On Tue, Mar 13, 2018 at 3:48 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Mon, Mar 5, 2018 at 11:47 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> Wrap the AVC state within the selinux_state structure and >> pass it explicitly to all AVC functions. The AVC private state >> is encapsulated in a selinux_avc structure that is referenced >> from the selinux_state. >> >> This change should have no effect on SELinux behavior or >> APIs (userspace or LSM). >> >> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> >> --- >> security/selinux/avc.c | 284 ++++++++++++++----------- >> security/selinux/hooks.c | 398 ++++++++++++++++++++++++------------ >> security/selinux/include/avc.h | 32 ++- >> security/selinux/include/avc_ss.h | 3 +- >> security/selinux/include/security.h | 3 + >> security/selinux/netlabel.c | 3 +- >> security/selinux/selinuxfs.c | 60 ++++-- >> security/selinux/ss/services.c | 9 +- >> security/selinux/xfrm.c | 17 +- >> 9 files changed, 512 insertions(+), 297 deletions(-) > > This patch looks fine to me. Once we sort out my questions/comments > in patch 1/2 I'll apply this. With the other bits sorted, I just merged this. Thank you. -- paul moore www.paul-moore.com
