summaryrefslogtreecommitdiff
path: root/security/selinux/include/security.h
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2018-03-05 19:47:56 +0300
committerPaul Moore <paul@paul-moore.com>2018-03-20 23:58:17 +0300
commit6b6bc6205d98796361962ee282a063f18ba8dc57 (patch)
treeb9e6f6492606000e1d8826b4eb2c882726c61722 /security/selinux/include/security.h
parent0619f0f5e36f12e100ef294f5980cfe7c93ff23e (diff)
downloadlinux-6b6bc6205d98796361962ee282a063f18ba8dc57.tar.xz
selinux: wrap AVC state
Wrap the AVC state within the selinux_state structure and pass it explicitly to all AVC functions. The AVC private state is encapsulated in a selinux_avc structure that is referenced from the selinux_state. This change should have no effect on SELinux behavior or APIs (userspace or LSM). Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: James Morris <james.morris@microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/include/security.h')
-rw-r--r--security/selinux/include/security.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index f1db09a5f521..23e762d529fa 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -93,6 +93,7 @@ extern char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX];
/* limitation of boundary depth */
#define POLICYDB_BOUNDS_MAXDEPTH 4
+struct selinux_avc;
struct selinux_ss;
struct selinux_state {
@@ -103,10 +104,12 @@ struct selinux_state {
bool checkreqprot;
bool initialized;
bool policycap[__POLICYDB_CAPABILITY_MAX];
+ struct selinux_avc *avc;
struct selinux_ss *ss;
};
void selinux_ss_init(struct selinux_ss **ss);
+void selinux_avc_init(struct selinux_avc **avc);
extern struct selinux_state selinux_state;