summaryrefslogtreecommitdiff
path: root/security/selinux/avc.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/avc.c')
-rw-r--r--security/selinux/avc.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 2380b8d72cec..36124f48a5ff 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -149,7 +149,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
char *scontext;
u32 scontext_len;
- rc = security_sid_to_context(ssid, &scontext, &scontext_len);
+ rc = security_sid_to_context(&selinux_state, ssid,
+ &scontext, &scontext_len);
if (rc)
audit_log_format(ab, "ssid=%d", ssid);
else {
@@ -157,7 +158,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
kfree(scontext);
}
- rc = security_sid_to_context(tsid, &scontext, &scontext_len);
+ rc = security_sid_to_context(&selinux_state, tsid,
+ &scontext, &scontext_len);
if (rc)
audit_log_format(ab, " tsid=%d", tsid);
else {
@@ -969,7 +971,8 @@ static noinline struct avc_node *avc_compute_av(u32 ssid, u32 tsid,
{
rcu_read_unlock();
INIT_LIST_HEAD(&xp_node->xpd_head);
- security_compute_av(ssid, tsid, tclass, avd, &xp_node->xp);
+ security_compute_av(&selinux_state, ssid, tsid, tclass,
+ avd, &xp_node->xp);
rcu_read_lock();
return avc_insert(ssid, tsid, tclass, avd, xp_node);
}
@@ -982,7 +985,8 @@ static noinline int avc_denied(u32 ssid, u32 tsid,
if (flags & AVC_STRICT)
return -EACCES;
- if (selinux_enforcing && !(avd->flags & AVD_FLAGS_PERMISSIVE))
+ if (is_enforcing(&selinux_state) &&
+ !(avd->flags & AVD_FLAGS_PERMISSIVE))
return -EACCES;
avc_update_node(AVC_CALLBACK_GRANT, requested, driver, xperm, ssid,
@@ -1043,8 +1047,8 @@ int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
goto decision;
}
rcu_read_unlock();
- security_compute_xperms_decision(ssid, tsid, tclass, driver,
- &local_xpd);
+ security_compute_xperms_decision(&selinux_state, ssid, tsid,
+ tclass, driver, &local_xpd);
rcu_read_lock();
avc_update_node(AVC_CALLBACK_ADD_XPERMS, requested, driver, xperm,
ssid, tsid, tclass, avd.seqno, &local_xpd, 0);
generated by cgit v1.2.3 (git 2.39.0) at 2024-11-21 16:15:12 +0300