1 files changed, 25 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index face5795c760..eefa89ce77a7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -417,6 +417,31 @@ inval_class:
        return -EINVAL;
 }
+/*
+ * Given a sid find if the type has the permissive flag set
+ */
+int security_permissive_sid(u32 sid)
+{
+        struct context *context;
+        u32 type;
+        int rc;
+        POLICY_RDLOCK;
+        context = sidtab_search(&sidtab, sid);
+        BUG_ON(!context);
+        type = context->type;
+        /*
+         * we are intentionally using type here, not type-1, the 0th bit may
+         * someday indicate that we are globally setting permissive in policy.
+         */
+        rc = ebitmap_get_bit(&policydb.permissive_map, type);
+        POLICY_RDUNLOCK;
+        return rc;
+}
 static int security_validtrans_handle_fail(struct context *ocontext,
                                           struct context *ncontext,
                                           struct context *tcontext,

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index face5795c760..eefa89ce77a7 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -417,6 +417,31 @@ inval_class:
417	return -EINVAL;	417	return -EINVAL;
418	}	418	}
419		419
		420	/*
		421	* Given a sid find if the type has the permissive flag set
		422	*/
		423	int security_permissive_sid(u32 sid)
		424	{
		425	struct context *context;
		426	u32 type;
		427	int rc;
		428
		429	POLICY_RDLOCK;
		430
		431	context = sidtab_search(&sidtab, sid);
		432	BUG_ON(!context);
		433
		434	type = context->type;
		435	/*
		436	* we are intentionally using type here, not type-1, the 0th bit may
		437	* someday indicate that we are globally setting permissive in policy.
		438	*/
		439	rc = ebitmap_get_bit(&policydb.permissive_map, type);
		440
		441	POLICY_RDUNLOCK;
		442	return rc;
		443	}
		444
420	static int security_validtrans_handle_fail(struct context *ocontext,	445	static int security_validtrans_handle_fail(struct context *ocontext,
421	struct context *ncontext,	446	struct context *ncontext,
422	struct context *tcontext,	447	struct context *tcontext,