selinux: wrap AVC state Wrap the AVC state within the selinux_state structure and pass it explicitly to all AVC functions. The AVC private state is encapsulated in a selinux_avc structure that is referenced from the selinux_state. This change should have no effect on SELinux behavior or APIs (userspace or LSM). Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: James Morris <james.morris@microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

commit: 6b6bc6205d98796361962ee282a063f18ba8dc57 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Mon Mar 05 11:47:56 2018 -0500
committer: Paul Moore <paul@paul-moore.com> Tue Mar 20 16:58:17 2018 -0400
tree: b9e6f6492606000e1d8826b4eb2c882726c61722
parent: 0619f0f5e36f12e100ef294f5980cfe7c93ff23e [diff] [blame]
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 28010f7..186e727 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c

@@ -478,7 +478,8 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
 		perm = RAWIP_SOCKET__RECVFROM;
 	}
 
-	rc = avc_has_perm(sksec->sid, nlbl_sid, sksec->sclass, perm, ad);
+	rc = avc_has_perm(&selinux_state,
+			  sksec->sid, nlbl_sid, sksec->sclass, perm, ad);
 	if (rc == 0)
 		return 0;
commit	6b6bc6205d98796361962ee282a063f18ba8dc57	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Mon Mar 05 11:47:56 2018 -0500
committer	Paul Moore <paul@paul-moore.com>	Tue Mar 20 16:58:17 2018 -0400
tree	b9e6f6492606000e1d8826b4eb2c882726c61722
parent	0619f0f5e36f12e100ef294f5980cfe7c93ff23e [diff] [blame]