security/selinux/status.c
Source file repositories/reference/linux-study-clean/security/selinux/status.c
File Facts
- System
- Linux kernel
- Corpus path
security/selinux/status.c- Extension
.c- Size
- 3354 bytes
- Lines
- 123
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/kernel.hlinux/gfp.hlinux/mm.hlinux/mutex.havc.hsecurity.h
Detected Declarations
function Copyrightfunction selinux_status_update_setenforcefunction selinux_status_update_policyload
Annotated Snippet
if (selinux_state.status_page) {
status = page_address(selinux_state.status_page);
status->version = SELINUX_KERNEL_STATUS_VERSION;
status->sequence = 0;
status->enforcing = enforcing_enabled();
/*
* NOTE: the next policyload event shall set
* a positive value on the status->policyload,
* although it may not be 1, but never zero.
* So, application can know it was updated.
*/
status->policyload = 0;
status->deny_unknown =
!security_get_allow_unknown();
}
}
result = selinux_state.status_page;
mutex_unlock(&selinux_state.status_lock);
return result;
}
/*
* selinux_status_update_setenforce
*
* It updates status of the current enforcing/permissive mode.
*/
void selinux_status_update_setenforce(bool enforcing)
{
struct selinux_kernel_status *status;
mutex_lock(&selinux_state.status_lock);
if (selinux_state.status_page) {
status = page_address(selinux_state.status_page);
status->sequence++;
smp_wmb();
status->enforcing = enforcing ? 1 : 0;
smp_wmb();
status->sequence++;
}
mutex_unlock(&selinux_state.status_lock);
}
/*
* selinux_status_update_policyload
*
* It updates status of the times of policy reloaded, and current
* setting of deny_unknown.
*/
void selinux_status_update_policyload(u32 seqno)
{
struct selinux_kernel_status *status;
mutex_lock(&selinux_state.status_lock);
if (selinux_state.status_page) {
status = page_address(selinux_state.status_page);
status->sequence++;
smp_wmb();
status->policyload = seqno;
status->deny_unknown = !security_get_allow_unknown();
smp_wmb();
status->sequence++;
}
mutex_unlock(&selinux_state.status_lock);
}
Annotation
- Immediate include surface: `linux/kernel.h`, `linux/gfp.h`, `linux/mm.h`, `linux/mutex.h`, `avc.h`, `security.h`.
- Detected declarations: `function Copyright`, `function selinux_status_update_setenforce`, `function selinux_status_update_policyload`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.