#include <oskit/flask/avc_ss.h>OSKIT_COMDECL oskit_avc_ss_set_auditallow(oskit_avc_ss_t *avc, oskit_security_id_t ssid, oskit_security_id_t tsid, oskit_security_class_t tclass, oskit_access_vector_t perms, oskit_u32_t seqno, oskit_bool_t enable);
The oskit_avc_ss_set_auditallow function enables or disables auditing of granted permissions for a SID pair and class. The wildcard SID, OSKIT_SECSID_WILD, may be used for the ssid and tsid parameters to match all SID values. The enable flag should be 1 to enable auditing and 0 to disable auditing. This function adds or removes, depending on the value of enable, the permissions in perms from the auditallow vector in any matching entries in the cache. It then calls any callbacks registered by an object manager for the OSKIT_AVC_CALLBACK_AUDITALLOW_ENABLE or OSKIT_AVC_CALLBACK_AUDITALLOW_DISABLE event with a matching SID pair, class and permissions. Permission vectors match if they have a non-null intersection. This function updates the latest policy change sequence number to the greater of its current value and the seqno value.
- avc
- The access vector cache.
- ssid
- The source SID.
- tsid
- The target SID.
- tclass
- The target object security class.
- perms
- The permissions.
- seqno
- The sequence number for the policy change.
- enable
- The boolean flag indicating whether to enable or disable.
Returns 0 on success, or an error code specified in <oskit/error.h>, on error.