Security Server Interface (cont.)
-
Access Vector Cache (AVC)
- security_compute_av() called indirectly through AVC
- int avc_has_perm_ref(ssid, tsid, tclass, requested, *aeref,
*auditdata)
- aeref is hint to cache entry. If invalid then
security_compute_av() is called
-
File permission check shortcuts
- int dentry_mac_permission(struct dentry *d, access_vector_t av
)