diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2018-03-05 19:47:56 +0300 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-03-20 23:58:17 +0300 |
commit | 6b6bc6205d98796361962ee282a063f18ba8dc57 (patch) | |
tree | b9e6f6492606000e1d8826b4eb2c882726c61722 /security/selinux/include/security.h | |
parent | 0619f0f5e36f12e100ef294f5980cfe7c93ff23e (diff) | |
download | linux-6b6bc6205d98796361962ee282a063f18ba8dc57.tar.xz |
selinux: wrap AVC state
Wrap the AVC state within the selinux_state structure and
pass it explicitly to all AVC functions. The AVC private state
is encapsulated in a selinux_avc structure that is referenced
from the selinux_state.
This change should have no effect on SELinux behavior or
APIs (userspace or LSM).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/include/security.h')
-rw-r--r-- | security/selinux/include/security.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index f1db09a5f521..23e762d529fa 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -93,6 +93,7 @@ extern char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX]; /* limitation of boundary depth */ #define POLICYDB_BOUNDS_MAXDEPTH 4 +struct selinux_avc; struct selinux_ss; struct selinux_state { @@ -103,10 +104,12 @@ struct selinux_state { bool checkreqprot; bool initialized; bool policycap[__POLICYDB_CAPABILITY_MAX]; + struct selinux_avc *avc; struct selinux_ss *ss; }; void selinux_ss_init(struct selinux_ss **ss); +void selinux_avc_init(struct selinux_avc **avc); extern struct selinux_state selinux_state; |