diff options
Diffstat (limited to 'security/selinux/include/avc.h')
-rw-r--r-- | security/selinux/include/avc.h | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index cf4cc3ef959b..5525b94fd266 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -53,7 +53,7 @@ struct selinux_audit_data { u32 denied; int result; struct selinux_state *state; -}; +} __randomize_layout; /* * AVC operations @@ -104,6 +104,7 @@ int slow_avc_audit(struct selinux_state *state, /** * avc_audit - Audit the granting or denial of permissions. + * @state: SELinux state * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class @@ -111,7 +112,6 @@ int slow_avc_audit(struct selinux_state *state, * @avd: access vector decisions * @result: result from avc_has_perm_noaudit * @a: auxiliary audit data - * @flags: VFS walk flags * * Audit the granting or denial of permissions in accordance * with the policy. This function is typically called by @@ -127,16 +127,12 @@ static inline int avc_audit(struct selinux_state *state, u16 tclass, u32 requested, struct av_decision *avd, int result, - struct common_audit_data *a, - int flags) + struct common_audit_data *a) { u32 audited, denied; audited = avc_audit_required(requested, avd, result, 0, &denied); if (likely(!audited)) return 0; - /* fall back to ref-walk if we have to generate audit */ - if (flags & MAY_NOT_BLOCK) - return -ECHILD; return slow_avc_audit(state, ssid, tsid, tclass, requested, audited, denied, result, a); @@ -144,7 +140,6 @@ static inline int avc_audit(struct selinux_state *state, #define AVC_STRICT 1 /* Ignore permissive mode. */ #define AVC_EXTENDED_PERMS 2 /* update extended permissions */ -#define AVC_NONBLOCKING 4 /* non blocking */ int avc_has_perm_noaudit(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass, u32 requested, @@ -155,11 +150,6 @@ int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata); -int avc_has_perm_flags(struct selinux_state *state, - u32 ssid, u32 tsid, - u16 tclass, u32 requested, - struct common_audit_data *auditdata, - int flags); int avc_has_extended_perms(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass, u32 requested, |