/* Initialize the user space access vector cache (AVC) for NSCD along with
log/thread/lock callbacks. */
void
nscd_avc_init (void)
{
avc_entry_ref_init (&aeref);
if (avc_init ("avc", NULL, &log_cb, &thread_cb, &lock_cb) < 0)
error (EXIT_FAILURE, errno, _("Failed to start AVC"));
else
dbg_log (_("Access Vector Cache (AVC) started"));
#ifdef HAVE_LIBAUDIT
audit_init ();
#endif
}
bool
mselinux_init(selinux_engine_t *se)
{
union selinux_callback selinux_cb;
if (!se->config.selinux)
return true;
/*
* Is the platform support SELinux?
*/
if (is_selinux_enabled() == 1)
{
se->info.features[se->info.num_features++].feature
= ENGINE_FEATURE_ACCESS_CONTROL;
}
else
{
se->config.selinux = false;
return true;
}
/*
* Memcached callback
*/
se->server.callback->register_callback((ENGINE_HANDLE *)se,
ON_CONNECT,
mselinux_on_connect, se);
/*
* Set up userspace access vector
*/
if (avc_init(NULL,
NULL,
&avc_log_cb,
NULL,
&avc_lock_cb) < 0)
return false;
selinux_cb.func_policyload = mavc_cb_policyload;
selinux_set_callback(SELINUX_CB_POLICYLOAD, selinux_cb);
mavc_cb_policyload(0);
if (pthread_create(&se->thread, NULL,
mavc_netlink_worker, NULL) != 0)
{
avc_destroy();
return false;
}
return true;
}
void init_avc(void)
{
if (!is_selinux_enabled()) {
DBG_log("selinux support is NOT enabled.");
return;
} else {
DBG_log("selinux support is enabled.");
}
if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0)
selinux_ready = 1;
else
DBG_log("selinux: could not initialize avc.");
}
