diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-03-22 19:34:31 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-03-22 19:34:31 +0100 |
commit | 84196390620ac0e5070ae36af84c137c6216a7dc (patch) | |
tree | 26d3132b87fc8510c3f48872c7be5e7b3651904d /security/selinux/include | |
parent | Linux 5.12-rc4 (diff) | |
parent | selinuxfs: unify policy load error reporting (diff) | |
download | linux-84196390620ac0e5070ae36af84c137c6216a7dc.tar.xz linux-84196390620ac0e5070ae36af84c137c6216a7dc.zip |
Merge tag 'selinux-pr-20210322' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fixes from Paul Moore:
"Three SELinux patches:
- Fix a problem where a local variable is used outside its associated
function. Thankfully this can only be triggered by reloading the
SELinux policy, which is a restricted operation for other obvious
reasons.
- Fix some incorrect, and inconsistent, audit and printk messages
when loading the SELinux policy.
All three patches are relatively minor and have been through our
testing with no failures"
* tag 'selinux-pr-20210322' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinuxfs: unify policy load error reporting
selinux: fix variable scope issue in live sidtab conversion
selinux: don't log MAC_POLICY_LOAD record on failed policy load
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/security.h | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 6fe25300b89d..7650de048570 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -219,14 +219,21 @@ static inline bool selinux_policycap_genfs_seclabel_symlinks(void) return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]); } +struct selinux_policy_convert_data; + +struct selinux_load_state { + struct selinux_policy *policy; + struct selinux_policy_convert_data *convert_data; +}; + int security_mls_enabled(struct selinux_state *state); int security_load_policy(struct selinux_state *state, - void *data, size_t len, - struct selinux_policy **newpolicyp); + void *data, size_t len, + struct selinux_load_state *load_state); void selinux_policy_commit(struct selinux_state *state, - struct selinux_policy *newpolicy); + struct selinux_load_state *load_state); void selinux_policy_cancel(struct selinux_state *state, - struct selinux_policy *policy); + struct selinux_load_state *load_state); int security_read_policy(struct selinux_state *state, void **data, size_t *len); int security_read_state_kernel(struct selinux_state *state, |