PostgreSQL Source Code  git master
uavc.c File Reference
#include "postgres.h"
#include "catalog/pg_proc.h"
#include "commands/seclabel.h"
#include "common/hashfn.h"
#include "sepgsql.h"
#include "storage/ipc.h"
#include "utils/guc.h"
#include "utils/memutils.h"
Include dependency graph for uavc.c:

Go to the source code of this file.

Data Structures

struct  avc_cache
 

Macros

#define AVC_NUM_SLOTS   512
 
#define AVC_NUM_RECLAIM   16
 
#define AVC_DEF_THRESHOLD   384
 

Functions

static uint32 sepgsql_avc_hash (const char *scontext, const char *tcontext, uint16 tclass)
 
static void sepgsql_avc_reset (void)
 
static void sepgsql_avc_reclaim (void)
 
static bool sepgsql_avc_check_valid (void)
 
static char * sepgsql_avc_unlabeled (void)
 
static avc_cachesepgsql_avc_compute (const char *scontext, const char *tcontext, uint16 tclass)
 
static avc_cachesepgsql_avc_lookup (const char *scontext, const char *tcontext, uint16 tclass)
 
bool sepgsql_avc_check_perms_label (const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
bool sepgsql_avc_check_perms (const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
char * sepgsql_avc_trusted_proc (Oid functionId)
 
static void sepgsql_avc_exit (int code, Datum arg)
 
void sepgsql_avc_init (void)
 

Variables

static MemoryContext avc_mem_cxt
 
static Listavc_slots [AVC_NUM_SLOTS]
 
static int avc_num_caches
 
static int avc_lru_hint
 
static int avc_threshold
 
static char * avc_unlabeled
 

Macro Definition Documentation

◆ AVC_DEF_THRESHOLD

#define AVC_DEF_THRESHOLD   384

Definition at line 54 of file uavc.c.

◆ AVC_NUM_RECLAIM

#define AVC_NUM_RECLAIM   16

Definition at line 53 of file uavc.c.

◆ AVC_NUM_SLOTS

#define AVC_NUM_SLOTS   512

Definition at line 52 of file uavc.c.

Function Documentation

◆ sepgsql_avc_check_perms()

bool sepgsql_avc_check_perms ( const ObjectAddress tobject,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 420 of file uavc.c.

424 {
425  char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
426  bool rc;
427 
428  rc = sepgsql_avc_check_perms_label(tcontext,
429  tclass, required,
430  audit_name, abort_on_violation);
431  if (tcontext)
432  pfree(tcontext);
433 
434  return rc;
435 }
void pfree(void *pointer)
Definition: mcxt.c:1521
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:272
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337

References GetSecurityLabel(), pfree(), generate_unaccent_rules::required, sepgsql_avc_check_perms_label(), and SEPGSQL_LABEL_TAG.

Referenced by check_relation_privileges(), check_schema_perms(), sepgsql_attribute_drop(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_database_drop(), sepgsql_database_relabel(), sepgsql_database_setattr(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_proc_setattr(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_relation_setattr(), sepgsql_relation_truncate(), sepgsql_schema_drop(), and sepgsql_schema_relabel().

◆ sepgsql_avc_check_perms_label()

bool sepgsql_avc_check_perms_label ( const char *  tcontext,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 337 of file uavc.c.

341 {
342  char *scontext = sepgsql_get_client_label();
343  avc_cache *cache;
344  uint32 denied;
345  uint32 audited;
346  bool result;
347 
349  do
350  {
351  result = true;
352 
353  /*
354  * If the target object is unlabeled, we perform the check using the
355  * label supplied by sepgsql_avc_unlabeled().
356  */
357  if (tcontext)
358  cache = sepgsql_avc_lookup(scontext, tcontext, tclass);
359  else
360  cache = sepgsql_avc_lookup(scontext,
361  sepgsql_avc_unlabeled(), tclass);
362 
363  denied = required & ~cache->allowed;
364 
365  /*
366  * Compute permissions to be audited
367  */
369  audited = (denied ? (denied & ~0) : (required & ~0));
370  else
371  audited = denied ? (denied & cache->auditdeny)
372  : (required & cache->auditallow);
373 
374  if (denied)
375  {
376  /*
377  * In permissive mode or permissive domain, violated permissions
378  * shall be audited to the log files at once, and then implicitly
379  * allowed to avoid a flood of access denied logs, because the
380  * purpose of permissive mode/domain is to collect a violation log
381  * that will make it possible to fix up the security policy.
382  */
383  if (!sepgsql_getenforce() || cache->permissive)
384  cache->allowed |= required;
385  else
386  result = false;
387  }
388  } while (!sepgsql_avc_check_valid());
389 
390  /*
391  * In the case when we have something auditable actions here,
392  * sepgsql_audit_log shall be called with text representation of security
393  * labels for both of subject and object. It records this access
394  * violation, so DBA will be able to find out unexpected security problems
395  * later.
396  */
397  if (audited != 0 &&
398  audit_name != SEPGSQL_AVC_NOAUDIT &&
400  {
401  sepgsql_audit_log(denied != 0,
402  (sepgsql_getenforce() && !cache->permissive),
403  cache->scontext,
404  cache->tcontext_is_valid ?
405  cache->tcontext : sepgsql_avc_unlabeled(),
406  cache->tclass,
407  audited,
408  audit_name);
409  }
410 
411  if (abort_on_violation && !result)
412  ereport(ERROR,
413  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
414  errmsg("SELinux: security policy violation")));
415 
416  return result;
417 }
unsigned int uint32
Definition: c.h:509
int errcode(int sqlerrcode)
Definition: elog.c:853
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
bool sepgsql_get_debug_audit(void)
Definition: hooks.c:74
char * sepgsql_get_client_label(void)
Definition: label.c:80
int sepgsql_get_mode(void)
Definition: selinux.c:625
void sepgsql_audit_log(bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:678
bool sepgsql_getenforce(void)
Definition: selinux.c:651
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30
#define SEPGSQL_AVC_NOAUDIT
Definition: sepgsql.h:250
Definition: uavc.c:31
uint16 tclass
Definition: uavc.c:35
uint32 allowed
Definition: uavc.c:37
uint32 auditdeny
Definition: uavc.c:39
char * scontext
Definition: uavc.c:33
char * tcontext
Definition: uavc.c:34
bool tcontext_is_valid
Definition: uavc.c:43
bool permissive
Definition: uavc.c:41
uint32 auditallow
Definition: uavc.c:38
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:170
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:152
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:297

References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, ereport, errcode(), errmsg(), ERROR, avc_cache::permissive, generate_unaccent_rules::required, avc_cache::scontext, sepgsql_audit_log(), sepgsql_avc_check_valid(), sepgsql_avc_lookup(), SEPGSQL_AVC_NOAUDIT, sepgsql_avc_unlabeled(), sepgsql_get_client_label(), sepgsql_get_debug_audit(), sepgsql_get_mode(), sepgsql_getenforce(), SEPGSQL_MODE_INTERNAL, avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.

Referenced by sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_avc_check_perms(), sepgsql_database_post_create(), sepgsql_database_relabel(), sepgsql_fmgr_hook(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_schema_post_create(), sepgsql_schema_relabel(), and sepgsql_set_client_label().

◆ sepgsql_avc_check_valid()

static bool sepgsql_avc_check_valid ( void  )
static

Definition at line 152 of file uavc.c.

153 {
154  if (selinux_status_updated() > 0)
155  {
157 
158  return false;
159  }
160  return true;
161 }
static void sepgsql_avc_reset(void)
Definition: uavc.c:78

References sepgsql_avc_reset().

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_avc_trusted_proc().

◆ sepgsql_avc_compute()

static avc_cache* sepgsql_avc_compute ( const char *  scontext,
const char *  tcontext,
uint16  tclass 
)
static

Definition at line 200 of file uavc.c.

201 {
202  char *ucontext = NULL;
203  char *ncontext = NULL;
204  MemoryContext oldctx;
205  avc_cache *cache;
206  uint32 hash;
207  int index;
208  struct av_decision avd;
209 
210  hash = sepgsql_avc_hash(scontext, tcontext, tclass);
212 
213  /*
214  * Validation check of the supplied security context. Because it always
215  * invoke system-call, frequent check should be avoided. Unless security
216  * policy is reloaded, validation status shall be kept, so we also cache
217  * whether the supplied security context was valid, or not.
218  */
219  if (security_check_context_raw(tcontext) != 0)
220  ucontext = sepgsql_avc_unlabeled();
221 
222  /*
223  * Ask SELinux its access control decision
224  */
225  if (!ucontext)
226  sepgsql_compute_avd(scontext, tcontext, tclass, &avd);
227  else
228  sepgsql_compute_avd(scontext, ucontext, tclass, &avd);
229 
230  /*
231  * It also caches a security label to be switched when a client labeled as
232  * 'scontext' executes a procedure labeled as 'tcontext', not only access
233  * control decision on the procedure. The security label to be switched
234  * shall be computed uniquely on a pair of 'scontext' and 'tcontext',
235  * thus, it is reasonable to cache the new label on avc, and enables to
236  * reduce unnecessary system calls. It shall be referenced at
237  * sepgsql_needs_fmgr_hook to check whether the supplied function is a
238  * trusted procedure, or not.
239  */
240  if (tclass == SEPG_CLASS_DB_PROCEDURE)
241  {
242  if (!ucontext)
243  ncontext = sepgsql_compute_create(scontext, tcontext,
244  SEPG_CLASS_PROCESS, NULL);
245  else
246  ncontext = sepgsql_compute_create(scontext, ucontext,
247  SEPG_CLASS_PROCESS, NULL);
248  if (strcmp(scontext, ncontext) == 0)
249  {
250  pfree(ncontext);
251  ncontext = NULL;
252  }
253  }
254 
255  /*
256  * Set up an avc_cache object
257  */
259 
260  cache = palloc0(sizeof(avc_cache));
261 
262  cache->hash = hash;
263  cache->scontext = pstrdup(scontext);
264  cache->tcontext = pstrdup(tcontext);
265  cache->tclass = tclass;
266 
267  cache->allowed = avd.allowed;
268  cache->auditallow = avd.auditallow;
269  cache->auditdeny = avd.auditdeny;
270  cache->hot_cache = true;
271  if (avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE)
272  cache->permissive = true;
273  if (!ucontext)
274  cache->tcontext_is_valid = true;
275  if (ncontext)
276  cache->ncontext = pstrdup(ncontext);
277 
278  avc_num_caches++;
279 
282 
283  avc_slots[index] = lcons(cache, avc_slots[index]);
284 
285  MemoryContextSwitchTo(oldctx);
286 
287  return cache;
288 }
List * lcons(void *datum, List *list)
Definition: list.c:495
char * pstrdup(const char *in)
Definition: mcxt.c:1696
void * palloc0(Size size)
Definition: mcxt.c:1347
MemoryContextSwitchTo(old_ctx)
static unsigned hash(unsigned *uv, int n)
Definition: rege_dfa.c:715
void sepgsql_compute_avd(const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
Definition: selinux.c:739
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:842
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPG_CLASS_PROCESS
Definition: sepgsql.h:36
char * ncontext
Definition: uavc.c:45
uint32 hash
Definition: uavc.c:32
bool hot_cache
Definition: uavc.c:42
Definition: type.h:95
static uint32 sepgsql_avc_hash(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:67
static void sepgsql_avc_reclaim(void)
Definition: uavc.c:92
static int avc_threshold
Definition: uavc.c:60
#define AVC_NUM_SLOTS
Definition: uavc.c:52
static MemoryContext avc_mem_cxt
Definition: uavc.c:56
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:57
static int avc_num_caches
Definition: uavc.c:58

References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, avc_mem_cxt, avc_num_caches, AVC_NUM_SLOTS, avc_slots, avc_threshold, avc_cache::hash, hash(), avc_cache::hot_cache, lcons(), MemoryContextSwitchTo(), avc_cache::ncontext, palloc0(), avc_cache::permissive, pfree(), pstrdup(), avc_cache::scontext, SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_PROCESS, sepgsql_avc_hash(), sepgsql_avc_reclaim(), sepgsql_avc_unlabeled(), sepgsql_compute_avd(), sepgsql_compute_create(), avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.

Referenced by sepgsql_avc_lookup().

◆ sepgsql_avc_exit()

static void sepgsql_avc_exit ( int  code,
Datum  arg 
)
static

Definition at line 477 of file uavc.c.

478 {
479  selinux_status_close();
480 }

Referenced by sepgsql_avc_init().

◆ sepgsql_avc_hash()

static uint32 sepgsql_avc_hash ( const char *  scontext,
const char *  tcontext,
uint16  tclass 
)
static

Definition at line 67 of file uavc.c.

68 {
69  return hash_any((const unsigned char *) scontext, strlen(scontext))
70  ^ hash_any((const unsigned char *) tcontext, strlen(tcontext))
71  ^ tclass;
72 }
static Datum hash_any(const unsigned char *k, int keylen)
Definition: hashfn.h:31

References hash_any().

Referenced by sepgsql_avc_compute(), and sepgsql_avc_lookup().

◆ sepgsql_avc_init()

void sepgsql_avc_init ( void  )

Definition at line 488 of file uavc.c.

489 {
490  int rc;
491 
492  /*
493  * All the avc stuff shall be allocated in avc_mem_cxt
494  */
496  "userspace access vector cache",
498  memset(avc_slots, 0, sizeof(avc_slots));
499  avc_num_caches = 0;
500  avc_lru_hint = 0;
502 
503  /*
504  * SELinux allows to mmap(2) its kernel status page in read-only mode to
505  * inform userspace applications its status updating (such as policy
506  * reloading) without system-call invocations. This feature is only
507  * supported in Linux-2.6.38 or later, however, libselinux provides a
508  * fallback mode to know its status using netlink sockets.
509  */
510  rc = selinux_status_open(1);
511  if (rc < 0)
512  ereport(ERROR,
513  (errcode(ERRCODE_INTERNAL_ERROR),
514  errmsg("SELinux: could not open selinux status : %m")));
515  else if (rc > 0)
516  ereport(LOG,
517  (errmsg("SELinux: kernel status page uses fallback mode")));
518 
519  /* Arrange to close selinux status page on process exit. */
521 }
#define LOG
Definition: elog.h:31
void on_proc_exit(pg_on_exit_callback function, Datum arg)
Definition: ipc.c:309
MemoryContext TopMemoryContext
Definition: mcxt.c:149
#define AllocSetContextCreate
Definition: memutils.h:129
#define ALLOCSET_DEFAULT_SIZES
Definition: memutils.h:160
static int avc_lru_hint
Definition: uavc.c:59
static void sepgsql_avc_exit(int code, Datum arg)
Definition: uavc.c:477
#define AVC_DEF_THRESHOLD
Definition: uavc.c:54

References ALLOCSET_DEFAULT_SIZES, AllocSetContextCreate, AVC_DEF_THRESHOLD, avc_lru_hint, avc_mem_cxt, avc_num_caches, avc_slots, avc_threshold, ereport, errcode(), errmsg(), ERROR, LOG, on_proc_exit(), sepgsql_avc_exit(), and TopMemoryContext.

Referenced by _PG_init().

◆ sepgsql_avc_lookup()

static avc_cache* sepgsql_avc_lookup ( const char *  scontext,
const char *  tcontext,
uint16  tclass 
)
static

Definition at line 297 of file uavc.c.

298 {
299  avc_cache *cache;
300  ListCell *cell;
301  uint32 hash;
302  int index;
303 
304  hash = sepgsql_avc_hash(scontext, tcontext, tclass);
306 
307  foreach(cell, avc_slots[index])
308  {
309  cache = lfirst(cell);
310 
311  if (cache->hash == hash &&
312  cache->tclass == tclass &&
313  strcmp(cache->tcontext, tcontext) == 0 &&
314  strcmp(cache->scontext, scontext) == 0)
315  {
316  cache->hot_cache = true;
317  return cache;
318  }
319  }
320  /* not found, so insert a new cache */
321  return sepgsql_avc_compute(scontext, tcontext, tclass);
322 }
#define lfirst(lc)
Definition: pg_list.h:172
static avc_cache * sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:200

References AVC_NUM_SLOTS, avc_slots, avc_cache::hash, hash(), avc_cache::hot_cache, lfirst, avc_cache::scontext, sepgsql_avc_compute(), sepgsql_avc_hash(), avc_cache::tclass, and avc_cache::tcontext.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_avc_trusted_proc().

◆ sepgsql_avc_reclaim()

static void sepgsql_avc_reclaim ( void  )
static

Definition at line 92 of file uavc.c.

93 {
94  ListCell *cell;
95  int index;
96 
98  {
100 
101  foreach(cell, avc_slots[index])
102  {
103  avc_cache *cache = lfirst(cell);
104 
105  if (!cache->hot_cache)
106  {
109 
110  pfree(cache->scontext);
111  pfree(cache->tcontext);
112  if (cache->ncontext)
113  pfree(cache->ncontext);
114  pfree(cache);
115 
116  avc_num_caches--;
117  }
118  else
119  {
120  cache->hot_cache = false;
121  }
122  }
124  }
125 }
#define foreach_delete_current(lst, var_or_cell)
Definition: pg_list.h:391
#define AVC_NUM_RECLAIM
Definition: uavc.c:53

References avc_lru_hint, avc_num_caches, AVC_NUM_RECLAIM, AVC_NUM_SLOTS, avc_slots, avc_threshold, foreach_delete_current, avc_cache::hot_cache, lfirst, avc_cache::ncontext, pfree(), avc_cache::scontext, and avc_cache::tcontext.

Referenced by sepgsql_avc_compute().

◆ sepgsql_avc_reset()

static void sepgsql_avc_reset ( void  )
static

Definition at line 78 of file uavc.c.

79 {
81 
82  memset(avc_slots, 0, sizeof(List *) * AVC_NUM_SLOTS);
83  avc_num_caches = 0;
84  avc_lru_hint = 0;
85  avc_unlabeled = NULL;
86 }
void MemoryContextReset(MemoryContext context)
Definition: mcxt.c:383
Definition: pg_list.h:54
static char * avc_unlabeled
Definition: uavc.c:61

References avc_lru_hint, avc_mem_cxt, avc_num_caches, AVC_NUM_SLOTS, avc_slots, avc_unlabeled, and MemoryContextReset().

Referenced by sepgsql_avc_check_valid().

◆ sepgsql_avc_trusted_proc()

char* sepgsql_avc_trusted_proc ( Oid  functionId)

Definition at line 445 of file uavc.c.

446 {
447  char *scontext = sepgsql_get_client_label();
448  char *tcontext;
449  ObjectAddress tobject;
450  avc_cache *cache;
451 
452  tobject.classId = ProcedureRelationId;
453  tobject.objectId = functionId;
454  tobject.objectSubId = 0;
455  tcontext = GetSecurityLabel(&tobject, SEPGSQL_LABEL_TAG);
456 
458  do
459  {
460  if (tcontext)
461  cache = sepgsql_avc_lookup(scontext, tcontext,
463  else
464  cache = sepgsql_avc_lookup(scontext, sepgsql_avc_unlabeled(),
466  } while (!sepgsql_avc_check_valid());
467 
468  return cache->ncontext;
469 }

References ObjectAddress::classId, GetSecurityLabel(), avc_cache::ncontext, ObjectAddress::objectId, ObjectAddress::objectSubId, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_valid(), sepgsql_avc_lookup(), sepgsql_avc_unlabeled(), sepgsql_get_client_label(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().

◆ sepgsql_avc_unlabeled()

static char* sepgsql_avc_unlabeled ( void  )
static

Definition at line 170 of file uavc.c.

171 {
172  if (!avc_unlabeled)
173  {
174  char *unlabeled;
175 
176  if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
177  ereport(ERROR,
178  (errcode(ERRCODE_INTERNAL_ERROR),
179  errmsg("SELinux: failed to get initial security label: %m")));
180  PG_TRY();
181  {
183  }
184  PG_FINALLY();
185  {
186  freecon(unlabeled);
187  }
188  PG_END_TRY();
189  }
190  return avc_unlabeled;
191 }
#define PG_TRY(...)
Definition: elog.h:371
#define PG_END_TRY(...)
Definition: elog.h:396
#define PG_FINALLY(...)
Definition: elog.h:388
char * MemoryContextStrdup(MemoryContext context, const char *string)
Definition: mcxt.c:1683

References avc_mem_cxt, avc_unlabeled, ereport, errcode(), errmsg(), ERROR, MemoryContextStrdup(), PG_END_TRY, PG_FINALLY, and PG_TRY.

Referenced by sepgsql_avc_check_perms_label(), sepgsql_avc_compute(), and sepgsql_avc_trusted_proc().

Variable Documentation

◆ avc_lru_hint

int avc_lru_hint
static

Definition at line 59 of file uavc.c.

Referenced by sepgsql_avc_init(), sepgsql_avc_reclaim(), and sepgsql_avc_reset().

◆ avc_mem_cxt

MemoryContext avc_mem_cxt
static

◆ avc_num_caches

int avc_num_caches
static

◆ avc_slots

◆ avc_threshold

int avc_threshold
static

Definition at line 60 of file uavc.c.

Referenced by sepgsql_avc_compute(), sepgsql_avc_init(), and sepgsql_avc_reclaim().

◆ avc_unlabeled

char* avc_unlabeled
static

Definition at line 61 of file uavc.c.

Referenced by sepgsql_avc_reset(), and sepgsql_avc_unlabeled().