diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-06-30 23:55:42 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-06-30 23:55:42 +0200 |
commit | 6bd344e55f73f7ae671bf5c1ebe5bd814f3c4b27 (patch) | |
tree | 03dee12ff73d1f8cfb21e11fada2aa2ff964a49d /security/security.c | |
parent | Merge tag 'clang-features-v5.14-rc1' of git://git.kernel.org/pub/scm/linux/ke... (diff) | |
parent | selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit() (diff) | |
download | linux-6bd344e55f73f7ae671bf5c1ebe5bd814f3c4b27.tar.xz linux-6bd344e55f73f7ae671bf5c1ebe5bd814f3c4b27.zip |
Merge tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
- The slow_avc_audit() function is now non-blocking so we can remove
the AVC_NONBLOCKING tricks; this also includes the 'flags' variant of
avc_has_perm().
- Use kmemdup() instead of kcalloc()+copy when copying parts of the
SELinux policydb.
- The InfiniBand device name is now passed by reference when possible
in the SELinux code, removing a strncpy().
- Minor cleanups including: constification of avtab function args,
removal of useless LSM/XFRM function args, SELinux kdoc fixes, and
removal of redundant assignments.
* tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
selinux: slow_avc_audit has become non-blocking
selinux: Fix kernel-doc
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
lsm_audit,selinux: pass IB device name by reference
selinux: Remove redundant assignment to rc
selinux: Corrected comment to match kernel-doc comment
selinux: delete selinux_xfrm_policy_lookup() useless argument
selinux: constify some avtab function arguments
selinux: simplify duplicate_policydb_cond_list() by using kmemdup()
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c index e9f8010a2341..09533cbb7221 100644 --- a/security/security.c +++ b/security/security.c @@ -2466,9 +2466,9 @@ void security_xfrm_state_free(struct xfrm_state *x) call_void_hook(xfrm_state_free_security, x); } -int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) +int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) { - return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid, dir); + return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid); } int security_xfrm_state_pol_flow_match(struct xfrm_state *x, |