selinux: wrap global selinux state

Define a selinux state structure (struct selinux_state) for
global SELinux state and pass it explicitly to all security server
functions.  The public portion of the structure contains state
that is used throughout the SELinux code, such as the enforcing mode.
The structure also contains a pointer to a selinux_ss structure whose
definition is private to the security server and contains security
server specific state such as the policy database and SID table.

This change should have no effect on SELinux behavior or APIs
(userspace or LSM).  It merely wraps SELinux state and passes it
explicitly as needed.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: minor fixups needed due to collisions with the SCTP patches]
Signed-off-by: Paul Moore <paul@paul-moore.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index da923f89d2a9..6dd89b89bc1f 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -215,12 +215,12 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
                 goto out;
         switch (family) {
         case PF_INET:
-                ret = security_node_sid(PF_INET,
+                ret = security_node_sid(&selinux_state, PF_INET,
                                         addr, sizeof(struct in_addr), sid);
                 new->nsec.addr.ipv4 = *(__be32 *)addr;
                 break;
         case PF_INET6:
-                ret = security_node_sid(PF_INET6,
+                ret = security_node_sid(&selinux_state, PF_INET6,
                                         addr, sizeof(struct in6_addr), sid);
                 new->nsec.addr.ipv6 = *(struct in6_addr *)addr;
                 break;