diff options
| author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2020-09-10 16:28:05 +0200 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2020-09-11 16:08:51 +0200 |
| commit | e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33 (patch) | |
| tree | 041eb7d30a3154fc1f9f15d562a9d1e7c3b5d573 /security/selinux/include | |
| parent | selinux: simplify away security_policydb_len() (diff) | |
| download | linux-e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33.tar.xz linux-e8ba53d0023a76ba0f50e6ee3e6288c5442f9d33.zip | |
selinux: access policycaps with READ_ONCE/WRITE_ONCE
Use READ_ONCE/WRITE_ONCE for all accesses to the
selinux_state.policycaps booleans to prevent compiler
mischief.
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/security.h | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index cbdd3c7aff8b..0ce2ef684ed0 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -164,49 +164,49 @@ static inline bool selinux_policycap_netpeer(void) { struct selinux_state *state = &selinux_state; - return state->policycap[POLICYDB_CAPABILITY_NETPEER]; + return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NETPEER]); } static inline bool selinux_policycap_openperm(void) { struct selinux_state *state = &selinux_state; - return state->policycap[POLICYDB_CAPABILITY_OPENPERM]; + return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_OPENPERM]); } static inline bool selinux_policycap_extsockclass(void) { struct selinux_state *state = &selinux_state; - return state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]; + return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]); } static inline bool selinux_policycap_alwaysnetwork(void) { struct selinux_state *state = &selinux_state; - return state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]; + return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]); } static inline bool selinux_policycap_cgroupseclabel(void) { struct selinux_state *state = &selinux_state; - return state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]; + return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]); } static inline bool selinux_policycap_nnp_nosuid_transition(void) { struct selinux_state *state = &selinux_state; - return state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]; + return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]); } static inline bool selinux_policycap_genfs_seclabel_symlinks(void) { struct selinux_state *state = &selinux_state; - return state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]; + return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]); } int security_mls_enabled(struct selinux_state *state); |