diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2018-03-05 19:47:56 +0300 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-03-20 23:58:17 +0300 |
commit | 6b6bc6205d98796361962ee282a063f18ba8dc57 (patch) | |
tree | b9e6f6492606000e1d8826b4eb2c882726c61722 /security/selinux/ss | |
parent | 0619f0f5e36f12e100ef294f5980cfe7c93ff23e (diff) | |
download | linux-6b6bc6205d98796361962ee282a063f18ba8dc57.tar.xz |
selinux: wrap AVC state
Wrap the AVC state within the selinux_state structure and
pass it explicitly to all AVC functions. The AVC private state
is encapsulated in a selinux_avc structure that is referenced
from the selinux_state.
This change should have no effect on SELinux behavior or
APIs (userspace or LSM).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/services.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ccfa65f6bc17..8057e19dc15f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2151,7 +2151,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) state->initialized = 1; seqno = ++state->ss->latest_granting; selinux_complete_init(); - avc_ss_reset(seqno); + avc_ss_reset(state->avc, seqno); selnl_notify_policyload(seqno); selinux_status_update_policyload(state, seqno); selinux_netlbl_cache_invalidate(); @@ -2233,7 +2233,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len) sidtab_destroy(&oldsidtab); kfree(oldmapping); - avc_ss_reset(seqno); + avc_ss_reset(state->avc, seqno); selnl_notify_policyload(seqno); selinux_status_update_policyload(state, seqno); selinux_netlbl_cache_invalidate(); @@ -2649,7 +2649,8 @@ out_unlock: } for (i = 0, j = 0; i < mynel; i++) { struct av_decision dummy_avd; - rc = avc_has_perm_noaudit(fromsid, mysids[i], + rc = avc_has_perm_noaudit(state, + fromsid, mysids[i], SECCLASS_PROCESS, /* kernel value */ PROCESS__TRANSITION, AVC_STRICT, &dummy_avd); @@ -2907,7 +2908,7 @@ int security_set_bools(struct selinux_state *state, int len, int *values) out: write_unlock_irq(&state->ss->policy_rwlock); if (!rc) { - avc_ss_reset(seqno); + avc_ss_reset(state->avc, seqno); selnl_notify_policyload(seqno); selinux_status_update_policyload(state, seqno); selinux_xfrm_notify_policyload(); |