On Mon, Mar 5, 2018 at 11:47 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > Wrap the AVC state within the selinux_state structure and > pass it explicitly to all AVC functions. The AVC private state > is encapsulated in a selinux_avc structure that is referenced > from the selinux_state. > > This change should have no effect on SELinux behavior or > APIs (userspace or LSM). > > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > --- > security/selinux/avc.c | 284 ++++++++++++++----------- > security/selinux/hooks.c | 398 ++++++++++++++++++++++++------------ > security/selinux/include/avc.h | 32 ++- > security/selinux/include/avc_ss.h | 3 +- > security/selinux/include/security.h | 3 + > security/selinux/netlabel.c | 3 +- > security/selinux/selinuxfs.c | 60 ++++-- > security/selinux/ss/services.c | 9 +- > security/selinux/xfrm.c | 17 +- > 9 files changed, 512 insertions(+), 297 deletions(-) This patch looks fine to me. Once we sort out my questions/comments in patch 1/2 I'll apply this. -- paul moore www.paul-moore.com
