security.h - OpenGrok cross reference for /openbmc/linux/security/selinux/include/security.h

Deleted Added

sdiffudifftextold (22164fbe..)new (65cddd50..)

security.h (22164fbe274c2dd96d2887fe121896d321000a61)	security.h (65cddd50980be8c9c27ad7518a0dc812eccb25d5)
1/* SPDX-License-Identifier: GPL-2.0 / 2/ 3 * Security server interface. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 * 7 / 8 --- 55 unchanged lines hidden* (view full) --- 64#define CONTEXT_STR "context" 65#define FSCONTEXT_STR "fscontext" 66#define ROOTCONTEXT_STR "rootcontext" 67#define DEFCONTEXT_STR "defcontext" 68#define SECLABEL_STR "seclabel" 69 70struct netlbl_lsm_secattr; 71	1/* SPDX-License-Identifier: GPL-2.0 / 2/ 3 * Security server interface. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 * 7 / 8 --- 55 unchanged lines hidden* (view full) --- 64#define CONTEXT_STR "context" 65#define FSCONTEXT_STR "fscontext" 66#define ROOTCONTEXT_STR "rootcontext" 67#define DEFCONTEXT_STR "defcontext" 68#define SECLABEL_STR "seclabel" 69 70struct netlbl_lsm_secattr; 71
72extern int selinux_enabled;	72extern int selinux_enabled_boot;
73 74/* Policy capabilities / 75enum { 76 POLICYDB_CAPABILITY_NETPEER, 77 POLICYDB_CAPABILITY_OPENPERM, 78 POLICYDB_CAPABILITY_EXTSOCKCLASS, 79 POLICYDB_CAPABILITY_ALWAYSNETWORK, 80 POLICYDB_CAPABILITY_CGROUPSECLABEL, --- 13 unchanged lines hidden* (view full) --- 94 95/* limitation of boundary depth */ 96#define POLICYDB_BOUNDS_MAXDEPTH 4 97 98struct selinux_avc; 99struct selinux_ss; 100 101struct selinux_state {	73 74/* Policy capabilities / 75enum { 76 POLICYDB_CAPABILITY_NETPEER, 77 POLICYDB_CAPABILITY_OPENPERM, 78 POLICYDB_CAPABILITY_EXTSOCKCLASS, 79 POLICYDB_CAPABILITY_ALWAYSNETWORK, 80 POLICYDB_CAPABILITY_CGROUPSECLABEL, --- 13 unchanged lines hidden* (view full) --- 94 95/* limitation of boundary depth */ 96#define POLICYDB_BOUNDS_MAXDEPTH 4 97 98struct selinux_avc; 99struct selinux_ss; 100 101struct selinux_state {
	102#ifdef CONFIG_SECURITY_SELINUX_DISABLE
102 bool disabled;	103 bool disabled;
	104#endif
103#ifdef CONFIG_SECURITY_SELINUX_DEVELOP 104 bool enforcing; 105#endif 106 bool checkreqprot; 107 bool initialized; 108 bool policycap[__POLICYDB_CAPABILITY_MAX]; 109 struct selinux_avc avc; 110 struct selinux_ss ss;	105#ifdef CONFIG_SECURITY_SELINUX_DEVELOP 106 bool enforcing; 107#endif 108 bool checkreqprot; 109 bool initialized; 110 bool policycap[__POLICYDB_CAPABILITY_MAX]; 111 struct selinux_avc avc; 112 struct selinux_ss ss;
111};	113} __randomize_layout;
112 113void selinux_ss_init(struct selinux_ss ss); 114void selinux_avc_init(struct selinux_avc avc); 115 116extern struct selinux_state selinux_state; 117	114 115void selinux_ss_init(struct selinux_ss ss); 116void selinux_avc_init(struct selinux_avc avc); 117 118extern struct selinux_state selinux_state; 119
	120static inline bool selinux_initialized(const struct selinux_state state) 121{ 122 / do a synchronized load to avoid race conditions / 123 return smp_load_acquire(&state->initialized); 124} 125 126static inline void selinux_mark_initialized(struct selinux_state state) 127{ 128 /* do a synchronized write to avoid race conditions */ 129 smp_store_release(&state->initialized, true); 130} 131
118#ifdef CONFIG_SECURITY_SELINUX_DEVELOP 119static inline bool enforcing_enabled(struct selinux_state *state) 120{	132#ifdef CONFIG_SECURITY_SELINUX_DEVELOP 133static inline bool enforcing_enabled(struct selinux_state *state) 134{
121 return state->enforcing;	135 return READ_ONCE(state->enforcing);
122} 123 124static inline void enforcing_set(struct selinux_state *state, bool value) 125{	136} 137 138static inline void enforcing_set(struct selinux_state *state, bool value) 139{
126 state->enforcing = value;	140 WRITE_ONCE(state->enforcing, value);
127} 128#else 129static inline bool enforcing_enabled(struct selinux_state state) 130{ 131 return true; 132} 133 134static inline void enforcing_set(struct selinux_state state, bool value) 135{ 136} 137#endif 138	141} 142#else 143static inline bool enforcing_enabled(struct selinux_state state) 144{ 145 return true; 146} 147 148static inline void enforcing_set(struct selinux_state state, bool value) 149{ 150} 151#endif 152
	153#ifdef CONFIG_SECURITY_SELINUX_DISABLE 154static inline bool selinux_disabled(struct selinux_state state) 155{ 156 return READ_ONCE(state->disabled); 157} 158 159static inline void selinux_mark_disabled(struct selinux_state state) 160{ 161 WRITE_ONCE(state->disabled, true); 162} 163#else 164static inline bool selinux_disabled(struct selinux_state *state) 165{ 166 return false; 167} 168#endif 169
139static inline bool selinux_policycap_netpeer(void) 140{ 141 struct selinux_state state = &selinux_state; 142 143 return state->policycap[POLICYDB_CAPABILITY_NETPEER]; 144} 145 146static inline bool selinux_policycap_openperm(void) --- 243 unchanged lines hidden* (view full) --- 390extern struct vfsmount selinuxfs_mount; 391extern void selnl_notify_setenforce(int val); 392extern void selnl_notify_policyload(u32 seqno); 393extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 perm); 394 395extern void avtab_cache_init(void); 396extern void ebitmap_cache_init(void); 397extern void hashtab_cache_init(void);	170static inline bool selinux_policycap_netpeer(void) 171{ 172 struct selinux_state state = &selinux_state; 173 174 return state->policycap[POLICYDB_CAPABILITY_NETPEER]; 175} 176 177static inline bool selinux_policycap_openperm(void) --- 243 unchanged lines hidden* (view full) --- 421extern struct vfsmount selinuxfs_mount; 422extern void selnl_notify_setenforce(int val); 423extern void selnl_notify_policyload(u32 seqno); 424extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 perm); 425 426extern void avtab_cache_init(void); 427extern void ebitmap_cache_init(void); 428extern void hashtab_cache_init(void);
	429extern int security_sidtab_hash_stats(struct selinux_state state, char page);
398 399#endif /* _SELINUX_SECURITY_H_ */	430 431#endif /* _SELINUX_SECURITY_H_ */