| avc.h (1a37079c236d55fb31ebbf4b59945dab8ec8764c) | avc.h (0188d5c025ca8fe756ba3193bd7d150139af5a88) |
|---|---|
| 1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * Access vector cache interface for object managers. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7#ifndef _SELINUX_AVC_H_ 8#define _SELINUX_AVC_H_ --- 86 unchanged lines hidden (view full) --- 95 audited = requested & avd->auditallow; 96 *deniedp = denied; 97 return audited; 98} 99 100int slow_avc_audit(struct selinux_state *state, 101 u32 ssid, u32 tsid, u16 tclass, 102 u32 requested, u32 audited, u32 denied, int result, | 1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * Access vector cache interface for object managers. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7#ifndef _SELINUX_AVC_H_ 8#define _SELINUX_AVC_H_ --- 86 unchanged lines hidden (view full) --- 95 audited = requested & avd->auditallow; 96 *deniedp = denied; 97 return audited; 98} 99 100int slow_avc_audit(struct selinux_state *state, 101 u32 ssid, u32 tsid, u16 tclass, 102 u32 requested, u32 audited, u32 denied, int result, |
| 103 struct common_audit_data *a, 104 unsigned flags); | 103 struct common_audit_data *a); |
| 105 106/** 107 * avc_audit - Audit the granting or denial of permissions. 108 * @ssid: source security identifier 109 * @tsid: target security identifier 110 * @tclass: target security class 111 * @requested: requested permissions 112 * @avd: access vector decisions --- 17 unchanged lines hidden (view full) --- 130 int result, 131 struct common_audit_data *a, 132 int flags) 133{ 134 u32 audited, denied; 135 audited = avc_audit_required(requested, avd, result, 0, &denied); 136 if (likely(!audited)) 137 return 0; | 104 105/** 106 * avc_audit - Audit the granting or denial of permissions. 107 * @ssid: source security identifier 108 * @tsid: target security identifier 109 * @tclass: target security class 110 * @requested: requested permissions 111 * @avd: access vector decisions --- 17 unchanged lines hidden (view full) --- 129 int result, 130 struct common_audit_data *a, 131 int flags) 132{ 133 u32 audited, denied; 134 audited = avc_audit_required(requested, avd, result, 0, &denied); 135 if (likely(!audited)) 136 return 0; |
| 137 /* fall back to ref-walk if we have to generate audit */ 138 if (flags & MAY_NOT_BLOCK) 139 return -ECHILD; |
|
| 138 return slow_avc_audit(state, ssid, tsid, tclass, 139 requested, audited, denied, result, | 140 return slow_avc_audit(state, ssid, tsid, tclass, 141 requested, audited, denied, result, |
| 140 a, flags); | 142 a); |
| 141} 142 143#define AVC_STRICT 1 /* Ignore permissive mode. */ 144#define AVC_EXTENDED_PERMS 2 /* update extended permissions */ 145#define AVC_NONBLOCKING 4 /* non blocking */ 146int avc_has_perm_noaudit(struct selinux_state *state, 147 u32 ssid, u32 tsid, 148 u16 tclass, u32 requested, --- 48 unchanged lines hidden --- | 143} 144 145#define AVC_STRICT 1 /* Ignore permissive mode. */ 146#define AVC_EXTENDED_PERMS 2 /* update extended permissions */ 147#define AVC_NONBLOCKING 4 /* non blocking */ 148int avc_has_perm_noaudit(struct selinux_state *state, 149 u32 ssid, u32 tsid, 150 u16 tclass, u32 requested, --- 48 unchanged lines hidden --- |