Loading scripts/selinux/genheaders/Makefile +0 −1 Original line number Diff line number Diff line Loading @@ -2,4 +2,3 @@ hostprogs-y := genheaders HOST_EXTRACFLAGS += -Isecurity/selinux/include always := $(hostprogs-y) clean-files := $(hostprogs-y) scripts/selinux/mdp/Makefile +1 −1 Original line number Diff line number Diff line Loading @@ -2,4 +2,4 @@ hostprogs-y := mdp HOST_EXTRACFLAGS += -Isecurity/selinux/include always := $(hostprogs-y) clean-files := $(hostprogs-y) policy.* file_contexts clean-files := policy.* file_contexts security/selinux/hooks.c +14 −0 Original line number Diff line number Diff line Loading @@ -161,6 +161,17 @@ static int selinux_peerlbl_enabled(void) return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled()); } static int selinux_netcache_avc_callback(u32 event) { if (event == AVC_CALLBACK_RESET) { sel_netif_flush(); sel_netnode_flush(); sel_netport_flush(); synchronize_net(); } return 0; } /* * initialise the security for the init task */ Loading Loading @@ -6002,6 +6013,9 @@ static __init int selinux_init(void) if (register_security(&selinux_ops)) panic("SELinux: Unable to register with kernel.\n"); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); if (selinux_enforcing) printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); else Loading security/selinux/include/netif.h +2 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,8 @@ #ifndef _SELINUX_NETIF_H_ #define _SELINUX_NETIF_H_ void sel_netif_flush(void); int sel_netif_sid(int ifindex, u32 *sid); #endif /* _SELINUX_NETIF_H_ */ Loading security/selinux/include/netnode.h +2 −0 Original line number Diff line number Diff line Loading @@ -27,6 +27,8 @@ #ifndef _SELINUX_NETNODE_H #define _SELINUX_NETNODE_H void sel_netnode_flush(void); int sel_netnode_sid(void *addr, u16 family, u32 *sid); #endif Loading
scripts/selinux/genheaders/Makefile +0 −1 Original line number Diff line number Diff line Loading @@ -2,4 +2,3 @@ hostprogs-y := genheaders HOST_EXTRACFLAGS += -Isecurity/selinux/include always := $(hostprogs-y) clean-files := $(hostprogs-y)
scripts/selinux/mdp/Makefile +1 −1 Original line number Diff line number Diff line Loading @@ -2,4 +2,4 @@ hostprogs-y := mdp HOST_EXTRACFLAGS += -Isecurity/selinux/include always := $(hostprogs-y) clean-files := $(hostprogs-y) policy.* file_contexts clean-files := policy.* file_contexts
security/selinux/hooks.c +14 −0 Original line number Diff line number Diff line Loading @@ -161,6 +161,17 @@ static int selinux_peerlbl_enabled(void) return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled()); } static int selinux_netcache_avc_callback(u32 event) { if (event == AVC_CALLBACK_RESET) { sel_netif_flush(); sel_netnode_flush(); sel_netport_flush(); synchronize_net(); } return 0; } /* * initialise the security for the init task */ Loading Loading @@ -6002,6 +6013,9 @@ static __init int selinux_init(void) if (register_security(&selinux_ops)) panic("SELinux: Unable to register with kernel.\n"); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); if (selinux_enforcing) printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); else Loading
security/selinux/include/netif.h +2 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,8 @@ #ifndef _SELINUX_NETIF_H_ #define _SELINUX_NETIF_H_ void sel_netif_flush(void); int sel_netif_sid(int ifindex, u32 *sid); #endif /* _SELINUX_NETIF_H_ */ Loading
security/selinux/include/netnode.h +2 −0 Original line number Diff line number Diff line Loading @@ -27,6 +27,8 @@ #ifndef _SELINUX_NETNODE_H #define _SELINUX_NETNODE_H void sel_netnode_flush(void); int sel_netnode_sid(void *addr, u16 family, u32 *sid); #endif
