/* * selinux_kernel_status_page * * It returns a reference to selinux_status_page. If the status page is * not allocated yet, it also tries to allocate it at the first time. */ struct page *selinux_kernel_status_page(void) { struct selinux_kernel_status *status; struct page *result = NULL; mutex_lock(&selinux_status_lock); if (!selinux_status_page) { selinux_status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); if (selinux_status_page) { status = page_address(selinux_status_page); status->version = SELINUX_KERNEL_STATUS_VERSION; status->sequence = 0; status->enforcing = selinux_enforcing; /* * NOTE: the next policyload event shall set * a positive value on the status->policyload, * although it may not be 1, but never zero. * So, application can know it was updated. */ status->policyload = 0; status->deny_unknown = !security_get_allow_unknown(); } } result = selinux_status_page; mutex_unlock(&selinux_status_lock); return result; }
static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { char tmpbuf[TMPBUFLEN]; ssize_t length; ino_t ino = filp->f_path.dentry->d_inode->i_ino; int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? security_get_reject_unknown() : !security_get_allow_unknown(); length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); }
/* * selinux_status_update_policyload * * It updates status of the times of policy reloaded, and current * setting of deny_unknown. */ void selinux_status_update_policyload(int seqno) { struct selinux_kernel_status *status; mutex_lock(&selinux_status_lock); if (selinux_status_page) { status = page_address(selinux_status_page); status->sequence++; smp_wmb(); status->policyload = seqno; status->deny_unknown = !security_get_allow_unknown(); smp_wmb(); status->sequence++; } mutex_unlock(&selinux_status_lock); }
struct page *selinux_kernel_status_page(void) { struct selinux_kernel_status *status; struct page *result = NULL; mutex_lock(&selinux_status_lock); if (!selinux_status_page) { selinux_status_page = alloc_page(GFP_KERNEL|__GFP_ZERO); if (selinux_status_page) { status = page_address(selinux_status_page); status->version = SELINUX_KERNEL_STATUS_VERSION; status->sequence = 0; status->enforcing = selinux_enforcing; status->policyload = 0; status->deny_unknown = !security_get_allow_unknown(); } } result = selinux_status_page; mutex_unlock(&selinux_status_lock); return result; }