/* limitation of boundary depth */
#define POLICYDB_BOUNDS_MAXDEPTH 4
-struct selinux_avc;
struct selinux_policy;
struct selinux_state {
struct page *status_page;
struct mutex status_lock;
- struct selinux_avc *avc;
struct selinux_policy __rcu *policy;
struct mutex policy_mutex;
} __randomize_layout;
-void selinux_avc_init(struct selinux_avc **avc);
+void selinux_avc_init(void);
extern struct selinux_state selinux_state;
-static inline bool selinux_initialized(const struct selinux_state *state)
+static inline bool selinux_initialized(void)
{
/* do a synchronized load to avoid race conditions */
- return smp_load_acquire(&state->initialized);
+ return smp_load_acquire(&selinux_state.initialized);
}
-static inline void selinux_mark_initialized(struct selinux_state *state)
+static inline void selinux_mark_initialized(void)
{
/* do a synchronized write to avoid race conditions */
- smp_store_release(&state->initialized, true);
+ smp_store_release(&selinux_state.initialized, true);
}
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
-static inline bool enforcing_enabled(struct selinux_state *state)
+static inline bool enforcing_enabled(void)
{
- return READ_ONCE(state->enforcing);
+ return READ_ONCE(selinux_state.enforcing);
}
-static inline void enforcing_set(struct selinux_state *state, bool value)
+static inline void enforcing_set(bool value)
{
- WRITE_ONCE(state->enforcing, value);
+ WRITE_ONCE(selinux_state.enforcing, value);
}
#else
-static inline bool enforcing_enabled(struct selinux_state *state)
+static inline bool enforcing_enabled(void)
{
return true;
}
-static inline void enforcing_set(struct selinux_state *state, bool value)
+static inline void enforcing_set(bool value)
{
}
#endif
-static inline bool checkreqprot_get(const struct selinux_state *state)
+static inline bool checkreqprot_get(void)
{
- return READ_ONCE(state->checkreqprot);
+ return READ_ONCE(selinux_state.checkreqprot);
}
-static inline void checkreqprot_set(struct selinux_state *state, bool value)
+static inline void checkreqprot_set(bool value)
{
if (value)
pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot\n");
- WRITE_ONCE(state->checkreqprot, value);
+ WRITE_ONCE(selinux_state.checkreqprot, value);
}
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-static inline bool selinux_disabled(struct selinux_state *state)
+static inline bool selinux_disabled(void)
{
- return READ_ONCE(state->disabled);
+ return READ_ONCE(selinux_state.disabled);
}
-static inline void selinux_mark_disabled(struct selinux_state *state)
+static inline void selinux_mark_disabled(void)
{
- WRITE_ONCE(state->disabled, true);
+ WRITE_ONCE(selinux_state.disabled, true);
}
#else
-static inline bool selinux_disabled(struct selinux_state *state)
+static inline bool selinux_disabled(void)
{
return false;
}
struct selinux_policy_convert_data *convert_data;
};
-int security_mls_enabled(struct selinux_state *state);
-int security_load_policy(struct selinux_state *state,
- void *data, size_t len,
+int security_mls_enabled(void);
+int security_load_policy(void *data, size_t len,
struct selinux_load_state *load_state);
-void selinux_policy_commit(struct selinux_state *state,
- struct selinux_load_state *load_state);
-void selinux_policy_cancel(struct selinux_state *state,
- struct selinux_load_state *load_state);
-int security_read_policy(struct selinux_state *state,
- void **data, size_t *len);
-int security_read_state_kernel(struct selinux_state *state,
- void **data, size_t *len);
-int security_policycap_supported(struct selinux_state *state,
- unsigned int req_cap);
+void selinux_policy_commit(struct selinux_load_state *load_state);
+void selinux_policy_cancel(struct selinux_load_state *load_state);
+int security_read_policy(void **data, size_t *len);
+int security_read_state_kernel(void **data, size_t *len);
+int security_policycap_supported(unsigned int req_cap);
#define SEL_VEC_MAX 32
struct av_decision {
/* definitions of av_decision.flags */
#define AVD_FLAGS_PERMISSIVE 0x0001
-void security_compute_av(struct selinux_state *state,
- u32 ssid, u32 tsid,
+void security_compute_av(u32 ssid, u32 tsid,
u16 tclass, struct av_decision *avd,
struct extended_perms *xperms);
-void security_compute_xperms_decision(struct selinux_state *state,
- u32 ssid, u32 tsid, u16 tclass,
+void security_compute_xperms_decision(u32 ssid, u32 tsid, u16 tclass,
u8 driver,
struct extended_perms_decision *xpermd);
-void security_compute_av_user(struct selinux_state *state,
- u32 ssid, u32 tsid,
+void security_compute_av_user(u32 ssid, u32 tsid,
u16 tclass, struct av_decision *avd);
-int security_transition_sid(struct selinux_state *state,
- u32 ssid, u32 tsid, u16 tclass,
+int security_transition_sid(u32 ssid, u32 tsid, u16 tclass,
const struct qstr *qstr, u32 *out_sid);
-int security_transition_sid_user(struct selinux_state *state,
- u32 ssid, u32 tsid, u16 tclass,
+int security_transition_sid_user(u32 ssid, u32 tsid, u16 tclass,
const char *objname, u32 *out_sid);
-int security_member_sid(struct selinux_state *state, u32 ssid, u32 tsid,
- u16 tclass, u32 *out_sid);
+int security_member_sid(u32 ssid, u32 tsid, u16 tclass, u32 *out_sid);
-int security_change_sid(struct selinux_state *state, u32 ssid, u32 tsid,
- u16 tclass, u32 *out_sid);
+int security_change_sid(u32 ssid, u32 tsid, u16 tclass, u32 *out_sid);
-int security_sid_to_context(struct selinux_state *state, u32 sid,
- char **scontext, u32 *scontext_len);
+int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len);
-int security_sid_to_context_force(struct selinux_state *state,
- u32 sid, char **scontext, u32 *scontext_len);
+int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len);
-int security_sid_to_context_inval(struct selinux_state *state,
- u32 sid, char **scontext, u32 *scontext_len);
+int security_sid_to_context_inval(u32 sid, char **scontext, u32 *scontext_len);
-int security_context_to_sid(struct selinux_state *state,
- const char *scontext, u32 scontext_len,
+int security_context_to_sid(const char *scontext, u32 scontext_len,
u32 *out_sid, gfp_t gfp);
-int security_context_str_to_sid(struct selinux_state *state,
- const char *scontext, u32 *out_sid, gfp_t gfp);
+int security_context_str_to_sid(const char *scontext, u32 *out_sid, gfp_t gfp);
-int security_context_to_sid_default(struct selinux_state *state,
- const char *scontext, u32 scontext_len,
+int security_context_to_sid_default(const char *scontext, u32 scontext_len,
u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
-int security_context_to_sid_force(struct selinux_state *state,
- const char *scontext, u32 scontext_len,
+int security_context_to_sid_force(const char *scontext, u32 scontext_len,
u32 *sid);
-int security_get_user_sids(struct selinux_state *state,
- u32 callsid, char *username,
- u32 **sids, u32 *nel);
+int security_get_user_sids(u32 callsid, char *username, u32 **sids, u32 *nel);
-int security_port_sid(struct selinux_state *state,
- u8 protocol, u16 port, u32 *out_sid);
+int security_port_sid(u8 protocol, u16 port, u32 *out_sid);
-int security_ib_pkey_sid(struct selinux_state *state,
- u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
+int security_ib_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
-int security_ib_endport_sid(struct selinux_state *state,
- const char *dev_name, u8 port_num, u32 *out_sid);
+int security_ib_endport_sid(const char *dev_name, u8 port_num, u32 *out_sid);
-int security_netif_sid(struct selinux_state *state,
- char *name, u32 *if_sid);
+int security_netif_sid(char *name, u32 *if_sid);
-int security_node_sid(struct selinux_state *state,
- u16 domain, void *addr, u32 addrlen,
+int security_node_sid(u16 domain, void *addr, u32 addrlen,
u32 *out_sid);
-int security_validate_transition(struct selinux_state *state,
- u32 oldsid, u32 newsid, u32 tasksid,
+int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
u16 tclass);
-int security_validate_transition_user(struct selinux_state *state,
- u32 oldsid, u32 newsid, u32 tasksid,
+int security_validate_transition_user(u32 oldsid, u32 newsid, u32 tasksid,
u16 tclass);
-int security_bounded_transition(struct selinux_state *state,
- u32 oldsid, u32 newsid);
+int security_bounded_transition(u32 oldsid, u32 newsid);
-int security_sid_mls_copy(struct selinux_state *state,
- u32 sid, u32 mls_sid, u32 *new_sid);
+int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);
-int security_net_peersid_resolve(struct selinux_state *state,
- u32 nlbl_sid, u32 nlbl_type,
+int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
u32 xfrm_sid,
u32 *peer_sid);
char ***classes, int *nclasses);
int security_get_permissions(struct selinux_policy *policy,
char *class, char ***perms, int *nperms);
-int security_get_reject_unknown(struct selinux_state *state);
-int security_get_allow_unknown(struct selinux_state *state);
+int security_get_reject_unknown(void);
+int security_get_allow_unknown(void);
#define SECURITY_FS_USE_XATTR 1 /* use xattr */
#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */
#define SECURITY_FS_USE_NATIVE 7 /* use native label support */
#define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */
-int security_fs_use(struct selinux_state *state, struct super_block *sb);
+int security_fs_use(struct super_block *sb);
-int security_genfs_sid(struct selinux_state *state,
- const char *fstype, const char *path, u16 sclass,
+int security_genfs_sid(const char *fstype, const char *path, u16 sclass,
u32 *sid);
int selinux_policy_genfs_sid(struct selinux_policy *policy,
u32 *sid);
#ifdef CONFIG_NETLABEL
-int security_netlbl_secattr_to_sid(struct selinux_state *state,
- struct netlbl_lsm_secattr *secattr,
+int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
u32 *sid);
-int security_netlbl_sid_to_secattr(struct selinux_state *state,
- u32 sid,
+int security_netlbl_sid_to_secattr(u32 sid,
struct netlbl_lsm_secattr *secattr);
#else
-static inline int security_netlbl_secattr_to_sid(struct selinux_state *state,
- struct netlbl_lsm_secattr *secattr,
+static inline int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
u32 *sid)
{
return -EIDRM;
}
-static inline int security_netlbl_sid_to_secattr(struct selinux_state *state,
- u32 sid,
+static inline int security_netlbl_sid_to_secattr(u32 sid,
struct netlbl_lsm_secattr *secattr)
{
return -ENOENT;
/*
* status notifier using mmap interface
*/
-extern struct page *selinux_kernel_status_page(struct selinux_state *state);
+extern struct page *selinux_kernel_status_page(void);
#define SELINUX_KERNEL_STATUS_VERSION 1
struct selinux_kernel_status {
*/
} __packed;
-extern void selinux_status_update_setenforce(struct selinux_state *state,
- int enforcing);
-extern void selinux_status_update_policyload(struct selinux_state *state,
- int seqno);
+extern void selinux_status_update_setenforce(int enforcing);
+extern void selinux_status_update_policyload(int seqno);
extern void selinux_complete_init(void);
-extern int selinux_disable(struct selinux_state *state);
+extern int selinux_disable(void);
extern void exit_sel_fs(void);
extern struct path selinux_null;
extern void selnl_notify_setenforce(int val);
extern void avtab_cache_init(void);
extern void ebitmap_cache_init(void);
extern void hashtab_cache_init(void);
-extern int security_sidtab_hash_stats(struct selinux_state *state, char *page);
+extern int security_sidtab_hash_stats(char *page);
#endif /* _SELINUX_SECURITY_H_ */
projects / linux-2.6-microblaze.git / blobdiff