54 	struct av_decision	avd;
301 static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd)
306 	memcpy(&node->ae.avd, avd, sizeof(node->ae.avd));
384  * @avd: resulting av decision
391  * sequence number @avd->seqno is not less than the latest
396 static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd)
402 	if (avc_latest_notif_update(avd->seqno, 1))
412 		avc_node_populate(node, ssid, tsid, tclass, avd);
471  * @avd: access vector decisions
486 	       struct av_decision *avd, int result, struct common_audit_data *a)
490 	denied = requested & ~avd->allowed;
492 		audited = denied & avd->auditdeny;
502 		 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
511 		    !(a->selinux_audit_data.auditdeny & avd->auditdeny))
516 		audited = requested & avd->auditallow;
620 		    seqno == pos->ae.avd.seqno){
636 	avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd);
640 		node->ae.avd.allowed |= perms;
644 		node->ae.avd.allowed &= ~perms;
647 		node->ae.avd.auditallow |= perms;
650 		node->ae.avd.auditallow &= ~perms;
653 		node->ae.avd.auditdeny |= perms;
656 		node->ae.avd.auditdeny &= ~perms;
728  * @avd: access vector decisions
734  * in @avd.  Return %0 if all @requested permissions are granted,
747 	struct av_decision avd_entry, *avd;
760 			avd = in_avd;
762 			avd = &avd_entry;
764 		security_compute_av(ssid, tsid, tclass, avd);
766 		node = avc_insert(ssid, tsid, tclass, avd);
769 			memcpy(in_avd, &node->ae.avd, sizeof(*in_avd));
770 		avd = &node->ae.avd;
773 	denied = requested & ~(avd->allowed);
778 		else if (!selinux_enforcing || (avd->flags & AVD_FLAGS_PERMISSIVE))
780 					tsid, tclass, avd->seqno);
808 	struct av_decision avd;
811 	rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
812 	avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);

Indexes created Mon Jul 29 19:40:31 MDT 2024