• Linus Torvalds's avatar
    Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · 5825a95f
    Linus Torvalds authored
    Pull selinux updates from Paul Moore:
    
     - Add LSM hooks, and SELinux access control hooks, for dnotify,
       fanotify, and inotify watches. This has been discussed with both the
       LSM and fs/notify folks and everybody is good with these new hooks.
    
     - The LSM stacking changes missed a few calls to current_security() in
       the SELinux code; we fix those and remove current_security() for
       good.
    
     - Improve our network object labeling cache so that we always return
       the object's label, even when under memory pressure. Previously we
       would return an error if we couldn't allocate a new cache entry, now
       we always return the label even if we can't create a new cache entry
       for it.
    
     - Convert the sidtab atomic_t counter to a normal u32 with
       READ/WRITE_ONCE() and memory barrier protection.
    
     - A few patches to policydb.c to clean things up (remove forward
       declarations, long lines, bad variable names, etc)
    
    * tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
      lsm: remove current_security()
      selinux: fix residual uses of current_security() for the SELinux blob
      selinux: avoid atomic_t usage in sidtab
      fanotify, inotify, dnotify, security: add security hook for fs notifications
      selinux: always return a secid from the network caches if we find one
      selinux: policydb - rename type_val_to_struct_array
      selinux: policydb - fix some checkpatch.pl warnings
      selinux: shuffle around policydb.c to get rid of forward declarations
    5825a95f
policydb.c 70.3 KB