xref: /linux-6.3-rc2/security/selinux/avc.c

96 void selinux_avc_init(struct selinux_avc **avc)  in selinux_avc_init()  argument
107 	*avc = &selinux_avc;  in selinux_avc_init()
110 unsigned int avc_get_cache_threshold(struct selinux_avc *avc)  in avc_get_cache_threshold()  argument
112 	return avc->avc_cache_threshold;  in avc_get_cache_threshold()
115 void avc_set_cache_threshold(struct selinux_avc *avc,  in avc_set_cache_threshold()  argument
118 	avc->avc_cache_threshold = cache_threshold;  in avc_set_cache_threshold()
153 int avc_get_hash_stats(struct selinux_avc *avc, char *page)  in avc_get_hash_stats()  argument
164 		head = &avc->avc_cache.slots[i];  in avc_get_hash_stats()
179 			 atomic_read(&avc->avc_cache.active_nodes),  in avc_get_hash_stats()
442 static void avc_node_delete(struct selinux_avc *avc, struct avc_node *node)  in avc_node_delete()  argument
446 	atomic_dec(&avc->avc_cache.active_nodes);  in avc_node_delete()
449 static void avc_node_kill(struct selinux_avc *avc, struct avc_node *node)  in avc_node_kill()  argument
454 	atomic_dec(&avc->avc_cache.active_nodes);  in avc_node_kill()
457 static void avc_node_replace(struct selinux_avc *avc,  in avc_node_replace()  argument
462 	atomic_dec(&avc->avc_cache.active_nodes);  in avc_node_replace()
465 static inline int avc_reclaim_node(struct selinux_avc *avc)  in avc_reclaim_node()  argument
474 		hvalue = atomic_inc_return(&avc->avc_cache.lru_hint) &  in avc_reclaim_node()
476 		head = &avc->avc_cache.slots[hvalue];  in avc_reclaim_node()
477 		lock = &avc->avc_cache.slots_lock[hvalue];  in avc_reclaim_node()
484 			avc_node_delete(avc, node);  in avc_reclaim_node()
500 static struct avc_node *avc_alloc_node(struct selinux_avc *avc)  in avc_alloc_node()  argument
511 	if (atomic_inc_return(&avc->avc_cache.active_nodes) >  in avc_alloc_node()
512 	    avc->avc_cache_threshold)  in avc_alloc_node()
513 		avc_reclaim_node(avc);  in avc_alloc_node()
527 static inline struct avc_node *avc_search_node(struct selinux_avc *avc,  in avc_search_node()  argument
535 	head = &avc->avc_cache.slots[hvalue];  in avc_search_node()
561 static struct avc_node *avc_lookup(struct selinux_avc *avc,  in avc_lookup()  argument
567 	node = avc_search_node(avc, ssid, tsid, tclass);  in avc_lookup()
576 static int avc_latest_notif_update(struct selinux_avc *avc,  in avc_latest_notif_update()  argument
585 		if (seqno < avc->avc_cache.latest_notif) {  in avc_latest_notif_update()
587 			       seqno, avc->avc_cache.latest_notif);  in avc_latest_notif_update()
591 		if (seqno > avc->avc_cache.latest_notif)  in avc_latest_notif_update()
592 			avc->avc_cache.latest_notif = seqno;  in avc_latest_notif_update()
618 static struct avc_node *avc_insert(struct selinux_avc *avc,  in avc_insert()  argument
629 	if (avc_latest_notif_update(avc, avd->seqno, 1))  in avc_insert()
632 	node = avc_alloc_node(avc);  in avc_insert()
638 		avc_node_kill(avc, node);  in avc_insert()
643 	head = &avc->avc_cache.slots[hvalue];  in avc_insert()
644 	lock = &avc->avc_cache.slots_lock[hvalue];  in avc_insert()
650 			avc_node_replace(avc, node, pos);  in avc_insert()
847 static int avc_update_node(struct selinux_avc *avc,  in avc_update_node()  argument
859 	node = avc_alloc_node(avc);  in avc_update_node()
868 	head = &avc->avc_cache.slots[hvalue];  in avc_update_node()
869 	lock = &avc->avc_cache.slots_lock[hvalue];  in avc_update_node()
885 		avc_node_kill(avc, node);  in avc_update_node()
898 			avc_node_kill(avc, node);  in avc_update_node()
929 	avc_node_replace(avc, node, orig);  in avc_update_node()
940 static void avc_flush(struct selinux_avc *avc)  in avc_flush()  argument
949 		head = &avc->avc_cache.slots[i];  in avc_flush()
950 		lock = &avc->avc_cache.slots_lock[i];  in avc_flush()
959 			avc_node_delete(avc, node);  in avc_flush()
970 int avc_ss_reset(struct selinux_avc *avc, u32 seqno)  in avc_ss_reset()  argument
975 	avc_flush(avc);  in avc_ss_reset()
987 	avc_latest_notif_update(avc, seqno, 0);  in avc_ss_reset()
1010 	return avc_insert(state->avc, ssid, tsid, tclass, avd, xp_node);  in avc_compute_av()
1026 	avc_update_node(state->avc, AVC_CALLBACK_GRANT, requested, driver,  in avc_denied()
1060 	node = avc_lookup(state->avc, ssid, tsid, tclass);  in avc_has_extended_perms()
1089 		avc_update_node(state->avc, AVC_CALLBACK_ADD_XPERMS, requested,  in avc_has_extended_perms()
1152 	node = avc_lookup(state->avc, ssid, tsid, tclass);  in avc_has_perm_noaudit()
1202 	return state->avc->avc_cache.latest_notif;  in avc_policy_seqno()
1219 		avc_flush(selinux_state.avc);  in avc_disable()

Last Index update Sun Aug 20 00:18:20 CST 2023