#include <linux/stddef.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/kdev_t.h>
#include <linux/spinlock.h>
#include <linux/init.h>
#include <linux/audit.h>
#include <linux/lsm_audit.h>
#include <linux/in6.h>
#include "flask.h"
#include "av_permissions.h"
#include "security.h"
Go to the source code of this file.
|
| void __init | avc_init (void) |
| |
| int | slow_avc_audit (u32 ssid, u32 tsid, u16 tclass, u32 requested, u32 audited, u32 denied, struct common_audit_data *a, unsigned flags) |
| |
| int | avc_has_perm_noaudit (u32 ssid, u32 tsid, u16 tclass, u32 requested, unsigned flags, struct av_decision *avd) |
| |
| int | avc_has_perm_flags (u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata, unsigned) |
| |
| u32 | avc_policy_seqno (void) |
| |
| int | avc_add_callback (int(*callback)(u32 event), u32 events) |
| |
| int | avc_get_hash_stats (char *page) |
| |
| void | avc_disable (void) |
| |
| #define AVC_CALLBACK_AUDITALLOW_DISABLE 32 |
| #define AVC_CALLBACK_AUDITALLOW_ENABLE 16 |
| #define AVC_CALLBACK_AUDITDENY_DISABLE 128 |
| #define AVC_CALLBACK_AUDITDENY_ENABLE 64 |
| #define AVC_CALLBACK_GRANT 1 |
| #define AVC_CALLBACK_RESET 8 |
| #define AVC_CALLBACK_REVOKE 4 |
| #define AVC_CALLBACK_TRY_REVOKE 2 |
| #define AVC_STRICT 1 /* Ignore permissive mode. */ |
| #define selinux_enforcing 1 |
Definition at line 25 of file avc.h.
avc_add_callback - Register a callback for security events. : callback function : security events
Register a callback function for events in the set . Returns %0 on success or -ENOMEM if insufficient memory exists to add the callback.
Definition at line 501 of file avc.c.
| int avc_get_hash_stats |
( |
char * |
page | ) |
|
avc_has_perm - Check permissions and perform any appropriate auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : auxiliary audit data : VFS walk flags
Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Audit the granting or denial of permissions in accordance with the policy. Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors.
Definition at line 766 of file avc.c.
avc_has_perm_noaudit - Check permissions but perform no auditing. : source security identifier : target security identifier : target security class : requested permissions, interpreted based on : AVC_STRICT or 0 : access vector decisions
Check the AVC to determine whether the permissions are granted for the SID pair (, ), interpreting the permissions based on , and call the security server on a cache miss to obtain a new decision and add it to the cache. Return a copy of the decisions in . Return %0 if all permissions are granted, -EACCES if any permissions are denied, or another -errno upon other errors. This function is typically called by avc_has_perm(), but may also be called directly to separate permission checking from auditing, e.g. in cases where a lock must be held for the check but should be released for the auditing.
Definition at line 720 of file avc.c.
avc_init - Initialize the AVC.
Initialize the access vector cache.
Definition at line 161 of file avc.c.
| unsigned int avc_cache_threshold |
Definition at line 74 of file avc.c.
1.8.2