| 57928fa1fd2222558543134211340f40ff1b9e02 |
|
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Add more printf format annotations
The public avc.h file must use a printf annotation in the struct
callback members, otherwise application code will get compiler
warnings that the method should have an annotation set.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/avc_internal.h
|
| 58866dd5668e845fd1cc0f62ae8dd4b93d9caf2b |
|
02-Sep-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
The userspace AVC currently has refcounted SID's. This patch strips out
the refcounting under the following justifications:
1. Managing the refcounts by calling sidput() and sidget() as
appropriate is a difficult and bug-prone task for users of the library.
2. The userspace AVC doesn't currently make use of the refcounts to
reclaim unused SID's unless avc_cleanup() is explicitly called.
3. The kernel itself no longer uses refcounting for it's own SID's.
The implication of this change is that SID's (basically malloc'ed copies
of security contexts) will persist in the AVC's SID table until the next
call to avc_destroy(). This presents the potential for increased memory
usage, but in practice I don't believe this will be an issue. ABI
compatibility is preserved: the avc_cleanup(), sidput(), and sidget()
calls are changed to no-ops.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libselinux/src/avc_internal.h
|
| 318748d65917fa5a96c17ce3b564074e43482d75 |
|
08-Apr-2009 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
The attached patch enables userspace object managers to handle notification
messages via netlink socket from SELinux.
* Two new callbacks were added to selinux_set_callback(3)
- SELINUX_CB_SETENFORCE
is invoked when it got SELNL_MSG_SETENFORCE message in the
avc_netlink_process().
- SELINUX_CB_POLICYLOAD
is invoked when it got SELNL_MSG_POLICYLOAD message in the
avc_netlink_process().
* Three functions were exposed to applications.
- int avc_netlink_open(int blocking);
- void avc_netlink_loop(void);
- void avc_netlink_close(void);
Due to a few reasons, SE-PostgreSQL implements its own userspace
avc, so it needs to copy and paste some of avc_internal.c.
This update enables to share common part from such kind of application.
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
/external/selinux/libselinux/src/avc_internal.h
|
| 7ab6b29011dc62b0f344087e1ca4d8cdd2a9e508 |
|
11-Mar-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Netlink socket handoff functions from Adam Jackson.
/external/selinux/libselinux/src/avc_internal.h
|
| eee0f022e44ade05143eeee3748dd78fbd17966b |
|
31-Oct-2008 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Put a proper message type into each message logged by the userspace AVC.
Currently, the message types are defined but not used.
This will allow better separation of messages when logging to facilities
such as libaudit.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/avc_internal.h
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/avc_internal.h
|