| hooks.c (f01387d2693813eb5271a3448e6a082322c7d75d) | hooks.c (615e51fdda6f274e94b1e905fcaf6111e0d9aa20) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 147 unchanged lines hidden (view full) --- 156 * is always considered enabled. 157 * 158 */ 159static int selinux_peerlbl_enabled(void) 160{ 161 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled()); 162} 163 | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 147 unchanged lines hidden (view full) --- 156 * is always considered enabled. 157 * 158 */ 159static int selinux_peerlbl_enabled(void) 160{ 161 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled()); 162} 163 |
| 164static int selinux_netcache_avc_callback(u32 event) 165{ 166 if (event == AVC_CALLBACK_RESET) { 167 sel_netif_flush(); 168 sel_netnode_flush(); 169 sel_netport_flush(); 170 synchronize_net(); 171 } 172 return 0; 173} 174 |
|
| 164/* 165 * initialise the security for the init task 166 */ 167static void cred_init_security(void) 168{ 169 struct cred *cred = (struct cred *) current->real_cred; 170 struct task_security_struct *tsec; 171 --- 5548 unchanged lines hidden (view full) --- 5720 struct key_security_struct *ksec = k->security; 5721 5722 k->security = NULL; 5723 kfree(ksec); 5724} 5725 5726static int selinux_key_permission(key_ref_t key_ref, 5727 const struct cred *cred, | 175/* 176 * initialise the security for the init task 177 */ 178static void cred_init_security(void) 179{ 180 struct cred *cred = (struct cred *) current->real_cred; 181 struct task_security_struct *tsec; 182 --- 5548 unchanged lines hidden (view full) --- 5731 struct key_security_struct *ksec = k->security; 5732 5733 k->security = NULL; 5734 kfree(ksec); 5735} 5736 5737static int selinux_key_permission(key_ref_t key_ref, 5738 const struct cred *cred, |
| 5728 unsigned perm) | 5739 key_perm_t perm) |
| 5729{ 5730 struct key *key; 5731 struct key_security_struct *ksec; 5732 u32 sid; 5733 5734 /* if no specific permissions are requested, we skip the 5735 permission check. No serious, additional covert channels 5736 appear to be created. */ --- 251 unchanged lines hidden (view full) --- 5988 sel_inode_cache = kmem_cache_create("selinux_inode_security", 5989 sizeof(struct inode_security_struct), 5990 0, SLAB_PANIC, NULL); 5991 avc_init(); 5992 5993 if (register_security(&selinux_ops)) 5994 panic("SELinux: Unable to register with kernel.\n"); 5995 | 5740{ 5741 struct key *key; 5742 struct key_security_struct *ksec; 5743 u32 sid; 5744 5745 /* if no specific permissions are requested, we skip the 5746 permission check. No serious, additional covert channels 5747 appear to be created. */ --- 251 unchanged lines hidden (view full) --- 5999 sel_inode_cache = kmem_cache_create("selinux_inode_security", 6000 sizeof(struct inode_security_struct), 6001 0, SLAB_PANIC, NULL); 6002 avc_init(); 6003 6004 if (register_security(&selinux_ops)) 6005 panic("SELinux: Unable to register with kernel.\n"); 6006 |
| 6007 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) 6008 panic("SELinux: Unable to register AVC netcache callback\n"); 6009 |
|
| 5996 if (selinux_enforcing) 5997 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); 5998 else 5999 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); 6000 6001 return 0; 6002} 6003 --- 144 unchanged lines hidden --- | 6010 if (selinux_enforcing) 6011 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); 6012 else 6013 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); 6014 6015 return 0; 6016} 6017 --- 144 unchanged lines hidden --- |