e67b79850f
Linus observed that the pervasive passing of selinux_state pointers introduced by me in commit aa8e712cee93 ("selinux: wrap global selinux state") adds overhead and complexity without providing any benefit. The original idea was to pave the way for SELinux namespaces but those have not yet been implemented and there isn't currently a concrete plan to do so. Remove the passing of the selinux_state pointers, reverting to direct use of the single global selinux_state, and likewise remove passing of child pointers like the selinux_avc. The selinux_policy pointer remains as it is needed for atomic switching of policies. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Reported-by: kernel test robot <lkp@intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202303101057.mZ3Gv5fK-lkp@intel.com/ Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
123 lines
3.3 KiB
C
123 lines
3.3 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* mmap based event notifications for SELinux
|
|
*
|
|
* Author: KaiGai Kohei <kaigai@ak.jp.nec.com>
|
|
*
|
|
* Copyright (C) 2010 NEC corporation
|
|
*/
|
|
#include <linux/kernel.h>
|
|
#include <linux/gfp.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/mutex.h>
|
|
#include "avc.h"
|
|
#include "security.h"
|
|
|
|
/*
|
|
* The selinux_status_page shall be exposed to userspace applications
|
|
* using mmap interface on /selinux/status.
|
|
* It enables to notify applications a few events that will cause reset
|
|
* of userspace access vector without context switching.
|
|
*
|
|
* The selinux_kernel_status structure on the head of status page is
|
|
* protected from concurrent accesses using seqlock logic, so userspace
|
|
* application should reference the status page according to the seqlock
|
|
* logic.
|
|
*
|
|
* Typically, application checks status->sequence at the head of access
|
|
* control routine. If it is odd-number, kernel is updating the status,
|
|
* so please wait for a moment. If it is changed from the last sequence
|
|
* number, it means something happen, so application will reset userspace
|
|
* avc, if needed.
|
|
* In most cases, application shall confirm the kernel status is not
|
|
* changed without any system call invocations.
|
|
*/
|
|
|
|
/*
|
|
* selinux_kernel_status_page
|
|
*
|
|
* It returns a reference to selinux_status_page. If the status page is
|
|
* not allocated yet, it also tries to allocate it at the first time.
|
|
*/
|
|
struct page *selinux_kernel_status_page(void)
|
|
{
|
|
struct selinux_kernel_status *status;
|
|
struct page *result = NULL;
|
|
|
|
mutex_lock(&selinux_state.status_lock);
|
|
if (!selinux_state.status_page) {
|
|
selinux_state.status_page = alloc_page(GFP_KERNEL|__GFP_ZERO);
|
|
|
|
if (selinux_state.status_page) {
|
|
status = page_address(selinux_state.status_page);
|
|
|
|
status->version = SELINUX_KERNEL_STATUS_VERSION;
|
|
status->sequence = 0;
|
|
status->enforcing = enforcing_enabled();
|
|
/*
|
|
* NOTE: the next policyload event shall set
|
|
* a positive value on the status->policyload,
|
|
* although it may not be 1, but never zero.
|
|
* So, application can know it was updated.
|
|
*/
|
|
status->policyload = 0;
|
|
status->deny_unknown =
|
|
!security_get_allow_unknown();
|
|
}
|
|
}
|
|
result = selinux_state.status_page;
|
|
mutex_unlock(&selinux_state.status_lock);
|
|
|
|
return result;
|
|
}
|
|
|
|
/*
|
|
* selinux_status_update_setenforce
|
|
*
|
|
* It updates status of the current enforcing/permissive mode.
|
|
*/
|
|
void selinux_status_update_setenforce(int enforcing)
|
|
{
|
|
struct selinux_kernel_status *status;
|
|
|
|
mutex_lock(&selinux_state.status_lock);
|
|
if (selinux_state.status_page) {
|
|
status = page_address(selinux_state.status_page);
|
|
|
|
status->sequence++;
|
|
smp_wmb();
|
|
|
|
status->enforcing = enforcing;
|
|
|
|
smp_wmb();
|
|
status->sequence++;
|
|
}
|
|
mutex_unlock(&selinux_state.status_lock);
|
|
}
|
|
|
|
/*
|
|
* selinux_status_update_policyload
|
|
*
|
|
* It updates status of the times of policy reloaded, and current
|
|
* setting of deny_unknown.
|
|
*/
|
|
void selinux_status_update_policyload(int seqno)
|
|
{
|
|
struct selinux_kernel_status *status;
|
|
|
|
mutex_lock(&selinux_state.status_lock);
|
|
if (selinux_state.status_page) {
|
|
status = page_address(selinux_state.status_page);
|
|
|
|
status->sequence++;
|
|
smp_wmb();
|
|
|
|
status->policyload = seqno;
|
|
status->deny_unknown = !security_get_allow_unknown();
|
|
|
|
smp_wmb();
|
|
status->sequence++;
|
|
}
|
|
mutex_unlock(&selinux_state.status_lock);
|
|
}
|