diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a1ac1c5c729b..7740f61588d6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -161,6 +161,17 @@ static int selinux_peerlbl_enabled(void) | |||
| 161 | return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled()); | 161 | return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled()); |
| 162 | } | 162 | } |
| 163 | 163 | ||
| 164 | static int selinux_netcache_avc_callback(u32 event) | ||
| 165 | { | ||
| 166 | if (event == AVC_CALLBACK_RESET) { | ||
| 167 | sel_netif_flush(); | ||
| 168 | sel_netnode_flush(); | ||
| 169 | sel_netport_flush(); | ||
| 170 | synchronize_net(); | ||
| 171 | } | ||
| 172 | return 0; | ||
| 173 | } | ||
| 174 | |||
| 164 | /* | 175 | /* |
| 165 | * initialise the security for the init task | 176 | * initialise the security for the init task |
| 166 | */ | 177 | */ |
| @@ -6002,6 +6013,9 @@ static __init int selinux_init(void) | |||
| 6002 | if (register_security(&selinux_ops)) | 6013 | if (register_security(&selinux_ops)) |
| 6003 | panic("SELinux: Unable to register with kernel.\n"); | 6014 | panic("SELinux: Unable to register with kernel.\n"); |
| 6004 | 6015 | ||
| 6016 | if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) | ||
| 6017 | panic("SELinux: Unable to register AVC netcache callback\n"); | ||
| 6018 | |||
| 6005 | if (selinux_enforcing) | 6019 | if (selinux_enforcing) |
| 6006 | printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); | 6020 | printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); |
| 6007 | else | 6021 | else |