Namespacing of security/selinux/ss/policydb.h. Signed-off-by: Thomas Liu <tliu@xxxxxxxxxx> --- security/selinux/ss/avtab.c | 4 +- security/selinux/ss/avtab.h | 6 +- security/selinux/ss/conditional.c | 26 ++-- security/selinux/ss/conditional.h | 12 +- security/selinux/ss/context.h | 20 ++-- security/selinux/ss/mls.c | 62 +++++----- security/selinux/ss/mls.h | 50 ++++---- security/selinux/ss/policydb.c | 164 +++++++++++----------- security/selinux/ss/policydb.h | 86 ++++++------ security/selinux/ss/services.c | 270 ++++++++++++++++++------------------ security/selinux/ss/services.h | 2 +- security/selinux/ss/sidtab.c | 52 ++++---- security/selinux/ss/sidtab.h | 34 +++--- security/selinux/ss/symtab.c | 2 +- security/selinux/ss/symtab.h | 4 +- 15 files changed, 397 insertions(+), 397 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index fec765d..44d8167 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -323,7 +323,7 @@ static uint16_t spec_order[] = { AVTAB_MEMBER }; -int selinux_ss_avtab_read_item(struct selinux_ss_avtab *a, void *fp, struct policydb *pol, +int selinux_ss_avtab_read_item(struct selinux_ss_avtab *a, void *fp, struct selinux_ss_policydb *pol, int (*insertf)(struct selinux_ss_avtab *a, struct selinux_ss_avtab_key *k, struct selinux_ss_avtab_datum *d, void *p), void *p) @@ -457,7 +457,7 @@ static int avtab_insertf(struct selinux_ss_avtab *a, struct selinux_ss_avtab_key return avtab_insert(a, k, d); } -int selinux_ss_avtab_read(struct selinux_ss_avtab *a, void *fp, struct policydb *pol) +int selinux_ss_avtab_read(struct selinux_ss_avtab *a, void *fp, struct selinux_ss_policydb *pol) { int rc; __le32 buf[1]; diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index a7752bb..70b39c1 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -64,13 +64,13 @@ struct selinux_ss_avtab_datum *selinux_ss_avtab_search(struct selinux_ss_avtab * void selinux_ss_avtab_destroy(struct selinux_ss_avtab *h); void selinux_ss_avtab_hash_eval(struct selinux_ss_avtab *h, char *tag); -struct policydb; -int selinux_ss_avtab_read_item(struct selinux_ss_avtab *a, void *fp, struct policydb *pol, +struct selinux_ss_policydb; +int selinux_ss_avtab_read_item(struct selinux_ss_avtab *a, void *fp, struct selinux_ss_policydb *pol, int (*insert)(struct selinux_ss_avtab *a, struct selinux_ss_avtab_key *k, struct selinux_ss_avtab_datum *d, void *p), void *p); -int selinux_ss_avtab_read(struct selinux_ss_avtab *a, void *fp, struct policydb *pol); +int selinux_ss_avtab_read(struct selinux_ss_avtab *a, void *fp, struct selinux_ss_policydb *pol); struct selinux_ss_avtab_node *selinux_ss_avtab_insert_nonunique(struct selinux_ss_avtab *h, struct selinux_ss_avtab_key *key, struct selinux_ss_avtab_datum *datum); diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 306ef50..c48f1c2 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -22,7 +22,7 @@ * or undefined (-1). Undefined occurs when the expression * exceeds the stack depth of COND_EXPR_MAXDEPTH. */ -static int cond_evaluate_expr(struct policydb *p, struct selinux_ss_cond_expr *expr) +static int cond_evaluate_expr(struct selinux_ss_policydb *p, struct selinux_ss_cond_expr *expr) { struct selinux_ss_cond_expr *cur; @@ -86,7 +86,7 @@ static int cond_evaluate_expr(struct policydb *p, struct selinux_ss_cond_expr *e * list appropriately. If the result of the expression is undefined * all of the rules are disabled for safety. */ -int selinux_ss_evaluate_cond_node(struct policydb *p, struct selinux_ss_cond_node *node) +int selinux_ss_evaluate__cond_node(struct selinux_ss_policydb *p, struct selinux_ss_cond_node *node) { int new_state; struct selinux_ss_cond_av_list *cur; @@ -115,7 +115,7 @@ int selinux_ss_evaluate_cond_node(struct policydb *p, struct selinux_ss_cond_nod return 0; } -int selinux_ss_cond_policydb_init(struct policydb *p) +int selinux_ss_cond_policydb_init(struct selinux_ss_policydb *p) { p->bool_val_to_struct = NULL; p->cond_list = NULL; @@ -161,14 +161,14 @@ static void cond_list_destroy(struct selinux_ss_cond_node *list) } } -void selinux_ss_cond_policydb_destroy(struct policydb *p) +void selinux_ss_cond_policydb_destroy(struct selinux_ss_policydb *p) { kfree(p->bool_val_to_struct); selinux_ss_avtab_destroy(&p->te_cond_avtab); cond_list_destroy(p->cond_list); } -int selinux_ss_cond_init_bool_indexes(struct policydb *p) +int selinux_ss_cond_init_bool_indexes(struct selinux_ss_policydb *p) { kfree(p->bool_val_to_struct); p->bool_val_to_struct = (struct selinux_ss_cond_bool_datum **) @@ -187,7 +187,7 @@ int selinux_ss_cond_destroy_bool(void *key, void *datum, void *p) int selinux_ss_cond_index_bool(void *key, void *datum, void *datap) { - struct policydb *p; + struct selinux_ss_policydb *p; struct selinux_ss_cond_bool_datum *booldatum; booldatum = datum; @@ -209,7 +209,7 @@ static int bool_isvalid(struct selinux_ss_cond_bool_datum *b) return 1; } -int selinux_ss_cond_read_bool(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +int selinux_ss_cond_read_bool(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; struct selinux_ss_cond_bool_datum *booldatum; @@ -250,7 +250,7 @@ err: } struct cond_insertf_data { - struct policydb *p; + struct selinux_ss_policydb *p; struct selinux_ss_cond_av_list *other; struct selinux_ss_cond_av_list *head; struct selinux_ss_cond_av_list *tail; @@ -259,7 +259,7 @@ struct cond_insertf_data { static int cond_insertf(struct selinux_ss_avtab *a, struct selinux_ss_avtab_key *k, struct selinux_ss_avtab_datum *d, void *ptr) { struct cond_insertf_data *data = ptr; - struct policydb *p = data->p; + struct selinux_ss_policydb *p = data->p; struct selinux_ss_cond_av_list *other = data->other, *list, *cur; struct selinux_ss_avtab_node *node_ptr; u8 found; @@ -334,7 +334,7 @@ err: return -1; } -static int cond_read_av_list(struct policydb *p, void *fp, struct selinux_ss_cond_av_list **ret_list, struct selinux_ss_cond_av_list *other) +static int cond_read_av_list(struct selinux_ss_policydb *p, void *fp, struct selinux_ss_cond_av_list **ret_list, struct selinux_ss_cond_av_list *other) { int i, rc; __le32 buf[1]; @@ -368,7 +368,7 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct selinux_ss_con return 0; } -static int expr_isvalid(struct policydb *p, struct selinux_ss_cond_expr *expr) +static int expr_isvalid(struct selinux_ss_policydb *p, struct selinux_ss_cond_expr *expr) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n"); @@ -382,7 +382,7 @@ static int expr_isvalid(struct policydb *p, struct selinux_ss_cond_expr *expr) return 1; } -static int cond_read_node(struct policydb *p, struct selinux_ss_cond_node *node, void *fp) +static int cond_read_node(struct selinux_ss_policydb *p, struct selinux_ss_cond_node *node, void *fp) { __le32 buf[2]; u32 len, i; @@ -437,7 +437,7 @@ err: return -1; } -int selinux_ss_cond_read_list(struct policydb *p, void *fp) +int selinux_ss_cond_read_list(struct selinux_ss_policydb *p, void *fp) { struct selinux_ss_cond_node *node, *last = NULL; __le32 buf[1]; diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h index e593277..cccee8a 100644 --- a/security/selinux/ss/conditional.h +++ b/security/selinux/ss/conditional.h @@ -59,19 +59,19 @@ struct selinux_ss_cond_node { struct selinux_ss_cond_node *next; }; -int selinux_ss_cond_policydb_init(struct policydb *p); -void selinux_ss_cond_policydb_destroy(struct policydb *p); +int selinux_ss_cond_policydb_init(struct selinux_ss_policydb *p); +void selinux_ss_cond_policydb_destroy(struct selinux_ss_policydb *p); -int selinux_ss_cond_init_bool_indexes(struct policydb *p); +int selinux_ss_cond_init_bool_indexes(struct selinux_ss_policydb *p); int selinux_ss_cond_destroy_bool(void *key, void *datum, void *p); int selinux_ss_cond_index_bool(void *key, void *datum, void *datap); -int selinux_ss_cond_read_bool(struct policydb *p, struct selinux_ss_hashtab *h, void *fp); -int selinux_ss_cond_read_list(struct policydb *p, void *fp); +int selinux_ss_cond_read_bool(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp); +int selinux_ss_cond_read_list(struct selinux_ss_policydb *p, void *fp); void selinux_ss_cond_compute_av(struct selinux_ss_avtab *ctab, struct selinux_ss_avtab_key *key, struct av_decision *avd); -int selinux_ss_evaluate_cond_node(struct policydb *p, struct selinux_ss_cond_node *node); +int selinux_ss_evaluate_cond_node(struct selinux_ss_policydb *p, struct selinux_ss_cond_node *node); #endif /* _CONDITIONAL_H_ */ diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h index 78a37bf..489865f 100644 --- a/security/selinux/ss/context.h +++ b/security/selinux/ss/context.h @@ -23,7 +23,7 @@ * A security context consists of an authenticated user * identity, a role, a type and a MLS range. */ -struct context { +struct selinux_ss_context { u32 user; u32 role; u32 type; @@ -32,12 +32,12 @@ struct context { char *str; /* string representation if context cannot be mapped. */ }; -static inline void mls_context_init(struct context *c) +static inline void mls_context_init(struct selinux_ss_context *c) { memset(&c->range, 0, sizeof(c->range)); } -static inline int mls_context_cpy(struct context *dst, struct context *src) +static inline int mls_context_cpy(struct selinux_ss_context *dst, struct selinux_ss_context *src) { int rc; @@ -60,7 +60,7 @@ out: /* * Sets both levels in the MLS range of 'dst' to the low level of 'src'. */ -static inline int mls_context_cpy_low(struct context *dst, struct context *src) +static inline int mls_context_cpy_low(struct selinux_ss_context *dst, struct selinux_ss_context *src) { int rc; @@ -80,7 +80,7 @@ out: return rc; } -static inline int mls_context_cmp(struct context *c1, struct context *c2) +static inline int mls_context_cmp(struct selinux_ss_context *c1, struct selinux_ss_context *c2) { if (!selinux_mls_enabled) return 1; @@ -91,7 +91,7 @@ static inline int mls_context_cmp(struct context *c1, struct context *c2) selinux_ss_ebitmap_cmp(&c1->range.level[1].cat, &c2->range.level[1].cat)); } -static inline void mls_context_destroy(struct context *c) +static inline void mls_context_destroy(struct selinux_ss_context *c) { if (!selinux_mls_enabled) return; @@ -101,12 +101,12 @@ static inline void mls_context_destroy(struct context *c) mls_context_init(c); } -static inline void context_init(struct context *c) +static inline void context_init(struct selinux_ss_context *c) { memset(c, 0, sizeof(*c)); } -static inline int context_cpy(struct context *dst, struct context *src) +static inline int context_cpy(struct selinux_ss_context *dst, struct selinux_ss_context *src) { int rc; @@ -130,7 +130,7 @@ static inline int context_cpy(struct context *dst, struct context *src) return 0; } -static inline void context_destroy(struct context *c) +static inline void context_destroy(struct selinux_ss_context *c) { c->user = c->role = c->type = 0; kfree(c->str); @@ -139,7 +139,7 @@ static inline void context_destroy(struct context *c) mls_context_destroy(c); } -static inline int context_cmp(struct context *c1, struct context *c2) +static inline int context_cmp(struct selinux_ss_context *c1, struct selinux_ss_context *c2) { if (c1->len && c2->len) return (c1->len == c2->len && !strcmp(c1->str, c2->str)); diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 7f08105..e884269 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -32,7 +32,7 @@ * Return the length in bytes for the MLS fields of the * security context string representation of `context'. */ -int mls_compute_context_len(struct context *context) +int mls_compute_context_len(struct selinux_ss_context *context) { int i, l, len, head, prev; char *nm; @@ -85,7 +85,7 @@ int mls_compute_context_len(struct context *context) * the MLS fields of `context' into the string `*scontext'. * Update `*scontext' to point to the end of the MLS fields. */ -void mls_sid_to_context(struct context *context, +void mls_sid_to_context(struct selinux_ss_context *context, char **scontext) { char *scontextp, *nm; @@ -157,9 +157,9 @@ void mls_sid_to_context(struct context *context, return; } -int mls_level_isvalid(struct policydb *p, struct mls_level *l) +int mls_level_isvalid(struct selinux_ss_policydb *p, struct mls_level *l) { - struct level_datum *levdatum; + struct selinux_ss_level_datum *levdatum; struct selinux_ss_ebitmap_node *node; int i; @@ -185,7 +185,7 @@ int mls_level_isvalid(struct policydb *p, struct mls_level *l) return 1; } -int mls_range_isvalid(struct policydb *p, struct mls_range *r) +int mls_range_isvalid(struct selinux_ss_policydb *p, struct mls_range *r) { return (mls_level_isvalid(p, &r->level[0]) && mls_level_isvalid(p, &r->level[1]) && @@ -196,9 +196,9 @@ int mls_range_isvalid(struct policydb *p, struct mls_range *r) * Return 1 if the MLS fields in the security context * structure `c' are valid. Return 0 otherwise. */ -int mls_context_isvalid(struct policydb *p, struct context *c) +int mls_context_isvalid(struct selinux_ss_policydb *p, struct selinux_ss_context *c) { - struct user_datum *usrdatum; + struct selinux_ss_user_datum *usrdatum; if (!selinux_mls_enabled) return 1; @@ -239,18 +239,18 @@ int mls_context_isvalid(struct policydb *p, struct context *c) * Policy read-lock must be held for sidtab lookup. * */ -int mls_context_to_sid(struct policydb *pol, +int mls_context_to_sid(struct selinux_ss_policydb *pol, char oldc, char **scontext, - struct context *context, - struct sidtab *s, + struct selinux_ss_context *context, + struct selinux_ss_sidtab *s, u32 def_sid) { char delim; char *scontextp, *p, *rngptr; - struct level_datum *levdatum; - struct cat_datum *catdatum, *rngdatum; + struct selinux_ss_level_datum *levdatum; + struct selinux_ss_cat_datum *catdatum, *rngdatum; int l, rc = -EINVAL; if (!selinux_mls_enabled) { @@ -264,12 +264,12 @@ int mls_context_to_sid(struct policydb *pol, * default if provided. */ if (!oldc) { - struct context *defcon; + struct selinux_ss_context *defcon; if (def_sid == SECSID_NULL) goto out; - defcon = sidtab_search(s, def_sid); + defcon = selinux_ss_sidtab_search(s, def_sid); if (!defcon) goto out; @@ -382,7 +382,7 @@ out: * the string `str'. This function will allocate temporary memory with the * given constraints of gfp_mask. */ -int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) +int mls_from_string(char *str, struct selinux_ss_context *context, gfp_t gfp_mask) { char *tmpstr, *freestr; int rc; @@ -407,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) /* * Copies the MLS range `range' into `context'. */ -static inline int mls_range_set(struct context *context, +static inline int mls_range_set(struct selinux_ss_context *context, struct mls_range *range) { int l, rc = 0; @@ -424,8 +424,8 @@ static inline int mls_range_set(struct context *context, return rc; } -int mls_setup_user_range(struct context *fromcon, struct user_datum *user, - struct context *usercon) +int mls_setup_user_range(struct selinux_ss_context *fromcon, struct selinux_ss_user_datum *user, + struct selinux_ss_context *usercon) { if (selinux_mls_enabled) { struct mls_level *fromcon_sen = &(fromcon->range.level[0]); @@ -467,12 +467,12 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, * structure `c' from the values specified in the * policy `oldp' to the values specified in the policy `newp'. */ -int mls_convert_context(struct policydb *oldp, - struct policydb *newp, - struct context *c) +int mls_convert_context(struct selinux_ss_policydb *oldp, + struct selinux_ss_policydb *newp, + struct selinux_ss_context *c) { - struct level_datum *levdatum; - struct cat_datum *catdatum; + struct selinux_ss_level_datum *levdatum; + struct selinux_ss_cat_datum *catdatum; struct selinux_ss_ebitmap bitmap; struct selinux_ss_ebitmap_node *node; int l, i; @@ -507,13 +507,13 @@ int mls_convert_context(struct policydb *oldp, return 0; } -int mls_compute_sid(struct context *scontext, - struct context *tcontext, +int mls_compute_sid(struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, u16 tclass, u32 specified, - struct context *newcontext) + struct selinux_ss_context *newcontext) { - struct range_trans *rtr; + struct selinux_ss_range_trans *rtr; if (!selinux_mls_enabled) return 0; @@ -558,7 +558,7 @@ int mls_compute_sid(struct context *scontext, * NetLabel MLS sensitivity level field. * */ -void mls_export_netlbl_lvl(struct context *context, +void mls_export_netlbl_lvl(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { if (!selinux_mls_enabled) @@ -578,7 +578,7 @@ void mls_export_netlbl_lvl(struct context *context, * NetLabel MLS sensitivity level into the context. * */ -void mls_import_netlbl_lvl(struct context *context, +void mls_import_netlbl_lvl(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { if (!selinux_mls_enabled) @@ -598,7 +598,7 @@ void mls_import_netlbl_lvl(struct context *context, * MLS category field. Returns zero on success, negative values on failure. * */ -int mls_export_netlbl_cat(struct context *context, +int mls_export_netlbl_cat(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { int rc; @@ -626,7 +626,7 @@ int mls_export_netlbl_cat(struct context *context, * negative values on failure. * */ -int mls_import_netlbl_cat(struct context *context, +int mls_import_netlbl_cat(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { int rc; diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 1276715..4eeca61 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h @@ -24,60 +24,60 @@ #include "context.h" #include "policydb.h" -int mls_compute_context_len(struct context *context); -void mls_sid_to_context(struct context *context, char **scontext); -int mls_context_isvalid(struct policydb *p, struct context *c); -int mls_range_isvalid(struct policydb *p, struct mls_range *r); -int mls_level_isvalid(struct policydb *p, struct mls_level *l); +int mls_compute_context_len(struct selinux_ss_context *context); +void mls_sid_to_context(struct selinux_ss_context *context, char **scontext); +int mls_context_isvalid(struct selinux_ss_policydb *p, struct selinux_ss_context *c); +int mls_range_isvalid(struct selinux_ss_policydb *p, struct mls_range *r); +int mls_level_isvalid(struct selinux_ss_policydb *p, struct mls_level *l); -int mls_context_to_sid(struct policydb *p, +int mls_context_to_sid(struct selinux_ss_policydb *p, char oldc, char **scontext, - struct context *context, - struct sidtab *s, + struct selinux_ss_context *context, + struct selinux_ss_sidtab *s, u32 def_sid); -int mls_from_string(char *str, struct context *context, gfp_t gfp_mask); +int mls_from_string(char *str, struct selinux_ss_context *context, gfp_t gfp_mask); -int mls_convert_context(struct policydb *oldp, - struct policydb *newp, - struct context *context); +int mls_convert_context(struct selinux_ss_policydb *oldp, + struct selinux_ss_policydb *newp, + struct selinux_ss_context *context); -int mls_compute_sid(struct context *scontext, - struct context *tcontext, +int mls_compute_sid(struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, u16 tclass, u32 specified, - struct context *newcontext); + struct selinux_ss_context *newcontext); -int mls_setup_user_range(struct context *fromcon, struct user_datum *user, - struct context *usercon); +int mls_setup_user_range(struct selinux_ss_context *fromcon, struct selinux_ss_user_datum *user, + struct selinux_ss_context *usercon); #ifdef CONFIG_NETLABEL -void mls_export_netlbl_lvl(struct context *context, +void mls_export_netlbl_lvl(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr); -void mls_import_netlbl_lvl(struct context *context, +void mls_import_netlbl_lvl(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr); -int mls_export_netlbl_cat(struct context *context, +int mls_export_netlbl_cat(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr); -int mls_import_netlbl_cat(struct context *context, +int mls_import_netlbl_cat(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr); #else -static inline void mls_export_netlbl_lvl(struct context *context, +static inline void mls_export_netlbl_lvl(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { return; } -static inline void mls_import_netlbl_lvl(struct context *context, +static inline void mls_import_netlbl_lvl(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { return; } -static inline int mls_export_netlbl_cat(struct context *context, +static inline int mls_export_netlbl_cat(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { return -ENOMEM; } -static inline int mls_import_netlbl_cat(struct context *context, +static inline int mls_import_netlbl_cat(struct selinux_ss_context *context, struct netlbl_lsm_secattr *secattr) { return -ENOMEM; diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 776635a..c415b47 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -65,14 +65,14 @@ static unsigned int symtab_sizes[SYM_NUM] = { 16, }; -struct policydb_compat_info { +struct selinux_ss_policydb_compat_info { int version; int sym_num; int ocon_num; }; /* These need to be updated if SYM_NUM or OCON_NUM changes */ -static struct policydb_compat_info policydb_compat[] = { +static struct selinux_ss_policydb_compat_info policydb_compat[] = { { .version = POLICYDB_VERSION_BASE, .sym_num = SYM_NUM - 3, @@ -125,10 +125,10 @@ static struct policydb_compat_info policydb_compat[] = { }, }; -static struct policydb_compat_info *policydb_lookup_compat(int version) +static struct selinux_ss_policydb_compat_info *policydb_lookup_compat(int version) { int i; - struct policydb_compat_info *info = NULL; + struct selinux_ss_policydb_compat_info *info = NULL; for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { if (policydb_compat[i].version == version) { @@ -142,11 +142,11 @@ static struct policydb_compat_info *policydb_lookup_compat(int version) /* * Initialize the role table. */ -static int roles_init(struct policydb *p) +static int roles_init(struct selinux_ss_policydb *p) { char *key = NULL; int rc; - struct role_datum *role; + struct selinux_ss_role_datum *role; role = kzalloc(sizeof(*role), GFP_KERNEL); if (!role) { @@ -180,14 +180,14 @@ out_free_role: /* * Initialize a policy database structure. */ -static int policydb_init(struct policydb *p) +static int policydb_init(struct selinux_ss_policydb *p) { int i, rc; memset(p, 0, sizeof(*p)); for (i = 0; i < SYM_NUM; i++) { - rc = symtab_init(&p->symtab[i], symtab_sizes[i]); + rc = selinux_ss_symtab_init(&p->symtab[i], symtab_sizes[i]); if (rc) goto out_free_symtab; } @@ -228,8 +228,8 @@ out_free_symtab: static int common_index(void *key, void *datum, void *datap) { - struct policydb *p; - struct common_datum *comdatum; + struct selinux_ss_policydb *p; + struct selinux_ss_common_datum *comdatum; comdatum = datum; p = datap; @@ -241,8 +241,8 @@ static int common_index(void *key, void *datum, void *datap) static int class_index(void *key, void *datum, void *datap) { - struct policydb *p; - struct class_datum *cladatum; + struct selinux_ss_policydb *p; + struct selinux_ss_class_datum *cladatum; cladatum = datum; p = datap; @@ -255,8 +255,8 @@ static int class_index(void *key, void *datum, void *datap) static int role_index(void *key, void *datum, void *datap) { - struct policydb *p; - struct role_datum *role; + struct selinux_ss_policydb *p; + struct selinux_ss_role_datum *role; role = datum; p = datap; @@ -271,8 +271,8 @@ static int role_index(void *key, void *datum, void *datap) static int type_index(void *key, void *datum, void *datap) { - struct policydb *p; - struct type_datum *typdatum; + struct selinux_ss_policydb *p; + struct selinux_ss_type_datum *typdatum; typdatum = datum; p = datap; @@ -291,8 +291,8 @@ static int type_index(void *key, void *datum, void *datap) static int user_index(void *key, void *datum, void *datap) { - struct policydb *p; - struct user_datum *usrdatum; + struct selinux_ss_policydb *p; + struct selinux_ss_user_datum *usrdatum; usrdatum = datum; p = datap; @@ -307,8 +307,8 @@ static int user_index(void *key, void *datum, void *datap) static int sens_index(void *key, void *datum, void *datap) { - struct policydb *p; - struct level_datum *levdatum; + struct selinux_ss_policydb *p; + struct selinux_ss_level_datum *levdatum; levdatum = datum; p = datap; @@ -325,8 +325,8 @@ static int sens_index(void *key, void *datum, void *datap) static int cat_index(void *key, void *datum, void *datap) { - struct policydb *p; - struct cat_datum *catdatum; + struct selinux_ss_policydb *p; + struct selinux_ss_cat_datum *catdatum; catdatum = datum; p = datap; @@ -359,7 +359,7 @@ static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = * * Caller must clean up upon failure. */ -static int policydb_index_classes(struct policydb *p) +static int policydb_index_classes(struct selinux_ss_policydb *p) { int rc; @@ -394,7 +394,7 @@ out: } #ifdef DEBUG_HASHES -static void symtab_hash_eval(struct symtab *s) +static void symtab_hash_eval(struct selinux_ss_symtab *s) { int i; @@ -416,7 +416,7 @@ static void symtab_hash_eval(struct symtab *s) * * Caller must clean up on failure. */ -static int policydb_index_others(struct policydb *p) +static int policydb_index_others(struct selinux_ss_policydb *p) { int i, rc = 0; @@ -495,7 +495,7 @@ static int perm_destroy(void *key, void *datum, void *p) static int common_destroy(void *key, void *datum, void *p) { - struct common_datum *comdatum; + struct selinux_ss_common_datum *comdatum; kfree(key); comdatum = datum; @@ -507,7 +507,7 @@ static int common_destroy(void *key, void *datum, void *p) static int cls_destroy(void *key, void *datum, void *p) { - struct class_datum *cladatum; + struct selinux_ss_class_datum *cladatum; struct selinux_ss_constraint_node *constraint, *ctemp; struct selinux_ss_constraint_expr *e, *etmp; @@ -550,7 +550,7 @@ static int cls_destroy(void *key, void *datum, void *p) static int role_destroy(void *key, void *datum, void *p) { - struct role_datum *role; + struct selinux_ss_role_datum *role; kfree(key); role = datum; @@ -569,7 +569,7 @@ static int type_destroy(void *key, void *datum, void *p) static int user_destroy(void *key, void *datum, void *p) { - struct user_datum *usrdatum; + struct selinux_ss_user_datum *usrdatum; kfree(key); usrdatum = datum; @@ -583,7 +583,7 @@ static int user_destroy(void *key, void *datum, void *p) static int sens_destroy(void *key, void *datum, void *p) { - struct level_datum *levdatum; + struct selinux_ss_level_datum *levdatum; kfree(key); levdatum = datum; @@ -612,7 +612,7 @@ static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = cat_destroy, }; -static void ocontext_destroy(struct ocontext *c, int i) +static void ocontext_destroy(struct selinux_ss_ocontext *c, int i) { context_destroy(&c->context[0]); context_destroy(&c->context[1]); @@ -625,14 +625,14 @@ static void ocontext_destroy(struct ocontext *c, int i) /* * Free any memory allocated by a policy database structure. */ -void policydb_destroy(struct policydb *p) +void policydb_destroy(struct selinux_ss_policydb *p) { - struct ocontext *c, *ctmp; - struct genfs *g, *gtmp; + struct selinux_ss_ocontext *c, *ctmp; + struct selinux_ss_genfs *g, *gtmp; int i; - struct role_allow *ra, *lra = NULL; - struct role_trans *tr, *ltr = NULL; - struct range_trans *rt, *lrt = NULL; + struct selinux_ss_role_allow *ra, *lra = NULL; + struct selinux_ss_role_trans *tr, *ltr = NULL; + struct selinux_ss_range_trans *rt, *lrt = NULL; for (i = 0; i < SYM_NUM; i++) { cond_resched(); @@ -724,12 +724,12 @@ void policydb_destroy(struct policydb *p) * Load the initial SIDs specified in a policy database * structure into a SID table. */ -int policydb_load_isids(struct policydb *p, struct sidtab *s) +int policydb_load_isids(struct selinux_ss_policydb *p, struct selinux_ss_sidtab *s) { - struct ocontext *head, *c; + struct selinux_ss_ocontext *head, *c; int rc; - rc = sidtab_init(s); + rc = selinux_ss_sidtab_init(s); if (rc) { printk(KERN_ERR "SELinux: out of memory on SID table init\n"); goto out; @@ -743,7 +743,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) rc = -EINVAL; goto out; } - if (sidtab_insert(s, c->sid[0], &c->context[0])) { + if (selinux_ss_sidtab_insert(s, c->sid[0], &c->context[0])) { printk(KERN_ERR "SELinux: unable to load initial " "SID %s.\n", c->u.name); rc = -EINVAL; @@ -754,21 +754,21 @@ out: return rc; } -int policydb_class_isvalid(struct policydb *p, unsigned int class) +int policydb_class_isvalid(struct selinux_ss_policydb *p, unsigned int class) { if (!class || class > p->p_classes.nprim) return 0; return 1; } -int policydb_role_isvalid(struct policydb *p, unsigned int role) +int policydb_role_isvalid(struct selinux_ss_policydb *p, unsigned int role) { if (!role || role > p->p_roles.nprim) return 0; return 1; } -int policydb_type_isvalid(struct policydb *p, unsigned int type) +int policydb_type_isvalid(struct selinux_ss_policydb *p, unsigned int type) { if (!type || type > p->p_types.nprim) return 0; @@ -779,10 +779,10 @@ int policydb_type_isvalid(struct policydb *p, unsigned int type) * Return 1 if the fields in the security context * structure `c' are valid. Return 0 otherwise. */ -int policydb_context_isvalid(struct policydb *p, struct context *c) +int policydb_context_isvalid(struct selinux_ss_policydb *p, struct selinux_ss_context *c) { - struct role_datum *role; - struct user_datum *usrdatum; + struct selinux_ss_role_datum *role; + struct selinux_ss_user_datum *usrdatum; if (!c->role || c->role > p->p_roles.nprim) return 0; @@ -886,8 +886,8 @@ bad_high: * Read and validate a security context structure * from a policydb binary representation file. */ -static int context_read_and_validate(struct context *c, - struct policydb *p, +static int context_read_and_validate(struct selinux_ss_context *c, + struct selinux_ss_policydb *p, void *fp) { __le32 buf[3]; @@ -925,10 +925,10 @@ out: * binary representation file. */ -static int perm_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int perm_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct perm_datum *perdatum; + struct selinux_ss_perm_datum *perdatum; int rc; __le32 buf[2]; u32 len; @@ -966,10 +966,10 @@ bad: goto out; } -static int common_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int common_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct common_datum *comdatum; + struct selinux_ss_common_datum *comdatum; __le32 buf[4]; u32 len, nel; int i, rc; @@ -987,7 +987,7 @@ static int common_read(struct policydb *p, struct selinux_ss_hashtab *h, void *f len = le32_to_cpu(buf[0]); comdatum->value = le32_to_cpu(buf[1]); - rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); + rc = selinux_ss_symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); if (rc) goto bad; comdatum->permissions.nprim = le32_to_cpu(buf[2]); @@ -1101,10 +1101,10 @@ static int read_cons_helper(struct selinux_ss_constraint_node **nodep, int ncons return 0; } -static int class_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int class_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct class_datum *cladatum; + struct selinux_ss_class_datum *cladatum; __le32 buf[6]; u32 len, len2, ncons, nel; int i, rc; @@ -1123,7 +1123,7 @@ static int class_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp len2 = le32_to_cpu(buf[1]); cladatum->value = le32_to_cpu(buf[2]); - rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); + rc = selinux_ss_symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); if (rc) goto bad; cladatum->permissions.nprim = le32_to_cpu(buf[3]); @@ -1194,10 +1194,10 @@ bad: goto out; } -static int role_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int role_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct role_datum *role; + struct selinux_ss_role_datum *role; int rc, to_read = 2; __le32 buf[3]; u32 len; @@ -1259,10 +1259,10 @@ bad: goto out; } -static int type_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int type_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct type_datum *typdatum; + struct selinux_ss_type_datum *typdatum; int rc, to_read = 3; __le32 buf[4]; u32 len; @@ -1346,10 +1346,10 @@ bad: return -EINVAL; } -static int user_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int user_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct user_datum *usrdatum; + struct selinux_ss_user_datum *usrdatum; int rc, to_read = 2; __le32 buf[3]; u32 len; @@ -1405,10 +1405,10 @@ bad: goto out; } -static int sens_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int sens_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct level_datum *levdatum; + struct selinux_ss_level_datum *levdatum; int rc; __le32 buf[2]; u32 len; @@ -1456,10 +1456,10 @@ bad: goto out; } -static int cat_read(struct policydb *p, struct selinux_ss_hashtab *h, void *fp) +static int cat_read(struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) { char *key = NULL; - struct cat_datum *catdatum; + struct selinux_ss_cat_datum *catdatum; int rc; __le32 buf[3]; u32 len; @@ -1499,7 +1499,7 @@ bad: goto out; } -static int (*read_f[SYM_NUM]) (struct policydb *p, struct selinux_ss_hashtab *h, void *fp) = +static int (*read_f[SYM_NUM]) (struct selinux_ss_policydb *p, struct selinux_ss_hashtab *h, void *fp) = { common_read, class_read, @@ -1513,8 +1513,8 @@ static int (*read_f[SYM_NUM]) (struct policydb *p, struct selinux_ss_hashtab *h, static int user_bounds_sanity_check(void *key, void *datum, void *datap) { - struct user_datum *upper, *user; - struct policydb *p = datap; + struct selinux_ss_user_datum *upper, *user; + struct selinux_ss_policydb *p = datap; int depth = 0; upper = user = datum; @@ -1550,8 +1550,8 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) static int role_bounds_sanity_check(void *key, void *datum, void *datap) { - struct role_datum *upper, *role; - struct policydb *p = datap; + struct selinux_ss_role_datum *upper, *role; + struct selinux_ss_policydb *p = datap; int depth = 0; upper = role = datum; @@ -1587,8 +1587,8 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) static int type_bounds_sanity_check(void *key, void *datum, void *datap) { - struct type_datum *upper, *type; - struct policydb *p = datap; + struct selinux_ss_type_datum *upper, *type; + struct selinux_ss_policydb *p = datap; int depth = 0; upper = type = datum; @@ -1613,7 +1613,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap) return 0; } -static int policydb_bounds_sanity_check(struct policydb *p) +static int policydb_bounds_sanity_check(struct selinux_ss_policydb *p) { int rc; @@ -1644,19 +1644,19 @@ extern int ss_initialized; * Read the configuration data from a policy database binary * representation file into a policy database structure. */ -int policydb_read(struct policydb *p, void *fp) +int policydb_read(struct selinux_ss_policydb *p, void *fp) { - struct role_allow *ra, *lra; - struct role_trans *tr, *ltr; - struct ocontext *l, *c, *newc; - struct genfs *genfs_p, *genfs, *newgenfs; + struct selinux_ss_role_allow *ra, *lra; + struct selinux_ss_role_trans *tr, *ltr; + struct selinux_ss_ocontext *l, *c, *newc; + struct selinux_ss_genfs *genfs_p, *genfs, *newgenfs; int i, j, rc; __le32 buf[4]; u32 nodebuf[8]; u32 len, len2, config, nprim, nel, nel2; char *policydb_str; - struct policydb_compat_info *info; - struct range_trans *rt, *lrt; + struct selinux_ss_policydb_compat_info *info; + struct selinux_ss_range_trans *rt, *lrt; config = 0; diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index b1a3ffd..cb16f9f 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -38,49 +38,49 @@ */ /* Permission attributes */ -struct perm_datum { +struct selinux_ss_perm_datum { u32 value; /* permission bit + 1 */ }; /* Attributes of a common prefix for access vectors */ -struct common_datum { +struct selinux_ss_common_datum { u32 value; /* internal common value */ - struct symtab permissions; /* common permissions */ + struct selinux_ss_symtab permissions; /* common permissions */ }; /* Class attributes */ -struct class_datum { +struct selinux_ss_class_datum { u32 value; /* class value */ char *comkey; /* common name */ - struct common_datum *comdatum; /* common datum */ - struct symtab permissions; /* class-specific permission symbol table */ + struct selinux_ss_common_datum *comdatum; /* common datum */ + struct selinux_ss_symtab permissions; /* class-specific permission symbol table */ struct selinux_ss_constraint_node *constraints; /* constraints on class permissions */ struct selinux_ss_constraint_node *validatetrans; /* special transition rules */ }; /* Role attributes */ -struct role_datum { +struct selinux_ss_role_datum { u32 value; /* internal role value */ u32 bounds; /* boundary of role */ struct selinux_ss_ebitmap dominates; /* set of roles dominated by this role */ struct selinux_ss_ebitmap types; /* set of authorized types for role */ }; -struct role_trans { +struct selinux_ss_role_trans { u32 role; /* current role */ u32 type; /* program executable type */ u32 new_role; /* new role */ - struct role_trans *next; + struct selinux_ss_role_trans *next; }; -struct role_allow { +struct selinux_ss_role_allow { u32 role; /* current role */ u32 new_role; /* new role */ - struct role_allow *next; + struct selinux_ss_role_allow *next; }; /* Type attributes */ -struct type_datum { +struct selinux_ss_type_datum { u32 value; /* internal type value */ u32 bounds; /* boundary of type */ unsigned char primary; /* primary name? */ @@ -88,7 +88,7 @@ struct type_datum { }; /* User attributes */ -struct user_datum { +struct selinux_ss_user_datum { u32 value; /* internal user value */ u32 bounds; /* bounds of user */ struct selinux_ss_ebitmap roles; /* set of authorized roles for user */ @@ -98,23 +98,23 @@ struct user_datum { /* Sensitivity attributes */ -struct level_datum { +struct selinux_ss_level_datum { struct mls_level *level; /* sensitivity and associated categories */ unsigned char isalias; /* is this sensitivity an alias for another? */ }; /* Category attributes */ -struct cat_datum { +struct selinux_ss_cat_datum { u32 value; /* internal category bit + 1 */ unsigned char isalias; /* is this category an alias for another? */ }; -struct range_trans { +struct selinux_ss_range_trans { u32 source_type; u32 target_type; u32 target_class; struct mls_range target_range; - struct range_trans *next; + struct selinux_ss_range_trans *next; }; /* Boolean data type */ @@ -132,7 +132,7 @@ struct selinux_ss_cond_node; * relevant data for one such entry. Entries of the same kind * (e.g. all initial SIDs) are linked together into a list. */ -struct ocontext { +struct selinux_ss_ocontext { union { char *name; /* name of initial SID, fs, netif, fstype, path */ struct { @@ -153,15 +153,15 @@ struct ocontext { u32 sclass; /* security class for genfs */ u32 behavior; /* labeling behavior for fs_use */ } v; - struct context context[2]; /* security context(s) */ + struct selinux_ss_context context[2]; /* security context(s) */ u32 sid[2]; /* SID(s) */ - struct ocontext *next; + struct selinux_ss_ocontext *next; }; -struct genfs { +struct selinux_ss_genfs { char *fstype; - struct ocontext *head; - struct genfs *next; + struct selinux_ss_ocontext *head; + struct selinux_ss_genfs *next; }; /* symbol table array indices */ @@ -186,9 +186,9 @@ struct genfs { #define OCON_NUM 7 /* The policy database */ -struct policydb { +struct selinux_ss_policydb { /* symbol tables */ - struct symtab symtab[SYM_NUM]; + struct selinux_ss_symtab symtab[SYM_NUM]; #define p_commons symtab[SYM_COMMONS] #define p_classes symtab[SYM_CLASSES] #define p_roles symtab[SYM_ROLES] @@ -210,16 +210,16 @@ struct policydb { #define p_cat_val_to_name sym_val_to_name[SYM_CATS] /* class, role, and user attributes indexed by (value - 1) */ - struct class_datum **class_val_to_struct; - struct role_datum **role_val_to_struct; - struct user_datum **user_val_to_struct; - struct type_datum **type_val_to_struct; + struct selinux_ss_class_datum **class_val_to_struct; + struct selinux_ss_role_datum **role_val_to_struct; + struct selinux_ss_user_datum **user_val_to_struct; + struct selinux_ss_type_datum **type_val_to_struct; /* type enforcement access vectors and transitions */ struct selinux_ss_avtab te_avtab; /* role transitions */ - struct role_trans *role_tr; + struct selinux_ss_role_trans *role_tr; /* bools indexed by (value - 1) */ struct selinux_ss_cond_bool_datum **bool_val_to_struct; @@ -229,19 +229,19 @@ struct policydb { struct selinux_ss_cond_node *cond_list; /* role allows */ - struct role_allow *role_allow; + struct selinux_ss_role_allow *role_allow; /* security contexts of initial SIDs, unlabeled file systems, TCP or UDP port numbers, network interfaces and nodes */ - struct ocontext *ocontexts[OCON_NUM]; + struct selinux_ss_ocontext *ocontexts[OCON_NUM]; /* security contexts for files in filesystems that cannot support a persistent label mapping or use another fixed labeling behavior. */ - struct genfs *genfs; + struct selinux_ss_genfs *genfs; /* range transitions */ - struct range_trans *range_tr; + struct selinux_ss_range_trans *range_tr; /* type -> attribute reverse mapping */ struct selinux_ss_ebitmap *type_attr_map; @@ -257,13 +257,13 @@ struct policydb { u32 *undefined_perms; }; -extern void policydb_destroy(struct policydb *p); -extern int policydb_load_isids(struct policydb *p, struct sidtab *s); -extern int policydb_context_isvalid(struct policydb *p, struct context *c); -extern int policydb_class_isvalid(struct policydb *p, unsigned int class); -extern int policydb_type_isvalid(struct policydb *p, unsigned int type); -extern int policydb_role_isvalid(struct policydb *p, unsigned int role); -extern int policydb_read(struct policydb *p, void *fp); +extern void policydb_destroy(struct selinux_ss_policydb *p); +extern int policydb_load_isids(struct selinux_ss_policydb *p, struct selinux_ss_sidtab *s); +extern int policydb_context_isvalid(struct selinux_ss_policydb *p, struct selinux_ss_context *c); +extern int policydb_class_isvalid(struct selinux_ss_policydb *p, unsigned int class); +extern int policydb_type_isvalid(struct selinux_ss_policydb *p, unsigned int type); +extern int policydb_role_isvalid(struct selinux_ss_policydb *p, unsigned int role); +extern int policydb_read(struct selinux_ss_policydb *p, void *fp); #define PERM_SYMTAB_SIZE 32 @@ -279,12 +279,12 @@ extern int policydb_read(struct policydb *p, void *fp); #define POLICYDB_MAGIC SELINUX_MAGIC #define POLICYDB_STRING "SE Linux" -struct policy_file { +struct selinux_ss_policy_file { char *data; size_t len; }; -static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) +static inline int next_entry(void *buf, struct selinux_ss_policy_file *fp, size_t bytes) { if (bytes > fp->len) return -EINVAL; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 82b8c18..ec85a56 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -77,8 +77,8 @@ extern const struct selinux_class_perm selinux_class_perm; static DEFINE_RWLOCK(policy_rwlock); -static struct sidtab sidtab; -struct policydb policydb; +static struct selinux_ss_sidtab sidtab; +struct selinux_ss_policydb policydb; int ss_initialized; /* @@ -90,11 +90,11 @@ int ss_initialized; static u32 latest_granting; /* Forward declaration. */ -static int context_struct_to_string(struct context *context, char **scontext, +static int context_struct_to_string(struct selinux_ss_context *context, char **scontext, u32 *scontext_len); -static int context_struct_compute_av(struct context *scontext, - struct context *tcontext, +static int context_struct_compute_av(struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, u16 tclass, u32 requested, struct av_decision *avd); @@ -109,14 +109,14 @@ static int context_struct_compute_av(struct context *scontext, * of the process performing the transition. All other callers of * constraint_expr_eval should pass in NULL for xcontext. */ -static int constraint_expr_eval(struct context *scontext, - struct context *tcontext, - struct context *xcontext, +static int constraint_expr_eval(struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, + struct selinux_ss_context *xcontext, struct selinux_ss_constraint_expr *cexpr) { u32 val1, val2; - struct context *c; - struct role_datum *r1, *r2; + struct selinux_ss_context *c; + struct selinux_ss_role_datum *r1, *r2; struct mls_level *l1, *l2; struct selinux_ss_constraint_expr *e; int s[CEXPR_MAXDEPTH]; @@ -289,7 +289,7 @@ mls_ops: */ static int dump_masked_av_helper(void *k, void *d, void *args) { - struct perm_datum *pdatum = d; + struct selinux_ss_perm_datum *pdatum = d; char **permission_names = args; BUG_ON(pdatum->value < 1 || pdatum->value > 32); @@ -299,14 +299,14 @@ static int dump_masked_av_helper(void *k, void *d, void *args) return 0; } -static void security_dump_masked_av(struct context *scontext, - struct context *tcontext, +static void security_dump_masked_av(struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, u16 tclass, u32 permissions, const char *reason) { - struct common_datum *common_dat; - struct class_datum *tclass_dat; + struct selinux_ss_common_datum *common_dat; + struct selinux_ss_class_datum *tclass_dat; struct audit_buffer *ab; char *tclass_name; char *scontext_name = NULL; @@ -376,18 +376,18 @@ out: * security_boundary_permission - drops violated permissions * on boundary constraint. */ -static void type_attribute_bounds_av(struct context *scontext, - struct context *tcontext, +static void type_attribute_bounds_av(struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, u16 tclass, u32 requested, struct av_decision *avd) { - struct context lo_scontext; - struct context lo_tcontext; + struct selinux_ss_context lo_scontext; + struct selinux_ss_context lo_tcontext; struct av_decision lo_avd; - struct type_datum *source + struct selinux_ss_type_datum *source = policydb.type_val_to_struct[scontext->type - 1]; - struct type_datum *target + struct selinux_ss_type_datum *target = policydb.type_val_to_struct[tcontext->type - 1]; u32 masked = 0; @@ -454,17 +454,17 @@ static void type_attribute_bounds_av(struct context *scontext, * Compute access vectors based on a context structure pair for * the permissions in a particular class. */ -static int context_struct_compute_av(struct context *scontext, - struct context *tcontext, +static int context_struct_compute_av(struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, u16 tclass, u32 requested, struct av_decision *avd) { struct selinux_ss_constraint_node *constraint; - struct role_allow *ra; + struct selinux_ss_role_allow *ra; struct selinux_ss_avtab_key avkey; struct selinux_ss_avtab_node *node; - struct class_datum *tclass_datum; + struct selinux_ss_class_datum *tclass_datum; struct selinux_ss_ebitmap *sattr, *tattr; struct selinux_ss_ebitmap_node *snode, *tnode; const struct selinux_class_perm *kdefs = &selinux_class_perm; @@ -607,9 +607,9 @@ inval_class: return 0; } -static int security_validtrans_handle_fail(struct context *ocontext, - struct context *ncontext, - struct context *tcontext, +static int security_validtrans_handle_fail(struct selinux_ss_context *ocontext, + struct selinux_ss_context *ncontext, + struct selinux_ss_context *tcontext, u16 tclass) { char *o = NULL, *n = NULL, *t = NULL; @@ -638,10 +638,10 @@ out: int selinux_ss_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, u16 tclass) { - struct context *ocontext; - struct context *ncontext; - struct context *tcontext; - struct class_datum *tclass_datum; + struct selinux_ss_context *ocontext; + struct selinux_ss_context *ncontext; + struct selinux_ss_context *tcontext; + struct selinux_ss_class_datum *tclass_datum; struct selinux_ss_constraint_node *constraint; int rc = 0; @@ -669,7 +669,7 @@ int selinux_ss_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, } tclass_datum = policydb.class_val_to_struct[tclass - 1]; - ocontext = sidtab_search(&sidtab, oldsid); + ocontext = selinux_ss_sidtab_search(&sidtab, oldsid); if (!ocontext) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, oldsid); @@ -677,7 +677,7 @@ int selinux_ss_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, goto out; } - ncontext = sidtab_search(&sidtab, newsid); + ncontext = selinux_ss_sidtab_search(&sidtab, newsid); if (!ncontext) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, newsid); @@ -685,7 +685,7 @@ int selinux_ss_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, goto out; } - tcontext = sidtab_search(&sidtab, tasksid); + tcontext = selinux_ss_sidtab_search(&sidtab, tasksid); if (!tcontext) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, tasksid); @@ -720,21 +720,21 @@ out: */ int selinux_ss_bounded_transition(u32 old_sid, u32 new_sid) { - struct context *old_context, *new_context; - struct type_datum *type; + struct selinux_ss_context *old_context, *new_context; + struct selinux_ss_type_datum *type; int index; int rc = -EINVAL; read_lock(&policy_rwlock); - old_context = sidtab_search(&sidtab, old_sid); + old_context = selinux_ss_sidtab_search(&sidtab, old_sid); if (!old_context) { printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n", __func__, old_sid); goto out; } - new_context = sidtab_search(&sidtab, new_sid); + new_context = selinux_ss_sidtab_search(&sidtab, new_sid); if (!new_context) { printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n", __func__, new_sid); @@ -811,7 +811,7 @@ int selinux_ss_compute_av(u32 ssid, u32 requested, struct av_decision *avd) { - struct context *scontext = NULL, *tcontext = NULL; + struct selinux_ss_context *scontext = NULL, *tcontext = NULL; int rc = 0; if (!ss_initialized) { @@ -824,14 +824,14 @@ int selinux_ss_compute_av(u32 ssid, read_lock(&policy_rwlock); - scontext = sidtab_search(&sidtab, ssid); + scontext = selinux_ss_sidtab_search(&sidtab, ssid); if (!scontext) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, ssid); rc = -EINVAL; goto out; } - tcontext = sidtab_search(&sidtab, tsid); + tcontext = selinux_ss_sidtab_search(&sidtab, tsid); if (!tcontext) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, tsid); @@ -857,7 +857,7 @@ out: * to point to this string and set `*scontext_len' to * the length of the string. */ -static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len) +static int context_struct_to_string(struct selinux_ss_context *context, char **scontext, u32 *scontext_len) { char *scontextp; @@ -914,7 +914,7 @@ const char *selinux_ss_get_initial_sid_context(u32 sid) static int security_sid_to_context_core(u32 sid, char **scontext, u32 *scontext_len, int force) { - struct context *context; + struct selinux_ss_context *context; int rc = 0; *scontext = NULL; @@ -941,9 +941,9 @@ static int security_sid_to_context_core(u32 sid, char **scontext, } read_lock(&policy_rwlock); if (force) - context = sidtab_search_force(&sidtab, sid); + context = selinux_ss_sidtab_search_force(&sidtab, sid); else - context = sidtab_search(&sidtab, sid); + context = selinux_ss_sidtab_search(&sidtab, sid); if (!context) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, sid); @@ -981,16 +981,16 @@ int selinux_ss_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len) /* * Caveat: Mutates scontext. */ -static int string_to_context_struct(struct policydb *pol, - struct sidtab *sidtabp, +static int string_to_context_struct(struct selinux_ss_policydb *pol, + struct selinux_ss_sidtab *sidtabp, char *scontext, u32 scontext_len, - struct context *ctx, + struct selinux_ss_context *ctx, u32 def_sid) { - struct role_datum *role; - struct type_datum *typdatum; - struct user_datum *usrdatum; + struct selinux_ss_role_datum *role; + struct selinux_ss_type_datum *typdatum; + struct selinux_ss_user_datum *usrdatum; char *scontextp, *p, oldc; int rc = 0; @@ -1071,7 +1071,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, int force) { char *scontext2, *str = NULL; - struct context context; + struct selinux_ss_context context; int rc = 0; if (!ss_initialized) { @@ -1114,7 +1114,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, str = NULL; } else if (rc) goto out; - rc = sidtab_context_to_sid(&sidtab, &context, sid); + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &context, sid); context_destroy(&context); out: read_unlock(&policy_rwlock); @@ -1173,10 +1173,10 @@ int selinux_ss_context_to_sid_force(const char *scontext, u32 scontext_len, } static int compute_sid_handle_invalid_context( - struct context *scontext, - struct context *tcontext, + struct selinux_ss_context *scontext, + struct selinux_ss_context *tcontext, u16 tclass, - struct context *newcontext) + struct selinux_ss_context *newcontext) { char *s = NULL, *t = NULL, *n = NULL; u32 slen, tlen, nlen; @@ -1208,8 +1208,8 @@ static int security_compute_sid(u32 ssid, u32 specified, u32 *out_sid) { - struct context *scontext = NULL, *tcontext = NULL, newcontext; - struct role_trans *roletr = NULL; + struct selinux_ss_context *scontext = NULL, *tcontext = NULL, newcontext; + struct selinux_ss_role_trans *roletr = NULL; struct selinux_ss_avtab_key avkey; struct selinux_ss_avtab_datum *avdatum; struct selinux_ss_avtab_node *node; @@ -1231,14 +1231,14 @@ static int security_compute_sid(u32 ssid, read_lock(&policy_rwlock); - scontext = sidtab_search(&sidtab, ssid); + scontext = selinux_ss_sidtab_search(&sidtab, ssid); if (!scontext) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, ssid); rc = -EINVAL; goto out_unlock; } - tcontext = sidtab_search(&sidtab, tsid); + tcontext = selinux_ss_sidtab_search(&sidtab, tsid); if (!tcontext) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, tsid); @@ -1332,7 +1332,7 @@ static int security_compute_sid(u32 ssid, goto out_unlock; } /* Obtain the sid for the context. */ - rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &newcontext, out_sid); out_unlock: read_unlock(&policy_rwlock); context_destroy(&newcontext); @@ -1407,16 +1407,16 @@ int selinux_ss_change_sid(u32 ssid, * Verify that each kernel class that is defined in the * policy is correct */ -static int validate_classes(struct policydb *p) +static int validate_classes(struct selinux_ss_policydb *p) { int i, j; - struct class_datum *cladatum; - struct perm_datum *perdatum; + struct selinux_ss_class_datum *cladatum; + struct selinux_ss_perm_datum *perdatum; u32 nprim, tmp, common_pts_len, perm_val, pol_val; u16 class_val; const struct selinux_class_perm *kdefs = &selinux_class_perm; const char *def_class, *def_perm, *pol_class; - struct symtab *perms; + struct selinux_ss_symtab *perms; bool print_unknown_handle = 0; if (p->allow_unknown) { @@ -1542,15 +1542,15 @@ static int validate_classes(struct policydb *p) /* Clone the SID into the new SID table. */ static int clone_sid(u32 sid, - struct context *context, + struct selinux_ss_context *context, void *arg) { - struct sidtab *s = arg; + struct selinux_ss_sidtab *s = arg; - return sidtab_insert(s, sid, context); + return selinux_ss_sidtab_insert(s, sid, context); } -static inline int convert_context_handle_invalid_context(struct context *context) +static inline int convert_context_handle_invalid_context(struct selinux_ss_context *context) { int rc = 0; @@ -1571,8 +1571,8 @@ static inline int convert_context_handle_invalid_context(struct context *context } struct convert_context_args { - struct policydb *oldp; - struct policydb *newp; + struct selinux_ss_policydb *oldp; + struct selinux_ss_policydb *newp; }; /* @@ -1583,14 +1583,14 @@ struct convert_context_args { * context is valid under the new policy. */ static int convert_context(u32 key, - struct context *c, + struct selinux_ss_context *c, void *p) { struct convert_context_args *args; - struct context oldc; - struct role_datum *role; - struct type_datum *typdatum; - struct user_datum *usrdatum; + struct selinux_ss_context oldc; + struct selinux_ss_role_datum *role; + struct selinux_ss_type_datum *typdatum; + struct selinux_ss_user_datum *usrdatum; char *s; u32 len; int rc; @@ -1598,7 +1598,7 @@ static int convert_context(u32 key, args = p; if (c->str) { - struct context ctx; + struct selinux_ss_context ctx; s = kstrdup(c->str, GFP_KERNEL); if (!s) { rc = -ENOMEM; @@ -1694,7 +1694,7 @@ static void selinux_load_policycaps(void) } extern void selinux_complete_init(void); -static int security_preserve_bools(struct policydb *p); +static int security_preserve_bools(struct selinux_ss_policydb *p); /** * selinux_load_policy - Load a security policy configuration. @@ -1708,12 +1708,12 @@ static int security_preserve_bools(struct policydb *p); */ int selinux_ss_load_policy(void *data, size_t len) { - struct policydb oldpolicydb, newpolicydb; - struct sidtab oldsidtab, newsidtab; + struct selinux_ss_policydb oldpolicydb, newpolicydb; + struct selinux_ss_sidtab oldsidtab, newsidtab; struct convert_context_args args; u32 seqno; int rc = 0; - struct policy_file file = { data, len }, *fp = &file; + struct selinux_ss_policy_file file = { data, len }, *fp = &file; if (!ss_initialized) { selinux_ss_avtab_cache_init(); @@ -1730,7 +1730,7 @@ int selinux_ss_load_policy(void *data, size_t len) if (validate_classes(&policydb)) { printk(KERN_ERR "SELinux: the definition of a class is incorrect\n"); - sidtab_destroy(&sidtab); + selinux_ss_sidtab_destroy(&sidtab); policydb_destroy(&policydb); selinux_ss_avtab_cache_destroy(); return -EINVAL; @@ -1748,13 +1748,13 @@ int selinux_ss_load_policy(void *data, size_t len) } #if 0 - sidtab_hash_eval(&sidtab, "sids"); + selinux_ss_sidtab_hash_eval(&sidtab, "sids"); #endif if (policydb_read(&newpolicydb, fp)) return -EINVAL; - if (sidtab_init(&newsidtab)) { + if (selinux_ss_sidtab_init(&newsidtab)) { policydb_destroy(&newpolicydb); return -ENOMEM; } @@ -1774,8 +1774,8 @@ int selinux_ss_load_policy(void *data, size_t len) } /* Clone the SID table. */ - sidtab_shutdown(&sidtab); - if (sidtab_map(&sidtab, clone_sid, &newsidtab)) { + selinux_ss_sidtab_shutdown(&sidtab); + if (selinux_ss_sidtab_map(&sidtab, clone_sid, &newsidtab)) { rc = -ENOMEM; goto err; } @@ -1786,18 +1786,18 @@ int selinux_ss_load_policy(void *data, size_t len) */ args.oldp = &policydb; args.newp = &newpolicydb; - rc = sidtab_map(&newsidtab, convert_context, &args); + rc = selinux_ss_sidtab_map(&newsidtab, convert_context, &args); if (rc) goto err; /* Save the old policydb and SID table to free later. */ memcpy(&oldpolicydb, &policydb, sizeof policydb); - sidtab_set(&oldsidtab, &sidtab); + selinux_ss_sidtab_set(&oldsidtab, &sidtab); /* Install the new policydb and SID table. */ write_lock_irq(&policy_rwlock); memcpy(&policydb, &newpolicydb, sizeof policydb); - sidtab_set(&sidtab, &newsidtab); + selinux_ss_sidtab_set(&sidtab, &newsidtab); selinux_load_policycaps(); seqno = ++latest_granting; policydb_loaded_version = policydb.policyvers; @@ -1805,7 +1805,7 @@ int selinux_ss_load_policy(void *data, size_t len) /* Free the old policydb and SID table. */ policydb_destroy(&oldpolicydb); - sidtab_destroy(&oldsidtab); + selinux_ss_sidtab_destroy(&oldsidtab); selinux_avc_ss_reset(seqno); selnl_notify_policyload(seqno); @@ -1815,7 +1815,7 @@ int selinux_ss_load_policy(void *data, size_t len) return 0; err: - sidtab_destroy(&newsidtab); + selinux_ss_sidtab_destroy(&newsidtab); policydb_destroy(&newpolicydb); return rc; @@ -1829,7 +1829,7 @@ err: */ int selinux_ss_port_sid(u8 protocol, u16 port, u32 *out_sid) { - struct ocontext *c; + struct selinux_ss_ocontext *c; int rc = 0; read_lock(&policy_rwlock); @@ -1845,7 +1845,7 @@ int selinux_ss_port_sid(u8 protocol, u16 port, u32 *out_sid) if (c) { if (!c->sid[0]) { - rc = sidtab_context_to_sid(&sidtab, + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]); if (rc) @@ -1869,7 +1869,7 @@ out: int selinux_ss_netif_sid(char *name, u32 *if_sid) { int rc = 0; - struct ocontext *c; + struct selinux_ss_ocontext *c; read_lock(&policy_rwlock); @@ -1882,12 +1882,12 @@ int selinux_ss_netif_sid(char *name, u32 *if_sid) if (c) { if (!c->sid[0] || !c->sid[1]) { - rc = sidtab_context_to_sid(&sidtab, + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]); if (rc) goto out; - rc = sidtab_context_to_sid(&sidtab, + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &c->context[1], &c->sid[1]); if (rc) @@ -1928,7 +1928,7 @@ int selinux_ss_node_sid(u16 domain, u32 *out_sid) { int rc = 0; - struct ocontext *c; + struct selinux_ss_ocontext *c; read_lock(&policy_rwlock); @@ -1973,7 +1973,7 @@ int selinux_ss_node_sid(u16 domain, if (c) { if (!c->sid[0]) { - rc = sidtab_context_to_sid(&sidtab, + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]); if (rc) @@ -2010,11 +2010,11 @@ int selinux_ss_get_user_sids(u32 fromsid, u32 **sids, u32 *nel) { - struct context *fromcon, usercon; + struct selinux_ss_context *fromcon, usercon; u32 *mysids = NULL, *mysids2, sid; u32 mynel = 0, maxnel = SIDS_NEL; - struct user_datum *user; - struct role_datum *role; + struct selinux_ss_user_datum *user; + struct selinux_ss_role_datum *role; struct selinux_ss_ebitmap_node *rnode, *tnode; int rc = 0, i, j; @@ -2028,7 +2028,7 @@ int selinux_ss_get_user_sids(u32 fromsid, context_init(&usercon); - fromcon = sidtab_search(&sidtab, fromsid); + fromcon = selinux_ss_sidtab_search(&sidtab, fromsid); if (!fromcon) { rc = -EINVAL; goto out_unlock; @@ -2056,7 +2056,7 @@ int selinux_ss_get_user_sids(u32 fromsid, if (mls_setup_user_range(fromcon, user, &usercon)) continue; - rc = sidtab_context_to_sid(&sidtab, &usercon, &sid); + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &usercon, &sid); if (rc) goto out_unlock; if (mynel < maxnel) { @@ -2123,8 +2123,8 @@ int selinux_ss_genfs_sid(const char *fstype, u32 *sid) { int len; - struct genfs *genfs; - struct ocontext *c; + struct selinux_ss_genfs *genfs; + struct selinux_ss_ocontext *c; int rc = 0, cmp = 0; while (path[0] == '/' && path[1] == '/') @@ -2158,7 +2158,7 @@ int selinux_ss_genfs_sid(const char *fstype, } if (!c->sid[0]) { - rc = sidtab_context_to_sid(&sidtab, + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]); if (rc) @@ -2183,7 +2183,7 @@ int selinux_ss_fs_use( u32 *sid) { int rc = 0; - struct ocontext *c; + struct selinux_ss_ocontext *c; read_lock(&policy_rwlock); @@ -2197,7 +2197,7 @@ int selinux_ss_fs_use( if (c) { *behavior = c->v.behavior; if (!c->sid[0]) { - rc = sidtab_context_to_sid(&sidtab, + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]); if (rc) @@ -2333,7 +2333,7 @@ out: return rc; } -static int security_preserve_bools(struct policydb *p) +static int security_preserve_bools(struct selinux_ss_policydb *p) { int rc, nbools = 0, *bvalues = NULL, i; char **bnames = NULL; @@ -2370,9 +2370,9 @@ out: */ int selinux_ss_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) { - struct context *context1; - struct context *context2; - struct context newcon; + struct selinux_ss_context *context1; + struct selinux_ss_context *context2; + struct selinux_ss_context newcon; char *s; u32 len; int rc = 0; @@ -2385,7 +2385,7 @@ int selinux_ss_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) context_init(&newcon); read_lock(&policy_rwlock); - context1 = sidtab_search(&sidtab, sid); + context1 = selinux_ss_sidtab_search(&sidtab, sid); if (!context1) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, sid); @@ -2393,7 +2393,7 @@ int selinux_ss_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) goto out_unlock; } - context2 = sidtab_search(&sidtab, mls_sid); + context2 = selinux_ss_sidtab_search(&sidtab, mls_sid); if (!context2) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, mls_sid); @@ -2415,7 +2415,7 @@ int selinux_ss_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) goto bad; } - rc = sidtab_context_to_sid(&sidtab, &newcon, new_sid); + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &newcon, new_sid); goto out_unlock; bad: @@ -2457,8 +2457,8 @@ int selinux_ss_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, u32 *peer_sid) { int rc; - struct context *nlbl_ctx; - struct context *xfrm_ctx; + struct selinux_ss_context *nlbl_ctx; + struct selinux_ss_context *xfrm_ctx; /* handle the common (which also happens to be the set of easy) cases * right away, these two if statements catch everything involving a @@ -2485,14 +2485,14 @@ int selinux_ss_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, read_lock(&policy_rwlock); - nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); + nlbl_ctx = selinux_ss_sidtab_search(&sidtab, nlbl_sid); if (!nlbl_ctx) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, nlbl_sid); rc = -EINVAL; goto out_slowpath; } - xfrm_ctx = sidtab_search(&sidtab, xfrm_sid); + xfrm_ctx = selinux_ss_sidtab_search(&sidtab, xfrm_sid); if (!xfrm_ctx) { printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", __func__, xfrm_sid); @@ -2517,7 +2517,7 @@ out_slowpath: static int get_classes_callback(void *k, void *d, void *args) { - struct class_datum *datum = d; + struct selinux_ss_class_datum *datum = d; char *name = k, **classes = args; int value = datum->value - 1; @@ -2555,7 +2555,7 @@ out: static int get_permissions_callback(void *k, void *d, void *args) { - struct perm_datum *datum = d; + struct selinux_ss_perm_datum *datum = d; char *name = k, **perms = args; int value = datum->value - 1; @@ -2569,7 +2569,7 @@ static int get_permissions_callback(void *k, void *d, void *args) int selinux_ss_get_permissions(char *class, char ***perms, int *nperms) { int rc = -ENOMEM, i; - struct class_datum *match; + struct selinux_ss_class_datum *match; read_lock(&policy_rwlock); @@ -2643,7 +2643,7 @@ int selinux_ss_policycap_supported(unsigned int req_cap) struct selinux_audit_rule { u32 au_seqno; - struct context au_ctxt; + struct selinux_ss_context au_ctxt; }; void selinux_audit_rule_free(void *vrule) @@ -2659,9 +2659,9 @@ void selinux_audit_rule_free(void *vrule) int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) { struct selinux_audit_rule *tmprule; - struct role_datum *roledatum; - struct type_datum *typedatum; - struct user_datum *userdatum; + struct selinux_ss_role_datum *roledatum; + struct selinux_ss_type_datum *typedatum; + struct selinux_ss_user_datum *userdatum; struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule; int rc = 0; @@ -2777,7 +2777,7 @@ int selinux_audit_rule_known(struct audit_krule *rule) int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, struct audit_context *actx) { - struct context *ctxt; + struct selinux_ss_context *ctxt; struct mls_level *level; struct selinux_audit_rule *rule = vrule; int match = 0; @@ -2797,7 +2797,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, goto out; } - ctxt = sidtab_search(&sidtab, sid); + ctxt = selinux_ss_sidtab_search(&sidtab, sid); if (!ctxt) { audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, "selinux_audit_rule_match: unrecognized SID %d\n", @@ -2962,8 +2962,8 @@ int selinux_ss_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, u32 *sid) { int rc = -EIDRM; - struct context *ctx; - struct context ctx_new; + struct selinux_ss_context *ctx; + struct selinux_ss_context ctx_new; if (!ss_initialized) { *sid = SECSID_NULL; @@ -2979,7 +2979,7 @@ int selinux_ss_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, *sid = secattr->attr.secid; rc = 0; } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { - ctx = sidtab_search(&sidtab, SECINITSID_NETMSG); + ctx = selinux_ss_sidtab_search(&sidtab, SECINITSID_NETMSG); if (ctx == NULL) goto netlbl_secattr_to_sid_return; @@ -2999,7 +2999,7 @@ int selinux_ss_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, if (mls_context_isvalid(&policydb, &ctx_new) != 1) goto netlbl_secattr_to_sid_return_cleanup; - rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid); + rc = selinux_ss_sidtab_context_to_sid(&sidtab, &ctx_new, sid); if (rc != 0) goto netlbl_secattr_to_sid_return_cleanup; @@ -3032,13 +3032,13 @@ netlbl_secattr_to_sid_return_cleanup: int selinux_ss_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) { int rc; - struct context *ctx; + struct selinux_ss_context *ctx; if (!ss_initialized) return 0; read_lock(&policy_rwlock); - ctx = sidtab_search(&sidtab, sid); + ctx = selinux_ss_sidtab_search(&sidtab, sid); if (ctx == NULL) { rc = -ENOENT; goto netlbl_sid_to_secattr_failure; diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index e8d907e..9d42e9d 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -9,7 +9,7 @@ #include "policydb.h" #include "sidtab.h" -extern struct policydb policydb; +extern struct selinux_ss_policydb policydb; #endif /* _SS_SERVICES_H_ */ diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index e817989..294ede4 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -14,7 +14,7 @@ #define SIDTAB_HASH(sid) \ (sid & SIDTAB_HASH_MASK) -int sidtab_init(struct sidtab *s) +int selinux_ss_sidtab_init(struct selinux_ss_sidtab *s) { int i; @@ -30,10 +30,10 @@ int sidtab_init(struct sidtab *s) return 0; } -int sidtab_insert(struct sidtab *s, u32 sid, struct context *context) +int selinux_ss_sidtab_insert(struct selinux_ss_sidtab *s, u32 sid, struct selinux_ss_context *context) { int hvalue, rc = 0; - struct sidtab_node *prev, *cur, *newnode; + struct selinux_ss_sidtab_node *prev, *cur, *newnode; if (!s) { rc = -ENOMEM; @@ -82,10 +82,10 @@ out: return rc; } -static struct context *sidtab_search_core(struct sidtab *s, u32 sid, int force) +static struct selinux_ss_context *selinux_ss_sidtab_search_core(struct selinux_ss_sidtab *s, u32 sid, int force) { int hvalue; - struct sidtab_node *cur; + struct selinux_ss_sidtab_node *cur; if (!s) return NULL; @@ -112,24 +112,24 @@ static struct context *sidtab_search_core(struct sidtab *s, u32 sid, int force) return &cur->context; } -struct context *sidtab_search(struct sidtab *s, u32 sid) +struct selinux_ss_context *selinux_ss_sidtab_search(struct selinux_ss_sidtab *s, u32 sid) { - return sidtab_search_core(s, sid, 0); + return selinux_ss_sidtab_search_core(s, sid, 0); } -struct context *sidtab_search_force(struct sidtab *s, u32 sid) +struct selinux_ss_context *selinux_ss_sidtab_search_force(struct selinux_ss_sidtab *s, u32 sid) { - return sidtab_search_core(s, sid, 1); + return selinux_ss_sidtab_search_core(s, sid, 1); } -int sidtab_map(struct sidtab *s, +int selinux_ss_sidtab_map(struct selinux_ss_sidtab *s, int (*apply) (u32 sid, - struct context *context, + struct selinux_ss_context *context, void *args), void *args) { int i, rc = 0; - struct sidtab_node *cur; + struct selinux_ss_sidtab_node *cur; if (!s) goto out; @@ -147,11 +147,11 @@ out: return rc; } -static inline u32 sidtab_search_context(struct sidtab *s, - struct context *context) +static inline u32 selinux_ss_sidtab_search_context(struct selinux_ss_sidtab *s, + struct selinux_ss_context *context) { int i; - struct sidtab_node *cur; + struct selinux_ss_sidtab_node *cur; for (i = 0; i < SIDTAB_SIZE; i++) { cur = s->htable[i]; @@ -164,8 +164,8 @@ static inline u32 sidtab_search_context(struct sidtab *s, return 0; } -int sidtab_context_to_sid(struct sidtab *s, - struct context *context, +int selinux_ss_sidtab_context_to_sid(struct selinux_ss_sidtab *s, + struct selinux_ss_context *context, u32 *out_sid) { u32 sid; @@ -174,11 +174,11 @@ int sidtab_context_to_sid(struct sidtab *s, *out_sid = SECSID_NULL; - sid = sidtab_search_context(s, context); + sid = selinux_ss_sidtab_search_context(s, context); if (!sid) { spin_lock_irqsave(&s->lock, flags); /* Rescan now that we hold the lock. */ - sid = sidtab_search_context(s, context); + sid = selinux_ss_sidtab_search_context(s, context); if (sid) goto unlock_out; /* No SID exists for the context. Allocate a new one. */ @@ -191,7 +191,7 @@ int sidtab_context_to_sid(struct sidtab *s, printk(KERN_INFO "SELinux: Context %s is not valid (left unmapped).\n", context->str); - ret = sidtab_insert(s, sid, context); + ret = selinux_ss_sidtab_insert(s, sid, context); if (ret) s->next_sid--; unlock_out: @@ -205,10 +205,10 @@ unlock_out: return 0; } -void sidtab_hash_eval(struct sidtab *h, char *tag) +void selinux_ss_sidtab_hash_eval(struct selinux_ss_sidtab *h, char *tag) { int i, chain_len, slots_used, max_chain_len; - struct sidtab_node *cur; + struct selinux_ss_sidtab_node *cur; slots_used = 0; max_chain_len = 0; @@ -232,10 +232,10 @@ void sidtab_hash_eval(struct sidtab *h, char *tag) max_chain_len); } -void sidtab_destroy(struct sidtab *s) +void selinux_ss_sidtab_destroy(struct selinux_ss_sidtab *s) { int i; - struct sidtab_node *cur, *temp; + struct selinux_ss_sidtab_node *cur, *temp; if (!s) return; @@ -256,7 +256,7 @@ void sidtab_destroy(struct sidtab *s) s->next_sid = 1; } -void sidtab_set(struct sidtab *dst, struct sidtab *src) +void selinux_ss_sidtab_set(struct selinux_ss_sidtab *dst, struct selinux_ss_sidtab *src) { unsigned long flags; @@ -268,7 +268,7 @@ void sidtab_set(struct sidtab *dst, struct sidtab *src) spin_unlock_irqrestore(&src->lock, flags); } -void sidtab_shutdown(struct sidtab *s) +void selinux_ss_sidtab_shutdown(struct selinux_ss_sidtab *s) { unsigned long flags; diff --git a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h index 64ea5b1..a48ab7f 100644 --- a/security/selinux/ss/sidtab.h +++ b/security/selinux/ss/sidtab.h @@ -9,10 +9,10 @@ #include "context.h" -struct sidtab_node { +struct selinux_ss_sidtab_node { u32 sid; /* security identifier */ - struct context context; /* security context structure */ - struct sidtab_node *next; + struct selinux_ss_context context; /* security context structure */ + struct selinux_ss_sidtab_node *next; }; #define SIDTAB_HASH_BITS 7 @@ -21,33 +21,33 @@ struct sidtab_node { #define SIDTAB_SIZE SIDTAB_HASH_BUCKETS -struct sidtab { - struct sidtab_node **htable; +struct selinux_ss_sidtab { + struct selinux_ss_sidtab_node **htable; unsigned int nel; /* number of elements */ unsigned int next_sid; /* next SID to allocate */ unsigned char shutdown; spinlock_t lock; }; -int sidtab_init(struct sidtab *s); -int sidtab_insert(struct sidtab *s, u32 sid, struct context *context); -struct context *sidtab_search(struct sidtab *s, u32 sid); -struct context *sidtab_search_force(struct sidtab *s, u32 sid); +int selinux_ss_sidtab_init(struct selinux_ss_sidtab *s); +int selinux_ss_sidtab_insert(struct selinux_ss_sidtab *s, u32 sid, struct selinux_ss_context *context); +struct selinux_ss_context *selinux_ss_sidtab_search(struct selinux_ss_sidtab *s, u32 sid); +struct selinux_ss_context *selinux_ss_sidtab_search_force(struct selinux_ss_sidtab *s, u32 sid); -int sidtab_map(struct sidtab *s, +int selinux_ss_sidtab_map(struct selinux_ss_sidtab *s, int (*apply) (u32 sid, - struct context *context, + struct selinux_ss_context *context, void *args), void *args); -int sidtab_context_to_sid(struct sidtab *s, - struct context *context, +int selinux_ss_sidtab_context_to_sid(struct selinux_ss_sidtab *s, + struct selinux_ss_context *context, u32 *sid); -void sidtab_hash_eval(struct sidtab *h, char *tag); -void sidtab_destroy(struct sidtab *s); -void sidtab_set(struct sidtab *dst, struct sidtab *src); -void sidtab_shutdown(struct sidtab *s); +void selinux_ss_sidtab_hash_eval(struct selinux_ss_sidtab *h, char *tag); +void selinux_ss_sidtab_destroy(struct selinux_ss_sidtab *s); +void selinux_ss_sidtab_set(struct selinux_ss_sidtab *dst, struct selinux_ss_sidtab *src); +void selinux_ss_sidtab_shutdown(struct selinux_ss_sidtab *s); #endif /* _SS_SIDTAB_H_ */ diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c index 7ef607d..4a8a122 100644 --- a/security/selinux/ss/symtab.c +++ b/security/selinux/ss/symtab.c @@ -33,7 +33,7 @@ static int symcmp(struct selinux_ss_hashtab *h, const void *key1, const void *ke } -int symtab_init(struct symtab *s, unsigned int size) +int selinux_ss_symtab_init(struct selinux_ss_symtab *s, unsigned int size) { s->table = selinux_ss_hashtab_create(symhash, symcmp, size); if (!s->table) diff --git a/security/selinux/ss/symtab.h b/security/selinux/ss/symtab.h index 4166ae4..80aa9e6 100644 --- a/security/selinux/ss/symtab.h +++ b/security/selinux/ss/symtab.h @@ -11,12 +11,12 @@ #include "hashtab.h" -struct symtab { +struct selinux_ss_symtab { struct selinux_ss_hashtab *table; /* hash table (keyed on a string) */ u32 nprim; /* number of primary names in table */ }; -int symtab_init(struct symtab *s, unsigned int size); +int selinux_ss_symtab_init(struct selinux_ss_symtab *s, unsigned int size); #endif /* _SS_SYMTAB_H_ */ -- 1.6.2.5 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.