.\" This manpage has been automatically generated by docbook2man 
.\" from a DocBook document.  This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
.\" Please send any bug reports, improvements, comments, patches, 
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "AVC_AUDIT" "9" "09 October 2005" "" ""

.SH NAME
avc_audit \- Audit the granting or denial of permissions.
.SH SYNOPSIS
"SYNOPSIS"
.sp
\fB
.sp
void avc_audit  (u32 \fIssid\fB, u32 \fItsid\fB, u16 \fItclass\fB, u32 \fIrequested\fB, struct av_decision * \fIavd\fB, int \fIresult\fB, struct avc_audit_data * \fIa\fB);
\fR
.SH "ARGUMENTS"
.TP
\fB\fIssid\fB\fR
source security identifier
.TP
\fB\fItsid\fB\fR
target security identifier
.TP
\fB\fItclass\fB\fR
target security class
.TP
\fB\fIrequested\fB\fR
requested permissions
.TP
\fB\fIavd\fB\fR
access vector decisions
.TP
\fB\fIresult\fB\fR
result from avc_has_perm_noaudit
.TP
\fB\fIa\fB\fR
auxiliary audit data
.SH "DESCRIPTION"
.PP
Audit the granting or denial of permissions in accordance
with the policy.  This function is typically called by
\fBavc_has_perm\fR after a permission check, but can also be
called directly by callers who use \fBavc_has_perm_noaudit\fR
in order to separate the permission check from the auditing.
For example, this separation is useful when the permission check must
be performed under a lock, to allow the lock to be released
before calling the auditing code.