1avc_cache_stats(3)         SELinux API documentation        avc_cache_stats(3)
2
3
4

NAME

6       avc_cache_stats, avc_av_stats, avc_sid_stats - obtain userspace SELinux
7       AVC statistics.
8

SYNOPSIS

10       #include <selinux/selinux.h>
11
12       #include <selinux/avc.h>
13
14       void avc_av_stats(void);
15
16       void avc_sid_stats(void);
17
18       void avc_cache_stats(struct avc_cache_stats *stats);
19

DESCRIPTION

21       The userspace AVC maintains two internal  hash  tables,  one  to  store
22       security ID's and one to cache access decisions.
23
24       avc_av_stats and avc_sid_stats produce log messages indicating the sta‐
25       tus of the access decision and SID tables, respectively.  The  messages
26       contain  the number of entries in the table, number of hash buckets and
27       number of buckets used, and maximum  number  of  entries  in  a  single
28       bucket.
29
30       avc_cache_stats populates a structure whose fields reflect cache activ‐
31       ity:
32
33              struct avc_cache_stats {
34                  unsigned  entry_lookups;
35                  unsigned  entry_hits;
36                  unsigned  entry_misses;
37                  unsigned  entry_discards;
38                  unsigned  cav_lookups;
39                  unsigned  cav_hits;
40                  unsigned  cav_probes;
41                  unsigned  cav_misses;
42              };
43
44
45       entry_lookups
46              Number of queries made.
47
48       entry_hits
49              Number of times a decision was found in the aeref argument.
50
51       entry_misses
52              Number of times a decision was not found in the aeref argument.
53
54       entry_discards
55              Number of times a decision was not found in the  aeref  argument
56              and the aeref argument was non-NULL.
57
58       cav_lookups
59              Number of cache lookups.
60
61       cav_hits
62              Number of cache hits.
63
64       cav_misses
65              Number of cache misses.
66
67       cav_probes
68              Number of entries examined while searching the cache.
69
70

NOTES

72       When  the cache is flushed as a result of a call to avc_reset or a pol‐
73       icy change notification, the statistics returned by avc_cache_stats are
74       reset to zero.  The SID table, however, is left unchanged.
75
76       When  a  policy change notification is received, a call to avc_av_stats
77       is made before the cache is flushed.
78
79

AUTHOR

81       Eamon Walsh <ewalsh@tycho.nsa.gov>
82
83

SEE ALSO

85       avc_init(3),  avc_has_perm(3),   avc_context_to_sid(3),   avc_add_call‐
86       back(3) selinux(8)
87
88
89
90                                  27 May 2004               avc_cache_stats(3)