Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
SELINUX_CB_LOG "int (*" func_log ") (int " type ", const char *" fmt ", ...);" This callback is used for logging and should process the printf (3) style fmt string and arguments as appropriate. The type argument indicates the type of message and will be set to one of the following: SELINUX_ERROR SELINUX_WARNING SELINUX_INFO SELINUX_AVC .
SELINUX_CB_AUDIT "int (*" func_audit ") (void *" auditdata ", security_class_t " cls , "char *" msgbuf ", size_t " msgbufsize ");" This callback is used for supplemental auditing in AVC messages. The auditdata and cls arguments are the values passed to avc_has_perm (3). A human-readable interpretation should be printed to msgbuf using no more than msgbufsize characters. .
SELINUX_CB_VALIDATE "int (*" func_validate ") (char **" ctx ");" This callback is used for context validation. The callback may optionally modify the input context by setting the target of the ctx pointer to a new context. In this case, the old value should be freed with freecon (3). The value of errno should be set to EINVAL to indicate an invalid context. .
SELINUX_CB_SETENFORCE "int (*" func_setenforce ") (int " enforcing ");" This callback is invoked when the system enforcing state changes. The enforcing argument indicates the new value and is set to 1 for enforcing mode, and 0 for permissive mode. .
SELINUX_CB_POLICYLOAD "int (*" func_policyload ") (int " seqno ");" This callback is invoked when the system security policy is reloaded. The seqno argument is the current sequential number of the policy generation in the system. .