selinux: wrap AVC state

Wrap the AVC state within the selinux_state structure and pass it explicitly to all AVC functions. The AVC private state is encapsulated in a selinux_avc structure that is referenced from the selinux_state. This change should have no effect on SELinux behavior or APIs (userspace or LSM). Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: James Morris <james.morris@microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Stephen Smalley <sds@tycho.nsa.gov> 2018-03-05 11:47:56 -0500
committer: Paul Moore <paul@paul-moore.com> 2018-03-20 16:58:17 -0400
commit: 6b6bc6205d98796361962ee282a063f18ba8dc57 (patch)
tree: b9e6f6492606000e1d8826b4eb2c882726c61722 /security/selinux/netlabel.c
parent: 0619f0f5e36f12e100ef294f5980cfe7c93ff23e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 28010f741cfe..186e727b737b 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -478,7 +478,8 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
 		perm = RAWIP_SOCKET__RECVFROM;
 	}
 
-	rc = avc_has_perm(sksec->sid, nlbl_sid, sksec->sclass, perm, ad);
+	rc = avc_has_perm(&selinux_state,
+			  sksec->sid, nlbl_sid, sksec->sclass, perm, ad);
 	if (rc == 0)
 		return 0;
author	Stephen Smalley <sds@tycho.nsa.gov>	2018-03-05 11:47:56 -0500
committer	Paul Moore <paul@paul-moore.com>	2018-03-20 16:58:17 -0400
commit	6b6bc6205d98796361962ee282a063f18ba8dc57 (patch)
tree	b9e6f6492606000e1d8826b4eb2c882726c61722 /security/selinux/netlabel.c
parent	0619f0f5e36f12e100ef294f5980cfe7c93ff23e (diff)