diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2018-03-05 17:47:56 +0100 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2018-03-20 21:58:17 +0100 |
| commit | 6b6bc6205d98796361962ee282a063f18ba8dc57 (patch) | |
| tree | b9e6f6492606000e1d8826b4eb2c882726c61722 /security/selinux/netlabel.c | |
| parent | selinux: wrap selinuxfs state (diff) | |
| download | linux-6b6bc6205d98796361962ee282a063f18ba8dc57.tar.xz linux-6b6bc6205d98796361962ee282a063f18ba8dc57.zip | |
selinux: wrap AVC state
Wrap the AVC state within the selinux_state structure and
pass it explicitly to all AVC functions. The AVC private state
is encapsulated in a selinux_avc structure that is referenced
from the selinux_state.
This change should have no effect on SELinux behavior or
APIs (userspace or LSM).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/netlabel.c')
| -rw-r--r-- | security/selinux/netlabel.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 28010f741cfe..186e727b737b 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -478,7 +478,8 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, perm = RAWIP_SOCKET__RECVFROM; } - rc = avc_has_perm(sksec->sid, nlbl_sid, sksec->sclass, perm, ad); + rc = avc_has_perm(&selinux_state, + sksec->sid, nlbl_sid, sksec->sclass, perm, ad); if (rc == 0) return 0; |