5
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
8
#ifndef _LINUX_AVC_SS_H_
9
#define _LINUX_AVC_SS_H_
12
* Access vector cache interface for the security server
15
#include "flask_types.h"
19
* Any of the SID parameters may be wildcarded,
20
* in which case the operation is applied to all
21
* matching entries in the AVC.
24
/* Grant previously denied permissions */
26
security_id_t ssid, /* IN */
27
security_id_t tsid, /* IN */
28
security_class_t tclass, /* IN */
29
access_vector_t perms, /* IN */
30
__u32 seqno); /* IN */
33
* Try to revoke previously granted permissions, but
34
* only if they are not retained as migrated permissions.
35
* Return the subset of permissions that are retained.
37
int avc_ss_try_revoke(
38
security_id_t ssid, /* IN */
39
security_id_t tsid, /* IN */
40
security_class_t tclass, /* IN */
41
access_vector_t perms, /* IN */
43
access_vector_t *out_retained); /* OUT */
46
* Revoke previously granted permissions, even if
47
* they are retained as migrated permissions.
50
security_id_t ssid, /* IN */
51
security_id_t tsid, /* IN */
52
security_class_t tclass, /* IN */
53
access_vector_t perms, /* IN */
54
__u32 seqno); /* IN */
57
* Flush the cache and revalidate all migrated permissions.
59
int avc_ss_reset(__u32 seqno);
62
/* Enable or disable auditing of granted permissions */
63
int avc_ss_set_auditallow(
64
security_id_t ssid, /* IN */
65
security_id_t tsid, /* IN */
66
security_class_t tclass, /* IN */
67
access_vector_t perms, /* IN */
71
/* Enable or disable auditing of denied permissions */
72
int avc_ss_set_auditdeny(
73
security_id_t ssid, /* IN */
74
security_id_t tsid, /* IN */
75
security_class_t tclass, /* IN */
76
access_vector_t perms, /* IN */
80
#endif /* _LINUX_AVC_SS_H_ */