Eric Lee / smarc-fsl-linux-kernel

19 Dec, 2019

1 commit

  • 6c5a682e6   selinux: clean up selinux_enabled/disabled/enforcing_boot ... Browse Code »

    Rename selinux_enabled to selinux_enabled_boot to make it clear that
    it only reflects whether SELinux was enabled at boot. Replace the
    references to it in the MAC_STATUS audit log in sel_write_enforce()
    with hardcoded "1" values because this code is only reachable if SELinux
    is enabled and does not change its value, and update the corresponding
    MAC_STATUS audit log in sel_write_disable(). Stop clearing
    selinux_enabled in selinux_disable() since it is not used outside of
    initialization code that runs before selinux_disable() can be reached.
    Mark both selinux_enabled_boot and selinux_enforcing_boot as __initdata
    since they are only used in initialization code.

    Wrap the disabled field in the struct selinux_state with
    CONFIG_SECURITY_SELINUX_DISABLE since it is only used for
    runtime disable.

    Signed-off-by: Stephen Smalley
    Signed-off-by: Paul Moore

    Stephen Smalley
     

05 Jun, 2019

1 commit

  • 5b497af42   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 ... Browse Code »

    Based on 1 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of version 2 of the gnu general public license as
    published by the free software foundation this program is
    distributed in the hope that it will be useful but without any
    warranty without even the implied warranty of merchantability or
    fitness for a particular purpose see the gnu general public license
    for more details

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-only

    has been chosen to replace the boilerplate/reference in 64 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Alexios Zavras
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190529141901.894819585@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

02 Mar, 2018

1 commit

  • aa8e712ce   selinux: wrap global selinux state ... Browse Code »

    Define a selinux state structure (struct selinux_state) for
    global SELinux state and pass it explicitly to all security server
    functions. The public portion of the structure contains state
    that is used throughout the SELinux code, such as the enforcing mode.
    The structure also contains a pointer to a selinux_ss structure whose
    definition is private to the security server and contains security
    server specific state such as the policy database and SID table.

    This change should have no effect on SELinux behavior or APIs
    (userspace or LSM). It merely wraps SELinux state and passes it
    explicitly as needed.

    Signed-off-by: Stephen Smalley
    [PM: minor fixups needed due to collisions with the SCTP patches]
    Signed-off-by: Paul Moore

    Stephen Smalley
     

24 May, 2017

1 commit

  • 409dcf315   selinux: Add a cache for quicker retreival of PKey SIDs ... Browse Code »

    It is likely that the SID for the same PKey will be requested many
    times. To reduce the time to modify QPs and process MADs use a cache to
    store PKey SIDs.

    This code is heavily based on the "netif" and "netport" concept
    originally developed by James Morris and Paul Moore
    (see security/selinux/netif.c and
    security/selinux/netport.c for more information)

    Signed-off-by: Daniel Jurgens
    Acked-by: Doug Ledford
    Signed-off-by: Paul Moore

    Daniel Jurgens