next up previous contents index
Next: 11.3.3 add_callback: Register a Up: 11.3 oskit_avc: AVC Interface Previous: 11.3.1 has_perm_ref: Check permissions

11.3.2 notify_perm_ref: Notify of completed operations

 

SYNOPSIS

#include <oskit/flask/avc.h>

OSKIT_COMDECL oskit_avc_notify_perm_ref(oskit_avc_t *avc, oskit_security_id_t ssid, oskit_security_id_t tsid, oskit_security_class_t tclass, oskit_access_vector_t requested, [in/out] oskit_avc_entry_ref_t *aeref);

DESCRIPTION

The oskit_avc_notify_perm_ref inline function notifies the AVC component that an operation associated with the requested permissions has completed successfully. If any of the requested permissions are in the notify access vector of the corresponding AVC entry, then this function calls the oskit_security_notify_perm interface of the security server to notify the security server that the operation has completed successfully. If aeref refers to a valid AVC entry for the requested permissions, then the referenced entry is used to obtain the notify vector. Otherwise, this function obtains a valid entry and sets aeref to refer to this entry in the same manner as oskit_avc_has_perm_ref.

The object managers call this function to notify the AVC component of operation completion. Object managers may also use a variant of this function, avc_notify_perm, in order to omit the reference parameter.

PARAMETERS

avc
The access vector cache.
ssid
The source SID.
tsid
The target SID.
tclass
The target object class.
requested
The permissions to be checked.
aeref
The reference to an AVC entry.

RETURNS

This function returns 0 if the notification was successful. If the security server returns an error upon a oskit_security_compute_av or a oskit_security_notify_perm call, then this function returns that error. If the security server returns a sequence number that is less than the latest policy change sequence number, then this function discards the security server response and returns OSKIT_EAGAIN.



Utah Flux Research Group