Lines Matching +full:security +full:- +full:events
45 uint32_t events; member
66 & (AVC_CACHE_SLOTS - 1); in avc_hash()
87 return -1; in avc_context_to_sid()
101 *ctx = strdup(sid->ctx); /* caller must free via freecon */ in avc_sid_to_context_raw()
102 rc = *ctx ? 0 : -1; in avc_sid_to_context_raw()
160 strncpy(avc_prefix, prefix, AVC_PREFIX_SIZE - 1); in avc_init_internal()
188 rc = -1; in avc_init_internal()
201 new->next = avc_node_freelist; in avc_init_internal()
233 nopts--; in avc_open()
287 node = node->next; in avc_av_stats()
315 if (!cur->ae.used) in avc_reclaim_node()
318 cur->ae.used = 0; in avc_reclaim_node()
321 cur = cur->next; in avc_reclaim_node()
323 hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1); in avc_reclaim_node()
334 avc_cache.slots[hvalue] = cur->next; in avc_reclaim_node()
336 prev->next = cur->next; in avc_reclaim_node()
358 avc_node_freelist = avc_node_freelist->next; in avc_claim_node()
367 avc_clear_avc_entry(&new->ae); in avc_claim_node()
368 new->ae.used = 1; in avc_claim_node()
369 new->ae.ssid = ssid; in avc_claim_node()
370 new->ae.tsid = tsid; in avc_claim_node()
371 new->ae.tclass = tclass; in avc_claim_node()
372 new->next = avc_cache.slots[hvalue]; in avc_claim_node()
391 (ssid != cur->ae.ssid || in avc_search_node()
392 tclass != cur->ae.tclass || tsid != cur->ae.tsid)) { in avc_search_node()
394 cur = cur->next; in avc_search_node()
406 cur->ae.used = 1; in avc_search_node()
413 * avc_lookup - Look up an AVC entry.
414 * @ssid: source security identifier
415 * @tsid: target security identifier
416 * @tclass: target security class
425 * entry and returns %0. Otherwise, -1 is returned.
437 if (node && ((node->ae.avd.decided & requested) == requested)) { in avc_lookup()
440 aeref->ae = &node->ae; in avc_lookup()
445 rc = -1; in avc_lookup()
451 * avc_insert - Insert an AVC entry.
452 * @ssid: source security identifier
453 * @tsid: target security identifier
454 * @tclass: target security class
461 * normally provided by the security server in
463 * sequence number @ae->avd.seqno is not less than the latest
467 * Otherwise, this function returns -%1 with @errno set to %EAGAIN.
476 if (ae->avd.seqno < avc_cache.latest_notif) { in avc_insert()
479 ae->avd.seqno, avc_cache.latest_notif); in avc_insert()
481 rc = -1; in avc_insert()
487 rc = -1; in avc_insert()
491 memcpy(&node->ae.avd, &ae->avd, sizeof(ae->avd)); in avc_insert()
492 aeref->ae = &node->ae; in avc_insert()
518 node = node->next; in avc_reset()
519 avc_clear_avc_entry(&tmp->ae); in avc_reset()
520 tmp->next = avc_node_freelist; in avc_reset()
522 avc_cache.active_nodes--; in avc_reset()
532 for (c = avc_callbacks; c; c = c->next) { in avc_reset()
533 if (c->events & AVC_CALLBACK_RESET) { in avc_reset()
534 ret = c->callback(AVC_CALLBACK_RESET, 0, 0, 0, 0, 0); in avc_reset()
562 node = node->next; in avc_destroy()
568 avc_node_freelist = tmp->next; in avc_destroy()
575 avc_callbacks = c->next; in avc_destroy()
585 /* ratelimit stuff put aside for now --EFW */
596 * every 5secs to make a denial-of-service attack impossible.
607 toks += now - last_msg;
614 toks -= AVC_MSG_COST;
643 * avc_dump_av - Display an access vector in human-readable form.
644 * @tclass: target security class
676 * avc_dump_query - Display a SID pair and a class in human-readable form.
677 * @ssid: source security identifier
678 * @tsid: target security identifier
679 * @tclass: target security class
687 ssid->ctx, tsid->ctx); in avc_dump_query()
700 denied = requested & ~avd->allowed; in avc_audit()
702 audited = denied & avd->auditdeny; in avc_audit()
706 audited = requested & avd->auditallow; in avc_audit()
722 AVC_AUDIT_BUFSIZE - strlen(avc_audit_buf)); in avc_audit()
739 avd->allowed = 0; in avd_init()
740 avd->auditallow = 0; in avd_init()
741 avd->auditdeny = 0xffffffff; in avd_init()
742 avd->seqno = avc_cache.latest_notif; in avd_init()
743 avd->flags = 0; in avd_init()
772 ae = aeref->ae; in avc_has_perm_noaudit()
774 if (ae->ssid == ssid && in avc_has_perm_noaudit()
775 ae->tsid == tsid && in avc_has_perm_noaudit()
776 ae->tclass == tclass && in avc_has_perm_noaudit()
777 ((ae->avd.decided & requested) == requested)) { in avc_has_perm_noaudit()
779 ae->used = 1; in avc_has_perm_noaudit()
790 rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, in avc_has_perm_noaudit()
803 ae = aeref->ae; in avc_has_perm_noaudit()
807 memcpy(avd, &ae->avd, sizeof(*avd)); in avc_has_perm_noaudit()
809 denied = requested & ~(ae->avd.allowed); in avc_has_perm_noaudit()
813 (ae->avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE)) in avc_has_perm_noaudit()
814 ae->avd.allowed |= requested; in avc_has_perm_noaudit()
817 rc = -1; in avc_has_perm_noaudit()
858 rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, in avc_compute_create()
868 if (!aeref.ae->create_sid) { in avc_compute_create()
870 rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass, in avc_compute_create()
879 aeref.ae->create_sid = *newsid; in avc_compute_create()
882 *newsid = aeref.ae->create_sid; in avc_compute_create()
901 rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx); in avc_compute_member()
916 uint32_t events, security_id_t ssid, in avc_add_callback() argument
925 rc = -1; in avc_add_callback()
929 c->callback = callback; in avc_add_callback()
930 c->events = events; in avc_add_callback()
931 c->ssid = ssid; in avc_add_callback()
932 c->tsid = tsid; in avc_add_callback()
933 c->tclass = tclass; in avc_add_callback()
934 c->perms = perms; in avc_add_callback()
935 c->next = avc_callbacks; in avc_add_callback()
951 node->ae.avd.allowed |= perms; in avc_update_node()
955 node->ae.avd.allowed &= ~perms; in avc_update_node()
958 node->ae.avd.auditallow |= perms; in avc_update_node()
961 node->ae.avd.auditallow &= ~perms; in avc_update_node()
964 node->ae.avd.auditdeny |= perms; in avc_update_node()
967 node->ae.avd.auditdeny &= ~perms; in avc_update_node()
984 for (node = avc_cache.slots[i]; node; node = node->next) { in avc_update_cache()
985 if (avc_sidcmp(ssid, node->ae.ssid) && in avc_update_cache()
986 avc_sidcmp(tsid, node->ae.tsid) && in avc_update_cache()
987 tclass == node->ae.tclass) { in avc_update_cache()
1005 /* avc_control - update cache and call callbacks
1029 for (c = avc_callbacks; c; c = c->next) { in avc_control()
1030 if ((c->events & event) && in avc_control()
1031 avc_sidcmp(c->ssid, ssid) && in avc_control()
1032 avc_sidcmp(c->tsid, tsid) && in avc_control()
1033 c->tclass == tclass && (c->perms & perms)) { in avc_control()
1035 ret = c->callback(event, ssid, tsid, tclass, in avc_control()
1036 (c->perms & perms), &cretained); in avc_control()
1063 * avc_ss_grant - Grant previously denied permissions.
1064 * @ssid: source security identifier or %SECSID_WILD
1065 * @tsid: target security identifier or %SECSID_WILD
1066 * @tclass: target security class
1079 * avc_ss_try_revoke - Try to revoke previously granted permissions.
1080 * @ssid: source security identifier or %SECSID_WILD
1081 * @tsid: target security identifier or %SECSID_WILD
1082 * @tclass: target security class
1101 * avc_ss_revoke - Revoke previously granted permissions.
1102 * @ssid: source security identifier or %SECSID_WILD
1103 * @tsid: target security identifier or %SECSID_WILD
1104 * @tclass: target security class
1120 * avc_ss_reset - Flush the cache and revalidate migrated permissions.
1138 * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
1139 * @ssid: source security identifier or %SECSID_WILD
1140 * @tsid: target security identifier or %SECSID_WILD
1141 * @tclass: target security class
1159 * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
1160 * @ssid: source security identifier or %SECSID_WILD
1161 * @tsid: target security identifier or %SECSID_WILD
1162 * @tclass: target security class