diff options
Diffstat (limited to 'security/selinux/include/avc.h')
| -rw-r--r-- | security/selinux/include/avc.h | 29 |
1 files changed, 10 insertions, 19 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 5525b94fd266..9301222c8e55 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -52,7 +52,6 @@ struct selinux_audit_data { u32 audited; u32 denied; int result; - struct selinux_state *state; } __randomize_layout; /* @@ -97,14 +96,12 @@ static inline u32 avc_audit_required(u32 requested, return audited; } -int slow_avc_audit(struct selinux_state *state, - u32 ssid, u32 tsid, u16 tclass, +int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, u32 audited, u32 denied, int result, struct common_audit_data *a); /** * avc_audit - Audit the granting or denial of permissions. - * @state: SELinux state * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class @@ -122,8 +119,7 @@ int slow_avc_audit(struct selinux_state *state, * be performed under a lock, to allow the lock to be released * before calling the auditing code. */ -static inline int avc_audit(struct selinux_state *state, - u32 ssid, u32 tsid, +static inline int avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct av_decision *avd, int result, @@ -133,30 +129,27 @@ static inline int avc_audit(struct selinux_state *state, audited = avc_audit_required(requested, avd, result, 0, &denied); if (likely(!audited)) return 0; - return slow_avc_audit(state, ssid, tsid, tclass, + return slow_avc_audit(ssid, tsid, tclass, requested, audited, denied, result, a); } #define AVC_STRICT 1 /* Ignore permissive mode. */ #define AVC_EXTENDED_PERMS 2 /* update extended permissions */ -int avc_has_perm_noaudit(struct selinux_state *state, - u32 ssid, u32 tsid, +int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested, unsigned flags, struct av_decision *avd); -int avc_has_perm(struct selinux_state *state, - u32 ssid, u32 tsid, +int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata); -int avc_has_extended_perms(struct selinux_state *state, - u32 ssid, u32 tsid, u16 tclass, u32 requested, +int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested, u8 driver, u8 perm, struct common_audit_data *ad); -u32 avc_policy_seqno(struct selinux_state *state); +u32 avc_policy_seqno(void); #define AVC_CALLBACK_GRANT 1 #define AVC_CALLBACK_TRY_REVOKE 2 @@ -171,11 +164,9 @@ u32 avc_policy_seqno(struct selinux_state *state); int avc_add_callback(int (*callback)(u32 event), u32 events); /* Exported to selinuxfs */ -struct selinux_avc; -int avc_get_hash_stats(struct selinux_avc *avc, char *page); -unsigned int avc_get_cache_threshold(struct selinux_avc *avc); -void avc_set_cache_threshold(struct selinux_avc *avc, - unsigned int cache_threshold); +int avc_get_hash_stats(char *page); +unsigned int avc_get_cache_threshold(void); +void avc_set_cache_threshold(unsigned int cache_threshold); /* Attempt to free avc node cache */ void avc_disable(void); |