avc_open() initializes the userspace AVC and must be called before
any other AVC operation can be performed.
avc_destroy() destroys the userspace AVC, freeing all internal memory
structures. After this call has been made, avc_open() must be called
again before any AVC operations can be performed.
avc_reset() flushes the userspace AVC, causing it to forget any
cached access decisions. The userspace AVC normally calls this
function automatically when needed, see NETLINK NOTIFICATION below.
avc_cleanup() attempts to free unused memory within the userspace
AVC, but does not flush any cached access decisions. Under normal
operation, calling this function should not be necessary.
The userspace AVC obeys callbacks set via selinux_set_callback(3), in
particular the logging and audit callbacks.
The options which may be passed to avc_open() include the following:
This option forces the userspace AVC into enforcing mode if
the option value is non-NULL; permissive mode otherwise. The
system enforcing mode will be ignored.
Beginning with version 2.6.4, the Linux kernel supports SELinux
status change notification via netlink. Two message types are
currently implemented, indicating changes to the enforcing mode and
to the loaded policy in the kernel, respectively. The userspace AVC
listens for these messages and takes the appropriate action,
modifying the behavior of avc_has_perm(3) to reflect the current
enforcing mode and flushing the cache on receipt of a policy load
notification. Audit messages are produced when netlink notifications
This page is part of the selinux (Security-Enhanced Linux user-space
libraries and tools) project. Information about the project can be
found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you
have a bug report for this manual page, see
page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2017-03-13. If you
discover any rendering problems in this HTML version of the page, or
you believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
12 Jun 2008 avc_open(3)