Loading security/selinux/hooks.c +14 −0 Original line number Diff line number Diff line Loading @@ -149,6 +149,17 @@ static int selinux_secmark_enabled(void) return (atomic_read(&selinux_secmark_refcount) > 0); } static int selinux_netcache_avc_callback(u32 event) { if (event == AVC_CALLBACK_RESET) { sel_netif_flush(); sel_netnode_flush(); sel_netport_flush(); synchronize_net(); } return 0; } /* * initialise the security for the init task */ Loading Loading @@ -6016,6 +6027,9 @@ static __init int selinux_init(void) if (register_security(&selinux_ops)) panic("SELinux: Unable to register with kernel.\n"); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); if (selinux_enforcing) printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); else Loading security/selinux/include/netif.h +2 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,8 @@ #ifndef _SELINUX_NETIF_H_ #define _SELINUX_NETIF_H_ void sel_netif_flush(void); int sel_netif_sid(int ifindex, u32 *sid); #endif /* _SELINUX_NETIF_H_ */ Loading security/selinux/include/netnode.h +2 −0 Original line number Diff line number Diff line Loading @@ -27,6 +27,8 @@ #ifndef _SELINUX_NETNODE_H #define _SELINUX_NETNODE_H void sel_netnode_flush(void); int sel_netnode_sid(void *addr, u16 family, u32 *sid); #endif security/selinux/include/netport.h +2 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,8 @@ #ifndef _SELINUX_NETPORT_H #define _SELINUX_NETPORT_H void sel_netport_flush(void); int sel_netport_sid(u8 protocol, u16 pnum, u32 *sid); #endif security/selinux/netif.c +1 −14 Original line number Diff line number Diff line Loading @@ -241,7 +241,7 @@ static void sel_netif_kill(int ifindex) * Remove all entries from the network interface table. * */ static void sel_netif_flush(void) void sel_netif_flush(void) { int idx; struct sel_netif *netif; Loading @@ -253,15 +253,6 @@ static void sel_netif_flush(void) spin_unlock_bh(&sel_netif_lock); } static int sel_netif_avc_callback(u32 event) { if (event == AVC_CALLBACK_RESET) { sel_netif_flush(); synchronize_net(); } return 0; } static int sel_netif_netdev_notifier_handler(struct notifier_block *this, unsigned long event, void *ptr) { Loading Loading @@ -292,10 +283,6 @@ static __init int sel_netif_init(void) register_netdevice_notifier(&sel_netif_netdev_notifier); err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET); if (err) panic("avc_add_callback() failed, error %d\n", err); return err; } Loading Loading
security/selinux/hooks.c +14 −0 Original line number Diff line number Diff line Loading @@ -149,6 +149,17 @@ static int selinux_secmark_enabled(void) return (atomic_read(&selinux_secmark_refcount) > 0); } static int selinux_netcache_avc_callback(u32 event) { if (event == AVC_CALLBACK_RESET) { sel_netif_flush(); sel_netnode_flush(); sel_netport_flush(); synchronize_net(); } return 0; } /* * initialise the security for the init task */ Loading Loading @@ -6016,6 +6027,9 @@ static __init int selinux_init(void) if (register_security(&selinux_ops)) panic("SELinux: Unable to register with kernel.\n"); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); if (selinux_enforcing) printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); else Loading
security/selinux/include/netif.h +2 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,8 @@ #ifndef _SELINUX_NETIF_H_ #define _SELINUX_NETIF_H_ void sel_netif_flush(void); int sel_netif_sid(int ifindex, u32 *sid); #endif /* _SELINUX_NETIF_H_ */ Loading
security/selinux/include/netnode.h +2 −0 Original line number Diff line number Diff line Loading @@ -27,6 +27,8 @@ #ifndef _SELINUX_NETNODE_H #define _SELINUX_NETNODE_H void sel_netnode_flush(void); int sel_netnode_sid(void *addr, u16 family, u32 *sid); #endif
security/selinux/include/netport.h +2 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,8 @@ #ifndef _SELINUX_NETPORT_H #define _SELINUX_NETPORT_H void sel_netport_flush(void); int sel_netport_sid(u8 protocol, u16 pnum, u32 *sid); #endif
security/selinux/netif.c +1 −14 Original line number Diff line number Diff line Loading @@ -241,7 +241,7 @@ static void sel_netif_kill(int ifindex) * Remove all entries from the network interface table. * */ static void sel_netif_flush(void) void sel_netif_flush(void) { int idx; struct sel_netif *netif; Loading @@ -253,15 +253,6 @@ static void sel_netif_flush(void) spin_unlock_bh(&sel_netif_lock); } static int sel_netif_avc_callback(u32 event) { if (event == AVC_CALLBACK_RESET) { sel_netif_flush(); synchronize_net(); } return 0; } static int sel_netif_netdev_notifier_handler(struct notifier_block *this, unsigned long event, void *ptr) { Loading Loading @@ -292,10 +283,6 @@ static __init int sel_netif_init(void) register_netdevice_notifier(&sel_netif_netdev_notifier); err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET); if (err) panic("avc_add_callback() failed, error %d\n", err); return err; } Loading
