diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2018-03-02 00:48:02 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-03-02 00:48:02 +0100 |
commit | aa8e712cee93d520e96a2ca8e3a20f807c937e3f (patch) | |
tree | 5e2bdce92022ebb334bfa68b6a731b71ef86974d /security/selinux/ss/services.h | |
parent | selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration (diff) | |
download | linux-aa8e712cee93d520e96a2ca8e3a20f807c937e3f.tar.xz linux-aa8e712cee93d520e96a2ca8e3a20f807c937e3f.zip |
selinux: wrap global selinux state
Define a selinux state structure (struct selinux_state) for
global SELinux state and pass it explicitly to all security server
functions. The public portion of the structure contains state
that is used throughout the SELinux code, such as the enforcing mode.
The structure also contains a pointer to a selinux_ss structure whose
definition is private to the security server and contains security
server specific state such as the policy database and SID table.
This change should have no effect on SELinux behavior or APIs
(userspace or LSM). It merely wraps SELinux state and passes it
explicitly as needed.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: minor fixups needed due to collisions with the SCTP patches]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss/services.h')
-rw-r--r-- | security/selinux/ss/services.h | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index 356bdd36cf6d..24c7bdcc8075 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -10,7 +10,28 @@ #include "policydb.h" #include "sidtab.h" -extern struct policydb policydb; +/* Mapping for a single class */ +struct selinux_mapping { + u16 value; /* policy value for class */ + unsigned int num_perms; /* number of permissions in class */ + u32 perms[sizeof(u32) * 8]; /* policy values for permissions */ +}; + +/* Map for all of the classes, with array size */ +struct selinux_map { + struct selinux_mapping *mapping; /* indexed by class */ + u16 size; /* array size of mapping */ +}; + +struct selinux_ss { + struct sidtab sidtab; + struct policydb policydb; + rwlock_t policy_rwlock; + u32 latest_granting; + struct selinux_map map; + struct page *status_page; + struct mutex status_lock; +}; void services_compute_xperms_drivers(struct extended_perms *xperms, struct avtab_node *node); @@ -19,4 +40,3 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, struct avtab_node *node); #endif /* _SS_SERVICES_H_ */ - |