Lines Matching +full:security +full:- +full:events
45 uint32_t events; member
66 & (AVC_CACHE_SLOTS - 1); in avc_hash()
87 return -1; in avc_context_to_sid()
101 *ctx = strdup(sid->ctx); /* caller must free via freecon */ in avc_sid_to_context_raw()
102 rc = *ctx ? 0 : -1; in avc_sid_to_context_raw()
160 strncpy(avc_prefix, prefix, AVC_PREFIX_SIZE - 1); in avc_init_internal()
188 rc = -1; in avc_init_internal()
201 new->next = avc_node_freelist; in avc_init_internal()
232 while (nopts--) in avc_open()
285 node = node->next; in avc_av_stats()
313 if (!cur->ae.used) in avc_reclaim_node()
316 cur->ae.used = 0; in avc_reclaim_node()
319 cur = cur->next; in avc_reclaim_node()
321 hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1); in avc_reclaim_node()
332 avc_cache.slots[hvalue] = cur->next; in avc_reclaim_node()
334 prev->next = cur->next; in avc_reclaim_node()
356 avc_node_freelist = avc_node_freelist->next; in avc_claim_node()
365 avc_clear_avc_entry(&new->ae); in avc_claim_node()
366 new->ae.used = 1; in avc_claim_node()
367 new->ae.ssid = ssid; in avc_claim_node()
368 new->ae.tsid = tsid; in avc_claim_node()
369 new->ae.tclass = tclass; in avc_claim_node()
370 new->next = avc_cache.slots[hvalue]; in avc_claim_node()
389 (ssid != cur->ae.ssid || in avc_search_node()
390 tclass != cur->ae.tclass || tsid != cur->ae.tsid)) { in avc_search_node()
392 cur = cur->next; in avc_search_node()
404 cur->ae.used = 1; in avc_search_node()
411 * avc_lookup - Look up an AVC entry.
412 * @ssid: source security identifier
413 * @tsid: target security identifier
414 * @tclass: target security class
423 * entry and returns %0. Otherwise, -1 is returned.
435 if (node && ((node->ae.avd.decided & requested) == requested)) { in avc_lookup()
438 aeref->ae = &node->ae; in avc_lookup()
443 rc = -1; in avc_lookup()
449 * avc_insert - Insert an AVC entry.
450 * @ssid: source security identifier
451 * @tsid: target security identifier
452 * @tclass: target security class
459 * normally provided by the security server in
461 * sequence number @ae->avd.seqno is not less than the latest
465 * Otherwise, this function returns -%1 with @errno set to %EAGAIN.
474 if (ae->avd.seqno < avc_cache.latest_notif) { in avc_insert()
477 ae->avd.seqno, avc_cache.latest_notif); in avc_insert()
479 rc = -1; in avc_insert()
485 rc = -1; in avc_insert()
489 memcpy(&node->ae.avd, &ae->avd, sizeof(ae->avd)); in avc_insert()
490 aeref->ae = &node->ae; in avc_insert()
516 node = node->next; in avc_reset()
517 avc_clear_avc_entry(&tmp->ae); in avc_reset()
518 tmp->next = avc_node_freelist; in avc_reset()
520 avc_cache.active_nodes--; in avc_reset()
530 for (c = avc_callbacks; c; c = c->next) { in avc_reset()
531 if (c->events & AVC_CALLBACK_RESET) { in avc_reset()
532 ret = c->callback(AVC_CALLBACK_RESET, 0, 0, 0, 0, 0); in avc_reset()
560 node = node->next; in avc_destroy()
566 avc_node_freelist = tmp->next; in avc_destroy()
573 avc_callbacks = c->next; in avc_destroy()
583 /* ratelimit stuff put aside for now --EFW */
594 * every 5secs to make a denial-of-service attack impossible.
605 toks += now - last_msg;
612 toks -= AVC_MSG_COST;
641 * avc_dump_av - Display an access vector in human-readable form.
642 * @tclass: target security class
674 * avc_dump_query - Display a SID pair and a class in human-readable form.
675 * @ssid: source security identifier
676 * @tsid: target security identifier
677 * @tclass: target security class
685 ssid->ctx, tsid->ctx); in avc_dump_query()
698 denied = requested & ~avd->allowed; in avc_audit()
700 audited = denied & avd->auditdeny; in avc_audit()
704 audited = requested & avd->auditallow; in avc_audit()
720 AVC_AUDIT_BUFSIZE - strlen(avc_audit_buf)); in avc_audit()
737 avd->allowed = 0; in avd_init()
738 avd->auditallow = 0; in avd_init()
739 avd->auditdeny = 0xffffffff; in avd_init()
740 avd->seqno = avc_cache.latest_notif; in avd_init()
741 avd->flags = 0; in avd_init()
770 ae = aeref->ae; in avc_has_perm_noaudit()
772 if (ae->ssid == ssid && in avc_has_perm_noaudit()
773 ae->tsid == tsid && in avc_has_perm_noaudit()
774 ae->tclass == tclass && in avc_has_perm_noaudit()
775 ((ae->avd.decided & requested) == requested)) { in avc_has_perm_noaudit()
777 ae->used = 1; in avc_has_perm_noaudit()
788 rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, in avc_has_perm_noaudit()
801 ae = aeref->ae; in avc_has_perm_noaudit()
805 memcpy(avd, &ae->avd, sizeof(*avd)); in avc_has_perm_noaudit()
807 denied = requested & ~(ae->avd.allowed); in avc_has_perm_noaudit()
811 (ae->avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE)) in avc_has_perm_noaudit()
812 ae->avd.allowed |= requested; in avc_has_perm_noaudit()
815 rc = -1; in avc_has_perm_noaudit()
856 rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, in avc_compute_create()
866 if (!aeref.ae->create_sid) { in avc_compute_create()
868 rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass, in avc_compute_create()
877 aeref.ae->create_sid = *newsid; in avc_compute_create()
880 *newsid = aeref.ae->create_sid; in avc_compute_create()
899 rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx); in avc_compute_member()
914 uint32_t events, security_id_t ssid, in avc_add_callback() argument
923 rc = -1; in avc_add_callback()
927 c->callback = callback; in avc_add_callback()
928 c->events = events; in avc_add_callback()
929 c->ssid = ssid; in avc_add_callback()
930 c->tsid = tsid; in avc_add_callback()
931 c->tclass = tclass; in avc_add_callback()
932 c->perms = perms; in avc_add_callback()
933 c->next = avc_callbacks; in avc_add_callback()
949 node->ae.avd.allowed |= perms; in avc_update_node()
953 node->ae.avd.allowed &= ~perms; in avc_update_node()
956 node->ae.avd.auditallow |= perms; in avc_update_node()
959 node->ae.avd.auditallow &= ~perms; in avc_update_node()
962 node->ae.avd.auditdeny |= perms; in avc_update_node()
965 node->ae.avd.auditdeny &= ~perms; in avc_update_node()
982 for (node = avc_cache.slots[i]; node; node = node->next) { in avc_update_cache()
983 if (avc_sidcmp(ssid, node->ae.ssid) && in avc_update_cache()
984 avc_sidcmp(tsid, node->ae.tsid) && in avc_update_cache()
985 tclass == node->ae.tclass) { in avc_update_cache()
1003 /* avc_control - update cache and call callbacks
1027 for (c = avc_callbacks; c; c = c->next) { in avc_control()
1028 if ((c->events & event) && in avc_control()
1029 avc_sidcmp(c->ssid, ssid) && in avc_control()
1030 avc_sidcmp(c->tsid, tsid) && in avc_control()
1031 c->tclass == tclass && (c->perms & perms)) { in avc_control()
1033 ret = c->callback(event, ssid, tsid, tclass, in avc_control()
1034 (c->perms & perms), &cretained); in avc_control()
1061 * avc_ss_grant - Grant previously denied permissions.
1062 * @ssid: source security identifier or %SECSID_WILD
1063 * @tsid: target security identifier or %SECSID_WILD
1064 * @tclass: target security class
1077 * avc_ss_try_revoke - Try to revoke previously granted permissions.
1078 * @ssid: source security identifier or %SECSID_WILD
1079 * @tsid: target security identifier or %SECSID_WILD
1080 * @tclass: target security class
1099 * avc_ss_revoke - Revoke previously granted permissions.
1100 * @ssid: source security identifier or %SECSID_WILD
1101 * @tsid: target security identifier or %SECSID_WILD
1102 * @tclass: target security class
1118 * avc_ss_reset - Flush the cache and revalidate migrated permissions.
1136 * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
1137 * @ssid: source security identifier or %SECSID_WILD
1138 * @tsid: target security identifier or %SECSID_WILD
1139 * @tclass: target security class
1157 * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
1158 * @ssid: source security identifier or %SECSID_WILD
1159 * @tsid: target security identifier or %SECSID_WILD
1160 * @tclass: target security class