32  denied,
struct common_audit_data a,
unsigned  flags 
)

Definition at line 455 of file avc.c.

Variable Documentation

unsigned int avc_cache_threshold

Definition at line 74 of file avc.c.