LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    avc_add_callback

    
    
    
    

    SYNOPSIS

           #include <selinux/selinux.h>
    
           #include <selinux/avc.h>
    
           int avc_add_callback(int (*callback)(uint32_t event,
                                                security_id_t ssid,
    
                                                security_id_t tsid,
    
                                                security_class_t tclass,
    
                                                access_vector_t perms,
    
                                                access_vector_t *out_retained),
                                uint32_t events, security_id_t ssid,
    
                                security_id_t tsid, security_class_t tclass,
    
                                access_vector_t perms);
    
    
    

    DESCRIPTION

           avc_add_callback is used to register  callback  functions  on  security
           events.  The purpose of this functionality is to allow userspace object
           managers to take additional action when a policy change, usually a pol-
           icy reload, causes permissions to be granted or revoked.
    
           events  is  the  bitwise-or of security events on which to register the
           callback; see SECURITY EVENTS below.
    
           ssid, tsid, tclass, and perms specify the source and target SID's, tar-
           get  class,  and specific permissions that the callback wishes to moni-
           tor.  The special symbol SECSID_WILD may be passed  as  the  source  or
           target and will cause any SID to match.
    
           callback is the callback function provided by the userspace object man-
           ager.  The event argument indicates the security event  which  occured;
           the  remaining  arguments  are  interpreted  according  to the event as
           described below.  The return value of the callback should  be  zero  on
           success, -1 on error with errno set appropriately (but see RETURN VALUE
           below).
    
    
    

    SECURITY EVENTS

           In all cases below, ssid and/or tsid may be set to  SECSID_WILD,  indi-
           cating  that  the  change  applies  to  all source and/or target SID's.
           Unless otherwise indicated, the out_retained parameter is unused.
    
           AVC_CALLBACK_GRANT
                  Previously denied permissions are now  granted  for  ssid,  tsid
    
           AVC_CALLBACK_RESET
                  Indicates that the cache was flushed.  The SID, class, and  per-
                  mission arguments are unused and are set to NULL.
    
           AVC_CALLBACK_AUDITALLOW_ENABLE
                  The  permissions  given  by  perms  should  now  be audited when
                  granted for ssid, tsid with respect to tclass.
    
           AVC_CALLBACK_AUDITALLOW_DISABLE
                  The permissions given by perms should no longer be audited  when
                  granted for ssid, tsid with respect to tclass.
    
           AVC_CALLBACK_AUDITDENY_ENABLE
                  The permissions given by perms should now be audited when denied
                  for ssid, tsid with respect to tclass.
    
           AVC_CALLBACK_AUDITDENY_DISABLE
                  The permissions given by perms should no longer be audited  when
                  denied for ssid, tsid with respect to tclass.
    
    
    

    RETURN VALUE

           On  success,  avc_add_callback  returns zero.  On error, -1 is returned
           and errno is set appropriately.
    
           A return value of -1 from a callback is interpreted as a failed  policy
           operation.   If such a return value is encountered, all remaining call-
           backs registered on the  event  are  called.   In  threaded  mode,  the
           netlink  handler  thread may then terminate and cause the userspace AVC
           to return EINVAL on all further permission checks until  avc_destroy(3)
           is  called.   In  non-threaded  mode, the permission check on which the
           error occurred will return -1 and the value of errno encountered to the
           caller.  In both cases, a log message is produced and the kernel may be
           notified of the error.
    
    
    

    ERRORS

           ENOMEM An attempt to allocate memory failed.
    
    
    

    NOTES

           If the userspace AVC is running in threaded mode, callbacks  registered
           via avc_add_callback may be executed in the context of the netlink han-
           dler thread.  This will likely introduce synchronization issues requir-
           ing the use of locks.  See avc_init(3).
    
           Support for dynamic revocation and retained permissions is mostly unim-
           plemented in the SELinux kernel module.  The only security  event  that
           currently gets excercised is AVC_CALLBACK_RESET.
    
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz