6 #ifndef _SELINUX_AVC_H_
7 #define _SELINUX_AVC_H_
9 #include <linux/stddef.h>
10 #include <linux/errno.h>
11 #include <linux/kernel.h>
12 #include <linux/kdev_t.h>
15 #include <linux/audit.h>
17 #include <linux/in6.h>
19 #include "av_permissions.h"
22 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
25 #define selinux_enforcing 1
68 static inline u32 avc_audit_required(
u32 requested,
75 denied = requested & ~avd->
allowed;
94 if (auditdeny && !(auditdeny & avd->
auditdeny))
97 audited = denied = requested;
129 static inline int avc_audit(
u32 ssid,
u32 tsid,
130 u16 tclass,
u32 requested,
136 audited = avc_audit_required(requested, avd, result, 0, &denied);
140 requested, audited, denied,
146 u16 tclass,
u32 requested,
151 u16 tclass,
u32 requested,
155 static inline int avc_has_perm(
u32 ssid,
u32 tsid,
156 u16 tclass,
u32 requested,
164 #define AVC_CALLBACK_GRANT 1
165 #define AVC_CALLBACK_TRY_REVOKE 2
166 #define AVC_CALLBACK_REVOKE 4
167 #define AVC_CALLBACK_RESET 8
168 #define AVC_CALLBACK_AUDITALLOW_ENABLE 16
169 #define AVC_CALLBACK_AUDITALLOW_DISABLE 32
170 #define AVC_CALLBACK_AUDITDENY_ENABLE 64
171 #define AVC_CALLBACK_AUDITDENY_DISABLE 128
182 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS