aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/avc.c32
-rw-r--r--security/selinux/include/avc.h6
-rw-r--r--security/selinux/netif.c6
-rw-r--r--security/selinux/netnode.c6
-rw-r--r--security/selinux/netport.c6
-rw-r--r--security/selinux/ss/services.c6
6 files changed, 15 insertions, 47 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 5c1326e18836..68d82daed257 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -65,14 +65,8 @@ struct avc_cache {
65}; 65};
66 66
67struct avc_callback_node { 67struct avc_callback_node {
68 int (*callback) (u32 event, u32 ssid, u32 tsid, 68 int (*callback) (u32 event);
69 u16 tclass, u32 perms,
70 u32 *out_retained);
71 u32 events; 69 u32 events;
72 u32 ssid;
73 u32 tsid;
74 u16 tclass;
75 u32 perms;
76 struct avc_callback_node *next; 70 struct avc_callback_node *next;
77}; 71};
78 72
@@ -499,22 +493,12 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
499 * avc_add_callback - Register a callback for security events. 493 * avc_add_callback - Register a callback for security events.
500 * @callback: callback function 494 * @callback: callback function
501 * @events: security events 495 * @events: security events
502 * @ssid: source security identifier or %SECSID_WILD
503 * @tsid: target security identifier or %SECSID_WILD
504 * @tclass: target security class
505 * @perms: permissions
506 * 496 *
507 * Register a callback function for events in the set @events 497 * Register a callback function for events in the set @events.
508 * related to the SID pair (@ssid, @tsid) 498 * Returns %0 on success or -%ENOMEM if insufficient memory
509 * and the permissions @perms, interpreting 499 * exists to add the callback.
510 * @perms based on @tclass. Returns %0 on success or
511 * -%ENOMEM if insufficient memory exists to add the callback.
512 */ 500 */
513int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, 501int __init avc_add_callback(int (*callback)(u32 event), u32 events)
514 u16 tclass, u32 perms,
515 u32 *out_retained),
516 u32 events, u32 ssid, u32 tsid,
517 u16 tclass, u32 perms)
518{ 502{
519 struct avc_callback_node *c; 503 struct avc_callback_node *c;
520 int rc = 0; 504 int rc = 0;
@@ -527,9 +511,6 @@ int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
527 511
528 c->callback = callback; 512 c->callback = callback;
529 c->events = events; 513 c->events = events;
530 c->ssid = ssid;
531 c->tsid = tsid;
532 c->perms = perms;
533 c->next = avc_callbacks; 514 c->next = avc_callbacks;
534 avc_callbacks = c; 515 avc_callbacks = c;
535out: 516out:
@@ -669,8 +650,7 @@ int avc_ss_reset(u32 seqno)
669 650
670 for (c = avc_callbacks; c; c = c->next) { 651 for (c = avc_callbacks; c; c = c->next) {
671 if (c->events & AVC_CALLBACK_RESET) { 652 if (c->events & AVC_CALLBACK_RESET) {
672 tmprc = c->callback(AVC_CALLBACK_RESET, 653 tmprc = c->callback(AVC_CALLBACK_RESET);
673 0, 0, 0, 0, NULL);
674 /* save the first error encountered for the return 654 /* save the first error encountered for the return
675 value and continue processing the callbacks */ 655 value and continue processing the callbacks */
676 if (!rc) 656 if (!rc)
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index d97fadc4d963..92d0ab561db8 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -170,11 +170,7 @@ u32 avc_policy_seqno(void);
170#define AVC_CALLBACK_AUDITDENY_ENABLE 64 170#define AVC_CALLBACK_AUDITDENY_ENABLE 64
171#define AVC_CALLBACK_AUDITDENY_DISABLE 128 171#define AVC_CALLBACK_AUDITDENY_DISABLE 128
172 172
173int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, 173int avc_add_callback(int (*callback)(u32 event), u32 events);
174 u16 tclass, u32 perms,
175 u32 *out_retained),
176 u32 events, u32 ssid, u32 tsid,
177 u16 tclass, u32 perms);
178 174
179/* Exported to selinuxfs */ 175/* Exported to selinuxfs */
180int avc_get_hash_stats(char *page); 176int avc_get_hash_stats(char *page);
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index 326f22cbe405..47a49d1a6f6a 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -252,8 +252,7 @@ static void sel_netif_flush(void)
252 spin_unlock_bh(&sel_netif_lock); 252 spin_unlock_bh(&sel_netif_lock);
253} 253}
254 254
255static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid, 255static int sel_netif_avc_callback(u32 event)
256 u16 class, u32 perms, u32 *retained)
257{ 256{
258 if (event == AVC_CALLBACK_RESET) { 257 if (event == AVC_CALLBACK_RESET) {
259 sel_netif_flush(); 258 sel_netif_flush();
@@ -292,8 +291,7 @@ static __init int sel_netif_init(void)
292 291
293 register_netdevice_notifier(&sel_netif_netdev_notifier); 292 register_netdevice_notifier(&sel_netif_netdev_notifier);
294 293
295 err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET, 294 err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET);
296 SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
297 if (err) 295 if (err)
298 panic("avc_add_callback() failed, error %d\n", err); 296 panic("avc_add_callback() failed, error %d\n", err);
299 297
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 86365857c088..28f911cdd7c7 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -297,8 +297,7 @@ static void sel_netnode_flush(void)
297 spin_unlock_bh(&sel_netnode_lock); 297 spin_unlock_bh(&sel_netnode_lock);
298} 298}
299 299
300static int sel_netnode_avc_callback(u32 event, u32 ssid, u32 tsid, 300static int sel_netnode_avc_callback(u32 event)
301 u16 class, u32 perms, u32 *retained)
302{ 301{
303 if (event == AVC_CALLBACK_RESET) { 302 if (event == AVC_CALLBACK_RESET) {
304 sel_netnode_flush(); 303 sel_netnode_flush();
@@ -320,8 +319,7 @@ static __init int sel_netnode_init(void)
320 sel_netnode_hash[iter].size = 0; 319 sel_netnode_hash[iter].size = 0;
321 } 320 }
322 321
323 ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET, 322 ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET);
324 SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
325 if (ret != 0) 323 if (ret != 0)
326 panic("avc_add_callback() failed, error %d\n", ret); 324 panic("avc_add_callback() failed, error %d\n", ret);
327 325
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index 7b9eb1faf68b..d35379781c2c 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -234,8 +234,7 @@ static void sel_netport_flush(void)
234 spin_unlock_bh(&sel_netport_lock); 234 spin_unlock_bh(&sel_netport_lock);
235} 235}
236 236
237static int sel_netport_avc_callback(u32 event, u32 ssid, u32 tsid, 237static int sel_netport_avc_callback(u32 event)
238 u16 class, u32 perms, u32 *retained)
239{ 238{
240 if (event == AVC_CALLBACK_RESET) { 239 if (event == AVC_CALLBACK_RESET) {
241 sel_netport_flush(); 240 sel_netport_flush();
@@ -257,8 +256,7 @@ static __init int sel_netport_init(void)
257 sel_netport_hash[iter].size = 0; 256 sel_netport_hash[iter].size = 0;
258 } 257 }
259 258
260 ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET, 259 ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET);
261 SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
262 if (ret != 0) 260 if (ret != 0)
263 panic("avc_add_callback() failed, error %d\n", ret); 261 panic("avc_add_callback() failed, error %d\n", ret);
264 262
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 9b7e7ed54e7e..4321b8fc8863 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3044,8 +3044,7 @@ out:
3044 3044
3045static int (*aurule_callback)(void) = audit_update_lsm_rules; 3045static int (*aurule_callback)(void) = audit_update_lsm_rules;
3046 3046
3047static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid, 3047static int aurule_avc_callback(u32 event)
3048 u16 class, u32 perms, u32 *retained)
3049{ 3048{
3050 int err = 0; 3049 int err = 0;
3051 3050
@@ -3058,8 +3057,7 @@ static int __init aurule_init(void)
3058{ 3057{
3059 int err; 3058 int err;
3060 3059
3061 err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET, 3060 err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
3062 SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
3063 if (err) 3061 if (err)
3064 panic("avc_add_callback() failed, error %d\n", err); 3062 panic("avc_add_callback() failed, error %d\n", err);
3065 3063