Commit b797f128 authored by James Morris's avatar James Morris

[SELINUX]: Event notifications via netlink.

parent f7c908de
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
#define NETLINK_TCPDIAG 4 /* TCP socket monitoring */ #define NETLINK_TCPDIAG 4 /* TCP socket monitoring */
#define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */ #define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */
#define NETLINK_XFRM 6 /* ipsec */ #define NETLINK_XFRM 6 /* ipsec */
#define NETLINK_SELINUX 7 /* SELinux event notifications */
#define NETLINK_ARPD 8 #define NETLINK_ARPD 8
#define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */ #define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */
#define NETLINK_IP6_FW 13 #define NETLINK_IP6_FW 13
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/
selinux-y := avc.o hooks.o selinuxfs.o selinux-y := avc.o hooks.o selinuxfs.o netlink.o
selinux-$(CONFIG_SECURITY_NETWORK) += netif.o selinux-$(CONFIG_SECURITY_NETWORK) += netif.o
......
...@@ -17,6 +17,8 @@ ...@@ -17,6 +17,8 @@
#include "security.h" #include "security.h"
#include "objsec.h" #include "objsec.h"
extern void selnl_notify_setenforce(int val);
/* Check whether a task is allowed to use a security operation. */ /* Check whether a task is allowed to use a security operation. */
int task_has_security(struct task_struct *tsk, int task_has_security(struct task_struct *tsk,
u32 perms) u32 perms)
...@@ -111,6 +113,7 @@ static ssize_t sel_write_enforce(struct file * file, const char * buf, ...@@ -111,6 +113,7 @@ static ssize_t sel_write_enforce(struct file * file, const char * buf,
selinux_enforcing = new_value; selinux_enforcing = new_value;
if (selinux_enforcing) if (selinux_enforcing)
avc_ss_reset(0); avc_ss_reset(0);
selnl_notify_setenforce(selinux_enforcing);
} }
length = count; length = count;
out: out:
......
...@@ -28,6 +28,8 @@ ...@@ -28,6 +28,8 @@
#include "services.h" #include "services.h"
#include "mls.h" #include "mls.h"
extern void selnl_notify_policyload(u32 seqno);
static rwlock_t policy_rwlock = RW_LOCK_UNLOCKED; static rwlock_t policy_rwlock = RW_LOCK_UNLOCKED;
#define POLICY_RDLOCK read_lock(&policy_rwlock) #define POLICY_RDLOCK read_lock(&policy_rwlock)
#define POLICY_WRLOCK write_lock_irq(&policy_rwlock) #define POLICY_WRLOCK write_lock_irq(&policy_rwlock)
...@@ -1052,6 +1054,7 @@ int security_load_policy(void *data, size_t len) ...@@ -1052,6 +1054,7 @@ int security_load_policy(void *data, size_t len)
sidtab_destroy(&oldsidtab); sidtab_destroy(&oldsidtab);
avc_ss_reset(seqno); avc_ss_reset(seqno);
selnl_notify_policyload(seqno);
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment