next up previous contents
Next: Implementation Up: Access Vector Cache Previous: Interfaces for the Kernel   Contents

Interfaces for the Security Server

The function prototypes for the AVC interfaces provided for the security server are in the include/linux/flask/avc_ss.h header file. These interfaces are used by the security server to manage the cache as needed for policy changes. This subsection describes each of these interfaces. For each interface, the function prototype is listed followed by a description of the interface.

int avc_ss_grant(
        security_id_t ssid,
        security_id_t tsid,
        security_class_t tclass,
        access_vector_t perms,
        __u32 seqno);

The avc_ss_grant function grants previously denied permissions for a SID pair and class. The wildcard SID, SECSID_WILD, may be used for the ssid and tsid parameters to match all SID values. This function adds the permissions in perms to the allowed vector in any matching entries in the cache. It then calls any callbacks registered by an object manager for the AVC_CALLBACK_GRANT event with a matching SID pair, class and permissions. Permission vectors match if they have a non-null intersection. This function updates the latest policy change sequence number to the greater of its current value and the seqno value.

int avc_ss_try_revoke(
        security_id_t ssid,
        security_id_t tsid,
        security_class_t tclass,
        access_vector_t perms,
        __u32 seqno,
        access_vector_t *out_retained);

The avc_ss_try_revoke function tries to revoke previously granted permissions for a SID pair and class, but only if they are not retained in the state of an object manager. If any of the permissions in perms are retained, the retained permissions are returned in out_retained. The wildcard SID, SECSID_WILD, may be used for the ssid and tsid parameters to match all SID values. This function calls any callbacks registered by an object manager for the AVC_CALLBACK_TRY_REVOKE event with a matching SID pair, class and permissions. Permission vectors match if they have a non-null intersection. Each callback is expected to identify which matching permissions are retained in the state of the object manager. The set of retained permissions returned by each callback is added to out_retained. This function then removes any permissions in perms that were not retained from the allowed vector in any matching entries in the cache. This function updates the latest policy change sequence number to the greater of its current value and the seqno value.

int avc_ss_revoke(
        security_id_t ssid,
        security_id_t tsid,
        security_class_t tclass,
        access_vector_t perms,
        __u32 seqno);

The avc_ss_revoke function revokes previously granted permissions for a SID pair and class, even if they are retained in the state of an object manager. The wildcard SID, SECSID_WILD, may be used for the ssid and tsid parameters to match all SID values. This function removes any permissions in perms from the allowed vector in any matching entries in the cache. It then calls any callbacks registered by an object manager for the AVC_CALLBACK_REVOKE event with a matching SID pair, class and permissions. Permission vectors match if they have a non-null intersection. Each callback is expected to revoke any matching permissions that are retained in the state of the object manager. This function updates the latest policy change sequence number to the greater of its current value and the seqno value.

int avc_ss_reset(__u32 seqno);

The avc_ss_reset function flushes the cache and revalidates all permissions retained in the state of the object managers. This function invalidates all entries in the cache. It then calls any callbacks registered by an object manager for the AVC_CALLBACK_RESET event. Each callback is expected to revalidate permissions that are retained in the state of the object manager by calling avc_has_perm_ref_audit or one of its variants. This function updates the latest policy change sequence number to the greater of its current value and the seqno value.

int avc_ss_set_auditallow(
        security_id_t ssid,
        security_id_t tsid,
        security_class_t tclass,
        access_vector_t perms,
        __u32 seqno,
        __u32 enable);

The avc_ss_set_auditallow function enables or disables auditing of granted permissions for a SID pair and class. The wildcard SID, SECSID_WILD, may be used for the ssid and tsid parameters to match all SID values. The enable flag should be 1 to enable auditing and 0 to disable auditing. This function adds or removes, depending on the value of enable, the permissions in perms from the auditallow vector in any matching entries in the cache. It then calls any callbacks registered by an object manager for the AVC_CALLBACK_AUDITALLOW_ENABLE or AVC_CALLBACK_AUDITALLOW_DISABLE event with a matching SID pair, class and permissions. Permission vectors match if they have a non-null intersection. This function updates the latest policy change sequence number to the greater of its current value and the seqno value.

int avc_ss_set_auditdeny(
        security_id_t ssid,
        security_id_t tsid,
        security_class_t tclass,
        access_vector_t perms,
        __u32 seqno,
        __u32 enable);

The avc_ss_set_auditdeny function enables or disables auditing of denied permissions for a SID pair and class. It has the same behavior as avc_ss_set_auditallow, except that it modifies the auditdeny vector and it is associated with the AVC_CALLBACK_AUDITDENY_ENABLE and AVC_CALLBACK_AUDITDENY_DISABLE events.

int avc_ss_set_notify(
        security_id_t ssid,
        security_id_t tsid,
        security_class_t tclass,
        access_vector_t perms,
        __u32 seqno,
        __u32 enable);

The avc_ss_set_notify function enables or disables notification of completed operations for a SID pair and class. It has the same behavior as avc_ss_set_auditallow, except that it modifies the notify vector and it is associated with the AVC_CALLBACK_NOTIFY_ENABLE and AVC_CALLBACK_NOTIFY_DISABLE events.


next up previous contents
Next: Implementation Up: Access Vector Cache Previous: Interfaces for the Kernel   Contents