diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 2 | ||||
-rw-r--r-- | security/selinux/hooks.c | 4 | ||||
-rw-r--r-- | security/selinux/include/security.h | 8 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/status.c | 2 |
6 files changed, 14 insertions, 14 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 36124f48a5ff..54b09cc03b55 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -985,7 +985,7 @@ static noinline int avc_denied(u32 ssid, u32 tsid, if (flags & AVC_STRICT) return -EACCES; - if (is_enforcing(&selinux_state) && + if (enforcing_enabled(&selinux_state) && !(avd->flags & AVD_FLAGS_PERMISSIVE)) return -EACCES; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d78f9e2f6df0..337fb325e5cc 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5407,7 +5407,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) sk->sk_protocol, nlh->nlmsg_type, secclass_map[sksec->sclass - 1].name, task_pid_nr(current), current->comm); - if (!is_enforcing(&selinux_state) || + if (!enforcing_enabled(&selinux_state) || security_get_allow_unknown(&selinux_state)) err = 0; } @@ -6937,7 +6937,7 @@ static __init int selinux_init(void) printk(KERN_INFO "SELinux: Initializing.\n"); memset(&selinux_state, 0, sizeof(selinux_state)); - set_enforcing(&selinux_state, selinux_enforcing_boot); + enforcing_set(&selinux_state, selinux_enforcing_boot); selinux_state.checkreqprot = selinux_checkreqprot_boot; selinux_ss_init(&selinux_state.ss); diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index c3a1ef10e710..f1db09a5f521 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -111,22 +111,22 @@ void selinux_ss_init(struct selinux_ss **ss); extern struct selinux_state selinux_state; #ifdef CONFIG_SECURITY_SELINUX_DEVELOP -static inline bool is_enforcing(struct selinux_state *state) +static inline bool enforcing_enabled(struct selinux_state *state) { return state->enforcing; } -static inline void set_enforcing(struct selinux_state *state, bool value) +static inline void enforcing_set(struct selinux_state *state, bool value) { state->enforcing = value; } #else -static inline bool is_enforcing(struct selinux_state *state) +static inline bool enforcing_enabled(struct selinux_state *state) { return true; } -static inline void set_enforcing(struct selinux_state *state, bool value) +static inline void enforcing_set(struct selinux_state *state, bool value) { } #endif diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 98492755adbf..0dbd5fd6a396 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -98,7 +98,7 @@ static ssize_t sel_read_enforce(struct file *filp, char __user *buf, ssize_t length; length = scnprintf(tmpbuf, TMPBUFLEN, "%d", - is_enforcing(&selinux_state)); + enforcing_enabled(&selinux_state)); return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); } @@ -128,7 +128,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, new_value = !!new_value; - old_value = is_enforcing(&selinux_state); + old_value = enforcing_enabled(&selinux_state); if (new_value != old_value) { length = avc_has_perm(current_sid(), SECINITSID_SECURITY, @@ -141,7 +141,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, new_value, old_value, from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); - set_enforcing(&selinux_state, new_value); + enforcing_set(&selinux_state, new_value); if (new_value) avc_ss_reset(0); selnl_notify_setenforce(new_value); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3698352213d7..4785ca552d51 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -752,7 +752,7 @@ out: kfree(n); kfree(t); - if (!is_enforcing(state)) + if (!enforcing_enabled(state)) return 0; return -EPERM; } @@ -1596,7 +1596,7 @@ out: kfree(s); kfree(t); kfree(n); - if (!is_enforcing(state)) + if (!enforcing_enabled(state)) return 0; return -EACCES; } @@ -1907,7 +1907,7 @@ static inline int convert_context_handle_invalid_context( char *s; u32 len; - if (is_enforcing(state)) + if (enforcing_enabled(state)) return -EINVAL; if (!context_struct_to_string(policydb, context, &s, &len)) { diff --git a/security/selinux/ss/status.c b/security/selinux/ss/status.c index 043efc59f8e4..a121de45ac0e 100644 --- a/security/selinux/ss/status.c +++ b/security/selinux/ss/status.c @@ -56,7 +56,7 @@ struct page *selinux_kernel_status_page(struct selinux_state *state) status->version = SELINUX_KERNEL_STATUS_VERSION; status->sequence = 0; - status->enforcing = is_enforcing(state); + status->enforcing = enforcing_enabled(state); /* * NOTE: the next policyload event shall set * a positive value on the status->policyload, |