security/selinux/include/security.h

Source file repositories/reference/linux-study-clean/security/selinux/include/security.h

File Facts

System
Linux kernel
Corpus path
security/selinux/include/security.h
Extension
.h
Size
12259 bytes
Lines
415
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

struct selinux_state {
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
	bool enforcing;
#endif
	bool initialized;
	bool policycap[__POLICYDB_CAP_MAX];

	struct page *status_page;
	struct mutex status_lock;

	struct selinux_policy __rcu *policy;
	struct mutex policy_mutex;
} __randomize_layout;

void selinux_avc_init(void);

extern struct selinux_state selinux_state;

static inline bool selinux_initialized(void)
{
	/* do a synchronized load to avoid race conditions */
	return smp_load_acquire(&selinux_state.initialized);
}

static inline void selinux_mark_initialized(void)
{
	/* do a synchronized write to avoid race conditions */
	smp_store_release(&selinux_state.initialized, true);
}

#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
static inline bool enforcing_enabled(void)
{
	return READ_ONCE(selinux_state.enforcing);
}

static inline void enforcing_set(bool value)
{
	WRITE_ONCE(selinux_state.enforcing, value);
}
#else
static inline bool enforcing_enabled(void)
{
	return true;
}

static inline void enforcing_set(bool value)
{
}
#endif

static inline bool checkreqprot_get(void)
{
	/* non-zero/true checkreqprot values are no longer supported */
	return 0;
}

static inline bool selinux_policycap_netpeer(void)
{
	return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_NETPEER]);
}

static inline bool selinux_policycap_openperm(void)
{
	return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_OPENPERM]);
}

static inline bool selinux_policycap_extsockclass(void)
{
	return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_EXTSOCKCLASS]);
}

static inline bool selinux_policycap_alwaysnetwork(void)
{
	return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_ALWAYSNETWORK]);
}

static inline bool selinux_policycap_cgroupseclabel(void)
{
	return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_CGROUPSECLABEL]);
}

static inline bool selinux_policycap_nnp_nosuid_transition(void)
{
	return READ_ONCE(
		selinux_state.policycap[POLICYDB_CAP_NNP_NOSUID_TRANSITION]);
}

static inline bool selinux_policycap_genfs_seclabel_symlinks(void)
{

Annotation

Implementation Notes