提交 e5a5ca96 编写于 作者: P Paul Moore

selinux: rename the {is,set}_enforcing() functions

Rename is_enforcing() to enforcing_enabled() and
enforcing_set() to set_enforcing().
Signed-off-by: NPaul Moore <paul@paul-moore.com>
上级 aa8e712c
...@@ -985,7 +985,7 @@ static noinline int avc_denied(u32 ssid, u32 tsid, ...@@ -985,7 +985,7 @@ static noinline int avc_denied(u32 ssid, u32 tsid,
if (flags & AVC_STRICT) if (flags & AVC_STRICT)
return -EACCES; return -EACCES;
if (is_enforcing(&selinux_state) && if (enforcing_enabled(&selinux_state) &&
!(avd->flags & AVD_FLAGS_PERMISSIVE)) !(avd->flags & AVD_FLAGS_PERMISSIVE))
return -EACCES; return -EACCES;
......
...@@ -5407,7 +5407,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) ...@@ -5407,7 +5407,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
sk->sk_protocol, nlh->nlmsg_type, sk->sk_protocol, nlh->nlmsg_type,
secclass_map[sksec->sclass - 1].name, secclass_map[sksec->sclass - 1].name,
task_pid_nr(current), current->comm); task_pid_nr(current), current->comm);
if (!is_enforcing(&selinux_state) || if (!enforcing_enabled(&selinux_state) ||
security_get_allow_unknown(&selinux_state)) security_get_allow_unknown(&selinux_state))
err = 0; err = 0;
} }
...@@ -6937,7 +6937,7 @@ static __init int selinux_init(void) ...@@ -6937,7 +6937,7 @@ static __init int selinux_init(void)
printk(KERN_INFO "SELinux: Initializing.\n"); printk(KERN_INFO "SELinux: Initializing.\n");
memset(&selinux_state, 0, sizeof(selinux_state)); memset(&selinux_state, 0, sizeof(selinux_state));
set_enforcing(&selinux_state, selinux_enforcing_boot); enforcing_set(&selinux_state, selinux_enforcing_boot);
selinux_state.checkreqprot = selinux_checkreqprot_boot; selinux_state.checkreqprot = selinux_checkreqprot_boot;
selinux_ss_init(&selinux_state.ss); selinux_ss_init(&selinux_state.ss);
......
...@@ -111,22 +111,22 @@ void selinux_ss_init(struct selinux_ss **ss); ...@@ -111,22 +111,22 @@ void selinux_ss_init(struct selinux_ss **ss);
extern struct selinux_state selinux_state; extern struct selinux_state selinux_state;
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
static inline bool is_enforcing(struct selinux_state *state) static inline bool enforcing_enabled(struct selinux_state *state)
{ {
return state->enforcing; return state->enforcing;
} }
static inline void set_enforcing(struct selinux_state *state, bool value) static inline void enforcing_set(struct selinux_state *state, bool value)
{ {
state->enforcing = value; state->enforcing = value;
} }
#else #else
static inline bool is_enforcing(struct selinux_state *state) static inline bool enforcing_enabled(struct selinux_state *state)
{ {
return true; return true;
} }
static inline void set_enforcing(struct selinux_state *state, bool value) static inline void enforcing_set(struct selinux_state *state, bool value)
{ {
} }
#endif #endif
......
...@@ -98,7 +98,7 @@ static ssize_t sel_read_enforce(struct file *filp, char __user *buf, ...@@ -98,7 +98,7 @@ static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
ssize_t length; ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
is_enforcing(&selinux_state)); enforcing_enabled(&selinux_state));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
} }
...@@ -128,7 +128,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, ...@@ -128,7 +128,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
new_value = !!new_value; new_value = !!new_value;
old_value = is_enforcing(&selinux_state); old_value = enforcing_enabled(&selinux_state);
if (new_value != old_value) { if (new_value != old_value) {
length = avc_has_perm(current_sid(), SECINITSID_SECURITY, length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
...@@ -141,7 +141,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, ...@@ -141,7 +141,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
new_value, old_value, new_value, old_value,
from_kuid(&init_user_ns, audit_get_loginuid(current)), from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current)); audit_get_sessionid(current));
set_enforcing(&selinux_state, new_value); enforcing_set(&selinux_state, new_value);
if (new_value) if (new_value)
avc_ss_reset(0); avc_ss_reset(0);
selnl_notify_setenforce(new_value); selnl_notify_setenforce(new_value);
......
...@@ -752,7 +752,7 @@ static int security_validtrans_handle_fail(struct selinux_state *state, ...@@ -752,7 +752,7 @@ static int security_validtrans_handle_fail(struct selinux_state *state,
kfree(n); kfree(n);
kfree(t); kfree(t);
if (!is_enforcing(state)) if (!enforcing_enabled(state))
return 0; return 0;
return -EPERM; return -EPERM;
} }
...@@ -1596,7 +1596,7 @@ static int compute_sid_handle_invalid_context( ...@@ -1596,7 +1596,7 @@ static int compute_sid_handle_invalid_context(
kfree(s); kfree(s);
kfree(t); kfree(t);
kfree(n); kfree(n);
if (!is_enforcing(state)) if (!enforcing_enabled(state))
return 0; return 0;
return -EACCES; return -EACCES;
} }
...@@ -1907,7 +1907,7 @@ static inline int convert_context_handle_invalid_context( ...@@ -1907,7 +1907,7 @@ static inline int convert_context_handle_invalid_context(
char *s; char *s;
u32 len; u32 len;
if (is_enforcing(state)) if (enforcing_enabled(state))
return -EINVAL; return -EINVAL;
if (!context_struct_to_string(policydb, context, &s, &len)) { if (!context_struct_to_string(policydb, context, &s, &len)) {
......
...@@ -56,7 +56,7 @@ struct page *selinux_kernel_status_page(struct selinux_state *state) ...@@ -56,7 +56,7 @@ struct page *selinux_kernel_status_page(struct selinux_state *state)
status->version = SELINUX_KERNEL_STATUS_VERSION; status->version = SELINUX_KERNEL_STATUS_VERSION;
status->sequence = 0; status->sequence = 0;
status->enforcing = is_enforcing(state); status->enforcing = enforcing_enabled(state);
/* /*
* NOTE: the next policyload event shall set * NOTE: the next policyload event shall set
* a positive value on the status->policyload, * a positive value on the status->policyload,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册