/* * mmap based event notifications for SELinux * * Author: KaiGai Kohei * * Copyright (C) 2010 NEC corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ #include #include #include #include #include "avc.h" #include "services.h" /* * The selinux_status_page shall be exposed to userspace applications * using mmap interface on /selinux/status. * It enables to notify applications a few events that will cause reset * of userspace access vector without context switching. * * The selinux_kernel_status structure on the head of status page is * protected from concurrent accesses using seqlock logic, so userspace * application should reference the status page according to the seqlock * logic. * * Typically, application checks status->sequence at the head of access * control routine. If it is odd-number, kernel is updating the status, * so please wait for a moment. If it is changed from the last sequence * number, it means something happen, so application will reset userspace * avc, if needed. * In most cases, application shall confirm the kernel status is not * changed without any system call invocations. */ static struct page *selinux_status_page; static DEFINE_MUTEX(selinux_status_lock); /* * selinux_kernel_status_page * * It returns a reference to selinux_status_page. If the status page is * not allocated yet, it also tries to allocate it at the first time. */ struct page *selinux_kernel_status_page(void) { struct selinux_kernel_status *status; struct page *result = NULL; mutex_lock(&selinux_status_lock); if (!selinux_status_page) { selinux_status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); if (selinux_status_page) { status = page_address(selinux_status_page); status->version = SELINUX_KERNEL_STATUS_VERSION; status->sequence = 0; status->enforcing = selinux_enforcing; /* * NOTE: the next policyload event shall set * a positive value on the status->policyload, * although it may not be 1, but never zero. * So, application can know it was updated. */ status->policyload = 0; status->deny_unknown = !security_get_allow_unknown(); } } result = selinux_status_page; mutex_unlock(&selinux_status_lock); return result; } /* * selinux_status_update_setenforce * * It updates status of the current enforcing/permissive mode. */ void selinux_status_update_setenforce(int enforcing) { struct selinux_kernel_status *status; mutex_lock(&selinux_status_lock); if (selinux_status_page) { status = page_address(selinux_status_page); status->sequence++; smp_wmb(); status->enforcing = enforcing; smp_wmb(); status->sequence++; } mutex_unlock(&selinux_status_lock); } /* * selinux_status_update_policyload * * It updates status of the times of policy reloaded, and current * setting of deny_unknown. */ void selinux_status_update_policyload(int seqno) { struct selinux_kernel_status *status; mutex_lock(&selinux_status_lock); if (selinux_status_page) { status = page_address(selinux_status_page); status->sequence++; smp_wmb(); status->policyload = seqno; status->deny_unknown = !security_get_allow_unknown(); smp_wmb(); status->sequence++; } mutex_unlock(&selinux_status_lock); } a>
?id=f5b0cba8f23915e92932f11eb063e37d70556a89'>logplain
AgeCommit message (Expand)AuthorFilesLines
-rw-r--r--ad1816a.h5514logplain
-rw-r--r--ad1843.h1516logplain
-rw-r--r--adau1373.h699logplain
-rw-r--r--aess.h1668logplain
-rw-r--r--ak4113.h11112logplain
-rw-r--r--ak4114.h10424logplain
-rw-r--r--ak4117.h9193logplain
-rw-r--r--ak4531_codec.h3173logplain
-rw-r--r--ak4641.h622logplain
-rw-r--r--ak4xxx-adda.h3416logplain
-rw-r--r--alc5623.h497logplain
-rw-r--r--asequencer.h3670logplain
-rw-r--r--asound.h1285logplain
-rw-r--r--asoundef.h17098logplain
-rw-r--r--atmel-abdac.h639logplain
-rw-r--r--atmel-ac97c.h1342logplain
-rw-r--r--compress_driver.h6772logplain
-rw-r--r--control.h8704logplain
-rw-r--r--core.h14380logplain
-rw-r--r--cs35l33.h1034logplain
-rw-r--r--cs35l34.h887logplain
-rw-r--r--cs4231-regs.h8480logplain
-rw-r--r--cs4271.h1417logplain
-rw-r--r--cs42l52.h738logplain
-rw-r--r--cs42l56.h1192logplain
-rw-r--r--cs42l73.h507logplain
-rw-r--r--cs8403.h8833logplain
-rw-r--r--cs8427.h10649logplain
-rw-r--r--da7213.h1178logplain
-rw-r--r--da7218.h2681logplain
-rw-r--r--da7219-aad.h2476logplain
-rw-r--r--da7219.h1064logplain
-rw-r--r--da9055.h914logplain
-rw-r--r--designware_i2s.h2249logplain
-rw-r--r--dmaengine_pcm.h6157logplain
-rw-r--r--emu10k1.h91396logplain
-rw-r--r--emu10k1_synth.h1382logplain
-rw-r--r--emu8000.h4109logplain
-rw-r--r--emu8000_reg.h10459logplain
-rw-r--r--emux_legacy.h5503logplain
-rw-r--r--emux_synth.h7649logplain
-rw-r--r--es1688.h3618logplain
-rw-r--r--gus.h20691logplain
-rw-r--r--hda_chmap.h2621logplain
-rw-r--r--hda_hwdep.h1412logplain
-rw-r--r--hda_i915.h1645logplain
-rw-r--r--hda_register.h9475logplain
-rw-r--r--hda_regmap.h6714logplain
-rw-r--r--hda_verbs.h17130logplain
-rw-r--r--hdaudio.h18455logplain
-rw-r--r--hdaudio_ext.h7119logplain
-rw-r--r--hdmi-codec.h2290logplain
-rw-r--r--hwdep.h2624logplain
-rw-r--r--i2c.h3555logplain
-rw-r--r--info.h7584logplain