xref: /linux/security/selinux/ss/services.c

247 	struct selinux_policy *policy;  in security_mls_enabled()  local
253 	policy = rcu_dereference(state->policy);  in security_mls_enabled()
254 	mls_enabled = policy->policydb.mls_enabled;  in security_mls_enabled()
725 					struct selinux_policy *policy,  in security_validtrans_handle_fail()  argument
731 	struct policydb *p = &policy->policydb;  in security_validtrans_handle_fail()
732 	struct sidtab *sidtab = policy->sidtab;  in security_validtrans_handle_fail()
760 	struct selinux_policy *policy;  in security_compute_validatetrans()  local
777 	policy = rcu_dereference(state->policy);  in security_compute_validatetrans()
778 	policydb = &policy->policydb;  in security_compute_validatetrans()
779 	sidtab = policy->sidtab;  in security_compute_validatetrans()
782 		tclass = unmap_class(&policy->map, orig_tclass);  in security_compute_validatetrans()
825 								policy,  in security_compute_validatetrans()
869 	struct selinux_policy *policy;  in security_bounded_transition()  local
881 	policy = rcu_dereference(state->policy);  in security_bounded_transition()
882 	policydb = &policy->policydb;  in security_bounded_transition()
883 	sidtab = policy->sidtab;  in security_bounded_transition()
949 static void avd_init(struct selinux_policy *policy, struct av_decision *avd)  in avd_init()  argument
954 	if (policy)  in avd_init()
955 		avd->seqno = policy->latest_granting;  in avd_init()
1022 	struct selinux_policy *policy;  in security_compute_xperms_decision()  local
1043 	policy = rcu_dereference(state->policy);  in security_compute_xperms_decision()
1044 	policydb = &policy->policydb;  in security_compute_xperms_decision()
1045 	sidtab = policy->sidtab;  in security_compute_xperms_decision()
1061 	tclass = unmap_class(&policy->map, orig_tclass);  in security_compute_xperms_decision()
1119 	struct selinux_policy *policy;  in security_compute_av()  local
1126 	policy = rcu_dereference(state->policy);  in security_compute_av()
1127 	avd_init(policy, avd);  in security_compute_av()
1132 	policydb = &policy->policydb;  in security_compute_av()
1133 	sidtab = policy->sidtab;  in security_compute_av()
1153 	tclass = unmap_class(&policy->map, orig_tclass);  in security_compute_av()
1161 	map_decision(&policy->map, orig_tclass, avd,  in security_compute_av()
1177 	struct selinux_policy *policy;  in security_compute_av_user()  local
1183 	policy = rcu_dereference(state->policy);  in security_compute_av_user()
1184 	avd_init(policy, avd);  in security_compute_av_user()
1188 	policydb = &policy->policydb;  in security_compute_av_user()
1189 	sidtab = policy->sidtab;  in security_compute_av_user()
1303 	struct selinux_policy *policy;  in security_sidtab_hash_stats()  local
1313 	policy = rcu_dereference(state->policy);  in security_sidtab_hash_stats()
1314 	rc = sidtab_hash_stats(policy->sidtab, page);  in security_sidtab_hash_stats()
1332 	struct selinux_policy *policy;  in security_sid_to_context_core()  local
1363 	policy = rcu_dereference(state->policy);  in security_sid_to_context_core()
1364 	policydb = &policy->policydb;  in security_sid_to_context_core()
1365 	sidtab = policy->sidtab;  in security_sid_to_context_core()
1521 	struct selinux_policy *policy;  in security_context_to_sid_core()  local
1562 	policy = rcu_dereference(state->policy);  in security_context_to_sid_core()
1563 	policydb = &policy->policydb;  in security_context_to_sid_core()
1564 	sidtab = policy->sidtab;  in security_context_to_sid_core()
1658 	struct selinux_policy *policy,  in compute_sid_handle_invalid_context()  argument
1664 	struct policydb *policydb = &policy->policydb;  in compute_sid_handle_invalid_context()
1665 	struct sidtab *sidtab = policy->sidtab;  in compute_sid_handle_invalid_context()
1734 	struct selinux_policy *policy;  in security_compute_sid()  local
1765 	policy = rcu_dereference(state->policy);  in security_compute_sid()
1768 		tclass = unmap_class(&policy->map, orig_tclass);  in security_compute_sid()
1772 		sock = security_is_socket_class(map_class(&policy->map,  in security_compute_sid()
1776 	policydb = &policy->policydb;  in security_compute_sid()
1777 	sidtab = policy->sidtab;  in security_compute_sid()
1897 		rc = compute_sid_handle_invalid_context(state, policy, sentry,  in security_compute_sid()
2148 				struct selinux_policy *policy)  in security_load_policycaps()  argument
2154 	p = &policy->policydb;  in security_load_policycaps()
2175 static void selinux_policy_free(struct selinux_policy *policy)  in selinux_policy_free()  argument
2177 	if (!policy)  in selinux_policy_free()
2180 	sidtab_destroy(policy->sidtab);  in selinux_policy_free()
2181 	kfree(policy->map.mapping);  in selinux_policy_free()
2182 	policydb_destroy(&policy->policydb);  in selinux_policy_free()
2183 	kfree(policy->sidtab);  in selinux_policy_free()
2184 	kfree(policy);  in selinux_policy_free()
2187 static void selinux_policy_cond_free(struct selinux_policy *policy)  in selinux_policy_cond_free()  argument
2189 	cond_policydb_destroy_dup(&policy->policydb);  in selinux_policy_cond_free()
2190 	kfree(policy);  in selinux_policy_cond_free()
2198 	oldpolicy = rcu_dereference_protected(state->policy,  in selinux_policy_cancel()
2202 	selinux_policy_free(load_state->policy);  in selinux_policy_cancel()
2221 	struct selinux_policy *oldpolicy, *newpolicy = load_state->policy;  in selinux_policy_commit()
2225 	oldpolicy = rcu_dereference_protected(state->policy,  in selinux_policy_commit()
2246 		rcu_assign_pointer(state->policy, newpolicy);  in selinux_policy_commit()
2249 		rcu_assign_pointer(state->policy, newpolicy);  in selinux_policy_commit()
2322 		load_state->policy = newpolicy;  in security_load_policy()
2327 	oldpolicy = rcu_dereference_protected(state->policy,  in security_load_policy()
2363 	load_state->policy = newpolicy;  in security_load_policy()
2430 	struct selinux_policy *policy;  in security_port_sid()  local
2444 	policy = rcu_dereference(state->policy);  in security_port_sid()
2445 	policydb = &policy->policydb;  in security_port_sid()
2446 	sidtab = policy->sidtab;  in security_port_sid()
2484 	struct selinux_policy *policy;  in security_ib_pkey_sid()  local
2498 	policy = rcu_dereference(state->policy);  in security_ib_pkey_sid()
2499 	policydb = &policy->policydb;  in security_ib_pkey_sid()
2500 	sidtab = policy->sidtab;  in security_ib_pkey_sid()
2538 	struct selinux_policy *policy;  in security_ib_endport_sid()  local
2552 	policy = rcu_dereference(state->policy);  in security_ib_endport_sid()
2553 	policydb = &policy->policydb;  in security_ib_endport_sid()
2554 	sidtab = policy->sidtab;  in security_ib_endport_sid()
2592 	struct selinux_policy *policy;  in security_netif_sid()  local
2606 	policy = rcu_dereference(state->policy);  in security_netif_sid()
2607 	policydb = &policy->policydb;  in security_netif_sid()
2608 	sidtab = policy->sidtab;  in security_netif_sid()
2660 	struct selinux_policy *policy;  in security_node_sid()  local
2673 	policy = rcu_dereference(state->policy);  in security_node_sid()
2674 	policydb = &policy->policydb;  in security_node_sid()
2675 	sidtab = policy->sidtab;  in security_node_sid()
2756 	struct selinux_policy *policy;  in security_get_user_sids()  local
2780 	policy = rcu_dereference(state->policy);  in security_get_user_sids()
2781 	policydb = &policy->policydb;  in security_get_user_sids()
2782 	sidtab = policy->sidtab;  in security_get_user_sids()
2876 static inline int __security_genfs_sid(struct selinux_policy *policy,  in __security_genfs_sid()  argument
2882 	struct policydb *policydb = &policy->policydb;  in __security_genfs_sid()
2883 	struct sidtab *sidtab = policy->sidtab;  in __security_genfs_sid()
2893 	sclass = unmap_class(&policy->map, orig_sclass);  in __security_genfs_sid()
2935 	struct selinux_policy *policy;  in security_genfs_sid()  local
2945 		policy = rcu_dereference(state->policy);  in security_genfs_sid()
2946 		retval = __security_genfs_sid(policy, fstype, path,  in security_genfs_sid()
2953 int selinux_policy_genfs_sid(struct selinux_policy *policy,  in selinux_policy_genfs_sid()  argument
2960 	return __security_genfs_sid(policy, fstype, path, orig_sclass, sid);  in selinux_policy_genfs_sid()
2970 	struct selinux_policy *policy;  in security_fs_use()  local
2987 	policy = rcu_dereference(state->policy);  in security_fs_use()
2988 	policydb = &policy->policydb;  in security_fs_use()
2989 	sidtab = policy->sidtab;  in security_fs_use()
3008 		rc = __security_genfs_sid(policy, fstype, "/",  in security_fs_use()
3027 int security_get_bools(struct selinux_policy *policy,  in security_get_bools()  argument
3034 	policydb = &policy->policydb;  in security_get_bools()
3089 	oldpolicy = rcu_dereference_protected(state->policy,  in security_set_bools()
3136 	rcu_assign_pointer(state->policy, newpolicy);  in security_set_bools()
3154 	struct selinux_policy *policy;  in security_get_bool_value()  local
3163 	policy = rcu_dereference(state->policy);  in security_get_bool_value()
3164 	policydb = &policy->policydb;  in security_get_bool_value()
3213 	struct selinux_policy *policy;  in security_sid_mls_copy()  local
3233 	policy = rcu_dereference(state->policy);  in security_sid_mls_copy()
3234 	policydb = &policy->policydb;  in security_sid_mls_copy()
3235 	sidtab = policy->sidtab;  in security_sid_mls_copy()
3326 	struct selinux_policy *policy;  in security_net_peersid_resolve()  local
3354 	policy = rcu_dereference(state->policy);  in security_net_peersid_resolve()
3355 	policydb = &policy->policydb;  in security_net_peersid_resolve()
3356 	sidtab = policy->sidtab;  in security_net_peersid_resolve()
3410 int security_get_classes(struct selinux_policy *policy,  in security_get_classes()  argument
3416 	policydb = &policy->policydb;  in security_get_classes()
3450 int security_get_permissions(struct selinux_policy *policy,  in security_get_permissions()  argument
3457 	policydb = &policy->policydb;  in security_get_permissions()
3497 	struct selinux_policy *policy;  in security_get_reject_unknown()  local
3504 	policy = rcu_dereference(state->policy);  in security_get_reject_unknown()
3505 	value = policy->policydb.reject_unknown;  in security_get_reject_unknown()
3512 	struct selinux_policy *policy;  in security_get_allow_unknown()  local
3519 	policy = rcu_dereference(state->policy);  in security_get_allow_unknown()
3520 	value = policy->policydb.allow_unknown;  in security_get_allow_unknown()
3539 	struct selinux_policy *policy;  in security_policycap_supported()  local
3546 	policy = rcu_dereference(state->policy);  in security_policycap_supported()
3547 	rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);  in security_policycap_supported()
3571 	struct selinux_policy *policy;  in selinux_audit_rule_init()  local
3616 	policy = rcu_dereference(state->policy);  in selinux_audit_rule_init()
3617 	policydb = &policy->policydb;  in selinux_audit_rule_init()
3619 	tmprule->au_seqno = policy->latest_granting;  in selinux_audit_rule_init()
3698 	struct selinux_policy *policy;  in selinux_audit_rule_match()  local
3714 	policy = rcu_dereference(state->policy);  in selinux_audit_rule_match()
3716 	if (rule->au_seqno < policy->latest_granting) {  in selinux_audit_rule_match()
3721 	ctxt = sidtab_search(policy->sidtab, sid);  in selinux_audit_rule_match()
3880 	struct selinux_policy *policy;  in security_netlbl_secattr_to_sid()  local
3895 	policy = rcu_dereference(state->policy);  in security_netlbl_secattr_to_sid()
3896 	policydb = &policy->policydb;  in security_netlbl_secattr_to_sid()
3897 	sidtab = policy->sidtab;  in security_netlbl_secattr_to_sid()
3957 	struct selinux_policy *policy;  in security_netlbl_sid_to_secattr()  local
3966 	policy = rcu_dereference(state->policy);  in security_netlbl_sid_to_secattr()
3967 	policydb = &policy->policydb;  in security_netlbl_sid_to_secattr()
3970 	ctx = sidtab_search(policy->sidtab, sid);  in security_netlbl_sid_to_secattr()
3997 static int __security_read_policy(struct selinux_policy *policy,  in __security_read_policy()  argument
4006 	rc = policydb_write(&policy->policydb, &fp);  in __security_read_policy()
4024 	struct selinux_policy *policy;  in security_read_policy()  local
4026 	policy = rcu_dereference_protected(  in security_read_policy()
4027 			state->policy, lockdep_is_held(&state->policy_mutex));  in security_read_policy()
4028 	if (!policy)  in security_read_policy()
4031 	*len = policy->policydb.len;  in security_read_policy()
4036 	return __security_read_policy(policy, *data, len);  in security_read_policy()
4054 	struct selinux_policy *policy;  in security_read_state_kernel()  local
4056 	policy = rcu_dereference_protected(  in security_read_state_kernel()
4057 			state->policy, lockdep_is_held(&state->policy_mutex));  in security_read_state_kernel()
4058 	if (!policy)  in security_read_state_kernel()
4061 	*len = policy->policydb.len;  in security_read_state_kernel()
4066 	return __security_read_policy(policy, *data, len);  in security_read_state_kernel()

Last Index update Sat Jun 03 09:59:21 CST 2023