forked from luck/tmp_suning_uos_patched
selinux: move status variables out of selinux_ss
It fits more naturally in selinux_state, since it reflects also global state (the enforcing and policyload fields). Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
bb6d3fb354
commit
4b36cb773a
|
@ -6,9 +6,9 @@
|
||||||
obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
|
obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
|
||||||
|
|
||||||
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
|
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
|
||||||
netnode.o netport.o \
|
netnode.o netport.o status.o \
|
||||||
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
|
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
|
||||||
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
|
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o
|
||||||
|
|
||||||
selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
|
selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
|
||||||
|
|
||||||
|
|
|
@ -7161,6 +7161,7 @@ static __init int selinux_init(void)
|
||||||
selinux_state.checkreqprot = selinux_checkreqprot_boot;
|
selinux_state.checkreqprot = selinux_checkreqprot_boot;
|
||||||
selinux_ss_init(&selinux_state.ss);
|
selinux_ss_init(&selinux_state.ss);
|
||||||
selinux_avc_init(&selinux_state.avc);
|
selinux_avc_init(&selinux_state.avc);
|
||||||
|
mutex_init(&selinux_state.status_lock);
|
||||||
|
|
||||||
/* Set the security state for the initial task. */
|
/* Set the security state for the initial task. */
|
||||||
cred_init_security();
|
cred_init_security();
|
||||||
|
|
|
@ -108,6 +108,10 @@ struct selinux_state {
|
||||||
bool checkreqprot;
|
bool checkreqprot;
|
||||||
bool initialized;
|
bool initialized;
|
||||||
bool policycap[__POLICYDB_CAPABILITY_MAX];
|
bool policycap[__POLICYDB_CAPABILITY_MAX];
|
||||||
|
|
||||||
|
struct page *status_page;
|
||||||
|
struct mutex status_lock;
|
||||||
|
|
||||||
struct selinux_avc *avc;
|
struct selinux_avc *avc;
|
||||||
struct selinux_ss *ss;
|
struct selinux_ss *ss;
|
||||||
} __randomize_layout;
|
} __randomize_layout;
|
||||||
|
|
|
@ -46,7 +46,6 @@
|
||||||
#include <linux/in.h>
|
#include <linux/in.h>
|
||||||
#include <linux/sched.h>
|
#include <linux/sched.h>
|
||||||
#include <linux/audit.h>
|
#include <linux/audit.h>
|
||||||
#include <linux/mutex.h>
|
|
||||||
#include <linux/vmalloc.h>
|
#include <linux/vmalloc.h>
|
||||||
#include <net/netlabel.h>
|
#include <net/netlabel.h>
|
||||||
|
|
||||||
|
@ -81,7 +80,6 @@ static struct selinux_ss selinux_ss;
|
||||||
void selinux_ss_init(struct selinux_ss **ss)
|
void selinux_ss_init(struct selinux_ss **ss)
|
||||||
{
|
{
|
||||||
rwlock_init(&selinux_ss.policy_rwlock);
|
rwlock_init(&selinux_ss.policy_rwlock);
|
||||||
mutex_init(&selinux_ss.status_lock);
|
|
||||||
*ss = &selinux_ss;
|
*ss = &selinux_ss;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,8 +29,6 @@ struct selinux_ss {
|
||||||
rwlock_t policy_rwlock;
|
rwlock_t policy_rwlock;
|
||||||
u32 latest_granting;
|
u32 latest_granting;
|
||||||
struct selinux_map map;
|
struct selinux_map map;
|
||||||
struct page *status_page;
|
|
||||||
struct mutex status_lock;
|
|
||||||
} __randomize_layout;
|
} __randomize_layout;
|
||||||
|
|
||||||
void services_compute_xperms_drivers(struct extended_perms *xperms,
|
void services_compute_xperms_drivers(struct extended_perms *xperms,
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
#include <linux/mm.h>
|
#include <linux/mm.h>
|
||||||
#include <linux/mutex.h>
|
#include <linux/mutex.h>
|
||||||
#include "avc.h"
|
#include "avc.h"
|
||||||
#include "services.h"
|
#include "security.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The selinux_status_page shall be exposed to userspace applications
|
* The selinux_status_page shall be exposed to userspace applications
|
||||||
|
@ -44,12 +44,12 @@ struct page *selinux_kernel_status_page(struct selinux_state *state)
|
||||||
struct selinux_kernel_status *status;
|
struct selinux_kernel_status *status;
|
||||||
struct page *result = NULL;
|
struct page *result = NULL;
|
||||||
|
|
||||||
mutex_lock(&state->ss->status_lock);
|
mutex_lock(&state->status_lock);
|
||||||
if (!state->ss->status_page) {
|
if (!state->status_page) {
|
||||||
state->ss->status_page = alloc_page(GFP_KERNEL|__GFP_ZERO);
|
state->status_page = alloc_page(GFP_KERNEL|__GFP_ZERO);
|
||||||
|
|
||||||
if (state->ss->status_page) {
|
if (state->status_page) {
|
||||||
status = page_address(state->ss->status_page);
|
status = page_address(state->status_page);
|
||||||
|
|
||||||
status->version = SELINUX_KERNEL_STATUS_VERSION;
|
status->version = SELINUX_KERNEL_STATUS_VERSION;
|
||||||
status->sequence = 0;
|
status->sequence = 0;
|
||||||
|
@ -65,8 +65,8 @@ struct page *selinux_kernel_status_page(struct selinux_state *state)
|
||||||
!security_get_allow_unknown(state);
|
!security_get_allow_unknown(state);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
result = state->ss->status_page;
|
result = state->status_page;
|
||||||
mutex_unlock(&state->ss->status_lock);
|
mutex_unlock(&state->status_lock);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -81,9 +81,9 @@ void selinux_status_update_setenforce(struct selinux_state *state,
|
||||||
{
|
{
|
||||||
struct selinux_kernel_status *status;
|
struct selinux_kernel_status *status;
|
||||||
|
|
||||||
mutex_lock(&state->ss->status_lock);
|
mutex_lock(&state->status_lock);
|
||||||
if (state->ss->status_page) {
|
if (state->status_page) {
|
||||||
status = page_address(state->ss->status_page);
|
status = page_address(state->status_page);
|
||||||
|
|
||||||
status->sequence++;
|
status->sequence++;
|
||||||
smp_wmb();
|
smp_wmb();
|
||||||
|
@ -93,7 +93,7 @@ void selinux_status_update_setenforce(struct selinux_state *state,
|
||||||
smp_wmb();
|
smp_wmb();
|
||||||
status->sequence++;
|
status->sequence++;
|
||||||
}
|
}
|
||||||
mutex_unlock(&state->ss->status_lock);
|
mutex_unlock(&state->status_lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -107,9 +107,9 @@ void selinux_status_update_policyload(struct selinux_state *state,
|
||||||
{
|
{
|
||||||
struct selinux_kernel_status *status;
|
struct selinux_kernel_status *status;
|
||||||
|
|
||||||
mutex_lock(&state->ss->status_lock);
|
mutex_lock(&state->status_lock);
|
||||||
if (state->ss->status_page) {
|
if (state->status_page) {
|
||||||
status = page_address(state->ss->status_page);
|
status = page_address(state->status_page);
|
||||||
|
|
||||||
status->sequence++;
|
status->sequence++;
|
||||||
smp_wmb();
|
smp_wmb();
|
||||||
|
@ -120,5 +120,5 @@ void selinux_status_update_policyload(struct selinux_state *state,
|
||||||
smp_wmb();
|
smp_wmb();
|
||||||
status->sequence++;
|
status->sequence++;
|
||||||
}
|
}
|
||||||
mutex_unlock(&state->ss->status_lock);
|
mutex_unlock(&state->status_lock);
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user