HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |DESCRIPTION |SECURITY EVENTS |RETURN VALUE |ERRORS |NOTES |AUTHOR |SEE ALSO |COLOPHON | |
avc_add_callback(3) SELinux API documentationavc_add_callback(3)avc_add_callback - additional event notification for SELinux userspace object managers
#include <selinux/selinux.h>#include <selinux/avc.h>int avc_add_callback(int (*callback)(uint32_tevent,security_id_tssid,security_id_ttsid,security_class_ttclass,access_vector_tperms,access_vector_t*out_retained),uint32_tevents, security_id_tssid,security_id_ttsid, security_class_ttclass,access_vector_tperms);
avc_add_callback() is used to register callback functions on security events. The purpose of this functionality is to allow userspace object managers to take additional action when a policy change, usually a policy reload, causes permissions to be granted or revoked.events is the bitwise-or of security events on which to register the callback; seeSECURITY EVENTSbelow.ssid,tsid,tclass, andperms specify the source and target SID's, target class, and specific permissions that the callback wishes to monitor. The special symbolSECSID_WILDmay be passed as thesource ortarget and will cause any SID to match.callback is the callback function provided by the userspace object manager. Theevent argument indicates the security event which occurred; the remaining arguments are interpreted according to the event as described below. The return value of the callback should be zero on success, -1 on error witherrno set appropriately (but seeRETURN VALUEbelow).
In all cases below,ssid and/ortsid may be set toSECSID_WILD, indicating that the change applies to all source and/or target SID's. Unless otherwise indicated, theout_retained parameter is unused.AVC_CALLBACK_GRANT Previously denied permissions are now granted forssid,tsid with respect totclass.perms indicates the permissions to grant.AVC_CALLBACK_TRY_REVOKE Previously granted permissions are now conditionally revoked forssid,tsid with respect totclass.perms indicates the permissions to revoke. The callback should setout_retained to the subset ofperms which are retained as migrated permissions. Note thatout_retained is ignored if the callback returns -1.AVC_CALLBACK_REVOKE Previously granted permissions are now unconditionally revoked forssid,tsid with respect totclass.perms indicates the permissions to revoke.AVC_CALLBACK_RESET Indicates that the cache was flushed. The SID, class, and permission arguments are unused and are set to NULL.AVC_CALLBACK_AUDITALLOW_ENABLE The permissions given byperms should now be audited when granted forssid,tsid with respect totclass.AVC_CALLBACK_AUDITALLOW_DISABLE The permissions given byperms should no longer be audited when granted forssid,tsid with respect totclass.AVC_CALLBACK_AUDITDENY_ENABLE The permissions given byperms should now be audited when denied forssid,tsid with respect totclass.AVC_CALLBACK_AUDITDENY_DISABLE The permissions given byperms should no longer be audited when denied forssid,tsid with respect totclass.
On success,avc_add_callback() returns zero. On error, -1 is returned anderrno is set appropriately. A return value of -1 from a callback is interpreted as a failed policy operation. If such a return value is encountered, all remaining callbacks registered on the event are called. In threaded mode, the netlink handler thread may then terminate and cause the userspace AVC to returnEINVALon all further permission checks untilavc_destroy(3) is called. In non-threaded mode, the permission check on which the error occurred will return -1 and the value oferrno encountered to the caller. In both cases, a log message is produced and the kernel may be notified of the error.
ENOMEMAn attempt to allocate memory failed.
If the userspace AVC is running in threaded mode, callbacks registered viaavc_add_callback() may be executed in the context of the netlink handler thread. This will likely introduce synchronization issues requiring the use of locks. Seeavc_init(3). Support for dynamic revocation and retained permissions is mostly unimplemented in the SELinux kernel module. The only security event that currently gets exercised isAVC_CALLBACK_RESET.
Eamon Walsh <ewalsh@tycho.nsa.gov>
avc_init(3),avc_has_perm(3),avc_context_to_sid(3),avc_cache_stats(3),security_compute_av(3)selinux(8)
This page is part of theselinux (Security-Enhanced Linux user- space libraries and tools) project. Information about the project can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a bug report for this manual page, see ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/SELinuxProject/selinux⟩ on 2025-08-11. (At that time, the date of the most recent commit that was found in the repository was 2025-08-04.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.org 9 June 2004avc_add_callback(3)Pages that refer to this page:avc_cache_stats(3), avc_context_to_sid(3), avc_has_perm(3), avc_open(3)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |