Lines Matching +full:security +full:- +full:events
45 uint32_t events; member
66 & (AVC_CACHE_SLOTS - 1); in avc_hash()
87 return -1; in avc_context_to_sid()
101 *ctx = strdup(sid->ctx); /* caller must free via freecon */ in avc_sid_to_context_raw()
102 rc = *ctx ? 0 : -1; in avc_sid_to_context_raw()
160 strncpy(avc_prefix, prefix, AVC_PREFIX_SIZE - 1); in avc_init_internal()
188 rc = -1; in avc_init_internal()
201 new->next = avc_node_freelist; in avc_init_internal()
232 while (nopts--) in avc_open()
285 node = node->next; in avc_av_stats()
313 if (!cur->ae.used) in avc_reclaim_node()
316 cur->ae.used = 0; in avc_reclaim_node()
319 cur = cur->next; in avc_reclaim_node()
321 hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1); in avc_reclaim_node()
332 avc_cache.slots[hvalue] = cur->next; in avc_reclaim_node()
334 prev->next = cur->next; in avc_reclaim_node()
356 avc_node_freelist = avc_node_freelist->next; in avc_claim_node()
365 avc_clear_avc_entry(&new->ae); in avc_claim_node()
366 new->ae.used = 1; in avc_claim_node()
367 new->ae.ssid = ssid; in avc_claim_node()
368 new->ae.tsid = tsid; in avc_claim_node()
369 new->ae.tclass = tclass; in avc_claim_node()
370 new->next = avc_cache.slots[hvalue]; in avc_claim_node()
389 (ssid != cur->ae.ssid || in avc_search_node()
390 tclass != cur->ae.tclass || tsid != cur->ae.tsid)) { in avc_search_node()
392 cur = cur->next; in avc_search_node()
404 cur->ae.used = 1; in avc_search_node()
411 * avc_lookup - Look up an AVC entry.
412 * @ssid: source security identifier
413 * @tsid: target security identifier
414 * @tclass: target security class
423 * entry and returns %0. Otherwise, -1 is returned.
435 if (node && ((node->ae.avd.decided & requested) == requested)) { in avc_lookup()
438 aeref->ae = &node->ae; in avc_lookup()
443 rc = -1; in avc_lookup()
449 * avc_insert - Insert an AVC entry.
450 * @ssid: source security identifier
451 * @tsid: target security identifier
452 * @tclass: target security class
459 * normally provided by the security server in
461 * sequence number @ae->avd.seqno is not less than the latest
465 * Otherwise, this function returns -%1 with @errno set to %EAGAIN.
474 if (ae->avd.seqno < avc_cache.latest_notif) { in avc_insert()
477 ae->avd.seqno, avc_cache.latest_notif); in avc_insert()
479 rc = -1; in avc_insert()
485 rc = -1; in avc_insert()
489 memcpy(&node->ae.avd, &ae->avd, sizeof(ae->avd)); in avc_insert()
490 aeref->ae = &node->ae; in avc_insert()
516 node = node->next; in avc_reset()
517 avc_clear_avc_entry(&tmp->ae); in avc_reset()
518 tmp->next = avc_node_freelist; in avc_reset()
520 avc_cache.active_nodes--; in avc_reset()
530 for (c = avc_callbacks; c; c = c->next) { in avc_reset()
531 if (c->events & AVC_CALLBACK_RESET) { in avc_reset()
532 ret = c->callback(AVC_CALLBACK_RESET, 0, 0, 0, 0, 0); in avc_reset()
560 node = node->next; in avc_destroy()
566 avc_node_freelist = tmp->next; in avc_destroy()
573 avc_callbacks = c->next; in avc_destroy()
583 /* ratelimit stuff put aside for now --EFW */
594 * every 5secs to make a denial-of-service attack impossible.
605 toks += now - last_msg;
612 toks -= AVC_MSG_COST;
641 * avc_dump_av - Display an access vector in human-readable form.
642 * @tclass: target security class
674 * avc_dump_query - Display a SID pair and a class in human-readable form.
675 * @ssid: source security identifier
676 * @tsid: target security identifier
677 * @tclass: target security class
685 ssid->ctx, tsid->ctx); in avc_dump_query()
698 denied = requested & ~avd->allowed; in avc_audit()
700 audited = denied & avd->auditdeny; in avc_audit()
704 audited = requested & avd->auditallow; in avc_audit()
720 AVC_AUDIT_BUFSIZE - strlen(avc_audit_buf)); in avc_audit()
738 avd->allowed = 0; in avd_init()
739 avd->auditallow = 0; in avd_init()
740 avd->auditdeny = 0xffffffff; in avd_init()
741 avd->seqno = avc_cache.latest_notif; in avd_init()
742 avd->flags = 0; in avd_init()
771 ae = aeref->ae; in avc_has_perm_noaudit()
773 if (ae->ssid == ssid && in avc_has_perm_noaudit()
774 ae->tsid == tsid && in avc_has_perm_noaudit()
775 ae->tclass == tclass && in avc_has_perm_noaudit()
776 ((ae->avd.decided & requested) == requested)) { in avc_has_perm_noaudit()
778 ae->used = 1; in avc_has_perm_noaudit()
789 rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, in avc_has_perm_noaudit()
802 ae = aeref->ae; in avc_has_perm_noaudit()
806 memcpy(avd, &ae->avd, sizeof(*avd)); in avc_has_perm_noaudit()
808 denied = requested & ~(ae->avd.allowed); in avc_has_perm_noaudit()
812 (ae->avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE)) in avc_has_perm_noaudit()
813 ae->avd.allowed |= requested; in avc_has_perm_noaudit()
816 rc = -1; in avc_has_perm_noaudit()
857 rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, in avc_compute_create()
867 if (!aeref.ae->create_sid) { in avc_compute_create()
869 rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass, in avc_compute_create()
878 aeref.ae->create_sid = *newsid; in avc_compute_create()
881 *newsid = aeref.ae->create_sid; in avc_compute_create()
900 rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx); in avc_compute_member()
915 uint32_t events, security_id_t ssid, in avc_add_callback() argument
924 rc = -1; in avc_add_callback()
928 c->callback = callback; in avc_add_callback()
929 c->events = events; in avc_add_callback()
930 c->ssid = ssid; in avc_add_callback()
931 c->tsid = tsid; in avc_add_callback()
932 c->tclass = tclass; in avc_add_callback()
933 c->perms = perms; in avc_add_callback()
934 c->next = avc_callbacks; in avc_add_callback()
950 node->ae.avd.allowed |= perms; in avc_update_node()
954 node->ae.avd.allowed &= ~perms; in avc_update_node()
957 node->ae.avd.auditallow |= perms; in avc_update_node()
960 node->ae.avd.auditallow &= ~perms; in avc_update_node()
963 node->ae.avd.auditdeny |= perms; in avc_update_node()
966 node->ae.avd.auditdeny &= ~perms; in avc_update_node()
983 for (node = avc_cache.slots[i]; node; node = node->next) { in avc_update_cache()
984 if (avc_sidcmp(ssid, node->ae.ssid) && in avc_update_cache()
985 avc_sidcmp(tsid, node->ae.tsid) && in avc_update_cache()
986 tclass == node->ae.tclass) { in avc_update_cache()
1004 /* avc_control - update cache and call callbacks
1028 for (c = avc_callbacks; c; c = c->next) { in avc_control()
1029 if ((c->events & event) && in avc_control()
1030 avc_sidcmp(c->ssid, ssid) && in avc_control()
1031 avc_sidcmp(c->tsid, tsid) && in avc_control()
1032 c->tclass == tclass && (c->perms & perms)) { in avc_control()
1034 ret = c->callback(event, ssid, tsid, tclass, in avc_control()
1035 (c->perms & perms), &cretained); in avc_control()
1062 * avc_ss_grant - Grant previously denied permissions.
1063 * @ssid: source security identifier or %SECSID_WILD
1064 * @tsid: target security identifier or %SECSID_WILD
1065 * @tclass: target security class
1078 * avc_ss_try_revoke - Try to revoke previously granted permissions.
1079 * @ssid: source security identifier or %SECSID_WILD
1080 * @tsid: target security identifier or %SECSID_WILD
1081 * @tclass: target security class
1100 * avc_ss_revoke - Revoke previously granted permissions.
1101 * @ssid: source security identifier or %SECSID_WILD
1102 * @tsid: target security identifier or %SECSID_WILD
1103 * @tclass: target security class
1119 * avc_ss_reset - Flush the cache and revalidate migrated permissions.
1137 * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
1138 * @ssid: source security identifier or %SECSID_WILD
1139 * @tsid: target security identifier or %SECSID_WILD
1140 * @tclass: target security class
1158 * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
1159 * @ssid: source security identifier or %SECSID_WILD
1160 * @tsid: target security identifier or %SECSID_WILD
1161 * @tclass: target security class