root/security/selinux/avc.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. selinux_avc_init
  2. avc_get_cache_threshold
  3. avc_set_cache_threshold
  4. avc_hash
  5. avc_init
  6. avc_get_hash_stats
  7. avc_xperms_decision_lookup
  8. avc_xperms_has_perm
  9. avc_xperms_allow_perm
  10. avc_xperms_decision_free
  11. avc_xperms_free
  12. avc_copy_xperms_decision
  13. avc_quick_copy_xperms_decision
  14. avc_xperms_decision_alloc
  15. avc_add_xperms_decision
  16. avc_xperms_alloc
  17. avc_xperms_populate
  18. avc_xperms_audit_required
  19. avc_xperms_audit
  20. avc_node_free
  21. avc_node_delete
  22. avc_node_kill
  23. avc_node_replace
  24. avc_reclaim_node
  25. avc_alloc_node
  26. avc_node_populate
  27. avc_search_node
  28. avc_lookup
  29. avc_latest_notif_update
  30. avc_insert
  31. avc_audit_pre_callback
  32. avc_audit_post_callback
  33. slow_avc_audit
  34. avc_add_callback
  35. avc_update_node
  36. avc_flush
  37. avc_ss_reset
  38. avc_compute_av
  39. avc_denied
  40. avc_has_extended_perms
  41. avc_has_perm_noaudit
  42. avc_has_perm
  43. avc_has_perm_flags
  44. avc_policy_seqno
  45. avc_disable
   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Implementation of the kernel access vector cache (AVC).
   4  *
   5  * Authors:  Stephen Smalley, <sds@tycho.nsa.gov>
   6  *           James Morris <jmorris@redhat.com>
   7  *
   8  * Update:   KaiGai, Kohei <kaigai@ak.jp.nec.com>
   9  *      Replaced the avc_lock spinlock by RCU.
  10  *
  11  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  12  */
  13 #include <linux/types.h>
  14 #include <linux/stddef.h>
  15 #include <linux/kernel.h>
  16 #include <linux/slab.h>
  17 #include <linux/fs.h>
  18 #include <linux/dcache.h>
  19 #include <linux/init.h>
  20 #include <linux/skbuff.h>
  21 #include <linux/percpu.h>
  22 #include <linux/list.h>
  23 #include <net/sock.h>
  24 #include <linux/un.h>
  25 #include <net/af_unix.h>
  26 #include <linux/ip.h>
  27 #include <linux/audit.h>
  28 #include <linux/ipv6.h>
  29 #include <net/ipv6.h>
  30 #include "avc.h"
  31 #include "avc_ss.h"
  32 #include "classmap.h"
  33 
  34 #define AVC_CACHE_SLOTS                 512
  35 #define AVC_DEF_CACHE_THRESHOLD         512
  36 #define AVC_CACHE_RECLAIM               16
  37 
  38 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  39 #define avc_cache_stats_incr(field)     this_cpu_inc(avc_cache_stats.field)
  40 #else
  41 #define avc_cache_stats_incr(field)     do {} while (0)
  42 #endif
  43 
  44 struct avc_entry {
  45         u32                     ssid;
  46         u32                     tsid;
  47         u16                     tclass;
  48         struct av_decision      avd;
  49         struct avc_xperms_node  *xp_node;
  50 };
  51 
  52 struct avc_node {
  53         struct avc_entry        ae;
  54         struct hlist_node       list; /* anchored in avc_cache->slots[i] */
  55         struct rcu_head         rhead;
  56 };
  57 
  58 struct avc_xperms_decision_node {
  59         struct extended_perms_decision xpd;
  60         struct list_head xpd_list; /* list of extended_perms_decision */
  61 };
  62 
  63 struct avc_xperms_node {
  64         struct extended_perms xp;
  65         struct list_head xpd_head; /* list head of extended_perms_decision */
  66 };
  67 
  68 struct avc_cache {
  69         struct hlist_head       slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */
  70         spinlock_t              slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */
  71         atomic_t                lru_hint;       /* LRU hint for reclaim scan */
  72         atomic_t                active_nodes;
  73         u32                     latest_notif;   /* latest revocation notification */
  74 };
  75 
  76 struct avc_callback_node {
  77         int (*callback) (u32 event);
  78         u32 events;
  79         struct avc_callback_node *next;
  80 };
  81 
  82 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  83 DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 };
  84 #endif
  85 
  86 struct selinux_avc {
  87         unsigned int avc_cache_threshold;
  88         struct avc_cache avc_cache;
  89 };
  90 
  91 static struct selinux_avc selinux_avc;
  92 
  93 void selinux_avc_init(struct selinux_avc **avc)
  94 {
  95         int i;
  96 
  97         selinux_avc.avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
  98         for (i = 0; i < AVC_CACHE_SLOTS; i++) {
  99                 INIT_HLIST_HEAD(&selinux_avc.avc_cache.slots[i]);
 100                 spin_lock_init(&selinux_avc.avc_cache.slots_lock[i]);
 101         }
 102         atomic_set(&selinux_avc.avc_cache.active_nodes, 0);
 103         atomic_set(&selinux_avc.avc_cache.lru_hint, 0);
 104         *avc = &selinux_avc;
 105 }
 106 
 107 unsigned int avc_get_cache_threshold(struct selinux_avc *avc)
 108 {
 109         return avc->avc_cache_threshold;
 110 }
 111 
 112 void avc_set_cache_threshold(struct selinux_avc *avc,
 113                              unsigned int cache_threshold)
 114 {
 115         avc->avc_cache_threshold = cache_threshold;
 116 }
 117 
 118 static struct avc_callback_node *avc_callbacks;
 119 static struct kmem_cache *avc_node_cachep;
 120 static struct kmem_cache *avc_xperms_data_cachep;
 121 static struct kmem_cache *avc_xperms_decision_cachep;
 122 static struct kmem_cache *avc_xperms_cachep;
 123 
 124 static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
 125 {
 126         return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1);
 127 }
 128 
 129 /**
 130  * avc_init - Initialize the AVC.
 131  *
 132  * Initialize the access vector cache.
 133  */
 134 void __init avc_init(void)
 135 {
 136         avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
 137                                         0, SLAB_PANIC, NULL);
 138         avc_xperms_cachep = kmem_cache_create("avc_xperms_node",
 139                                         sizeof(struct avc_xperms_node),
 140                                         0, SLAB_PANIC, NULL);
 141         avc_xperms_decision_cachep = kmem_cache_create(
 142                                         "avc_xperms_decision_node",
 143                                         sizeof(struct avc_xperms_decision_node),
 144                                         0, SLAB_PANIC, NULL);
 145         avc_xperms_data_cachep = kmem_cache_create("avc_xperms_data",
 146                                         sizeof(struct extended_perms_data),
 147                                         0, SLAB_PANIC, NULL);
 148 }
 149 
 150 int avc_get_hash_stats(struct selinux_avc *avc, char *page)
 151 {
 152         int i, chain_len, max_chain_len, slots_used;
 153         struct avc_node *node;
 154         struct hlist_head *head;
 155 
 156         rcu_read_lock();
 157 
 158         slots_used = 0;
 159         max_chain_len = 0;
 160         for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 161                 head = &avc->avc_cache.slots[i];
 162                 if (!hlist_empty(head)) {
 163                         slots_used++;
 164                         chain_len = 0;
 165                         hlist_for_each_entry_rcu(node, head, list)
 166                                 chain_len++;
 167                         if (chain_len > max_chain_len)
 168                                 max_chain_len = chain_len;
 169                 }
 170         }
 171 
 172         rcu_read_unlock();
 173 
 174         return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n"
 175                          "longest chain: %d\n",
 176                          atomic_read(&avc->avc_cache.active_nodes),
 177                          slots_used, AVC_CACHE_SLOTS, max_chain_len);
 178 }
 179 
 180 /*
 181  * using a linked list for extended_perms_decision lookup because the list is
 182  * always small. i.e. less than 5, typically 1
 183  */
 184 static struct extended_perms_decision *avc_xperms_decision_lookup(u8 driver,
 185                                         struct avc_xperms_node *xp_node)
 186 {
 187         struct avc_xperms_decision_node *xpd_node;
 188 
 189         list_for_each_entry(xpd_node, &xp_node->xpd_head, xpd_list) {
 190                 if (xpd_node->xpd.driver == driver)
 191                         return &xpd_node->xpd;
 192         }
 193         return NULL;
 194 }
 195 
 196 static inline unsigned int
 197 avc_xperms_has_perm(struct extended_perms_decision *xpd,
 198                                         u8 perm, u8 which)
 199 {
 200         unsigned int rc = 0;
 201 
 202         if ((which == XPERMS_ALLOWED) &&
 203                         (xpd->used & XPERMS_ALLOWED))
 204                 rc = security_xperm_test(xpd->allowed->p, perm);
 205         else if ((which == XPERMS_AUDITALLOW) &&
 206                         (xpd->used & XPERMS_AUDITALLOW))
 207                 rc = security_xperm_test(xpd->auditallow->p, perm);
 208         else if ((which == XPERMS_DONTAUDIT) &&
 209                         (xpd->used & XPERMS_DONTAUDIT))
 210                 rc = security_xperm_test(xpd->dontaudit->p, perm);
 211         return rc;
 212 }
 213 
 214 static void avc_xperms_allow_perm(struct avc_xperms_node *xp_node,
 215                                 u8 driver, u8 perm)
 216 {
 217         struct extended_perms_decision *xpd;
 218         security_xperm_set(xp_node->xp.drivers.p, driver);
 219         xpd = avc_xperms_decision_lookup(driver, xp_node);
 220         if (xpd && xpd->allowed)
 221                 security_xperm_set(xpd->allowed->p, perm);
 222 }
 223 
 224 static void avc_xperms_decision_free(struct avc_xperms_decision_node *xpd_node)
 225 {
 226         struct extended_perms_decision *xpd;
 227 
 228         xpd = &xpd_node->xpd;
 229         if (xpd->allowed)
 230                 kmem_cache_free(avc_xperms_data_cachep, xpd->allowed);
 231         if (xpd->auditallow)
 232                 kmem_cache_free(avc_xperms_data_cachep, xpd->auditallow);
 233         if (xpd->dontaudit)
 234                 kmem_cache_free(avc_xperms_data_cachep, xpd->dontaudit);
 235         kmem_cache_free(avc_xperms_decision_cachep, xpd_node);
 236 }
 237 
 238 static void avc_xperms_free(struct avc_xperms_node *xp_node)
 239 {
 240         struct avc_xperms_decision_node *xpd_node, *tmp;
 241 
 242         if (!xp_node)
 243                 return;
 244 
 245         list_for_each_entry_safe(xpd_node, tmp, &xp_node->xpd_head, xpd_list) {
 246                 list_del(&xpd_node->xpd_list);
 247                 avc_xperms_decision_free(xpd_node);
 248         }
 249         kmem_cache_free(avc_xperms_cachep, xp_node);
 250 }
 251 
 252 static void avc_copy_xperms_decision(struct extended_perms_decision *dest,
 253                                         struct extended_perms_decision *src)
 254 {
 255         dest->driver = src->driver;
 256         dest->used = src->used;
 257         if (dest->used & XPERMS_ALLOWED)
 258                 memcpy(dest->allowed->p, src->allowed->p,
 259                                 sizeof(src->allowed->p));
 260         if (dest->used & XPERMS_AUDITALLOW)
 261                 memcpy(dest->auditallow->p, src->auditallow->p,
 262                                 sizeof(src->auditallow->p));
 263         if (dest->used & XPERMS_DONTAUDIT)
 264                 memcpy(dest->dontaudit->p, src->dontaudit->p,
 265                                 sizeof(src->dontaudit->p));
 266 }
 267 
 268 /*
 269  * similar to avc_copy_xperms_decision, but only copy decision
 270  * information relevant to this perm
 271  */
 272 static inline void avc_quick_copy_xperms_decision(u8 perm,
 273                         struct extended_perms_decision *dest,
 274                         struct extended_perms_decision *src)
 275 {
 276         /*
 277          * compute index of the u32 of the 256 bits (8 u32s) that contain this
 278          * command permission
 279          */
 280         u8 i = perm >> 5;
 281 
 282         dest->used = src->used;
 283         if (dest->used & XPERMS_ALLOWED)
 284                 dest->allowed->p[i] = src->allowed->p[i];
 285         if (dest->used & XPERMS_AUDITALLOW)
 286                 dest->auditallow->p[i] = src->auditallow->p[i];
 287         if (dest->used & XPERMS_DONTAUDIT)
 288                 dest->dontaudit->p[i] = src->dontaudit->p[i];
 289 }
 290 
 291 static struct avc_xperms_decision_node
 292                 *avc_xperms_decision_alloc(u8 which)
 293 {
 294         struct avc_xperms_decision_node *xpd_node;
 295         struct extended_perms_decision *xpd;
 296 
 297         xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
 298         if (!xpd_node)
 299                 return NULL;
 300 
 301         xpd = &xpd_node->xpd;
 302         if (which & XPERMS_ALLOWED) {
 303                 xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
 304                                                 GFP_NOWAIT);
 305                 if (!xpd->allowed)
 306                         goto error;
 307         }
 308         if (which & XPERMS_AUDITALLOW) {
 309                 xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
 310                                                 GFP_NOWAIT);
 311                 if (!xpd->auditallow)
 312                         goto error;
 313         }
 314         if (which & XPERMS_DONTAUDIT) {
 315                 xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
 316                                                 GFP_NOWAIT);
 317                 if (!xpd->dontaudit)
 318                         goto error;
 319         }
 320         return xpd_node;
 321 error:
 322         avc_xperms_decision_free(xpd_node);
 323         return NULL;
 324 }
 325 
 326 static int avc_add_xperms_decision(struct avc_node *node,
 327                         struct extended_perms_decision *src)
 328 {
 329         struct avc_xperms_decision_node *dest_xpd;
 330 
 331         node->ae.xp_node->xp.len++;
 332         dest_xpd = avc_xperms_decision_alloc(src->used);
 333         if (!dest_xpd)
 334                 return -ENOMEM;
 335         avc_copy_xperms_decision(&dest_xpd->xpd, src);
 336         list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head);
 337         return 0;
 338 }
 339 
 340 static struct avc_xperms_node *avc_xperms_alloc(void)
 341 {
 342         struct avc_xperms_node *xp_node;
 343 
 344         xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
 345         if (!xp_node)
 346                 return xp_node;
 347         INIT_LIST_HEAD(&xp_node->xpd_head);
 348         return xp_node;
 349 }
 350 
 351 static int avc_xperms_populate(struct avc_node *node,
 352                                 struct avc_xperms_node *src)
 353 {
 354         struct avc_xperms_node *dest;
 355         struct avc_xperms_decision_node *dest_xpd;
 356         struct avc_xperms_decision_node *src_xpd;
 357 
 358         if (src->xp.len == 0)
 359                 return 0;
 360         dest = avc_xperms_alloc();
 361         if (!dest)
 362                 return -ENOMEM;
 363 
 364         memcpy(dest->xp.drivers.p, src->xp.drivers.p, sizeof(dest->xp.drivers.p));
 365         dest->xp.len = src->xp.len;
 366 
 367         /* for each source xpd allocate a destination xpd and copy */
 368         list_for_each_entry(src_xpd, &src->xpd_head, xpd_list) {
 369                 dest_xpd = avc_xperms_decision_alloc(src_xpd->xpd.used);
 370                 if (!dest_xpd)
 371                         goto error;
 372                 avc_copy_xperms_decision(&dest_xpd->xpd, &src_xpd->xpd);
 373                 list_add(&dest_xpd->xpd_list, &dest->xpd_head);
 374         }
 375         node->ae.xp_node = dest;
 376         return 0;
 377 error:
 378         avc_xperms_free(dest);
 379         return -ENOMEM;
 380 
 381 }
 382 
 383 static inline u32 avc_xperms_audit_required(u32 requested,
 384                                         struct av_decision *avd,
 385                                         struct extended_perms_decision *xpd,
 386                                         u8 perm,
 387                                         int result,
 388                                         u32 *deniedp)
 389 {
 390         u32 denied, audited;
 391 
 392         denied = requested & ~avd->allowed;
 393         if (unlikely(denied)) {
 394                 audited = denied & avd->auditdeny;
 395                 if (audited && xpd) {
 396                         if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT))
 397                                 audited &= ~requested;
 398                 }
 399         } else if (result) {
 400                 audited = denied = requested;
 401         } else {
 402                 audited = requested & avd->auditallow;
 403                 if (audited && xpd) {
 404                         if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW))
 405                                 audited &= ~requested;
 406                 }
 407         }
 408 
 409         *deniedp = denied;
 410         return audited;
 411 }
 412 
 413 static inline int avc_xperms_audit(struct selinux_state *state,
 414                                    u32 ssid, u32 tsid, u16 tclass,
 415                                    u32 requested, struct av_decision *avd,
 416                                    struct extended_perms_decision *xpd,
 417                                    u8 perm, int result,
 418                                    struct common_audit_data *ad)
 419 {
 420         u32 audited, denied;
 421 
 422         audited = avc_xperms_audit_required(
 423                         requested, avd, xpd, perm, result, &denied);
 424         if (likely(!audited))
 425                 return 0;
 426         return slow_avc_audit(state, ssid, tsid, tclass, requested,
 427                         audited, denied, result, ad);
 428 }
 429 
 430 static void avc_node_free(struct rcu_head *rhead)
 431 {
 432         struct avc_node *node = container_of(rhead, struct avc_node, rhead);
 433         avc_xperms_free(node->ae.xp_node);
 434         kmem_cache_free(avc_node_cachep, node);
 435         avc_cache_stats_incr(frees);
 436 }
 437 
 438 static void avc_node_delete(struct selinux_avc *avc, struct avc_node *node)
 439 {
 440         hlist_del_rcu(&node->list);
 441         call_rcu(&node->rhead, avc_node_free);
 442         atomic_dec(&avc->avc_cache.active_nodes);
 443 }
 444 
 445 static void avc_node_kill(struct selinux_avc *avc, struct avc_node *node)
 446 {
 447         avc_xperms_free(node->ae.xp_node);
 448         kmem_cache_free(avc_node_cachep, node);
 449         avc_cache_stats_incr(frees);
 450         atomic_dec(&avc->avc_cache.active_nodes);
 451 }
 452 
 453 static void avc_node_replace(struct selinux_avc *avc,
 454                              struct avc_node *new, struct avc_node *old)
 455 {
 456         hlist_replace_rcu(&old->list, &new->list);
 457         call_rcu(&old->rhead, avc_node_free);
 458         atomic_dec(&avc->avc_cache.active_nodes);
 459 }
 460 
 461 static inline int avc_reclaim_node(struct selinux_avc *avc)
 462 {
 463         struct avc_node *node;
 464         int hvalue, try, ecx;
 465         unsigned long flags;
 466         struct hlist_head *head;
 467         spinlock_t *lock;
 468 
 469         for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
 470                 hvalue = atomic_inc_return(&avc->avc_cache.lru_hint) &
 471                         (AVC_CACHE_SLOTS - 1);
 472                 head = &avc->avc_cache.slots[hvalue];
 473                 lock = &avc->avc_cache.slots_lock[hvalue];
 474 
 475                 if (!spin_trylock_irqsave(lock, flags))
 476                         continue;
 477 
 478                 rcu_read_lock();
 479                 hlist_for_each_entry(node, head, list) {
 480                         avc_node_delete(avc, node);
 481                         avc_cache_stats_incr(reclaims);
 482                         ecx++;
 483                         if (ecx >= AVC_CACHE_RECLAIM) {
 484                                 rcu_read_unlock();
 485                                 spin_unlock_irqrestore(lock, flags);
 486                                 goto out;
 487                         }
 488                 }
 489                 rcu_read_unlock();
 490                 spin_unlock_irqrestore(lock, flags);
 491         }
 492 out:
 493         return ecx;
 494 }
 495 
 496 static struct avc_node *avc_alloc_node(struct selinux_avc *avc)
 497 {
 498         struct avc_node *node;
 499 
 500         node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
 501         if (!node)
 502                 goto out;
 503 
 504         INIT_HLIST_NODE(&node->list);
 505         avc_cache_stats_incr(allocations);
 506 
 507         if (atomic_inc_return(&avc->avc_cache.active_nodes) >
 508             avc->avc_cache_threshold)
 509                 avc_reclaim_node(avc);
 510 
 511 out:
 512         return node;
 513 }
 514 
 515 static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd)
 516 {
 517         node->ae.ssid = ssid;
 518         node->ae.tsid = tsid;
 519         node->ae.tclass = tclass;
 520         memcpy(&node->ae.avd, avd, sizeof(node->ae.avd));
 521 }
 522 
 523 static inline struct avc_node *avc_search_node(struct selinux_avc *avc,
 524                                                u32 ssid, u32 tsid, u16 tclass)
 525 {
 526         struct avc_node *node, *ret = NULL;
 527         int hvalue;
 528         struct hlist_head *head;
 529 
 530         hvalue = avc_hash(ssid, tsid, tclass);
 531         head = &avc->avc_cache.slots[hvalue];
 532         hlist_for_each_entry_rcu(node, head, list) {
 533                 if (ssid == node->ae.ssid &&
 534                     tclass == node->ae.tclass &&
 535                     tsid == node->ae.tsid) {
 536                         ret = node;
 537                         break;
 538                 }
 539         }
 540 
 541         return ret;
 542 }
 543 
 544 /**
 545  * avc_lookup - Look up an AVC entry.
 546  * @ssid: source security identifier
 547  * @tsid: target security identifier
 548  * @tclass: target security class
 549  *
 550  * Look up an AVC entry that is valid for the
 551  * (@ssid, @tsid), interpreting the permissions
 552  * based on @tclass.  If a valid AVC entry exists,
 553  * then this function returns the avc_node.
 554  * Otherwise, this function returns NULL.
 555  */
 556 static struct avc_node *avc_lookup(struct selinux_avc *avc,
 557                                    u32 ssid, u32 tsid, u16 tclass)
 558 {
 559         struct avc_node *node;
 560 
 561         avc_cache_stats_incr(lookups);
 562         node = avc_search_node(avc, ssid, tsid, tclass);
 563 
 564         if (node)
 565                 return node;
 566 
 567         avc_cache_stats_incr(misses);
 568         return NULL;
 569 }
 570 
 571 static int avc_latest_notif_update(struct selinux_avc *avc,
 572                                    int seqno, int is_insert)
 573 {
 574         int ret = 0;
 575         static DEFINE_SPINLOCK(notif_lock);
 576         unsigned long flag;
 577 
 578         spin_lock_irqsave(&notif_lock, flag);
 579         if (is_insert) {
 580                 if (seqno < avc->avc_cache.latest_notif) {
 581                         pr_warn("SELinux: avc:  seqno %d < latest_notif %d\n",
 582                                seqno, avc->avc_cache.latest_notif);
 583                         ret = -EAGAIN;
 584                 }
 585         } else {
 586                 if (seqno > avc->avc_cache.latest_notif)
 587                         avc->avc_cache.latest_notif = seqno;
 588         }
 589         spin_unlock_irqrestore(&notif_lock, flag);
 590 
 591         return ret;
 592 }
 593 
 594 /**
 595  * avc_insert - Insert an AVC entry.
 596  * @ssid: source security identifier
 597  * @tsid: target security identifier
 598  * @tclass: target security class
 599  * @avd: resulting av decision
 600  * @xp_node: resulting extended permissions
 601  *
 602  * Insert an AVC entry for the SID pair
 603  * (@ssid, @tsid) and class @tclass.
 604  * The access vectors and the sequence number are
 605  * normally provided by the security server in
 606  * response to a security_compute_av() call.  If the
 607  * sequence number @avd->seqno is not less than the latest
 608  * revocation notification, then the function copies
 609  * the access vectors into a cache entry, returns
 610  * avc_node inserted. Otherwise, this function returns NULL.
 611  */
 612 static struct avc_node *avc_insert(struct selinux_avc *avc,
 613                                    u32 ssid, u32 tsid, u16 tclass,
 614                                    struct av_decision *avd,
 615                                    struct avc_xperms_node *xp_node)
 616 {
 617         struct avc_node *pos, *node = NULL;
 618         int hvalue;
 619         unsigned long flag;
 620         spinlock_t *lock;
 621         struct hlist_head *head;
 622 
 623         if (avc_latest_notif_update(avc, avd->seqno, 1))
 624                 return NULL;
 625 
 626         node = avc_alloc_node(avc);
 627         if (!node)
 628                 return NULL;
 629 
 630         avc_node_populate(node, ssid, tsid, tclass, avd);
 631         if (avc_xperms_populate(node, xp_node)) {
 632                 avc_node_kill(avc, node);
 633                 return NULL;
 634         }
 635 
 636         hvalue = avc_hash(ssid, tsid, tclass);
 637         head = &avc->avc_cache.slots[hvalue];
 638         lock = &avc->avc_cache.slots_lock[hvalue];
 639         spin_lock_irqsave(lock, flag);
 640         hlist_for_each_entry(pos, head, list) {
 641                 if (pos->ae.ssid == ssid &&
 642                         pos->ae.tsid == tsid &&
 643                         pos->ae.tclass == tclass) {
 644                         avc_node_replace(avc, node, pos);
 645                         goto found;
 646                 }
 647         }
 648         hlist_add_head_rcu(&node->list, head);
 649 found:
 650         spin_unlock_irqrestore(lock, flag);
 651         return node;
 652 }
 653 
 654 /**
 655  * avc_audit_pre_callback - SELinux specific information
 656  * will be called by generic audit code
 657  * @ab: the audit buffer
 658  * @a: audit_data
 659  */
 660 static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 661 {
 662         struct common_audit_data *ad = a;
 663         struct selinux_audit_data *sad = ad->selinux_audit_data;
 664         u32 av = sad->audited;
 665         const char **perms;
 666         int i, perm;
 667 
 668         audit_log_format(ab, "avc:  %s ", sad->denied ? "denied" : "granted");
 669 
 670         if (av == 0) {
 671                 audit_log_format(ab, " null");
 672                 return;
 673         }
 674 
 675         perms = secclass_map[sad->tclass-1].perms;
 676 
 677         audit_log_format(ab, " {");
 678         i = 0;
 679         perm = 1;
 680         while (i < (sizeof(av) * 8)) {
 681                 if ((perm & av) && perms[i]) {
 682                         audit_log_format(ab, " %s", perms[i]);
 683                         av &= ~perm;
 684                 }
 685                 i++;
 686                 perm <<= 1;
 687         }
 688 
 689         if (av)
 690                 audit_log_format(ab, " 0x%x", av);
 691 
 692         audit_log_format(ab, " } for ");
 693 }
 694 
 695 /**
 696  * avc_audit_post_callback - SELinux specific information
 697  * will be called by generic audit code
 698  * @ab: the audit buffer
 699  * @a: audit_data
 700  */
 701 static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 702 {
 703         struct common_audit_data *ad = a;
 704         struct selinux_audit_data *sad = ad->selinux_audit_data;
 705         char *scontext;
 706         u32 scontext_len;
 707         int rc;
 708 
 709         rc = security_sid_to_context(sad->state, sad->ssid, &scontext,
 710                                      &scontext_len);
 711         if (rc)
 712                 audit_log_format(ab, " ssid=%d", sad->ssid);
 713         else {
 714                 audit_log_format(ab, " scontext=%s", scontext);
 715                 kfree(scontext);
 716         }
 717 
 718         rc = security_sid_to_context(sad->state, sad->tsid, &scontext,
 719                                      &scontext_len);
 720         if (rc)
 721                 audit_log_format(ab, " tsid=%d", sad->tsid);
 722         else {
 723                 audit_log_format(ab, " tcontext=%s", scontext);
 724                 kfree(scontext);
 725         }
 726 
 727         audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name);
 728 
 729         if (sad->denied)
 730                 audit_log_format(ab, " permissive=%u", sad->result ? 0 : 1);
 731 
 732         /* in case of invalid context report also the actual context string */
 733         rc = security_sid_to_context_inval(sad->state, sad->ssid, &scontext,
 734                                            &scontext_len);
 735         if (!rc && scontext) {
 736                 if (scontext_len && scontext[scontext_len - 1] == '\0')
 737                         scontext_len--;
 738                 audit_log_format(ab, " srawcon=");
 739                 audit_log_n_untrustedstring(ab, scontext, scontext_len);
 740                 kfree(scontext);
 741         }
 742 
 743         rc = security_sid_to_context_inval(sad->state, sad->tsid, &scontext,
 744                                            &scontext_len);
 745         if (!rc && scontext) {
 746                 if (scontext_len && scontext[scontext_len - 1] == '\0')
 747                         scontext_len--;
 748                 audit_log_format(ab, " trawcon=");
 749                 audit_log_n_untrustedstring(ab, scontext, scontext_len);
 750                 kfree(scontext);
 751         }
 752 }
 753 
 754 /* This is the slow part of avc audit with big stack footprint */
 755 noinline int slow_avc_audit(struct selinux_state *state,
 756                             u32 ssid, u32 tsid, u16 tclass,
 757                             u32 requested, u32 audited, u32 denied, int result,
 758                             struct common_audit_data *a)
 759 {
 760         struct common_audit_data stack_data;
 761         struct selinux_audit_data sad;
 762 
 763         if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map)))
 764                 return -EINVAL;
 765 
 766         if (!a) {
 767                 a = &stack_data;
 768                 a->type = LSM_AUDIT_DATA_NONE;
 769         }
 770 
 771         sad.tclass = tclass;
 772         sad.requested = requested;
 773         sad.ssid = ssid;
 774         sad.tsid = tsid;
 775         sad.audited = audited;
 776         sad.denied = denied;
 777         sad.result = result;
 778         sad.state = state;
 779 
 780         a->selinux_audit_data = &sad;
 781 
 782         common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
 783         return 0;
 784 }
 785 
 786 /**
 787  * avc_add_callback - Register a callback for security events.
 788  * @callback: callback function
 789  * @events: security events
 790  *
 791  * Register a callback function for events in the set @events.
 792  * Returns %0 on success or -%ENOMEM if insufficient memory
 793  * exists to add the callback.
 794  */
 795 int __init avc_add_callback(int (*callback)(u32 event), u32 events)
 796 {
 797         struct avc_callback_node *c;
 798         int rc = 0;
 799 
 800         c = kmalloc(sizeof(*c), GFP_KERNEL);
 801         if (!c) {
 802                 rc = -ENOMEM;
 803                 goto out;
 804         }
 805 
 806         c->callback = callback;
 807         c->events = events;
 808         c->next = avc_callbacks;
 809         avc_callbacks = c;
 810 out:
 811         return rc;
 812 }
 813 
 814 /**
 815  * avc_update_node Update an AVC entry
 816  * @event : Updating event
 817  * @perms : Permission mask bits
 818  * @ssid,@tsid,@tclass : identifier of an AVC entry
 819  * @seqno : sequence number when decision was made
 820  * @xpd: extended_perms_decision to be added to the node
 821  * @flags: the AVC_* flags, e.g. AVC_NONBLOCKING, AVC_EXTENDED_PERMS, or 0.
 822  *
 823  * if a valid AVC entry doesn't exist,this function returns -ENOENT.
 824  * if kmalloc() called internal returns NULL, this function returns -ENOMEM.
 825  * otherwise, this function updates the AVC entry. The original AVC-entry object
 826  * will release later by RCU.
 827  */
 828 static int avc_update_node(struct selinux_avc *avc,
 829                            u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid,
 830                            u32 tsid, u16 tclass, u32 seqno,
 831                            struct extended_perms_decision *xpd,
 832                            u32 flags)
 833 {
 834         int hvalue, rc = 0;
 835         unsigned long flag;
 836         struct avc_node *pos, *node, *orig = NULL;
 837         struct hlist_head *head;
 838         spinlock_t *lock;
 839 
 840         /*
 841          * If we are in a non-blocking code path, e.g. VFS RCU walk,
 842          * then we must not add permissions to a cache entry
 843          * because we will not audit the denial.  Otherwise,
 844          * during the subsequent blocking retry (e.g. VFS ref walk), we
 845          * will find the permissions already granted in the cache entry
 846          * and won't audit anything at all, leading to silent denials in
 847          * permissive mode that only appear when in enforcing mode.
 848          *
 849          * See the corresponding handling of MAY_NOT_BLOCK in avc_audit()
 850          * and selinux_inode_permission().
 851          */
 852         if (flags & AVC_NONBLOCKING)
 853                 return 0;
 854 
 855         node = avc_alloc_node(avc);
 856         if (!node) {
 857                 rc = -ENOMEM;
 858                 goto out;
 859         }
 860 
 861         /* Lock the target slot */
 862         hvalue = avc_hash(ssid, tsid, tclass);
 863 
 864         head = &avc->avc_cache.slots[hvalue];
 865         lock = &avc->avc_cache.slots_lock[hvalue];
 866 
 867         spin_lock_irqsave(lock, flag);
 868 
 869         hlist_for_each_entry(pos, head, list) {
 870                 if (ssid == pos->ae.ssid &&
 871                     tsid == pos->ae.tsid &&
 872                     tclass == pos->ae.tclass &&
 873                     seqno == pos->ae.avd.seqno){
 874                         orig = pos;
 875                         break;
 876                 }
 877         }
 878 
 879         if (!orig) {
 880                 rc = -ENOENT;
 881                 avc_node_kill(avc, node);
 882                 goto out_unlock;
 883         }
 884 
 885         /*
 886          * Copy and replace original node.
 887          */
 888 
 889         avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd);
 890 
 891         if (orig->ae.xp_node) {
 892                 rc = avc_xperms_populate(node, orig->ae.xp_node);
 893                 if (rc) {
 894                         avc_node_kill(avc, node);
 895                         goto out_unlock;
 896                 }
 897         }
 898 
 899         switch (event) {
 900         case AVC_CALLBACK_GRANT:
 901                 node->ae.avd.allowed |= perms;
 902                 if (node->ae.xp_node && (flags & AVC_EXTENDED_PERMS))
 903                         avc_xperms_allow_perm(node->ae.xp_node, driver, xperm);
 904                 break;
 905         case AVC_CALLBACK_TRY_REVOKE:
 906         case AVC_CALLBACK_REVOKE:
 907                 node->ae.avd.allowed &= ~perms;
 908                 break;
 909         case AVC_CALLBACK_AUDITALLOW_ENABLE:
 910                 node->ae.avd.auditallow |= perms;
 911                 break;
 912         case AVC_CALLBACK_AUDITALLOW_DISABLE:
 913                 node->ae.avd.auditallow &= ~perms;
 914                 break;
 915         case AVC_CALLBACK_AUDITDENY_ENABLE:
 916                 node->ae.avd.auditdeny |= perms;
 917                 break;
 918         case AVC_CALLBACK_AUDITDENY_DISABLE:
 919                 node->ae.avd.auditdeny &= ~perms;
 920                 break;
 921         case AVC_CALLBACK_ADD_XPERMS:
 922                 avc_add_xperms_decision(node, xpd);
 923                 break;
 924         }
 925         avc_node_replace(avc, node, orig);
 926 out_unlock:
 927         spin_unlock_irqrestore(lock, flag);
 928 out:
 929         return rc;
 930 }
 931 
 932 /**
 933  * avc_flush - Flush the cache
 934  */
 935 static void avc_flush(struct selinux_avc *avc)
 936 {
 937         struct hlist_head *head;
 938         struct avc_node *node;
 939         spinlock_t *lock;
 940         unsigned long flag;
 941         int i;
 942 
 943         for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 944                 head = &avc->avc_cache.slots[i];
 945                 lock = &avc->avc_cache.slots_lock[i];
 946 
 947                 spin_lock_irqsave(lock, flag);
 948                 /*
 949                  * With preemptable RCU, the outer spinlock does not
 950                  * prevent RCU grace periods from ending.
 951                  */
 952                 rcu_read_lock();
 953                 hlist_for_each_entry(node, head, list)
 954                         avc_node_delete(avc, node);
 955                 rcu_read_unlock();
 956                 spin_unlock_irqrestore(lock, flag);
 957         }
 958 }
 959 
 960 /**
 961  * avc_ss_reset - Flush the cache and revalidate migrated permissions.
 962  * @seqno: policy sequence number
 963  */
 964 int avc_ss_reset(struct selinux_avc *avc, u32 seqno)
 965 {
 966         struct avc_callback_node *c;
 967         int rc = 0, tmprc;
 968 
 969         avc_flush(avc);
 970 
 971         for (c = avc_callbacks; c; c = c->next) {
 972                 if (c->events & AVC_CALLBACK_RESET) {
 973                         tmprc = c->callback(AVC_CALLBACK_RESET);
 974                         /* save the first error encountered for the return
 975                            value and continue processing the callbacks */
 976                         if (!rc)
 977                                 rc = tmprc;
 978                 }
 979         }
 980 
 981         avc_latest_notif_update(avc, seqno, 0);
 982         return rc;
 983 }
 984 
 985 /*
 986  * Slow-path helper function for avc_has_perm_noaudit,
 987  * when the avc_node lookup fails. We get called with
 988  * the RCU read lock held, and need to return with it
 989  * still held, but drop if for the security compute.
 990  *
 991  * Don't inline this, since it's the slow-path and just
 992  * results in a bigger stack frame.
 993  */
 994 static noinline
 995 struct avc_node *avc_compute_av(struct selinux_state *state,
 996                                 u32 ssid, u32 tsid,
 997                                 u16 tclass, struct av_decision *avd,
 998                                 struct avc_xperms_node *xp_node)
 999 {
1000         rcu_read_unlock();
1001         INIT_LIST_HEAD(&xp_node->xpd_head);
1002         security_compute_av(state, ssid, tsid, tclass, avd, &xp_node->xp);
1003         rcu_read_lock();
1004         return avc_insert(state->avc, ssid, tsid, tclass, avd, xp_node);
1005 }
1006 
1007 static noinline int avc_denied(struct selinux_state *state,
1008                                u32 ssid, u32 tsid,
1009                                u16 tclass, u32 requested,
1010                                u8 driver, u8 xperm, unsigned int flags,
1011                                struct av_decision *avd)
1012 {
1013         if (flags & AVC_STRICT)
1014                 return -EACCES;
1015 
1016         if (enforcing_enabled(state) &&
1017             !(avd->flags & AVD_FLAGS_PERMISSIVE))
1018                 return -EACCES;
1019 
1020         avc_update_node(state->avc, AVC_CALLBACK_GRANT, requested, driver,
1021                         xperm, ssid, tsid, tclass, avd->seqno, NULL, flags);
1022         return 0;
1023 }
1024 
1025 /*
1026  * The avc extended permissions logic adds an additional 256 bits of
1027  * permissions to an avc node when extended permissions for that node are
1028  * specified in the avtab. If the additional 256 permissions is not adequate,
1029  * as-is the case with ioctls, then multiple may be chained together and the
1030  * driver field is used to specify which set contains the permission.
1031  */
1032 int avc_has_extended_perms(struct selinux_state *state,
1033                            u32 ssid, u32 tsid, u16 tclass, u32 requested,
1034                            u8 driver, u8 xperm, struct common_audit_data *ad)
1035 {
1036         struct avc_node *node;
1037         struct av_decision avd;
1038         u32 denied;
1039         struct extended_perms_decision local_xpd;
1040         struct extended_perms_decision *xpd = NULL;
1041         struct extended_perms_data allowed;
1042         struct extended_perms_data auditallow;
1043         struct extended_perms_data dontaudit;
1044         struct avc_xperms_node local_xp_node;
1045         struct avc_xperms_node *xp_node;
1046         int rc = 0, rc2;
1047 
1048         xp_node = &local_xp_node;
1049         if (WARN_ON(!requested))
1050                 return -EACCES;
1051 
1052         rcu_read_lock();
1053 
1054         node = avc_lookup(state->avc, ssid, tsid, tclass);
1055         if (unlikely(!node)) {
1056                 node = avc_compute_av(state, ssid, tsid, tclass, &avd, xp_node);
1057         } else {
1058                 memcpy(&avd, &node->ae.avd, sizeof(avd));
1059                 xp_node = node->ae.xp_node;
1060         }
1061         /* if extended permissions are not defined, only consider av_decision */
1062         if (!xp_node || !xp_node->xp.len)
1063                 goto decision;
1064 
1065         local_xpd.allowed = &allowed;
1066         local_xpd.auditallow = &auditallow;
1067         local_xpd.dontaudit = &dontaudit;
1068 
1069         xpd = avc_xperms_decision_lookup(driver, xp_node);
1070         if (unlikely(!xpd)) {
1071                 /*
1072                  * Compute the extended_perms_decision only if the driver
1073                  * is flagged
1074                  */
1075                 if (!security_xperm_test(xp_node->xp.drivers.p, driver)) {
1076                         avd.allowed &= ~requested;
1077                         goto decision;
1078                 }
1079                 rcu_read_unlock();
1080                 security_compute_xperms_decision(state, ssid, tsid, tclass,
1081                                                  driver, &local_xpd);
1082                 rcu_read_lock();
1083                 avc_update_node(state->avc, AVC_CALLBACK_ADD_XPERMS, requested,
1084                                 driver, xperm, ssid, tsid, tclass, avd.seqno,
1085                                 &local_xpd, 0);
1086         } else {
1087                 avc_quick_copy_xperms_decision(xperm, &local_xpd, xpd);
1088         }
1089         xpd = &local_xpd;
1090 
1091         if (!avc_xperms_has_perm(xpd, xperm, XPERMS_ALLOWED))
1092                 avd.allowed &= ~requested;
1093 
1094 decision:
1095         denied = requested & ~(avd.allowed);
1096         if (unlikely(denied))
1097                 rc = avc_denied(state, ssid, tsid, tclass, requested,
1098                                 driver, xperm, AVC_EXTENDED_PERMS, &avd);
1099 
1100         rcu_read_unlock();
1101 
1102         rc2 = avc_xperms_audit(state, ssid, tsid, tclass, requested,
1103                         &avd, xpd, xperm, rc, ad);
1104         if (rc2)
1105                 return rc2;
1106         return rc;
1107 }
1108 
1109 /**
1110  * avc_has_perm_noaudit - Check permissions but perform no auditing.
1111  * @ssid: source security identifier
1112  * @tsid: target security identifier
1113  * @tclass: target security class
1114  * @requested: requested permissions, interpreted based on @tclass
1115  * @flags:  AVC_STRICT, AVC_NONBLOCKING, or 0
1116  * @avd: access vector decisions
1117  *
1118  * Check the AVC to determine whether the @requested permissions are granted
1119  * for the SID pair (@ssid, @tsid), interpreting the permissions
1120  * based on @tclass, and call the security server on a cache miss to obtain
1121  * a new decision and add it to the cache.  Return a copy of the decisions
1122  * in @avd.  Return %0 if all @requested permissions are granted,
1123  * -%EACCES if any permissions are denied, or another -errno upon
1124  * other errors.  This function is typically called by avc_has_perm(),
1125  * but may also be called directly to separate permission checking from
1126  * auditing, e.g. in cases where a lock must be held for the check but
1127  * should be released for the auditing.
1128  */
1129 inline int avc_has_perm_noaudit(struct selinux_state *state,
1130                                 u32 ssid, u32 tsid,
1131                                 u16 tclass, u32 requested,
1132                                 unsigned int flags,
1133                                 struct av_decision *avd)
1134 {
1135         struct avc_node *node;
1136         struct avc_xperms_node xp_node;
1137         int rc = 0;
1138         u32 denied;
1139 
1140         if (WARN_ON(!requested))
1141                 return -EACCES;
1142 
1143         rcu_read_lock();
1144 
1145         node = avc_lookup(state->avc, ssid, tsid, tclass);
1146         if (unlikely(!node))
1147                 node = avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node);
1148         else
1149                 memcpy(avd, &node->ae.avd, sizeof(*avd));
1150 
1151         denied = requested & ~(avd->allowed);
1152         if (unlikely(denied))
1153                 rc = avc_denied(state, ssid, tsid, tclass, requested, 0, 0,
1154                                 flags, avd);
1155 
1156         rcu_read_unlock();
1157         return rc;
1158 }
1159 
1160 /**
1161  * avc_has_perm - Check permissions and perform any appropriate auditing.
1162  * @ssid: source security identifier
1163  * @tsid: target security identifier
1164  * @tclass: target security class
1165  * @requested: requested permissions, interpreted based on @tclass
1166  * @auditdata: auxiliary audit data
1167  *
1168  * Check the AVC to determine whether the @requested permissions are granted
1169  * for the SID pair (@ssid, @tsid), interpreting the permissions
1170  * based on @tclass, and call the security server on a cache miss to obtain
1171  * a new decision and add it to the cache.  Audit the granting or denial of
1172  * permissions in accordance with the policy.  Return %0 if all @requested
1173  * permissions are granted, -%EACCES if any permissions are denied, or
1174  * another -errno upon other errors.
1175  */
1176 int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
1177                  u32 requested, struct common_audit_data *auditdata)
1178 {
1179         struct av_decision avd;
1180         int rc, rc2;
1181 
1182         rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, 0,
1183                                   &avd);
1184 
1185         rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
1186                         auditdata, 0);
1187         if (rc2)
1188                 return rc2;
1189         return rc;
1190 }
1191 
1192 int avc_has_perm_flags(struct selinux_state *state,
1193                        u32 ssid, u32 tsid, u16 tclass, u32 requested,
1194                        struct common_audit_data *auditdata,
1195                        int flags)
1196 {
1197         struct av_decision avd;
1198         int rc, rc2;
1199 
1200         rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested,
1201                                   (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,
1202                                   &avd);
1203 
1204         rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
1205                         auditdata, flags);
1206         if (rc2)
1207                 return rc2;
1208         return rc;
1209 }
1210 
1211 u32 avc_policy_seqno(struct selinux_state *state)
1212 {
1213         return state->avc->avc_cache.latest_notif;
1214 }
1215 
1216 void avc_disable(void)
1217 {
1218         /*
1219          * If you are looking at this because you have realized that we are
1220          * not destroying the avc_node_cachep it might be easy to fix, but
1221          * I don't know the memory barrier semantics well enough to know.  It's
1222          * possible that some other task dereferenced security_ops when
1223          * it still pointed to selinux operations.  If that is the case it's
1224          * possible that it is about to use the avc and is about to need the
1225          * avc_node_cachep.  I know I could wrap the security.c security_ops call
1226          * in an rcu_lock, but seriously, it's not worth it.  Instead I just flush
1227          * the cache and get that memory back.
1228          */
1229         if (avc_node_cachep) {
1230                 avc_flush(selinux_state.avc);
1231                 /* kmem_cache_destroy(avc_node_cachep); */
1232         }
1233 }
/* [<][>][^][v][top][bottom][index][help] */