next up previous contents
Next: System Call Controls Up: Prototype Implementation Previous: load_policy   Contents

Other interfaces

Since none of the implemented policies base their decisions on the history of completed operations, the security_notify_perm function simply returns immediately when called. This function is currently never called since the kernel object managers have not yet been changed to notify the AVC of operation completion.

The security_fs_sid, security_port_sid, security_netif_sid, security_node_sid, and security_nfs_sid functions look for a matching entry from the policy configuration. If no entry is found, then these functions return the appropriate initial SIDs. If an entry is found, then these functions check to see if a SID has already been allocated for each security context in the entry. If not, then these functions call sidtab_context_to_sid to obtain a SID for each security context in the entry and cache the SID in the entry. These functions then return the cached SIDs.