diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-06-30 14:55:42 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-06-30 14:55:42 -0700 |
| commit | 6bd344e55f73f7ae671bf5c1ebe5bd814f3c4b27 (patch) | |
| tree | 03dee12ff73d1f8cfb21e11fada2aa2ff964a49d /security/selinux/ss/avtab.h | |
| parent | 44b6ed4cfab8474061707b60e35afaf2c92a9dc3 (diff) | |
| parent | d99cf13f14200cdb5cbb704345774c9c0698612d (diff) | |
Merge tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
- The slow_avc_audit() function is now non-blocking so we can remove
the AVC_NONBLOCKING tricks; this also includes the 'flags' variant of
avc_has_perm().
- Use kmemdup() instead of kcalloc()+copy when copying parts of the
SELinux policydb.
- The InfiniBand device name is now passed by reference when possible
in the SELinux code, removing a strncpy().
- Minor cleanups including: constification of avtab function args,
removal of useless LSM/XFRM function args, SELinux kdoc fixes, and
removal of redundant assignments.
* tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
selinux: slow_avc_audit has become non-blocking
selinux: Fix kernel-doc
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
lsm_audit,selinux: pass IB device name by reference
selinux: Remove redundant assignment to rc
selinux: Corrected comment to match kernel-doc comment
selinux: delete selinux_xfrm_policy_lookup() useless argument
selinux: constify some avtab function arguments
selinux: simplify duplicate_policydb_cond_list() by using kmemdup()
Diffstat (limited to 'security/selinux/ss/avtab.h')
| -rw-r--r-- | security/selinux/ss/avtab.h | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index f2eeb36265d1..d3ebea8d146f 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -90,24 +90,26 @@ struct avtab { void avtab_init(struct avtab *h); int avtab_alloc(struct avtab *, u32); int avtab_alloc_dup(struct avtab *new, const struct avtab *orig); -struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k); +struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k); void avtab_destroy(struct avtab *h); void avtab_hash_eval(struct avtab *h, char *tag); struct policydb; int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, - int (*insert)(struct avtab *a, struct avtab_key *k, - struct avtab_datum *d, void *p), + int (*insert)(struct avtab *a, const struct avtab_key *k, + const struct avtab_datum *d, void *p), void *p); int avtab_read(struct avtab *a, void *fp, struct policydb *pol); -int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp); +int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp); int avtab_write(struct policydb *p, struct avtab *a, void *fp); -struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, - struct avtab_datum *datum); +struct avtab_node *avtab_insert_nonunique(struct avtab *h, + const struct avtab_key *key, + const struct avtab_datum *datum); -struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key); +struct avtab_node *avtab_search_node(struct avtab *h, + const struct avtab_key *key); struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); |