security/selinux/include/security.h
Source file repositories/reference/linux-study-clean/security/selinux/include/security.h
File Facts
- System
- Linux kernel
- Corpus path
security/selinux/include/security.h- Extension
.h- Size
- 12259 bytes
- Lines
- 415
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/compiler.hlinux/dcache.hlinux/magic.hlinux/types.hlinux/rcupdate.hlinux/refcount.hlinux/workqueue.hlinux/delay.hlinux/printk.hflask.hpolicycap.h
Detected Declarations
struct netlbl_lsm_secattrstruct selinux_policystruct selinux_statestruct selinux_policy_convert_datastruct selinux_load_statestruct av_decisionstruct extended_perms_datastruct extended_perms_decisionstruct extended_permsstruct selinux_kernel_statusfunction selinux_initializedfunction selinux_mark_initializedfunction enforcing_enabledfunction enforcing_setfunction enforcing_enabledfunction enforcing_setfunction selinux_policycap_netpeerfunction selinux_policycap_openpermfunction selinux_policycap_extsockclassfunction selinux_policycap_alwaysnetworkfunction selinux_policycap_cgroupseclabelfunction selinux_policycap_nnp_nosuid_transitionfunction selinux_policycap_genfs_seclabel_symlinksfunction selinux_policycap_ioctl_skip_cloexecfunction selinux_policycap_userspace_initial_contextfunction selinux_policycap_netlink_xpermfunction selinux_policycap_functionfs_seclabelfunction selinux_policycap_memfd_classfunction selinux_policycap_bpf_token_permsfunction security_netlbl_secattr_to_sidfunction security_netlbl_sid_to_secattr
Annotated Snippet
struct selinux_state {
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
bool enforcing;
#endif
bool initialized;
bool policycap[__POLICYDB_CAP_MAX];
struct page *status_page;
struct mutex status_lock;
struct selinux_policy __rcu *policy;
struct mutex policy_mutex;
} __randomize_layout;
void selinux_avc_init(void);
extern struct selinux_state selinux_state;
static inline bool selinux_initialized(void)
{
/* do a synchronized load to avoid race conditions */
return smp_load_acquire(&selinux_state.initialized);
}
static inline void selinux_mark_initialized(void)
{
/* do a synchronized write to avoid race conditions */
smp_store_release(&selinux_state.initialized, true);
}
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
static inline bool enforcing_enabled(void)
{
return READ_ONCE(selinux_state.enforcing);
}
static inline void enforcing_set(bool value)
{
WRITE_ONCE(selinux_state.enforcing, value);
}
#else
static inline bool enforcing_enabled(void)
{
return true;
}
static inline void enforcing_set(bool value)
{
}
#endif
static inline bool checkreqprot_get(void)
{
/* non-zero/true checkreqprot values are no longer supported */
return 0;
}
static inline bool selinux_policycap_netpeer(void)
{
return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_NETPEER]);
}
static inline bool selinux_policycap_openperm(void)
{
return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_OPENPERM]);
}
static inline bool selinux_policycap_extsockclass(void)
{
return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_EXTSOCKCLASS]);
}
static inline bool selinux_policycap_alwaysnetwork(void)
{
return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_ALWAYSNETWORK]);
}
static inline bool selinux_policycap_cgroupseclabel(void)
{
return READ_ONCE(selinux_state.policycap[POLICYDB_CAP_CGROUPSECLABEL]);
}
static inline bool selinux_policycap_nnp_nosuid_transition(void)
{
return READ_ONCE(
selinux_state.policycap[POLICYDB_CAP_NNP_NOSUID_TRANSITION]);
}
static inline bool selinux_policycap_genfs_seclabel_symlinks(void)
{
Annotation
- Immediate include surface: `linux/compiler.h`, `linux/dcache.h`, `linux/magic.h`, `linux/types.h`, `linux/rcupdate.h`, `linux/refcount.h`, `linux/workqueue.h`, `linux/delay.h`.
- Detected declarations: `struct netlbl_lsm_secattr`, `struct selinux_policy`, `struct selinux_state`, `struct selinux_policy_convert_data`, `struct selinux_load_state`, `struct av_decision`, `struct extended_perms_data`, `struct extended_perms_decision`, `struct extended_perms`, `struct selinux_kernel_status`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.