X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fselinux%2Finclude%2Favc.h;h=6ed10c3d3339baf03cb8e79d0357b078a14427bf;hb=97bf2856c6014879bd04983a3e9dfcdac1e7fe85;hp=86bdeef585a42b9122490924935607d047a36e54;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 86bdeef58..6ed10c3d3 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -29,19 +29,6 @@ extern int selinux_enforcing; */ struct avc_entry; -/* - * A reference to an AVC entry. - */ -struct avc_entry_ref { - struct avc_entry *ae; -}; - -/* Initialize an AVC entry reference before first use. */ -static inline void avc_entry_ref_init(struct avc_entry_ref *h) -{ - h->ae = NULL; -} - struct task_struct; struct vfsmount; struct dentry; @@ -67,12 +54,12 @@ struct avc_audit_data { char *netif; struct sock *sk; u16 family; - u16 dport; - u16 sport; + __be16 dport; + __be16 sport; union { struct { - u32 daddr; - u32 saddr; + __be32 daddr; + __be32 saddr; } v4; struct { struct in6_addr daddr; @@ -95,42 +82,15 @@ struct avc_audit_data { /* * AVC statistics */ -#define AVC_ENTRY_LOOKUPS 0 -#define AVC_ENTRY_HITS 1 -#define AVC_ENTRY_MISSES 2 -#define AVC_ENTRY_DISCARDS 3 -#define AVC_CAV_LOOKUPS 4 -#define AVC_CAV_HITS 5 -#define AVC_CAV_PROBES 6 -#define AVC_CAV_MISSES 7 -#define AVC_NSTATS 8 -extern unsigned avc_cache_stats[AVC_NSTATS]; - -#ifdef AVC_CACHE_STATS -static inline void avc_cache_stats_incr(int type) -{ - avc_cache_stats[type]++; -} - -static inline void avc_cache_stats_add(int type, unsigned val) +struct avc_cache_stats { - avc_cache_stats[type] += val; -} -#else -static inline void avc_cache_stats_incr(int type) -{ } - -static inline void avc_cache_stats_add(int type, unsigned val) -{ } -#endif - -/* - * AVC display support - */ -struct audit_buffer; -void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av); -void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass); -void avc_dump_cache(struct audit_buffer *ab, char *tag); + unsigned int lookups; + unsigned int hits; + unsigned int misses; + unsigned int allocations; + unsigned int reclaims; + unsigned int frees; +}; /* * AVC operations @@ -138,23 +98,17 @@ void avc_dump_cache(struct audit_buffer *ab, char *tag); void __init avc_init(void); -int avc_lookup(u32 ssid, u32 tsid, u16 tclass, - u32 requested, struct avc_entry_ref *aeref); - -int avc_insert(u32 ssid, u32 tsid, u16 tclass, - struct avc_entry *ae, struct avc_entry_ref *out_aeref); - void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct av_decision *avd, int result, struct avc_audit_data *auditdata); int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested, - struct avc_entry_ref *aeref, struct av_decision *avd); + struct av_decision *avd); int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested, - struct avc_entry_ref *aeref, struct avc_audit_data *auditdata); + struct avc_audit_data *auditdata); #define AVC_CALLBACK_GRANT 1 #define AVC_CALLBACK_TRY_REVOKE 2 @@ -171,5 +125,13 @@ int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, u32 events, u32 ssid, u32 tsid, u16 tclass, u32 perms); +/* Exported to selinuxfs */ +int avc_get_hash_stats(char *page); +extern unsigned int avc_cache_threshold; + +#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS +DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); +#endif + #endif /* _SELINUX_AVC_H_ */