Lines Matching refs:state
244 int security_mls_enabled(struct selinux_state *state) in security_mls_enabled() argument
246 struct policydb *p = &state->ss->policydb; in security_mls_enabled()
718 static int security_validtrans_handle_fail(struct selinux_state *state, in security_validtrans_handle_fail() argument
724 struct policydb *p = &state->ss->policydb; in security_validtrans_handle_fail()
743 if (!enforcing_enabled(state)) in security_validtrans_handle_fail()
748 static int security_compute_validatetrans(struct selinux_state *state, in security_compute_validatetrans() argument
763 if (!state->initialized) in security_compute_validatetrans()
766 read_lock(&state->ss->policy_rwlock); in security_compute_validatetrans()
768 policydb = &state->ss->policydb; in security_compute_validatetrans()
769 sidtab = state->ss->sidtab; in security_compute_validatetrans()
772 tclass = unmap_class(&state->ss->map, orig_tclass); in security_compute_validatetrans()
813 rc = security_validtrans_handle_fail(state, in security_compute_validatetrans()
824 read_unlock(&state->ss->policy_rwlock); in security_compute_validatetrans()
828 int security_validate_transition_user(struct selinux_state *state, in security_validate_transition_user() argument
832 return security_compute_validatetrans(state, oldsid, newsid, tasksid, in security_validate_transition_user()
836 int security_validate_transition(struct selinux_state *state, in security_validate_transition() argument
840 return security_compute_validatetrans(state, oldsid, newsid, tasksid, in security_validate_transition()
853 int security_bounded_transition(struct selinux_state *state, in security_bounded_transition() argument
863 if (!state->initialized) in security_bounded_transition()
866 read_lock(&state->ss->policy_rwlock); in security_bounded_transition()
868 policydb = &state->ss->policydb; in security_bounded_transition()
869 sidtab = state->ss->sidtab; in security_bounded_transition()
930 read_unlock(&state->ss->policy_rwlock); in security_bounded_transition()
935 static void avd_init(struct selinux_state *state, struct av_decision *avd) in avd_init() argument
940 avd->seqno = state->ss->latest_granting; in avd_init()
998 void security_compute_xperms_decision(struct selinux_state *state, in security_compute_xperms_decision() argument
1021 read_lock(&state->ss->policy_rwlock); in security_compute_xperms_decision()
1022 if (!state->initialized) in security_compute_xperms_decision()
1025 policydb = &state->ss->policydb; in security_compute_xperms_decision()
1026 sidtab = state->ss->sidtab; in security_compute_xperms_decision()
1042 tclass = unmap_class(&state->ss->map, orig_tclass); in security_compute_xperms_decision()
1074 read_unlock(&state->ss->policy_rwlock); in security_compute_xperms_decision()
1092 void security_compute_av(struct selinux_state *state, in security_compute_av() argument
1104 read_lock(&state->ss->policy_rwlock); in security_compute_av()
1105 avd_init(state, avd); in security_compute_av()
1107 if (!state->initialized) in security_compute_av()
1110 policydb = &state->ss->policydb; in security_compute_av()
1111 sidtab = state->ss->sidtab; in security_compute_av()
1131 tclass = unmap_class(&state->ss->map, orig_tclass); in security_compute_av()
1139 map_decision(&state->ss->map, orig_tclass, avd, in security_compute_av()
1142 read_unlock(&state->ss->policy_rwlock); in security_compute_av()
1149 void security_compute_av_user(struct selinux_state *state, in security_compute_av_user() argument
1159 read_lock(&state->ss->policy_rwlock); in security_compute_av_user()
1160 avd_init(state, avd); in security_compute_av_user()
1161 if (!state->initialized) in security_compute_av_user()
1164 policydb = &state->ss->policydb; in security_compute_av_user()
1165 sidtab = state->ss->sidtab; in security_compute_av_user()
1194 read_unlock(&state->ss->policy_rwlock); in security_compute_av_user()
1260 int security_sidtab_hash_stats(struct selinux_state *state, char *page) in security_sidtab_hash_stats() argument
1264 if (!state->initialized) { in security_sidtab_hash_stats()
1270 read_lock(&state->ss->policy_rwlock); in security_sidtab_hash_stats()
1271 rc = sidtab_hash_stats(state->ss->sidtab, page); in security_sidtab_hash_stats()
1272 read_unlock(&state->ss->policy_rwlock); in security_sidtab_hash_stats()
1284 static int security_sid_to_context_core(struct selinux_state *state, in security_sid_to_context_core() argument
1298 if (!state->initialized) { in security_sid_to_context_core()
1319 read_lock(&state->ss->policy_rwlock); in security_sid_to_context_core()
1320 policydb = &state->ss->policydb; in security_sid_to_context_core()
1321 sidtab = state->ss->sidtab; in security_sid_to_context_core()
1338 read_unlock(&state->ss->policy_rwlock); in security_sid_to_context_core()
1354 int security_sid_to_context(struct selinux_state *state, in security_sid_to_context() argument
1357 return security_sid_to_context_core(state, sid, scontext, in security_sid_to_context()
1361 int security_sid_to_context_force(struct selinux_state *state, u32 sid, in security_sid_to_context_force() argument
1364 return security_sid_to_context_core(state, sid, scontext, in security_sid_to_context_force()
1381 int security_sid_to_context_inval(struct selinux_state *state, u32 sid, in security_sid_to_context_inval() argument
1384 return security_sid_to_context_core(state, sid, scontext, in security_sid_to_context_inval()
1489 static int context_struct_to_sid(struct selinux_state *state, in context_struct_to_sid() argument
1493 struct sidtab *sidtab = state->ss->sidtab; in context_struct_to_sid()
1494 struct policydb *policydb = &state->ss->policydb; in context_struct_to_sid()
1505 static int security_context_to_sid_core(struct selinux_state *state, in security_context_to_sid_core() argument
1525 if (!state->initialized) { in security_context_to_sid_core()
1546 read_lock(&state->ss->policy_rwlock); in security_context_to_sid_core()
1547 policydb = &state->ss->policydb; in security_context_to_sid_core()
1548 sidtab = state->ss->sidtab; in security_context_to_sid_core()
1557 rc = context_struct_to_sid(state, &context, sid); in security_context_to_sid_core()
1560 read_unlock(&state->ss->policy_rwlock); in security_context_to_sid_core()
1579 int security_context_to_sid(struct selinux_state *state, in security_context_to_sid() argument
1583 return security_context_to_sid_core(state, scontext, scontext_len, in security_context_to_sid()
1587 int security_context_str_to_sid(struct selinux_state *state, in security_context_str_to_sid() argument
1590 return security_context_to_sid(state, scontext, strlen(scontext), in security_context_str_to_sid()
1612 int security_context_to_sid_default(struct selinux_state *state, in security_context_to_sid_default() argument
1616 return security_context_to_sid_core(state, scontext, scontext_len, in security_context_to_sid_default()
1620 int security_context_to_sid_force(struct selinux_state *state, in security_context_to_sid_force() argument
1624 return security_context_to_sid_core(state, scontext, scontext_len, in security_context_to_sid_force()
1629 struct selinux_state *state, in compute_sid_handle_invalid_context() argument
1635 struct policydb *policydb = &state->ss->policydb; in compute_sid_handle_invalid_context()
1658 if (!enforcing_enabled(state)) in compute_sid_handle_invalid_context()
1689 static int security_compute_sid(struct selinux_state *state, in security_compute_sid() argument
1710 if (!state->initialized) { in security_compute_sid()
1724 read_lock(&state->ss->policy_rwlock); in security_compute_sid()
1727 tclass = unmap_class(&state->ss->map, orig_tclass); in security_compute_sid()
1731 sock = security_is_socket_class(map_class(&state->ss->map, in security_compute_sid()
1735 policydb = &state->ss->policydb; in security_compute_sid()
1736 sidtab = state->ss->sidtab; in security_compute_sid()
1853 rc = compute_sid_handle_invalid_context(state, scontext, in security_compute_sid()
1861 rc = context_struct_to_sid(state, &newcontext, out_sid); in security_compute_sid()
1863 read_unlock(&state->ss->policy_rwlock); in security_compute_sid()
1882 int security_transition_sid(struct selinux_state *state, in security_transition_sid() argument
1886 return security_compute_sid(state, ssid, tsid, tclass, in security_transition_sid()
1891 int security_transition_sid_user(struct selinux_state *state, in security_transition_sid_user() argument
1895 return security_compute_sid(state, ssid, tsid, tclass, in security_transition_sid_user()
1913 int security_member_sid(struct selinux_state *state, in security_member_sid() argument
1919 return security_compute_sid(state, ssid, tsid, tclass, in security_member_sid()
1937 int security_change_sid(struct selinux_state *state, in security_change_sid() argument
1943 return security_compute_sid(state, in security_change_sid()
1949 struct selinux_state *state, in convert_context_handle_invalid_context() argument
1952 struct policydb *policydb = &state->ss->policydb; in convert_context_handle_invalid_context()
1956 if (enforcing_enabled(state)) in convert_context_handle_invalid_context()
1968 struct selinux_state *state; member
2085 rc = convert_context_handle_invalid_context(args->state, oldc); in convert_context()
2109 static void security_load_policycaps(struct selinux_state *state) in security_load_policycaps() argument
2111 struct policydb *p = &state->ss->policydb; in security_load_policycaps()
2115 for (i = 0; i < ARRAY_SIZE(state->policycap); i++) in security_load_policycaps()
2116 state->policycap[i] = ebitmap_get_bit(&p->policycaps, i); in security_load_policycaps()
2129 state->android_netlink_route = p->android_netlink_route; in security_load_policycaps()
2130 state->android_netlink_getneigh = p->android_netlink_getneigh; in security_load_policycaps()
2134 static int security_preserve_bools(struct selinux_state *state,
2147 int security_load_policy(struct selinux_state *state, void *data, size_t len) in security_load_policy() argument
2167 policydb = &state->ss->policydb; in security_load_policy()
2175 if (!state->initialized) { in security_load_policy()
2184 &state->ss->map); in security_load_policy()
2198 state->ss->sidtab = newsidtab; in security_load_policy()
2199 security_load_policycaps(state); in security_load_policy()
2200 state->initialized = 1; in security_load_policy()
2201 seqno = ++state->ss->latest_granting; in security_load_policy()
2203 avc_ss_reset(state->avc, seqno); in security_load_policy()
2205 selinux_status_update_policyload(state, seqno); in security_load_policy()
2236 rc = security_preserve_bools(state, newpolicydb); in security_load_policy()
2242 oldsidtab = state->ss->sidtab; in security_load_policy()
2248 args.state = state; in security_load_policy()
2268 write_lock_irq(&state->ss->policy_rwlock); in security_load_policy()
2270 state->ss->sidtab = newsidtab; in security_load_policy()
2271 security_load_policycaps(state); in security_load_policy()
2272 oldmapping = state->ss->map.mapping; in security_load_policy()
2273 state->ss->map.mapping = newmap.mapping; in security_load_policy()
2274 state->ss->map.size = newmap.size; in security_load_policy()
2275 seqno = ++state->ss->latest_granting; in security_load_policy()
2276 write_unlock_irq(&state->ss->policy_rwlock); in security_load_policy()
2284 avc_ss_reset(state->avc, seqno); in security_load_policy()
2286 selinux_status_update_policyload(state, seqno); in security_load_policy()
2304 size_t security_policydb_len(struct selinux_state *state) in security_policydb_len() argument
2306 struct policydb *p = &state->ss->policydb; in security_policydb_len()
2309 read_lock(&state->ss->policy_rwlock); in security_policydb_len()
2311 read_unlock(&state->ss->policy_rwlock); in security_policydb_len()
2359 int security_port_sid(struct selinux_state *state, in security_port_sid() argument
2367 read_lock(&state->ss->policy_rwlock); in security_port_sid()
2371 policydb = &state->ss->policydb; in security_port_sid()
2372 sidtab = state->ss->sidtab; in security_port_sid()
2394 read_unlock(&state->ss->policy_rwlock); in security_port_sid()
2404 int security_ib_pkey_sid(struct selinux_state *state, in security_ib_pkey_sid() argument
2412 read_lock(&state->ss->policy_rwlock); in security_ib_pkey_sid()
2416 policydb = &state->ss->policydb; in security_ib_pkey_sid()
2417 sidtab = state->ss->sidtab; in security_ib_pkey_sid()
2439 read_unlock(&state->ss->policy_rwlock); in security_ib_pkey_sid()
2449 int security_ib_endport_sid(struct selinux_state *state, in security_ib_endport_sid() argument
2457 read_lock(&state->ss->policy_rwlock); in security_ib_endport_sid()
2461 policydb = &state->ss->policydb; in security_ib_endport_sid()
2462 sidtab = state->ss->sidtab; in security_ib_endport_sid()
2485 read_unlock(&state->ss->policy_rwlock); in security_ib_endport_sid()
2494 int security_netif_sid(struct selinux_state *state, in security_netif_sid() argument
2502 read_lock(&state->ss->policy_rwlock); in security_netif_sid()
2506 policydb = &state->ss->policydb; in security_netif_sid()
2507 sidtab = state->ss->sidtab; in security_netif_sid()
2526 read_unlock(&state->ss->policy_rwlock); in security_netif_sid()
2550 int security_node_sid(struct selinux_state *state, in security_node_sid() argument
2561 read_lock(&state->ss->policy_rwlock); in security_node_sid()
2564 policydb = &state->ss->policydb; in security_node_sid()
2565 sidtab = state->ss->sidtab; in security_node_sid()
2617 read_unlock(&state->ss->policy_rwlock); in security_node_sid()
2637 int security_get_user_sids(struct selinux_state *state, in security_get_user_sids() argument
2656 if (!state->initialized) in security_get_user_sids()
2659 read_lock(&state->ss->policy_rwlock); in security_get_user_sids()
2661 policydb = &state->ss->policydb; in security_get_user_sids()
2662 sidtab = state->ss->sidtab; in security_get_user_sids()
2698 rc = context_struct_to_sid(state, &usercon, &sid); in security_get_user_sids()
2718 read_unlock(&state->ss->policy_rwlock); in security_get_user_sids()
2732 rc = avc_has_perm_noaudit(state, in security_get_user_sids()
2762 static inline int __security_genfs_sid(struct selinux_state *state, in __security_genfs_sid() argument
2768 struct policydb *policydb = &state->ss->policydb; in __security_genfs_sid()
2769 struct sidtab *sidtab = state->ss->sidtab; in __security_genfs_sid()
2779 sclass = unmap_class(&state->ss->map, orig_sclass); in __security_genfs_sid()
2814 int security_genfs_sid(struct selinux_state *state, in security_genfs_sid() argument
2822 read_lock(&state->ss->policy_rwlock); in security_genfs_sid()
2823 retval = __security_genfs_sid(state, fstype, path, orig_sclass, sid); in security_genfs_sid()
2824 read_unlock(&state->ss->policy_rwlock); in security_genfs_sid()
2832 int security_fs_use(struct selinux_state *state, struct super_block *sb) in security_fs_use() argument
2841 read_lock(&state->ss->policy_rwlock); in security_fs_use()
2845 policydb = &state->ss->policydb; in security_fs_use()
2846 sidtab = state->ss->sidtab; in security_fs_use()
2863 rc = __security_genfs_sid(state, fstype, "/", SECCLASS_DIR, in security_fs_use()
2874 read_unlock(&state->ss->policy_rwlock); in security_fs_use()
2878 int security_get_bools(struct selinux_state *state, in security_get_bools() argument
2884 if (!state->initialized) { in security_get_bools()
2891 read_lock(&state->ss->policy_rwlock); in security_get_bools()
2893 policydb = &state->ss->policydb; in security_get_bools()
2914 (*values)[i] = policydb->bool_val_to_struct[i]->state; in security_get_bools()
2924 read_unlock(&state->ss->policy_rwlock); in security_get_bools()
2940 int security_set_bools(struct selinux_state *state, int len, int *values) in security_set_bools() argument
2947 write_lock_irq(&state->ss->policy_rwlock); in security_set_bools()
2949 policydb = &state->ss->policydb; in security_set_bools()
2957 if (!!values[i] != policydb->bool_val_to_struct[i]->state) { in security_set_bools()
2963 policydb->bool_val_to_struct[i]->state, in security_set_bools()
2968 policydb->bool_val_to_struct[i]->state = 1; in security_set_bools()
2970 policydb->bool_val_to_struct[i]->state = 0; in security_set_bools()
2979 seqno = ++state->ss->latest_granting; in security_set_bools()
2982 write_unlock_irq(&state->ss->policy_rwlock); in security_set_bools()
2984 avc_ss_reset(state->avc, seqno); in security_set_bools()
2986 selinux_status_update_policyload(state, seqno); in security_set_bools()
2992 int security_get_bool_value(struct selinux_state *state, in security_get_bool_value() argument
2999 read_lock(&state->ss->policy_rwlock); in security_get_bool_value()
3001 policydb = &state->ss->policydb; in security_get_bool_value()
3008 rc = policydb->bool_val_to_struct[index]->state; in security_get_bool_value()
3010 read_unlock(&state->ss->policy_rwlock); in security_get_bool_value()
3014 static int security_preserve_bools(struct selinux_state *state, in security_preserve_bools() argument
3022 rc = security_get_bools(state, &nbools, &bnames, &bvalues); in security_preserve_bools()
3028 booldatum->state = bvalues[i]; in security_preserve_bools()
3050 int security_sid_mls_copy(struct selinux_state *state, in security_sid_mls_copy() argument
3053 struct policydb *policydb = &state->ss->policydb; in security_sid_mls_copy()
3054 struct sidtab *sidtab = state->ss->sidtab; in security_sid_mls_copy()
3063 if (!state->initialized || !policydb->mls_enabled) { in security_sid_mls_copy()
3070 read_lock(&state->ss->policy_rwlock); in security_sid_mls_copy()
3097 rc = convert_context_handle_invalid_context(state, &newcon); in security_sid_mls_copy()
3116 rc = context_struct_to_sid(state, &newcon, new_sid); in security_sid_mls_copy()
3118 read_unlock(&state->ss->policy_rwlock); in security_sid_mls_copy()
3144 int security_net_peersid_resolve(struct selinux_state *state, in security_net_peersid_resolve() argument
3149 struct policydb *policydb = &state->ss->policydb; in security_net_peersid_resolve()
3150 struct sidtab *sidtab = state->ss->sidtab; in security_net_peersid_resolve()
3180 read_lock(&state->ss->policy_rwlock); in security_net_peersid_resolve()
3207 read_unlock(&state->ss->policy_rwlock); in security_net_peersid_resolve()
3224 int security_get_classes(struct selinux_state *state, in security_get_classes() argument
3227 struct policydb *policydb = &state->ss->policydb; in security_get_classes()
3230 if (!state->initialized) { in security_get_classes()
3236 read_lock(&state->ss->policy_rwlock); in security_get_classes()
3254 read_unlock(&state->ss->policy_rwlock); in security_get_classes()
3271 int security_get_permissions(struct selinux_state *state, in security_get_permissions() argument
3274 struct policydb *policydb = &state->ss->policydb; in security_get_permissions()
3278 read_lock(&state->ss->policy_rwlock); in security_get_permissions()
3307 read_unlock(&state->ss->policy_rwlock); in security_get_permissions()
3311 read_unlock(&state->ss->policy_rwlock); in security_get_permissions()
3318 int security_get_reject_unknown(struct selinux_state *state) in security_get_reject_unknown() argument
3320 return state->ss->policydb.reject_unknown; in security_get_reject_unknown()
3323 int security_get_allow_unknown(struct selinux_state *state) in security_get_allow_unknown() argument
3325 return state->ss->policydb.allow_unknown; in security_get_allow_unknown()
3338 int security_policycap_supported(struct selinux_state *state, in security_policycap_supported() argument
3341 struct policydb *policydb = &state->ss->policydb; in security_policycap_supported()
3344 read_lock(&state->ss->policy_rwlock); in security_policycap_supported()
3346 read_unlock(&state->ss->policy_rwlock); in security_policycap_supported()
3368 struct selinux_state *state = &selinux_state; in selinux_audit_rule_init() local
3369 struct policydb *policydb = &state->ss->policydb; in selinux_audit_rule_init()
3379 if (!state->initialized) in selinux_audit_rule_init()
3412 read_lock(&state->ss->policy_rwlock); in selinux_audit_rule_init()
3414 tmprule->au_seqno = state->ss->latest_granting; in selinux_audit_rule_init()
3453 read_unlock(&state->ss->policy_rwlock); in selinux_audit_rule_init()
3492 struct selinux_state *state = &selinux_state; in selinux_audit_rule_match() local
3503 read_lock(&state->ss->policy_rwlock); in selinux_audit_rule_match()
3505 if (rule->au_seqno < state->ss->latest_granting) { in selinux_audit_rule_match()
3510 ctxt = sidtab_search(state->ss->sidtab, sid); in selinux_audit_rule_match()
3594 read_unlock(&state->ss->policy_rwlock); in selinux_audit_rule_match()
3668 int security_netlbl_secattr_to_sid(struct selinux_state *state, in security_netlbl_secattr_to_sid() argument
3672 struct policydb *policydb = &state->ss->policydb; in security_netlbl_secattr_to_sid()
3673 struct sidtab *sidtab = state->ss->sidtab; in security_netlbl_secattr_to_sid()
3678 if (!state->initialized) { in security_netlbl_secattr_to_sid()
3683 read_lock(&state->ss->policy_rwlock); in security_netlbl_secattr_to_sid()
3709 rc = context_struct_to_sid(state, &ctx_new, sid); in security_netlbl_secattr_to_sid()
3719 read_unlock(&state->ss->policy_rwlock); in security_netlbl_secattr_to_sid()
3724 read_unlock(&state->ss->policy_rwlock); in security_netlbl_secattr_to_sid()
3738 int security_netlbl_sid_to_secattr(struct selinux_state *state, in security_netlbl_sid_to_secattr() argument
3741 struct policydb *policydb = &state->ss->policydb; in security_netlbl_sid_to_secattr()
3745 if (!state->initialized) in security_netlbl_sid_to_secattr()
3748 read_lock(&state->ss->policy_rwlock); in security_netlbl_sid_to_secattr()
3751 ctx = sidtab_search(state->ss->sidtab, sid); in security_netlbl_sid_to_secattr()
3766 read_unlock(&state->ss->policy_rwlock); in security_netlbl_sid_to_secattr()
3777 int security_read_policy(struct selinux_state *state, in security_read_policy() argument
3780 struct policydb *policydb = &state->ss->policydb; in security_read_policy()
3784 if (!state->initialized) in security_read_policy()
3787 *len = security_policydb_len(state); in security_read_policy()
3796 read_lock(&state->ss->policy_rwlock); in security_read_policy()
3798 read_unlock(&state->ss->policy_rwlock); in security_read_policy()