summaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-03-07 12:12:45 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2019-03-07 12:12:45 -0800
commit3ac96c30ccfa802501dd2f4941e4508ea54b0b8a (patch)
treedf095a1ad94f30ec6127da7f6ff3d36e3bbab0fc /security/selinux/include
parentae5906ceee038ea29ff5162d1bcd18fb50af8b94 (diff)
parent45189a1998e00f6375ebd49d1e18161acddd73de (diff)
downloadlinux-3ac96c30ccfa802501dd2f4941e4508ea54b0b8a.tar.bz2
Merge tag 'selinux-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore: "Nine SELinux patches for v5.1, all bug fixes. As far as I'm concerned, nothing really jumps out as risky or special to me, but each commit has a decent description so you can judge for yourself. As usual, everything passes the selinux-testsuite; please merge for v5.1" * tag 'selinux-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix avc audit messages selinux: replace BUG_ONs with WARN_ONs in avc.c selinux: log invalid contexts in AVCs selinux: replace some BUG_ON()s with a WARN_ON() selinux: inline some AVC functions used only once selinux: do not override context on context mounts selinux: never allow relabeling on context mounts selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link selinux: avoid silent denials in permissive mode under RCU walk
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/avc.h6
-rw-r--r--security/selinux/include/security.h3
2 files changed, 4 insertions, 5 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index ef899bcfd2cb..7be0e1e90e8b 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -142,6 +142,7 @@ static inline int avc_audit(struct selinux_state *state,
#define AVC_STRICT 1 /* Ignore permissive mode. */
#define AVC_EXTENDED_PERMS 2 /* update extended permissions */
+#define AVC_NONBLOCKING 4 /* non blocking */
int avc_has_perm_noaudit(struct selinux_state *state,
u32 ssid, u32 tsid,
u16 tclass, u32 requested,
@@ -152,11 +153,6 @@ int avc_has_perm(struct selinux_state *state,
u32 ssid, u32 tsid,
u16 tclass, u32 requested,
struct common_audit_data *auditdata);
-int avc_has_perm_flags(struct selinux_state *state,
- u32 ssid, u32 tsid,
- u16 tclass, u32 requested,
- struct common_audit_data *auditdata,
- int flags);
int avc_has_extended_perms(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass, u32 requested,
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index ba8eedf42b90..f68fb25b5702 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -255,6 +255,9 @@ int security_sid_to_context(struct selinux_state *state, u32 sid,
int security_sid_to_context_force(struct selinux_state *state,
u32 sid, char **scontext, u32 *scontext_len);
+int security_sid_to_context_inval(struct selinux_state *state,
+ u32 sid, char **scontext, u32 *scontext_len);
+
int security_context_to_sid(struct selinux_state *state,
const char *scontext, u32 scontext_len,
u32 *out_sid, gfp_t gfp);