xref: /third_party/selinux/libselinux/src/avc.c

20 	security_id_t ssid;
41 	int (*callback) (uint32_t event, security_id_t ssid,
46 	security_id_t ssid;
62 static inline int avc_hash(security_id_t ssid,
65 	return ((uintptr_t) ssid ^ ((uintptr_t) tsid << 2) ^ tclass)
344 static inline struct avc_node *avc_claim_node(security_id_t ssid,
364 	hvalue = avc_hash(ssid, tsid, tclass);
367 	new->ae.ssid = ssid;
377 static inline struct avc_node *avc_search_node(security_id_t ssid,
386 	hvalue = avc_hash(ssid, tsid, tclass);
389 	       (ssid != cur->ae.ssid ||
412  * @ssid: source security identifier
420  * (@ssid, @tsid), interpreting the permissions
425 static int avc_lookup(security_id_t ssid, security_id_t tsid,
433 	node = avc_search_node(ssid, tsid, tclass, &probes);
450  * @ssid: source security identifier
457  * (@ssid, @tsid) and class @tclass.
467 static int avc_insert(security_id_t ssid, security_id_t tsid,
483 	node = avc_claim_node(ssid, tsid, tclass);
675  * @ssid: source security identifier
679 static void avc_dump_query(security_id_t ssid, security_id_t tsid,
685 		   ssid->ctx, tsid->ctx);
692 void avc_audit(security_id_t ssid, security_id_t tsid,
723 	avc_dump_query(ssid, tsid, tclass);
744 int avc_has_perm_noaudit(security_id_t ssid,
772 		if (ae->ssid == ssid &&
786 		rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
788 			rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx,
797 			rc = avc_insert(ssid, tsid, tclass, &entry, aeref);
825 int avc_has_perm(security_id_t ssid, security_id_t tsid,
832 	rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
834 	avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
839 int avc_compute_create(security_id_t ssid,  security_id_t tsid,
853 	rc = avc_lookup(ssid, tsid, tclass, 0, &aeref);
856 		rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx,
860 		rc = avc_insert(ssid, tsid, tclass, &entry, &aeref);
868 		rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
889 int avc_compute_member(security_id_t ssid,  security_id_t tsid,
899 	rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx);
909 int avc_add_callback(int (*callback) (uint32_t event, security_id_t ssid,
914 		     uint32_t events, security_id_t ssid,
929 	c->ssid = ssid;
970 static int avc_update_cache(uint32_t event, security_id_t ssid,
979 	if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
983 				if (avc_sidcmp(ssid, node->ae.ssid) &&
992 		node = avc_search_node(ssid, tsid, tclass, 0);
1008 static int avc_control(uint32_t event, security_id_t ssid,
1025 		avc_update_cache(event, ssid, tsid, tclass, perms);
1029 		    avc_sidcmp(c->ssid, ssid) &&
1033 			ret = c->callback(event, ssid, tsid, tclass,
1047 		avc_update_cache(event, ssid, tsid, tclass, perms);
1062  * @ssid: source security identifier or %SECSID_WILD
1068 int avc_ss_grant(security_id_t ssid, security_id_t tsid,
1073 			   ssid, tsid, tclass, perms, seqno, 0);
1078  * @ssid: source security identifier or %SECSID_WILD
1089 int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
1095 			   ssid, tsid, tclass, perms, seqno, out_retained);
1100  * @ssid: source security identifier or %SECSID_WILD
1109 int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
1114 			   ssid, tsid, tclass, perms, seqno, 0);
1137  * @ssid: source security identifier or %SECSID_WILD
1144 int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
1150 				   ssid, tsid, tclass, perms, seqno, 0);
1153 				   ssid, tsid, tclass, perms, seqno, 0);
1158  * @ssid: source security identifier or %SECSID_WILD
1165 int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
1171 				   ssid, tsid, tclass, perms, seqno, 0);
1174 				   ssid, tsid, tclass, perms, seqno, 0);

Indexes created Thu Nov 07 10:32:03 CST 2024