/* * Implementation of the userspace access vector cache (AVC). * * Author : Eamon Walsh * * Derived from the kernel AVC implementation by * Stephen Smalley and * James Morris . */ #include #include "selinux_internal.h" #include #include "avc_sidtab.h" #include "avc_internal.h" #define AVC_CACHE_SLOTS 512 #define AVC_CACHE_MAXNODES 410 struct avc_entry { security_id_t ssid; security_id_t tsid; security_class_t tclass; struct av_decision avd; security_id_t create_sid; int used; /* used recently */ }; struct avc_node { struct avc_entry ae; struct avc_node *next; }; struct avc_cache { struct avc_node *slots[AVC_CACHE_SLOTS]; uint32_t lru_hint; /* LRU hint for reclaim scan */ uint32_t active_nodes; uint32_t latest_notif; /* latest revocation notification */ }; struct avc_callback_node { int (*callback) (uint32_t event, security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, access_vector_t * out_retained); uint32_t events; security_id_t ssid; security_id_t tsid; security_class_t tclass; access_vector_t perms; struct avc_callback_node *next; }; static void *avc_netlink_thread = NULL; static void *avc_lock = NULL; static void *avc_log_lock = NULL; static struct avc_node *avc_node_freelist = NULL; static struct avc_cache avc_cache; static char *avc_audit_buf = NULL; static struct avc_cache_stats cache_stats; static struct avc_callback_node *avc_callbacks = NULL; static struct sidtab avc_sidtab; static inline int avc_hash(security_id_t ssid, security_id_t tsid, security_class_t tclass) { return ((uintptr_t) ssid ^ ((uintptr_t) tsid << 2) ^ tclass) & (AVC_CACHE_SLOTS - 1); } int avc_context_to_sid_raw(const char * ctx, security_id_t * sid) { int rc; /* avc_init needs to be called before this function */ assert(avc_running); avc_get_lock(avc_lock); rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid); avc_release_lock(avc_lock); return rc; } int avc_context_to_sid(const char * ctx, security_id_t * sid) { int ret; char * rctx; if (selinux_trans_to_raw_context(ctx, &rctx)) return -1; ret = avc_context_to_sid_raw(rctx, sid); freecon(rctx); return ret; } int avc_sid_to_context_raw(security_id_t sid, char ** ctx) { int rc; *ctx = NULL; avc_get_lock(avc_lock); *ctx = strdup(sid->ctx); /* caller must free via freecon */ rc = *ctx ? 0 : -1; avc_release_lock(avc_lock); return rc; } int avc_sid_to_context(security_id_t sid, char ** ctx) { int ret; char * rctx; ret = avc_sid_to_context_raw(sid, &rctx); if (ret == 0) { ret = selinux_raw_to_trans_context(rctx, ctx); freecon(rctx); } return ret; } int sidget(security_id_t sid __attribute__((unused))) { return 1; } int sidput(security_id_t sid __attribute__((unused))) { return 1; } int avc_get_initial_sid(const char * name, security_id_t * sid) { int rc; char * con; rc = security_get_initial_context_raw(name, &con); if (rc < 0) return rc; rc = avc_context_to_sid_raw(con, sid); freecon(con); return rc; } int avc_open(struct selinux_opt *opts, unsigned nopts) { avc_setenforce = 0; while (nopts--) switch(opts[nopts].type) { case AVC_OPT_SETENFORCE: avc_setenforce = 1; avc_enforcing = !!opts[nopts].value; break; } return avc_init("avc", NULL, NULL, NULL, NULL); } int avc_init(const char *prefix, const struct avc_memory_callback *mem_cb, const struct avc_log_callback *log_cb, const struct avc_thread_callback *thread_cb, const struct avc_lock_callback *lock_cb) { struct avc_node *new; int i, rc = 0; if (avc_running) return 0; if (prefix) strncpy(avc_prefix, prefix, AVC_PREFIX_SIZE - 1); set_callbacks(mem_cb, log_cb, thread_cb, lock_cb); avc_lock = avc_alloc_lock(); avc_log_lock = avc_alloc_lock(); memset(&cache_stats, 0, sizeof(cache_stats)); for (i = 0; i < AVC_CACHE_SLOTS; i++) avc_cache.slots[i] = 0; avc_cache.lru_hint = 0; avc_cache.active_nodes = 0; avc_cache.latest_notif = 0; rc = sidtab_init(&avc_sidtab); if (rc) { avc_log(SELINUX_ERROR, "%s: unable to initialize SID table\n", avc_prefix); goto out; } avc_audit_buf = (char *)avc_malloc(AVC_AUDIT_BUFSIZE); if (!avc_audit_buf) { avc_log(SELINUX_ERROR, "%s: unable to allocate audit buffer\n", avc_prefix); rc = -1; goto out; } for (i = 0; i < AVC_CACHE_MAXNODES; i++) { new = avc_malloc(sizeof(*new)); if (!new) { avc_log(SELINUX_WARNING, "%s: warning: only got %d av entries\n", avc_prefix, i); break; } memset(new, 0, sizeof(*new)); new->next = avc_node_freelist; avc_node_freelist = new; } if (!avc_setenforce) { rc = security_getenforce(); if (rc < 0) { avc_log(SELINUX_ERROR, "%s: could not determine enforcing mode: %s\n", avc_prefix, strerror(errno)); goto out; } avc_enforcing = rc; } rc = avc_netlink_open(0); if (rc < 0) { avc_log(SELINUX_ERROR, "%s: can't open netlink socket: %d (%s)\n", avc_prefix, errno, strerror(errno)); goto out; } if (avc_using_threads) { avc_netlink_thread = avc_create_thread(&avc_netlink_loop); avc_netlink_trouble = 0; } avc_running = 1; out: return rc; } void avc_cache_stats(struct avc_cache_stats *p) { memcpy(p, &cache_stats, sizeof(cache_stats)); } void avc_sid_stats(void) { /* avc_init needs to be called before this function */ assert(avc_running); avc_get_lock(avc_log_lock); avc_get_lock(avc_lock); sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE); avc_release_lock(avc_lock); avc_log(SELINUX_INFO, "%s", avc_audit_buf); avc_release_lock(avc_log_lock); } void avc_av_stats(void) { int i, chain_len, max_chain_len, slots_used; struct avc_node *node; avc_get_lock(avc_lock); slots_used = 0; max_chain_len = 0; for (i = 0; i < AVC_CACHE_SLOTS; i++) { node = avc_cache.slots[i]; if (node) { slots_used++; chain_len = 0; while (node) { chain_len++; node = node->next; } if (chain_len > max_chain_len) max_chain_len = chain_len; } } avc_release_lock(avc_lock); avc_log(SELINUX_INFO, "%s: %u AV entries and %d/%d buckets used, " "longest chain length %d\n", avc_prefix, avc_cache.active_nodes, slots_used, AVC_CACHE_SLOTS, max_chain_len); } hidden_def(avc_av_stats) static inline struct avc_node *avc_reclaim_node(void) { struct avc_node *prev, *cur; int try; uint32_t hvalue; hvalue = avc_cache.lru_hint; for (try = 0; try < 2; try++) { do { prev = NULL; cur = avc_cache.slots[hvalue]; while (cur) { if (!cur->ae.used) goto found; cur->ae.used = 0; prev = cur; cur = cur->next; } hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1); } while (hvalue != avc_cache.lru_hint); } errno = ENOMEM; /* this was a panic in the kernel... */ return NULL; found: avc_cache.lru_hint = hvalue; if (prev == NULL) avc_cache.slots[hvalue] = cur->next; else prev->next = cur->next; return cur; } static inline void avc_clear_avc_entry(struct avc_entry *ae) { memset(ae, 0, sizeof(*ae)); } static inline struct avc_node *avc_claim_node(security_id_t ssid, security_id_t tsid, security_class_t tclass) { struct avc_node *new; int hvalue; if (!avc_node_freelist) avc_cleanup(); if (avc_node_freelist) { new = avc_node_freelist; avc_node_freelist = avc_node_freelist->next; avc_cache.active_nodes++; } else { new = avc_reclaim_node(); if (!new) goto out; } hvalue = avc_hash(ssid, tsid, tclass); avc_clear_avc_entry(&new->ae); new->ae.used = 1; new->ae.ssid = ssid; new->ae.tsid = tsid; new->ae.tclass = tclass; new->next = avc_cache.slots[hvalue]; avc_cache.slots[hvalue] = new; out: return new; } static inline struct avc_node *avc_search_node(security_id_t ssid, security_id_t tsid, security_class_t tclass, int *probes) { struct avc_node *cur; int hvalue; int tprobes = 1; hvalue = avc_hash(ssid, tsid, tclass); cur = avc_cache.slots[hvalue]; while (cur != NULL && (ssid != cur->ae.ssid || tclass != cur->ae.tclass || tsid != cur->ae.tsid)) { tprobes++; cur = cur->next; } if (cur == NULL) { /* cache miss */ goto out; } /* cache hit */ if (probes) *probes = tprobes; cur->ae.used = 1; out: return cur; } /** * avc_lookup - Look up an AVC entry. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class * @requested: requested permissions, interpreted based on @tclass * @aeref: AVC entry reference * * Look up an AVC entry that is valid for the * @requested permissions between the SID pair * (@ssid, @tsid), interpreting the permissions * based on @tclass. If a valid AVC entry exists, * then this function updates @aeref to refer to the * entry and returns %0. Otherwise, -1 is returned. */ static int avc_lookup(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, struct avc_entry_ref *aeref) { struct avc_node *node; int probes, rc = 0; avc_cache_stats_incr(cav_lookups); node = avc_search_node(ssid, tsid, tclass, &probes); if (node && ((node->ae.avd.decided & requested) == requested)) { avc_cache_stats_incr(cav_hits); avc_cache_stats_add(cav_probes, probes); aeref->ae = &node->ae; goto out; } avc_cache_stats_incr(cav_misses); rc = -1; out: return rc; } /** * avc_insert - Insert an AVC entry. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class * @ae: AVC entry * @aeref: AVC entry reference * * Insert an AVC entry for the SID pair * (@ssid, @tsid) and class @tclass. * The access vectors and the sequence number are * normally provided by the security server in * response to a security_compute_av() call. If the * sequence number @ae->avd.seqno is not less than the latest * revocation notification, then the function copies * the access vectors into a cache entry, updates * @aeref to refer to the entry, and returns %0. * Otherwise, this function returns -%1 with @errno set to %EAGAIN. */ static int avc_insert(security_id_t ssid, security_id_t tsid, security_class_t tclass, struct avc_entry *ae, struct avc_entry_ref *aeref) { struct avc_node *node; int rc = 0; if (ae->avd.seqno < avc_cache.latest_notif) { avc_log(SELINUX_WARNING, "%s: seqno %u < latest_notif %u\n", avc_prefix, ae->avd.seqno, avc_cache.latest_notif); errno = EAGAIN; rc = -1; goto out; } node = avc_claim_node(ssid, tsid, tclass); if (!node) { rc = -1; goto out; } memcpy(&node->ae.avd, &ae->avd, sizeof(ae->avd)); aeref->ae = &node->ae; out: return rc; } void avc_cleanup(void) { } hidden_def(avc_cleanup) int avc_reset(void) { struct avc_callback_node *c; int i, ret, rc = 0, errsave = 0; struct avc_node *node, *tmp; errno = 0; if (!avc_running) return 0; avc_get_lock(avc_lock); for (i = 0; i < AVC_CACHE_SLOTS; i++) { node = avc_cache.slots[i]; while (node) { tmp = node; node = node->next; avc_clear_avc_entry(&tmp->ae); tmp->next = avc_node_freelist; avc_node_freelist = tmp; avc_cache.active_nodes--; } avc_cache.slots[i] = 0; } avc_cache.lru_hint = 0; avc_release_lock(avc_lock); memset(&cache_stats, 0, sizeof(cache_stats)); for (c = avc_callbacks; c; c = c->next) { if (c->events & AVC_CALLBACK_RESET) { ret = c->callback(AVC_CALLBACK_RESET, 0, 0, 0, 0, 0); if (ret && !rc) { rc = ret; errsave = errno; } } } errno = errsave; return rc; } hidden_def(avc_reset) void avc_destroy(void) { struct avc_callback_node *c; struct avc_node *node, *tmp; int i; /* avc_init needs to be called before this function */ assert(avc_running); avc_get_lock(avc_lock); if (avc_using_threads) avc_stop_thread(avc_netlink_thread); avc_netlink_close(); for (i = 0; i < AVC_CACHE_SLOTS; i++) { node = avc_cache.slots[i]; while (node) { tmp = node; node = node->next; avc_free(tmp); } } while (avc_node_freelist) { tmp = avc_node_freelist; avc_node_freelist = tmp->next; avc_free(tmp); } avc_release_lock(avc_lock); while (avc_callbacks) { c = avc_callbacks; avc_callbacks = c->next; avc_free(c); } sidtab_destroy(&avc_sidtab); avc_free_lock(avc_lock); avc_free_lock(avc_log_lock); avc_free(avc_audit_buf); avc_running = 0; } /* ratelimit stuff put aside for now --EFW */ #if 0 /* * Copied from net/core/utils.c:net_ratelimit and modified for * use by the AVC audit facility. */ #define AVC_MSG_COST 5*HZ #define AVC_MSG_BURST 10*5*HZ /* * This enforces a rate limit: not more than one kernel message * every 5secs to make a denial-of-service attack impossible. */ static int avc_ratelimit(void) { static unsigned long toks = 10 * 5 * HZ; static unsigned long last_msg; static int missed, rc = 0; unsigned long now = jiffies; void *ratelimit_lock = avc_alloc_lock(); avc_get_lock(ratelimit_lock); toks += now - last_msg; last_msg = now; if (toks > AVC_MSG_BURST) toks = AVC_MSG_BURST; if (toks >= AVC_MSG_COST) { int lost = missed; missed = 0; toks -= AVC_MSG_COST; avc_release_lock(ratelimit_lock); if (lost) { avc_log(SELINUX_WARNING, "%s: %d messages suppressed.\n", avc_prefix, lost); } rc = 1; goto out; } missed++; avc_release_lock(ratelimit_lock); out: avc_free_lock(ratelimit_lock); return rc; } static inline int check_avc_ratelimit(void) { if (avc_enforcing) return avc_ratelimit(); else { /* If permissive, then never suppress messages. */ return 1; } } #endif /* ratelimit stuff */ /** * avc_dump_av - Display an access vector in human-readable form. * @tclass: target security class * @av: access vector */ static void avc_dump_av(security_class_t tclass, access_vector_t av) { const char *permstr; access_vector_t bit = 1; if (av == 0) { log_append(avc_audit_buf, " null"); return; } log_append(avc_audit_buf, " {"); while (av) { if (av & bit) { permstr = security_av_perm_to_string(tclass, bit); if (!permstr) break; log_append(avc_audit_buf, " %s", permstr); av &= ~bit; } bit <<= 1; } if (av) log_append(avc_audit_buf, " 0x%x", av); log_append(avc_audit_buf, " }"); } /** * avc_dump_query - Display a SID pair and a class in human-readable form. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class */ static void avc_dump_query(security_id_t ssid, security_id_t tsid, security_class_t tclass) { avc_get_lock(avc_lock); log_append(avc_audit_buf, "scontext=%s tcontext=%s", ssid->ctx, tsid->ctx); avc_release_lock(avc_lock); log_append(avc_audit_buf, " tclass=%s", security_class_to_string(tclass)); } void avc_audit(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, struct av_decision *avd, int result, void *a) { access_vector_t denied, audited; denied = requested & ~avd->allowed; if (denied) audited = denied & avd->auditdeny; else if (!requested || result) audited = denied = requested; else audited = requested & avd->auditallow; if (!audited) return; #if 0 if (!check_avc_ratelimit()) return; #endif /* prevent overlapping buffer writes */ avc_get_lock(avc_log_lock); snprintf(avc_audit_buf, AVC_AUDIT_BUFSIZE, "%s: %s ", avc_prefix, (denied || !requested) ? "denied" : "granted"); avc_dump_av(tclass, audited); log_append(avc_audit_buf, " for "); /* get any extra information printed by the callback */ avc_suppl_audit(a, tclass, avc_audit_buf + strlen(avc_audit_buf), AVC_AUDIT_BUFSIZE - strlen(avc_audit_buf)); log_append(avc_audit_buf, " "); avc_dump_query(ssid, tsid, tclass); if (denied) log_append(avc_audit_buf, " permissive=%u", result ? 0 : 1); log_append(avc_audit_buf, "\n"); avc_log(SELINUX_AVC, "%s", avc_audit_buf); avc_release_lock(avc_log_lock); } hidden_def(avc_audit) static void avd_init(struct av_decision *avd) { avd->allowed = 0; avd->auditallow = 0; avd->auditdeny = 0xffffffff; avd->seqno = avc_cache.latest_notif; avd->flags = 0; } int avc_has_perm_noaudit(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, struct avc_entry_ref *aeref, struct av_decision *avd) { struct avc_entry *ae; int rc = 0; struct avc_entry entry; access_vector_t denied; struct avc_entry_ref ref; if (avd) avd_init(avd); if (!avc_using_threads && !avc_app_main_loop) { (void)avc_netlink_check_nb(); } if (!aeref) { avc_entry_ref_init(&ref); aeref = &ref; } avc_get_lock(avc_lock); avc_cache_stats_incr(entry_lookups); ae = aeref->ae; if (ae) { if (ae->ssid == ssid && ae->tsid == tsid && ae->tclass == tclass && ((ae->avd.decided & requested) == requested)) { avc_cache_stats_incr(entry_hits); ae->used = 1; } else { avc_cache_stats_incr(entry_discards); ae = 0; } } if (!ae) { avc_cache_stats_incr(entry_misses); rc = avc_lookup(ssid, tsid, tclass, requested, aeref); if (rc) { rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, tclass, requested, &entry.avd); if (rc && errno == EINVAL && !avc_enforcing) { rc = errno = 0; goto out; } if (rc) goto out; rc = avc_insert(ssid, tsid, tclass, &entry, aeref); if (rc) goto out; } ae = aeref->ae; } if (avd) memcpy(avd, &ae->avd, sizeof(*avd)); denied = requested & ~(ae->avd.allowed); if (!requested || denied) { if (!avc_enforcing || (ae->avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE)) ae->avd.allowed |= requested; else { errno = EACCES; rc = -1; } } out: avc_release_lock(avc_lock); return rc; } hidden_def(avc_has_perm_noaudit) int avc_has_perm(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t requested, struct avc_entry_ref *aeref, void *auditdata) { struct av_decision avd; int errsave, rc; rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd); errsave = errno; avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); errno = errsave; return rc; } int avc_compute_create(security_id_t ssid, security_id_t tsid, security_class_t tclass, security_id_t *newsid) { int rc; struct avc_entry_ref aeref; struct avc_entry entry; char * ctx; *newsid = NULL; avc_entry_ref_init(&aeref); avc_get_lock(avc_lock); /* check for a cached entry */ rc = avc_lookup(ssid, tsid, tclass, 0, &aeref); if (rc) { /* need to make a cache entry for this tuple */ rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx, tclass, 0, &entry.avd); if (rc) goto out; rc = avc_insert(ssid, tsid, tclass, &entry, &aeref); if (rc) goto out; } /* check for a saved compute_create value */ if (!aeref.ae->create_sid) { /* need to query the kernel policy */ rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass, &ctx); if (rc) goto out; rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid); freecon(ctx); if (rc) goto out; aeref.ae->create_sid = *newsid; } else { /* found saved value */ *newsid = aeref.ae->create_sid; } rc = 0; out: avc_release_lock(avc_lock); return rc; } int avc_compute_member(security_id_t ssid, security_id_t tsid, security_class_t tclass, security_id_t *newsid) { int rc; char * ctx = NULL; *newsid = NULL; /* avc_init needs to be called before this function */ assert(avc_running); avc_get_lock(avc_lock); rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx); if (rc) goto out; rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid); freecon(ctx); out: avc_release_lock(avc_lock); return rc; } int avc_add_callback(int (*callback) (uint32_t event, security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, access_vector_t * out_retained), uint32_t events, security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms) { struct avc_callback_node *c; int rc = 0; c = avc_malloc(sizeof(*c)); if (!c) { rc = -1; goto out; } c->callback = callback; c->events = events; c->ssid = ssid; c->tsid = tsid; c->tclass = tclass; c->perms = perms; c->next = avc_callbacks; avc_callbacks = c; out: return rc; } static inline int avc_sidcmp(security_id_t x, security_id_t y) { return (x == y || x == SECSID_WILD || y == SECSID_WILD); } static inline void avc_update_node(uint32_t event, struct avc_node *node, access_vector_t perms) { switch (event) { case AVC_CALLBACK_GRANT: node->ae.avd.allowed |= perms; break; case AVC_CALLBACK_TRY_REVOKE: case AVC_CALLBACK_REVOKE: node->ae.avd.allowed &= ~perms; break; case AVC_CALLBACK_AUDITALLOW_ENABLE: node->ae.avd.auditallow |= perms; break; case AVC_CALLBACK_AUDITALLOW_DISABLE: node->ae.avd.auditallow &= ~perms; break; case AVC_CALLBACK_AUDITDENY_ENABLE: node->ae.avd.auditdeny |= perms; break; case AVC_CALLBACK_AUDITDENY_DISABLE: node->ae.avd.auditdeny &= ~perms; break; } } static int avc_update_cache(uint32_t event, security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms) { struct avc_node *node; int i; avc_get_lock(avc_lock); if (ssid == SECSID_WILD || tsid == SECSID_WILD) { /* apply to all matching nodes */ for (i = 0; i < AVC_CACHE_SLOTS; i++) { for (node = avc_cache.slots[i]; node; node = node->next) { if (avc_sidcmp(ssid, node->ae.ssid) && avc_sidcmp(tsid, node->ae.tsid) && tclass == node->ae.tclass) { avc_update_node(event, node, perms); } } } } else { /* apply to one node */ node = avc_search_node(ssid, tsid, tclass, 0); if (node) { avc_update_node(event, node, perms); } } avc_release_lock(avc_lock); return 0; } /* avc_control - update cache and call callbacks * * This should not be called directly; use the individual event * functions instead. */ static int avc_control(uint32_t event, security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno, access_vector_t * out_retained) { struct avc_callback_node *c; access_vector_t tretained = 0, cretained = 0; int ret, rc = 0, errsave = 0; errno = 0; /* * try_revoke only removes permissions from the cache * state if they are not retained by the object manager. * Hence, try_revoke must wait until after the callbacks have * been invoked to update the cache state. */ if (event != AVC_CALLBACK_TRY_REVOKE) avc_update_cache(event, ssid, tsid, tclass, perms); for (c = avc_callbacks; c; c = c->next) { if ((c->events & event) && avc_sidcmp(c->ssid, ssid) && avc_sidcmp(c->tsid, tsid) && c->tclass == tclass && (c->perms & perms)) { cretained = 0; ret = c->callback(event, ssid, tsid, tclass, (c->perms & perms), &cretained); if (ret && !rc) { rc = ret; errsave = errno; } if (!ret) tretained |= cretained; } } if (event == AVC_CALLBACK_TRY_REVOKE) { /* revoke any unretained permissions */ perms &= ~tretained; avc_update_cache(event, ssid, tsid, tclass, perms); *out_retained = tretained; } avc_get_lock(avc_lock); if (seqno > avc_cache.latest_notif) avc_cache.latest_notif = seqno; avc_release_lock(avc_lock); errno = errsave; return rc; } /** * avc_ss_grant - Grant previously denied permissions. * @ssid: source security identifier or %SECSID_WILD * @tsid: target security identifier or %SECSID_WILD * @tclass: target security class * @perms: permissions to grant * @seqno: policy sequence number */ int avc_ss_grant(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno) { return avc_control(AVC_CALLBACK_GRANT, ssid, tsid, tclass, perms, seqno, 0); } /** * avc_ss_try_revoke - Try to revoke previously granted permissions. * @ssid: source security identifier or %SECSID_WILD * @tsid: target security identifier or %SECSID_WILD * @tclass: target security class * @perms: permissions to grant * @seqno: policy sequence number * @out_retained: subset of @perms that are retained * * Try to revoke previously granted permissions, but * only if they are not retained as migrated permissions. * Return the subset of permissions that are retained via @out_retained. */ int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno, access_vector_t * out_retained) { return avc_control(AVC_CALLBACK_TRY_REVOKE, ssid, tsid, tclass, perms, seqno, out_retained); } /** * avc_ss_revoke - Revoke previously granted permissions. * @ssid: source security identifier or %SECSID_WILD * @tsid: target security identifier or %SECSID_WILD * @tclass: target security class * @perms: permissions to grant * @seqno: policy sequence number * * Revoke previously granted permissions, even if * they are retained as migrated permissions. */ int avc_ss_revoke(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno) { return avc_control(AVC_CALLBACK_REVOKE, ssid, tsid, tclass, perms, seqno, 0); } /** * avc_ss_reset - Flush the cache and revalidate migrated permissions. * @seqno: policy sequence number */ int avc_ss_reset(uint32_t seqno) { int rc; rc = avc_reset(); avc_get_lock(avc_lock); if (seqno > avc_cache.latest_notif) avc_cache.latest_notif = seqno; avc_release_lock(avc_lock); return rc; } /** * avc_ss_set_auditallow - Enable or disable auditing of granted permissions. * @ssid: source security identifier or %SECSID_WILD * @tsid: target security identifier or %SECSID_WILD * @tclass: target security class * @perms: permissions to grant * @seqno: policy sequence number * @enable: enable flag. */ int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno, uint32_t enable) { if (enable) return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE, ssid, tsid, tclass, perms, seqno, 0); else return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE, ssid, tsid, tclass, perms, seqno, 0); } /** * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions. * @ssid: source security identifier or %SECSID_WILD * @tsid: target security identifier or %SECSID_WILD * @tclass: target security class * @perms: permissions to grant * @seqno: policy sequence number * @enable: enable flag. */ int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno, uint32_t enable) { if (enable) return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE, ssid, tsid, tclass, perms, seqno, 0); else return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE, ssid, tsid, tclass, perms, seqno, 0); }