1avc_add_callback(3) SE Linux API documentation avc_add_callback(3)
2
3
4
6 avc_add_callback - additional event notification for SELinux userspace
7 object managers.
8
10 #include <selinux/selinux.h>
11
12 #include <selinux/avc.h>
13
14 int avc_add_callback(int (*callback)(uint32_t event,
15 security_id_t ssid,
16
17 security_id_t tsid,
18
19 security_class_t tclass,
20
21 access_vector_t perms,
22
23 access_vector_t *out_retained),
24 uint32_t events, security_id_t ssid,
25
26 security_id_t tsid, security_class_t tclass,
27
28 access_vector_t perms);
29
31 avc_add_callback is used to register callback functions on security
32 events. The purpose of this functionality is to allow userspace object
33 managers to take additional action when a policy change, usually a pol‐
34 icy reload, causes permissions to be granted or revoked.
35
36 events is the bitwise-or of security events on which to register the
37 callback; see SECURITY EVENTS below.
38
39 ssid, tsid, tclass, and perms specify the source and target SID's, tar‐
40 get class, and specific permissions that the callback wishes to moni‐
41 tor. The special symbol SECSID_WILD may be passed as the source or
42 target and will cause any SID to match.
43
44 callback is the callback function provided by the userspace object man‐
45 ager. The event argument indicates the security event which occured;
46 the remaining arguments are interpreted according to the event as
47 described below. The return value of the callback should be zero on
48 success, -1 on error with errno set appropriately (but see RETURN VALUE
49 below).
50
51
53 In all cases below, ssid and/or tsid may be set to SECSID_WILD, indi‐
54 cating that the change applies to all source and/or target SID's.
55 Unless otherwise indicated, the out_retained parameter is unused.
56
57
58 AVC_CALLBACK_GRANT
59 Previously denied permissions are now granted for ssid, tsid
60 with respect to tclass. perms indicates the permissions to
61 grant.
62
63 AVC_CALLBACK_TRY_REVOKE
64 Previously granted permissions are now conditionally revoked for
65 ssid, tsid with respect to tclass. perms indicates the permis‐
66 sions to revoke. The callback should set out_retained to the
67 subset of perms which are retained as migrated permissions.
68 Note that out_retained is ignored if the callback returns -1.
69
70 AVC_CALLBACK_REVOKE
71 Previously granted permissions are now unconditionally revoked
72 for ssid, tsid with respect to tclass. perms indicates the per‐
73 missions to revoke.
74
75 AVC_CALLBACK_RESET
76 Indicates that the cache was flushed. The SID, class, and per‐
77 mission arguments are unused and are set to NULL.
78
79 AVC_CALLBACK_AUDITALLOW_ENABLE
80 The permissions given by perms should now be audited when
81 granted for ssid, tsid with respect to tclass.
82
83 AVC_CALLBACK_AUDITALLOW_DISABLE
84 The permissions given by perms should no longer be audited when
85 granted for ssid, tsid with respect to tclass.
86
87 AVC_CALLBACK_AUDITDENY_ENABLE
88 The permissions given by perms should now be audited when denied
89 for ssid, tsid with respect to tclass.
90
91 AVC_CALLBACK_AUDITDENY_DISABLE
92 The permissions given by perms should no longer be audited when
93 denied for ssid, tsid with respect to tclass.
94
95
97 On success, avc_add_callback returns zero. On error, -1 is returned
98 and errno is set appropriately.
99
100 A return value of -1 from a callback is interpreted as a failed policy
101 operation. If such a return value is encountered, all remaining call‐
102 backs registered on the event are called. In threaded mode, the
103 netlink handler thread may then terminate and cause the userspace AVC
104 to return EINVAL on all further permission checks until avc_destroy(3)
105 is called. In non-threaded mode, the permission check on which the
106 error occurred will return -1 and the value of errno encountered to the
107 caller. In both cases, a log message is produced and the kernel may be
108 notified of the error.
109
110
112 ENOMEM An attempt to allocate memory failed.
113
114
116 If the userspace AVC is running in threaded mode, callbacks registered
117 via avc_add_callback may be executed in the context of the netlink han‐
118 dler thread. This will likely introduce synchronization issues requir‐
119 ing the use of locks. See avc_init(3).
120
121 Support for dynamic revocation and retained permissions is mostly unim‐
122 plemented in the SELinux kernel module. The only security event that
123 currently gets excercised is AVC_CALLBACK_RESET.
124
125
127 Eamon Walsh <ewalsh@epoch.ncsc.mil>
128
129
131 avc_init(3), avc_has_perm(3), avc_context_to_sid(3),
132 avc_cache_stats(3), security_compute_av(3) selinux(8)
133
134
135
136 9 June 2004 avc_add_callback(3)