selinux: wrap AVC state Wrap the AVC state within the selinux_state structure and pass it explicitly to all AVC functions. The AVC private state is encapsulated in a selinux_avc structure that is referenced from the selinux_state. This change should have no effect on SELinux behavior or APIs (userspace or LSM). Signed-off-by: Stephen Smalley <[email protected]> Reviewed-by: James Morris <[email protected]> Signed-off-by: Paul Moore <[email protected]>

commit: 6b6bc6205d98796361962ee282a063f18ba8dc57 [log] [tgz]
author: Stephen Smalley <[email protected]> Mon Mar 05 11:47:56 2018 -0500
committer: Paul Moore <[email protected]> Tue Mar 20 16:58:17 2018 -0400
tree: b9e6f6492606000e1d8826b4eb2c882726c61722
parent: 0619f0f5e36f12e100ef294f5980cfe7c93ff23e [diff] [blame]
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index f1db09a..23e762d 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h

@@ -93,6 +93,7 @@ extern char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX];
 /* limitation of boundary depth  */
 #define POLICYDB_BOUNDS_MAXDEPTH	4
 
+struct selinux_avc;
 struct selinux_ss;
 
 struct selinux_state {
@@ -103,10 +104,12 @@ struct selinux_state {
 	bool checkreqprot;
 	bool initialized;
 	bool policycap[__POLICYDB_CAPABILITY_MAX];
+	struct selinux_avc *avc;
 	struct selinux_ss *ss;
 };
 
 void selinux_ss_init(struct selinux_ss **ss);
+void selinux_avc_init(struct selinux_avc **avc);
 
 extern struct selinux_state selinux_state;
commit	6b6bc6205d98796361962ee282a063f18ba8dc57	[log] [tgz]
author	Stephen Smalley <[email protected]>	Mon Mar 05 11:47:56 2018 -0500
committer	Paul Moore <[email protected]>	Tue Mar 20 16:58:17 2018 -0400
tree	b9e6f6492606000e1d8826b4eb2c882726c61722
parent	0619f0f5e36f12e100ef294f5980cfe7c93ff23e [diff] [blame]