selinux: move status variables out of selinux_ss

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

It fits more naturally in selinux_state, since it reflects also global
state (the enforcing and policyload fields).

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Ondrej Mosnacek and committed by

Paul Moore 6 years ago 4b36cb77 bb6d3fb3

+23 -22

6 changed files

expand all

security

selinux

Makefile

hooks.c

include

security.h

services.c

services.h

status.c

+2 -2

security/selinux/Makefile

··· 6 6 obj-$(CONFIG_SECURITY_SELINUX) := selinux.o 7 7 8 8 selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ 9 - netnode.o netport.o \ 9 + netnode.o netport.o status.o \ 10 10 ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ 11 - ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o 11 + ss/policydb.o ss/services.o ss/conditional.o ss/mls.o 12 12 13 13 selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o 14 14

security/selinux/hooks.c

··· 7161 7161 selinux_state.checkreqprot = selinux_checkreqprot_boot; 7162 7162 selinux_ss_init(&selinux_state.ss); 7163 7163 selinux_avc_init(&selinux_state.avc); 7164 + mutex_init(&selinux_state.status_lock); 7164 7165 7165 7166 /* Set the security state for the initial task. */ 7166 7167 cred_init_security();

security/selinux/include/security.h

··· 108 108 bool checkreqprot; 109 109 bool initialized; 110 110 bool policycap[__POLICYDB_CAPABILITY_MAX]; 111 + 112 + struct page *status_page; 113 + struct mutex status_lock; 114 + 111 115 struct selinux_avc *avc; 112 116 struct selinux_ss *ss; 113 117 } __randomize_layout;

-2

security/selinux/ss/services.c

··· 46 46 #include <linux/in.h> 47 47 #include <linux/sched.h> 48 48 #include <linux/audit.h> 49 - #include <linux/mutex.h> 50 49 #include <linux/vmalloc.h> 51 50 #include <net/netlabel.h> 52 51 ··· 80 81 void selinux_ss_init(struct selinux_ss **ss) 81 82 { 82 83 rwlock_init(&selinux_ss.policy_rwlock); 83 - mutex_init(&selinux_ss.status_lock); 84 84 *ss = &selinux_ss; 85 85 } 86 86

-2

security/selinux/ss/services.h

··· 29 29 rwlock_t policy_rwlock; 30 30 u32 latest_granting; 31 31 struct selinux_map map; 32 - struct page *status_page; 33 - struct mutex status_lock; 34 32 } __randomize_layout; 35 33 36 34 void services_compute_xperms_drivers(struct extended_perms *xperms,

+16 -16

security/selinux/ss/status.c security/selinux/status.c

··· 11 11 #include <linux/mm.h> 12 12 #include <linux/mutex.h> 13 13 #include "avc.h" 14 - #include "services.h" 14 + #include "security.h" 15 15 16 16 /* 17 17 * The selinux_status_page shall be exposed to userspace applications ··· 44 44 struct selinux_kernel_status *status; 45 45 struct page *result = NULL; 46 46 47 - mutex_lock(&state->ss->status_lock); 48 - if (!state->ss->status_page) { 49 - state->ss->status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); 47 + mutex_lock(&state->status_lock); 48 + if (!state->status_page) { 49 + state->status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); 50 50 51 - if (state->ss->status_page) { 52 - status = page_address(state->ss->status_page); 51 + if (state->status_page) { 52 + status = page_address(state->status_page); 53 53 54 54 status->version = SELINUX_KERNEL_STATUS_VERSION; 55 55 status->sequence = 0; ··· 65 65 !security_get_allow_unknown(state); 66 66 } 67 67 } 68 - result = state->ss->status_page; 69 - mutex_unlock(&state->ss->status_lock); 68 + result = state->status_page; 69 + mutex_unlock(&state->status_lock); 70 70 71 71 return result; 72 72 } ··· 81 81 { 82 82 struct selinux_kernel_status *status; 83 83 84 - mutex_lock(&state->ss->status_lock); 85 - if (state->ss->status_page) { 86 - status = page_address(state->ss->status_page); 84 + mutex_lock(&state->status_lock); 85 + if (state->status_page) { 86 + status = page_address(state->status_page); 87 87 88 88 status->sequence++; 89 89 smp_wmb(); ··· 93 93 smp_wmb(); 94 94 status->sequence++; 95 95 } 96 - mutex_unlock(&state->ss->status_lock); 96 + mutex_unlock(&state->status_lock); 97 97 } 98 98 99 99 /* ··· 107 107 { 108 108 struct selinux_kernel_status *status; 109 109 110 - mutex_lock(&state->ss->status_lock); 111 - if (state->ss->status_page) { 112 - status = page_address(state->ss->status_page); 110 + mutex_lock(&state->status_lock); 111 + if (state->status_page) { 112 + status = page_address(state->status_page); 113 113 114 114 status->sequence++; 115 115 smp_wmb(); ··· 120 120 smp_wmb(); 121 121 status->sequence++; 122 122 } 123 - mutex_unlock(&state->ss->status_lock); 123 + mutex_unlock(&state->status_lock); 124 124 }