LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    avc_audit

    
    
    
    

    SYNOPSIS

           #include <selinux/selinux.h>
    
           #include <selinux/avc.h>
    
           void avc_entry_ref_init(struct avc_entry_ref *aeref);
    
           int avc_has_perm(security_id_t ssid, security_id_t tsid,
                            security_class_t tclass, access_vector_t requested,
    
                            struct avc_entry_ref *aeref, void *auditdata);
    
           int avc_has_perm_noaudit(security_id_t ssid, security_id_t tsid,
                            security_class_t tclass, access_vector_t requested,
    
                            struct avc_entry_ref *aeref, struct av_decision *avd);
    
           void avc_audit(security_id_t ssid, security_id_t tsid,
                          security_class_t tclass, access_vector_t requested,
    
                          struct av_decision *avd, int result, void *auditdata);
    
    
    

    DESCRIPTION

           avc_entry_ref_init  initializes  an  avc_entry_ref structure; see ENTRY
           REFERENCES below.  This function may be implemented as a macro.
    
           avc_has_perm checks whether the requested permissions are  granted  for
           subject  SID  ssid  and  target  SID tsid, interpreting the permissions
           based on tclass and updating aeref, if non-NULL, to refer  to  a  cache
           entry  with  the resulting decision.  The granting or denial of permis-
           sions is audited in accordance with the policy.  The auditdata  parame-
           ter is for supplemental auditing; see avc_audit below.
    
           avc_has_perm_noaudit behaves as avc_has_perm without producing an audit
           message.  The access decision is returned in avd and can be  passed  to
           avc_audit explicitly.
    
           avc_audit produces an audit message for the access query represented by
           ssid, tsid, tclass, and requested, with a decision represented by  avd.
           Pass  the value returned by avc_has_perm_noaudit as result.  The audit-
           data parameter is passed to the user-supplied func_audit  callback  and
           can  be  used to add supplemental information to the audit message; see
           avc_init(3).
    
    
    

    ENTRY REFERENCES

           Entry references can be used to speed cache  performance  for  repeated
           queries  on  the same subject and target.  The userspace AVC will check
           the aeref argument, if supplied, before searching the cache on  a  per-
           mission  query.   After  a query is performed, aeref will be updated to
           reference the cache entry for that query.  A subsequent  query  on  the
           In  permissive  mode, zero will be returned and errno unchanged even if
           permissions were denied.  avc_has_perm will still produce an audit mes-
           sage in this case.
    
    
    

    ERRORS

           EACCES A requested permission was denied.
    
           EINVAL The  tclass  and/or the security contexts referenced by ssid and
                  tsid are not recognized by the currently loaded policy.
    
           ENOMEM An attempt to allocate memory failed.
    
    
    

    NOTES

           Internal errors encountered by the userspace AVC may cause certain val-
           ues  of errno to be returned unexpectedly.  For example, netlink socket
           errors may produce EACCES or EINVAL.  Make sure that  userspace  object
           managers are granted appropriate access to netlink by the policy.
    
    
    

    AUTHOR

           Eamon Walsh <ewalsh@tycho.nsa.gov>
    
    
    

    SEE ALSO

           avc_init(3),  avc_context_to_sid(3),  avc_cache_stats(3), avc_add_call-
           back(3), security_compute_av(3) selinux(8)
    
                                      27 May 2004                  avc_has_perm(3)
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz