2 * Implementation of the kernel access vector cache (AVC).
4 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
5 * James Morris <jmorris@redhat.com>
7 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2,
11 * as published by the Free Software Foundation.
13 #include <linux/types.h>
14 #include <linux/stddef.h>
15 #include <linux/kernel.h>
16 #include <linux/slab.h>
18 #include <linux/dcache.h>
19 #include <linux/init.h>
20 #include <linux/skbuff.h>
23 #include <net/af_unix.h>
25 #include <linux/audit.h>
26 #include <linux/ipv6.h>
31 #include "class_to_string.h"
33 #include "common_perm_to_string.h"
34 #include "av_inherit.h"
35 #include "av_perm_to_string.h"
38 #define AVC_CACHE_SLOTS 512
39 #define AVC_CACHE_MAXNODES 410
45 struct av_decision avd;
46 int used; /* used recently */
51 struct avc_node *next;
55 struct avc_node *slots[AVC_CACHE_SLOTS];
56 u32 lru_hint; /* LRU hint for reclaim scan */
58 u32 latest_notif; /* latest revocation notification */
61 struct avc_callback_node {
62 int (*callback) (u32 event, u32 ssid, u32 tsid,
63 u16 tclass, u32 perms,
70 struct avc_callback_node *next;
73 static spinlock_t avc_lock = SPIN_LOCK_UNLOCKED;
74 static struct avc_node *avc_node_freelist;
75 static struct avc_cache avc_cache;
76 static unsigned avc_cache_stats[AVC_NSTATS];
77 static struct avc_callback_node *avc_callbacks;
79 static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
81 return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1);
84 #ifdef AVC_CACHE_STATS
85 static inline void avc_cache_stats_incr(int type)
87 avc_cache_stats[type]++;
90 static inline void avc_cache_stats_add(int type, unsigned val)
92 avc_cache_stats[type] += val;
95 static inline void avc_cache_stats_incr(int type)
98 static inline void avc_cache_stats_add(int type, unsigned val)
103 * avc_dump_av - Display an access vector in human-readable form.
104 * @tclass: target security class
107 void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
109 char **common_pts = NULL;
114 audit_log_format(ab, " null");
118 for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
119 if (av_inherit[i].tclass == tclass) {
120 common_pts = av_inherit[i].common_pts;
121 common_base = av_inherit[i].common_base;
126 audit_log_format(ab, " {");
129 while (perm < common_base) {
131 audit_log_format(ab, " %s", common_pts[i]);
136 while (i < sizeof(av) * 8) {
138 for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) {
139 if ((av_perm_to_string[i2].tclass == tclass) &&
140 (av_perm_to_string[i2].value == perm))
143 if (i2 < ARRAY_SIZE(av_perm_to_string))
144 audit_log_format(ab, " %s",
145 av_perm_to_string[i2].name);
151 audit_log_format(ab, " }");
155 * avc_dump_query - Display a SID pair and a class in human-readable form.
156 * @ssid: source security identifier
157 * @tsid: target security identifier
158 * @tclass: target security class
160 void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
166 rc = security_sid_to_context(ssid, &scontext, &scontext_len);
168 audit_log_format(ab, "ssid=%d", ssid);
170 audit_log_format(ab, "scontext=%s", scontext);
174 rc = security_sid_to_context(tsid, &scontext, &scontext_len);
176 audit_log_format(ab, " tsid=%d", tsid);
178 audit_log_format(ab, " tcontext=%s", scontext);
181 audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
185 * avc_init - Initialize the AVC.
187 * Initialize the access vector cache.
189 void __init avc_init(void)
191 struct avc_node *new;
194 for (i = 0; i < AVC_CACHE_MAXNODES; i++) {
195 new = kmalloc(sizeof(*new), GFP_ATOMIC);
197 printk(KERN_WARNING "avc: only able to allocate "
201 memset(new, 0, sizeof(*new));
202 new->next = avc_node_freelist;
203 avc_node_freelist = new;
206 audit_log(current->audit_context, "AVC INITIALIZED\n");
210 static void avc_hash_eval(char *tag)
212 int i, chain_len, max_chain_len, slots_used;
213 struct avc_node *node;
216 spin_lock_irqsave(&avc_lock,flags);
220 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
221 node = avc_cache.slots[i];
229 if (chain_len > max_chain_len)
230 max_chain_len = chain_len;
234 spin_unlock_irqrestore(&avc_lock,flags);
236 printk(KERN_INFO "\n");
237 printk(KERN_INFO "%s avc: %d entries and %d/%d buckets used, longest "
238 "chain length %d\n", tag, avc_cache.active_nodes, slots_used,
239 AVC_CACHE_SLOTS, max_chain_len);
242 static inline void avc_hash_eval(char *tag)
246 static inline struct avc_node *avc_reclaim_node(void)
248 struct avc_node *prev, *cur;
251 hvalue = avc_cache.lru_hint;
252 for (try = 0; try < 2; try++) {
255 cur = avc_cache.slots[hvalue];
265 hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1);
266 } while (hvalue != avc_cache.lru_hint);
269 panic("avc_reclaim_node");
272 avc_cache.lru_hint = hvalue;
275 avc_cache.slots[hvalue] = cur->next;
277 prev->next = cur->next;
282 static inline struct avc_node *avc_claim_node(u32 ssid,
283 u32 tsid, u16 tclass)
285 struct avc_node *new;
288 hvalue = avc_hash(ssid, tsid, tclass);
289 if (avc_node_freelist) {
290 new = avc_node_freelist;
291 avc_node_freelist = avc_node_freelist->next;
292 avc_cache.active_nodes++;
294 new = avc_reclaim_node();
302 new->ae.tclass = tclass;
303 new->next = avc_cache.slots[hvalue];
304 avc_cache.slots[hvalue] = new;
310 static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid,
311 u16 tclass, int *probes)
313 struct avc_node *cur;
317 hvalue = avc_hash(ssid, tsid, tclass);
318 cur = avc_cache.slots[hvalue];
319 while (cur != NULL &&
320 (ssid != cur->ae.ssid ||
321 tclass != cur->ae.tclass ||
322 tsid != cur->ae.tsid)) {
343 * avc_lookup - Look up an AVC entry.
344 * @ssid: source security identifier
345 * @tsid: target security identifier
346 * @tclass: target security class
347 * @requested: requested permissions, interpreted based on @tclass
348 * @aeref: AVC entry reference
350 * Look up an AVC entry that is valid for the
351 * @requested permissions between the SID pair
352 * (@ssid, @tsid), interpreting the permissions
353 * based on @tclass. If a valid AVC entry exists,
354 * then this function updates @aeref to refer to the
355 * entry and returns %0. Otherwise, this function
358 int avc_lookup(u32 ssid, u32 tsid, u16 tclass,
359 u32 requested, struct avc_entry_ref *aeref)
361 struct avc_node *node;
364 avc_cache_stats_incr(AVC_CAV_LOOKUPS);
365 node = avc_search_node(ssid, tsid, tclass,&probes);
367 if (node && ((node->ae.avd.decided & requested) == requested)) {
368 avc_cache_stats_incr(AVC_CAV_HITS);
369 avc_cache_stats_add(AVC_CAV_PROBES,probes);
370 aeref->ae = &node->ae;
374 avc_cache_stats_incr(AVC_CAV_MISSES);
381 * avc_insert - Insert an AVC entry.
382 * @ssid: source security identifier
383 * @tsid: target security identifier
384 * @tclass: target security class
386 * @aeref: AVC entry reference
388 * Insert an AVC entry for the SID pair
389 * (@ssid, @tsid) and class @tclass.
390 * The access vectors and the sequence number are
391 * normally provided by the security server in
392 * response to a security_compute_av() call. If the
393 * sequence number @ae->avd.seqno is not less than the latest
394 * revocation notification, then the function copies
395 * the access vectors into a cache entry, updates
396 * @aeref to refer to the entry, and returns %0.
397 * Otherwise, this function returns -%EAGAIN.
399 int avc_insert(u32 ssid, u32 tsid, u16 tclass,
400 struct avc_entry *ae, struct avc_entry_ref *aeref)
402 struct avc_node *node;
405 if (ae->avd.seqno < avc_cache.latest_notif) {
406 printk(KERN_WARNING "avc: seqno %d < latest_notif %d\n",
407 ae->avd.seqno, avc_cache.latest_notif);
412 node = avc_claim_node(ssid, tsid, tclass);
418 node->ae.avd.allowed = ae->avd.allowed;
419 node->ae.avd.decided = ae->avd.decided;
420 node->ae.avd.auditallow = ae->avd.auditallow;
421 node->ae.avd.auditdeny = ae->avd.auditdeny;
422 node->ae.avd.seqno = ae->avd.seqno;
423 aeref->ae = &node->ae;
428 static inline void avc_print_ipv6_addr(struct audit_buffer *ab,
429 struct in6_addr *addr, u16 port,
430 char *name1, char *name2)
432 if (!ipv6_addr_any(addr))
433 audit_log_format(ab, " %s=%04x:%04x:%04x:%04x:%04x:"
434 "%04x:%04x:%04x", name1, NIP6(*addr));
436 audit_log_format(ab, " %s=%d", name2, ntohs(port));
439 static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr,
440 u16 port, char *name1, char *name2)
443 audit_log_format(ab, " %s=%d.%d.%d.%d", name1, NIPQUAD(addr));
445 audit_log_format(ab, " %s=%d", name2, ntohs(port));
449 * avc_audit - Audit the granting or denial of permissions.
450 * @ssid: source security identifier
451 * @tsid: target security identifier
452 * @tclass: target security class
453 * @requested: requested permissions
454 * @avd: access vector decisions
455 * @result: result from avc_has_perm_noaudit
456 * @a: auxiliary audit data
458 * Audit the granting or denial of permissions in accordance
459 * with the policy. This function is typically called by
460 * avc_has_perm() after a permission check, but can also be
461 * called directly by callers who use avc_has_perm_noaudit()
462 * in order to separate the permission check from the auditing.
463 * For example, this separation is useful when the permission check must
464 * be performed under a lock, to allow the lock to be released
465 * before calling the auditing code.
467 void avc_audit(u32 ssid, u32 tsid,
468 u16 tclass, u32 requested,
469 struct av_decision *avd, int result, struct avc_audit_data *a)
471 struct task_struct *tsk = current;
472 struct inode *inode = NULL;
474 struct audit_buffer *ab;
476 denied = requested & ~avd->allowed;
479 if (!(audited & avd->auditdeny))
482 audited = denied = requested;
485 if (!(audited & avd->auditallow))
489 ab = audit_log_start(current->audit_context);
491 return; /* audit_panic has been called */
492 audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
493 avc_dump_av(ab, tclass,audited);
494 audit_log_format(ab, " for ");
497 if (tsk && tsk->pid) {
498 struct mm_struct *mm;
499 struct vm_area_struct *vma;
500 audit_log_format(ab, " pid=%d", tsk->pid);
504 mm = get_task_mm(tsk);
506 if (down_read_trylock(&mm->mmap_sem)) {
509 if ((vma->vm_flags & VM_EXECUTABLE) &&
511 audit_log_d_path(ab, "exe=",
512 vma->vm_file->f_dentry,
513 vma->vm_file->f_vfsmnt);
518 up_read(&mm->mmap_sem);
523 audit_log_format(ab, " comm=%s", tsk->comm);
528 case AVC_AUDIT_DATA_IPC:
529 audit_log_format(ab, " key=%d", a->u.ipc_id);
531 case AVC_AUDIT_DATA_CAP:
532 audit_log_format(ab, " capability=%d", a->u.cap);
534 case AVC_AUDIT_DATA_FS:
535 if (a->u.fs.dentry) {
536 struct dentry *dentry = a->u.fs.dentry;
538 audit_log_d_path(ab, "path=", dentry,
541 audit_log_format(ab, " name=%s",
542 dentry->d_name.name);
544 inode = dentry->d_inode;
545 } else if (a->u.fs.inode) {
546 struct dentry *dentry;
547 inode = a->u.fs.inode;
548 dentry = d_find_alias(inode);
550 audit_log_format(ab, " name=%s",
551 dentry->d_name.name);
556 audit_log_format(ab, " dev=%s ino=%ld",
560 case AVC_AUDIT_DATA_NET:
562 struct sock *sk = a->u.net.sk;
567 switch (sk->sk_family) {
569 struct inet_opt *inet = inet_sk(sk);
571 avc_print_ipv4_addr(ab, inet->rcv_saddr,
574 avc_print_ipv4_addr(ab, inet->daddr,
580 struct inet_opt *inet = inet_sk(sk);
581 struct ipv6_pinfo *inet6 = inet6_sk(sk);
583 avc_print_ipv6_addr(ab, &inet6->rcv_saddr,
586 avc_print_ipv6_addr(ab, &inet6->daddr,
594 audit_log_d_path(ab, "path=",
600 len = u->addr->len-sizeof(short);
601 p = &u->addr->name->sun_path[0];
608 "path=@%*.*s", len-1,
614 switch (a->u.net.family) {
616 avc_print_ipv4_addr(ab, a->u.net.v4info.saddr,
619 avc_print_ipv4_addr(ab, a->u.net.v4info.daddr,
624 avc_print_ipv6_addr(ab, &a->u.net.v6info.saddr,
627 avc_print_ipv6_addr(ab, &a->u.net.v6info.daddr,
633 audit_log_format(ab, " netif=%s",
638 audit_log_format(ab, " ");
639 avc_dump_query(ab, ssid, tsid, tclass);
644 * avc_add_callback - Register a callback for security events.
645 * @callback: callback function
646 * @events: security events
647 * @ssid: source security identifier or %SECSID_WILD
648 * @tsid: target security identifier or %SECSID_WILD
649 * @tclass: target security class
650 * @perms: permissions
652 * Register a callback function for events in the set @events
653 * related to the SID pair (@ssid, @tsid) and
654 * and the permissions @perms, interpreting
655 * @perms based on @tclass. Returns %0 on success or
656 * -%ENOMEM if insufficient memory exists to add the callback.
658 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
659 u16 tclass, u32 perms,
661 u32 events, u32 ssid, u32 tsid,
662 u16 tclass, u32 perms)
664 struct avc_callback_node *c;
667 c = kmalloc(sizeof(*c), GFP_ATOMIC);
673 c->callback = callback;
678 c->next = avc_callbacks;
684 static inline int avc_sidcmp(u32 x, u32 y)
686 return (x == y || x == SECSID_WILD || y == SECSID_WILD);
689 static inline void avc_update_node(u32 event, struct avc_node *node, u32 perms)
692 case AVC_CALLBACK_GRANT:
693 node->ae.avd.allowed |= perms;
695 case AVC_CALLBACK_TRY_REVOKE:
696 case AVC_CALLBACK_REVOKE:
697 node->ae.avd.allowed &= ~perms;
699 case AVC_CALLBACK_AUDITALLOW_ENABLE:
700 node->ae.avd.auditallow |= perms;
702 case AVC_CALLBACK_AUDITALLOW_DISABLE:
703 node->ae.avd.auditallow &= ~perms;
705 case AVC_CALLBACK_AUDITDENY_ENABLE:
706 node->ae.avd.auditdeny |= perms;
708 case AVC_CALLBACK_AUDITDENY_DISABLE:
709 node->ae.avd.auditdeny &= ~perms;
714 static int avc_update_cache(u32 event, u32 ssid, u32 tsid,
715 u16 tclass, u32 perms)
717 struct avc_node *node;
721 spin_lock_irqsave(&avc_lock,flags);
723 if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
724 /* apply to all matching nodes */
725 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
726 for (node = avc_cache.slots[i]; node;
728 if (avc_sidcmp(ssid, node->ae.ssid) &&
729 avc_sidcmp(tsid, node->ae.tsid) &&
730 tclass == node->ae.tclass) {
731 avc_update_node(event,node,perms);
736 /* apply to one node */
737 node = avc_search_node(ssid, tsid, tclass, NULL);
739 avc_update_node(event,node,perms);
743 spin_unlock_irqrestore(&avc_lock,flags);
748 static int avc_control(u32 event, u32 ssid, u32 tsid,
749 u16 tclass, u32 perms,
750 u32 seqno, u32 *out_retained)
752 struct avc_callback_node *c;
753 u32 tretained = 0, cretained = 0;
758 * try_revoke only removes permissions from the cache
759 * state if they are not retained by the object manager.
760 * Hence, try_revoke must wait until after the callbacks have
761 * been invoked to update the cache state.
763 if (event != AVC_CALLBACK_TRY_REVOKE)
764 avc_update_cache(event,ssid,tsid,tclass,perms);
766 for (c = avc_callbacks; c; c = c->next)
768 if ((c->events & event) &&
769 avc_sidcmp(c->ssid, ssid) &&
770 avc_sidcmp(c->tsid, tsid) &&
771 c->tclass == tclass &&
772 (c->perms & perms)) {
774 rc = c->callback(event, ssid, tsid, tclass,
779 tretained |= cretained;
783 if (event == AVC_CALLBACK_TRY_REVOKE) {
784 /* revoke any unretained permissions */
786 avc_update_cache(event,ssid,tsid,tclass,perms);
787 *out_retained = tretained;
790 spin_lock_irqsave(&avc_lock,flags);
791 if (seqno > avc_cache.latest_notif)
792 avc_cache.latest_notif = seqno;
793 spin_unlock_irqrestore(&avc_lock,flags);
800 * avc_ss_grant - Grant previously denied permissions.
801 * @ssid: source security identifier or %SECSID_WILD
802 * @tsid: target security identifier or %SECSID_WILD
803 * @tclass: target security class
804 * @perms: permissions to grant
805 * @seqno: policy sequence number
807 int avc_ss_grant(u32 ssid, u32 tsid, u16 tclass,
808 u32 perms, u32 seqno)
810 return avc_control(AVC_CALLBACK_GRANT,
811 ssid, tsid, tclass, perms, seqno, NULL);
815 * avc_ss_try_revoke - Try to revoke previously granted permissions.
816 * @ssid: source security identifier or %SECSID_WILD
817 * @tsid: target security identifier or %SECSID_WILD
818 * @tclass: target security class
819 * @perms: permissions to grant
820 * @seqno: policy sequence number
821 * @out_retained: subset of @perms that are retained
823 * Try to revoke previously granted permissions, but
824 * only if they are not retained as migrated permissions.
825 * Return the subset of permissions that are retained via @out_retained.
827 int avc_ss_try_revoke(u32 ssid, u32 tsid, u16 tclass,
828 u32 perms, u32 seqno, u32 *out_retained)
830 return avc_control(AVC_CALLBACK_TRY_REVOKE,
831 ssid, tsid, tclass, perms, seqno, out_retained);
835 * avc_ss_revoke - Revoke previously granted permissions.
836 * @ssid: source security identifier or %SECSID_WILD
837 * @tsid: target security identifier or %SECSID_WILD
838 * @tclass: target security class
839 * @perms: permissions to grant
840 * @seqno: policy sequence number
842 * Revoke previously granted permissions, even if
843 * they are retained as migrated permissions.
845 int avc_ss_revoke(u32 ssid, u32 tsid, u16 tclass,
846 u32 perms, u32 seqno)
848 return avc_control(AVC_CALLBACK_REVOKE,
849 ssid, tsid, tclass, perms, seqno, NULL);
853 * avc_ss_reset - Flush the cache and revalidate migrated permissions.
854 * @seqno: policy sequence number
856 int avc_ss_reset(u32 seqno)
858 struct avc_callback_node *c;
860 struct avc_node *node, *tmp;
863 avc_hash_eval("reset");
865 spin_lock_irqsave(&avc_lock,flags);
867 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
868 node = avc_cache.slots[i];
872 tmp->ae.ssid = tmp->ae.tsid = SECSID_NULL;
873 tmp->ae.tclass = SECCLASS_NULL;
874 tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
875 tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
877 tmp->next = avc_node_freelist;
878 avc_node_freelist = tmp;
879 avc_cache.active_nodes--;
881 avc_cache.slots[i] = NULL;
883 avc_cache.lru_hint = 0;
885 spin_unlock_irqrestore(&avc_lock,flags);
887 for (i = 0; i < AVC_NSTATS; i++)
888 avc_cache_stats[i] = 0;
890 for (c = avc_callbacks; c; c = c->next) {
891 if (c->events & AVC_CALLBACK_RESET) {
892 rc = c->callback(AVC_CALLBACK_RESET,
899 spin_lock_irqsave(&avc_lock,flags);
900 if (seqno > avc_cache.latest_notif)
901 avc_cache.latest_notif = seqno;
902 spin_unlock_irqrestore(&avc_lock,flags);
908 * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
909 * @ssid: source security identifier or %SECSID_WILD
910 * @tsid: target security identifier or %SECSID_WILD
911 * @tclass: target security class
912 * @perms: permissions to grant
913 * @seqno: policy sequence number
914 * @enable: enable flag.
916 int avc_ss_set_auditallow(u32 ssid, u32 tsid, u16 tclass,
917 u32 perms, u32 seqno, u32 enable)
920 return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
921 ssid, tsid, tclass, perms, seqno, NULL);
923 return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
924 ssid, tsid, tclass, perms, seqno, NULL);
928 * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
929 * @ssid: source security identifier or %SECSID_WILD
930 * @tsid: target security identifier or %SECSID_WILD
931 * @tclass: target security class
932 * @perms: permissions to grant
933 * @seqno: policy sequence number
934 * @enable: enable flag.
936 int avc_ss_set_auditdeny(u32 ssid, u32 tsid, u16 tclass,
937 u32 perms, u32 seqno, u32 enable)
940 return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
941 ssid, tsid, tclass, perms, seqno, NULL);
943 return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
944 ssid, tsid, tclass, perms, seqno, NULL);
948 * avc_has_perm_noaudit - Check permissions but perform no auditing.
949 * @ssid: source security identifier
950 * @tsid: target security identifier
951 * @tclass: target security class
952 * @requested: requested permissions, interpreted based on @tclass
953 * @aeref: AVC entry reference
954 * @avd: access vector decisions
956 * Check the AVC to determine whether the @requested permissions are granted
957 * for the SID pair (@ssid, @tsid), interpreting the permissions
958 * based on @tclass, and call the security server on a cache miss to obtain
959 * a new decision and add it to the cache. Update @aeref to refer to an AVC
960 * entry with the resulting decisions, and return a copy of the decisions
961 * in @avd. Return %0 if all @requested permissions are granted,
962 * -%EACCES if any permissions are denied, or another -errno upon
963 * other errors. This function is typically called by avc_has_perm(),
964 * but may also be called directly to separate permission checking from
965 * auditing, e.g. in cases where a lock must be held for the check but
966 * should be released for the auditing.
968 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
969 u16 tclass, u32 requested,
970 struct avc_entry_ref *aeref, struct av_decision *avd)
972 struct avc_entry *ae;
975 struct avc_entry entry;
977 struct avc_entry_ref ref;
980 avc_entry_ref_init(&ref);
984 spin_lock_irqsave(&avc_lock, flags);
985 avc_cache_stats_incr(AVC_ENTRY_LOOKUPS);
988 if (ae->ssid == ssid &&
990 ae->tclass == tclass &&
991 ((ae->avd.decided & requested) == requested)) {
992 avc_cache_stats_incr(AVC_ENTRY_HITS);
995 avc_cache_stats_incr(AVC_ENTRY_DISCARDS);
1001 avc_cache_stats_incr(AVC_ENTRY_MISSES);
1002 rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
1004 spin_unlock_irqrestore(&avc_lock,flags);
1005 rc = security_compute_av(ssid,tsid,tclass,requested,&entry.avd);
1008 spin_lock_irqsave(&avc_lock, flags);
1009 rc = avc_insert(ssid,tsid,tclass,&entry,aeref);
1011 spin_unlock_irqrestore(&avc_lock,flags);
1019 memcpy(avd, &ae->avd, sizeof(*avd));
1021 denied = requested & ~(ae->avd.allowed);
1023 if (!requested || denied) {
1024 if (selinux_enforcing) {
1025 spin_unlock_irqrestore(&avc_lock,flags);
1029 ae->avd.allowed |= requested;
1030 spin_unlock_irqrestore(&avc_lock,flags);
1035 spin_unlock_irqrestore(&avc_lock,flags);
1041 * avc_has_perm - Check permissions and perform any appropriate auditing.
1042 * @ssid: source security identifier
1043 * @tsid: target security identifier
1044 * @tclass: target security class
1045 * @requested: requested permissions, interpreted based on @tclass
1046 * @aeref: AVC entry reference
1047 * @auditdata: auxiliary audit data
1049 * Check the AVC to determine whether the @requested permissions are granted
1050 * for the SID pair (@ssid, @tsid), interpreting the permissions
1051 * based on @tclass, and call the security server on a cache miss to obtain
1052 * a new decision and add it to the cache. Update @aeref to refer to an AVC
1053 * entry with the resulting decisions. Audit the granting or denial of
1054 * permissions in accordance with the policy. Return %0 if all @requested
1055 * permissions are granted, -%EACCES if any permissions are denied, or
1056 * another -errno upon other errors.
1058 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
1059 u32 requested, struct avc_entry_ref *aeref,
1060 struct avc_audit_data *auditdata)
1062 struct av_decision avd;
1065 rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
1066 avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
git://git.onelab.eu / linux-2.6.git / blob