bool policy_opened;
struct dentry *policycap_dir;
unsigned long last_ino;
- struct selinux_state *state;
struct super_block *sb;
};
return -ENOMEM;
fsi->last_ino = SEL_INO_NEXT - 1;
- fsi->state = &selinux_state;
fsi->sb = sb;
sb->s_fs_info = fsi;
return 0;
static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
- enforcing_enabled(fsi->state));
+ enforcing_enabled());
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *page = NULL;
ssize_t length;
int old_value, new_value;
new_value = !!new_value;
- old_value = enforcing_enabled(state);
+ old_value = enforcing_enabled();
if (new_value != old_value) {
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETENFORCE,
NULL);
if (length)
new_value, old_value,
from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current));
- enforcing_set(state, new_value);
+ enforcing_set(new_value);
if (new_value)
- avc_ss_reset(state->avc, 0);
+ avc_ss_reset(0);
selnl_notify_setenforce(new_value);
- selinux_status_update_setenforce(state, new_value);
+ selinux_status_update_setenforce(new_value);
if (!new_value)
call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
- selinux_ima_measure_state(state);
+ selinux_ima_measure_state();
}
length = count;
out:
static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char tmpbuf[TMPBUFLEN];
ssize_t length;
ino_t ino = file_inode(filp)->i_ino;
int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
- security_get_reject_unknown(state) :
- !security_get_allow_unknown(state);
+ security_get_reject_unknown() :
+ !security_get_allow_unknown();
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
static int sel_open_handle_status(struct inode *inode, struct file *filp)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
- struct page *status = selinux_kernel_status_page(fsi->state);
+ struct page *status = selinux_kernel_status_page();
if (!status)
return -ENOMEM;
.llseek = generic_file_llseek,
};
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static ssize_t sel_write_disable(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
char *page;
ssize_t length;
int new_value;
- int enforcing;
-
- /* NOTE: we are now officially considering runtime disable as
- * deprecated, and using it will become increasingly painful
- * (e.g. sleeping/blocking) as we progress through future
- * kernel releases until eventually it is removed
- */
- pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
- pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
- ssleep(15);
if (count >= PAGE_SIZE)
return -ENOMEM;
if (IS_ERR(page))
return PTR_ERR(page);
- length = -EINVAL;
- if (sscanf(page, "%d", &new_value) != 1)
+ if (sscanf(page, "%d", &new_value) != 1) {
+ length = -EINVAL;
goto out;
+ }
+ length = count;
if (new_value) {
- enforcing = enforcing_enabled(fsi->state);
- length = selinux_disable(fsi->state);
- if (length)
- goto out;
- audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
- "enforcing=%d old_enforcing=%d auid=%u ses=%u"
- " enabled=0 old-enabled=1 lsm=selinux res=1",
- enforcing, enforcing,
- from_kuid(&init_user_ns, audit_get_loginuid(current)),
- audit_get_sessionid(current));
+ pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
+ pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n");
}
- length = count;
out:
kfree(page);
return length;
}
-#else
-#define sel_write_disable NULL
-#endif
static const struct file_operations sel_disable_ops = {
.write = sel_write_disable,
static ssize_t sel_read_mls(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
- security_mls_enabled(fsi->state));
+ security_mls_enabled());
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
static int sel_open_policy(struct inode *inode, struct file *filp)
{
struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
struct policy_load_memory *plm = NULL;
int rc;
BUG_ON(filp->private_data);
- mutex_lock(&fsi->state->policy_mutex);
+ mutex_lock(&selinux_state.policy_mutex);
- rc = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
if (rc)
goto err;
if (!plm)
goto err;
- rc = security_read_policy(state, &plm->data, &plm->len);
+ rc = security_read_policy(&plm->data, &plm->len);
if (rc)
goto err;
filp->private_data = plm;
- mutex_unlock(&fsi->state->policy_mutex);
+ mutex_unlock(&selinux_state.policy_mutex);
return 0;
err:
- mutex_unlock(&fsi->state->policy_mutex);
+ mutex_unlock(&selinux_state.policy_mutex);
if (plm)
vfree(plm->data);
struct policy_load_memory *plm = filp->private_data;
int ret;
- ret = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
if (ret)
return ret;
ssize_t length;
void *data = NULL;
- mutex_lock(&fsi->state->policy_mutex);
+ mutex_lock(&selinux_state.policy_mutex);
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
if (length)
goto out;
if (copy_from_user(data, buf, count) != 0)
goto out;
- length = security_load_policy(fsi->state, data, count, &load_state);
+ length = security_load_policy(data, count, &load_state);
if (length) {
pr_warn_ratelimited("SELinux: failed to load policy\n");
goto out;
length = sel_make_policy_nodes(fsi, load_state.policy);
if (length) {
pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
- selinux_policy_cancel(fsi->state, &load_state);
+ selinux_policy_cancel(&load_state);
goto out;
}
- selinux_policy_commit(fsi->state, &load_state);
+ selinux_policy_commit(&load_state);
length = count;
from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current));
out:
- mutex_unlock(&fsi->state->policy_mutex);
+ mutex_unlock(&selinux_state.policy_mutex);
vfree(data);
return length;
}
static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *canon = NULL;
u32 sid, len;
ssize_t length;
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
if (length)
goto out;
- length = security_context_to_sid(state, buf, size, &sid, GFP_KERNEL);
+ length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
if (length)
goto out;
- length = security_sid_to_context(state, sid, &canon, &len);
+ length = security_sid_to_context(sid, &canon, &len);
if (length)
goto out;
static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
- checkreqprot_get(fsi->state));
+ checkreqprot_get());
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
char *page;
ssize_t length;
unsigned int new_value;
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
NULL);
if (length)
if (IS_ERR(page))
return PTR_ERR(page);
- length = -EINVAL;
- if (sscanf(page, "%u", &new_value) != 1)
+ if (sscanf(page, "%u", &new_value) != 1) {
+ length = -EINVAL;
goto out;
+ }
+ length = count;
if (new_value) {
char comm[sizeof(current->comm)];
memcpy(comm, current->comm, sizeof(comm));
- pr_err("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n",
+ pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n",
comm, current->pid);
}
- checkreqprot_set(fsi->state, (new_value ? 1 : 0));
- if (new_value)
- ssleep(15);
- length = count;
-
- selinux_ima_measure_state(fsi->state);
+ selinux_ima_measure_state();
out:
kfree(page);
const char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
char *req = NULL;
u32 osid, nsid, tsid;
u16 tclass;
int rc;
- rc = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
if (rc)
goto out;
if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
goto out;
- rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL);
+ rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
if (rc)
goto out;
- rc = security_context_str_to_sid(state, newcon, &nsid, GFP_KERNEL);
+ rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
if (rc)
goto out;
- rc = security_context_str_to_sid(state, taskcon, &tsid, GFP_KERNEL);
+ rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
if (rc)
goto out;
- rc = security_validate_transition_user(state, osid, nsid, tsid, tclass);
+ rc = security_validate_transition_user(osid, nsid, tsid, tclass);
if (!rc)
rc = count;
out:
static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *scon = NULL, *tcon = NULL;
u32 ssid, tsid;
u16 tclass;
struct av_decision avd;
ssize_t length;
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
if (length)
goto out;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
- length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
+ length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
if (length)
goto out;
- length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
+ length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
if (length)
goto out;
- security_compute_av_user(state, ssid, tsid, tclass, &avd);
+ security_compute_av_user(ssid, tsid, tclass, &avd);
length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
"%x %x %x %x %u %x",
static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *scon = NULL, *tcon = NULL;
char *namebuf = NULL, *objname = NULL;
u32 ssid, tsid, newsid;
u32 len;
int nargs;
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
NULL);
if (length)
objname = namebuf;
}
- length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
+ length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
if (length)
goto out;
- length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
+ length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
if (length)
goto out;
- length = security_transition_sid_user(state, ssid, tsid, tclass,
+ length = security_transition_sid_user(ssid, tsid, tclass,
objname, &newsid);
if (length)
goto out;
- length = security_sid_to_context(state, newsid, &newcon, &len);
+ length = security_sid_to_context(newsid, &newcon, &len);
if (length)
goto out;
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *scon = NULL, *tcon = NULL;
u32 ssid, tsid, newsid;
u16 tclass;
char *newcon = NULL;
u32 len;
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
NULL);
if (length)
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
- length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
+ length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
if (length)
goto out;
- length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
+ length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
if (length)
goto out;
- length = security_change_sid(state, ssid, tsid, tclass, &newsid);
+ length = security_change_sid(ssid, tsid, tclass, &newsid);
if (length)
goto out;
- length = security_sid_to_context(state, newsid, &newcon, &len);
+ length = security_sid_to_context(newsid, &newcon, &len);
if (length)
goto out;
static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *con = NULL, *user = NULL, *ptr;
u32 sid, *sids = NULL;
ssize_t length;
int i, rc;
u32 len, nsids;
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
NULL);
if (length)
if (sscanf(buf, "%s %s", con, user) != 2)
goto out;
- length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL);
+ length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
if (length)
goto out;
- length = security_get_user_sids(state, sid, user, &sids, &nsids);
+ length = security_get_user_sids(sid, user, &sids, &nsids);
if (length)
goto out;
length = sprintf(buf, "%u", nsids) + 1;
ptr = buf + length;
for (i = 0; i < nsids; i++) {
- rc = security_sid_to_context(state, sids[i], &newcon, &len);
+ rc = security_sid_to_context(sids[i], &newcon, &len);
if (rc) {
length = rc;
goto out;
static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *scon = NULL, *tcon = NULL;
u32 ssid, tsid, newsid;
u16 tclass;
char *newcon = NULL;
u32 len;
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
NULL);
if (length)
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
- length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
+ length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
if (length)
goto out;
- length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
+ length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
if (length)
goto out;
- length = security_member_sid(state, ssid, tsid, tclass, &newsid);
+ length = security_member_sid(ssid, tsid, tclass, &newsid);
if (length)
goto out;
- length = security_sid_to_context(state, newsid, &newcon, &len);
+ length = security_sid_to_context(newsid, &newcon, &len);
if (length)
goto out;
unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
const char *name = filep->f_path.dentry->d_name.name;
- mutex_lock(&fsi->state->policy_mutex);
+ mutex_lock(&selinux_state.policy_mutex);
ret = -EINVAL;
if (index >= fsi->bool_num || strcmp(name,
if (!page)
goto out_unlock;
- cur_enforcing = security_get_bool_value(fsi->state, index);
+ cur_enforcing = security_get_bool_value(index);
if (cur_enforcing < 0) {
ret = cur_enforcing;
goto out_unlock;
}
length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
fsi->bool_pending_values[index]);
- mutex_unlock(&fsi->state->policy_mutex);
+ mutex_unlock(&selinux_state.policy_mutex);
ret = simple_read_from_buffer(buf, count, ppos, page, length);
out_free:
free_page((unsigned long)page);
return ret;
out_unlock:
- mutex_unlock(&fsi->state->policy_mutex);
+ mutex_unlock(&selinux_state.policy_mutex);
goto out_free;
}
if (IS_ERR(page))
return PTR_ERR(page);
- mutex_lock(&fsi->state->policy_mutex);
+ mutex_lock(&selinux_state.policy_mutex);
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETBOOL,
NULL);
if (length)
length = count;
out:
- mutex_unlock(&fsi->state->policy_mutex);
+ mutex_unlock(&selinux_state.policy_mutex);
kfree(page);
return length;
}
if (IS_ERR(page))
return PTR_ERR(page);
- mutex_lock(&fsi->state->policy_mutex);
+ mutex_lock(&selinux_state.policy_mutex);
- length = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETBOOL,
NULL);
if (length)
length = 0;
if (new_value && fsi->bool_pending_values)
- length = security_set_bools(fsi->state, fsi->bool_num,
+ length = security_set_bools(fsi->bool_num,
fsi->bool_pending_values);
if (!length)
length = count;
out:
- mutex_unlock(&fsi->state->policy_mutex);
+ mutex_unlock(&selinux_state.policy_mutex);
kfree(page);
return length;
}
static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
- avc_get_cache_threshold(state->avc));
+ avc_get_cache_threshold());
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *page;
ssize_t ret;
unsigned int new_value;
- ret = avc_has_perm(&selinux_state,
- current_sid(), SECINITSID_SECURITY,
+ ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETSECPARAM,
NULL);
if (ret)
if (sscanf(page, "%u", &new_value) != 1)
goto out;
- avc_set_cache_threshold(state->avc, new_value);
+ avc_set_cache_threshold(new_value);
ret = count;
out:
static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *page;
ssize_t length;
if (!page)
return -ENOMEM;
- length = avc_get_hash_stats(state->avc, page);
+ length = avc_get_hash_stats(page);
if (length >= 0)
length = simple_read_from_buffer(buf, count, ppos, page, length);
free_page((unsigned long)page);
static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
- struct selinux_state *state = fsi->state;
char *page;
ssize_t length;
if (!page)
return -ENOMEM;
- length = security_sidtab_hash_stats(state, page);
+ length = security_sidtab_hash_stats(page);
if (length >= 0)
length = simple_read_from_buffer(buf, count, ppos, page,
length);
static ssize_t sel_read_initcon(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
char *con;
u32 sid, len;
ssize_t ret;
sid = file_inode(file)->i_ino&SEL_INO_MASK;
- ret = security_sid_to_context(fsi->state, sid, &con, &len);
+ ret = security_sid_to_context(sid, &con, &len);
if (ret)
return ret;
static ssize_t sel_read_policycap(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
int value;
char tmpbuf[TMPBUFLEN];
ssize_t length;
unsigned long i_ino = file_inode(file)->i_ino;
- value = security_policycap_supported(fsi->state, i_ino & SEL_INO_MASK);
+ value = security_policycap_supported(i_ino & SEL_INO_MASK);
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
__initcall(init_sel_fs);
-
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-void exit_sel_fs(void)
-{
- sysfs_remove_mount_point(fs_kobj, "selinux");
- dput(selinux_null.dentry);
- kern_unmount(selinuxfs_mount);
- unregister_filesystem(&sel_fs_type);
-}
-#endif
OSDN Git Service
