next up previous contents index
Next: 11.4.6 set_auditdeny: Enable or Up: 11.4 oskit_avc_ss: AVC Interface Previous: 11.4.4 reset: Reset the

11.4.5 set_auditallow: Enable or disable the auditing of granted permissions

 

SYNOPSIS

#include <oskit/flask/avc_ss.h>

OSKIT_COMDECL oskit_avc_ss_set_auditallow(oskit_avc_ss_t *avc, oskit_security_id_t ssid, oskit_security_id_t tsid, oskit_security_class_t tclass, oskit_access_vector_t perms, oskit_u32_t seqno, oskit_bool_t enable);

DESCRIPTION

The oskit_avc_ss_set_auditallow function enables or disables auditing of granted permissions for a SID pair and class. The wildcard SID, OSKIT_SECSID_WILD, may be used for the ssid and tsid parameters to match all SID values. The enable flag should be 1 to enable auditing and 0 to disable auditing. This function adds or removes, depending on the value of enable, the permissions in perms from the auditallow vector in any matching entries in the cache. It then calls any callbacks registered by an object manager for the OSKIT_AVC_CALLBACK_AUDITALLOW_ENABLE or OSKIT_AVC_CALLBACK_AUDITALLOW_DISABLE event with a matching SID pair, class and permissions. Permission vectors match if they have a non-null intersection. This function updates the latest policy change sequence number to the greater of its current value and the seqno value.

PARAMETERS

avc
The access vector cache.
ssid
The source SID.
tsid
The target SID.
tclass
The target object security class.
perms
The permissions.
seqno
The sequence number for the policy change.
enable
The boolean flag indicating whether to enable or disable.

RETURNS

Returns 0 on success, or an error code specified in <oskit/error.h>, on error.



Utah Flux Research Group