exit: exit_notify() can trust signal->notify_count < 0

[safe/jmp/linux-2.6] / security / selinux / exports.c

diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index b6f9694..c0a454a 100644 (file)
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -17,71 +17,55 @@
 #include <linux/selinux.h>
 #include <linux/fs.h>
 #include <linux/ipc.h>
+#include <asm/atomic.h>
 
 #include "security.h"
 #include "objsec.h"
 
-int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
+/* SECMARK reference count */
+extern atomic_t selinux_secmark_refcount;
+
+int selinux_string_to_sid(char *str, u32 *sid)
 {
        if (selinux_enabled)
-               return security_sid_to_context(sid, ctx, ctxlen);
+               return security_context_to_sid(str, strlen(str), sid);
        else {
-               *ctx = NULL;
-               *ctxlen = 0;
+               *sid = 0;
+               return 0;
        }
-
-       return 0;
 }
+EXPORT_SYMBOL_GPL(selinux_string_to_sid);
 
-void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
+int selinux_secmark_relabel_packet_permission(u32 sid)
 {
        if (selinux_enabled) {
-               struct inode_security_struct *isec = inode->i_security;
-               *sid = isec->sid;
-               return;
-       }
-       *sid = 0;
-}
+               const struct task_security_struct *__tsec;
+               u32 tsid;
 
-void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
-{
-       if (selinux_enabled) {
-               struct ipc_security_struct *isec = ipcp->security;
-               *sid = isec->sid;
-               return;
+               __tsec = current_security();
+               tsid = __tsec->sid;
+
+               return avc_has_perm(tsid, sid, SECCLASS_PACKET,
+                                   PACKET__RELABELTO, NULL);
        }
-       *sid = 0;
+       return 0;
 }
+EXPORT_SYMBOL_GPL(selinux_secmark_relabel_packet_permission);
 
-void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
+void selinux_secmark_refcount_inc(void)
 {
-       if (selinux_enabled) {
-               struct task_security_struct *tsec = tsk->security;
-               *sid = tsec->sid;
-               return;
-       }
-       *sid = 0;
+       atomic_inc(&selinux_secmark_refcount);
 }
+EXPORT_SYMBOL_GPL(selinux_secmark_refcount_inc);
 
-int selinux_string_to_sid(char *str, u32 *sid)
+void selinux_secmark_refcount_dec(void)
 {
-       if (selinux_enabled)
-               return security_context_to_sid(str, strlen(str), sid);
-       else {
-               *sid = 0;
-               return 0;
-       }
+       atomic_dec(&selinux_secmark_refcount);
 }
-EXPORT_SYMBOL_GPL(selinux_string_to_sid);
+EXPORT_SYMBOL_GPL(selinux_secmark_refcount_dec);
 
-int selinux_relabel_packet_permission(u32 sid)
+bool selinux_is_enabled(void)
 {
-       if (selinux_enabled) {
-               struct task_security_struct *tsec = current->security;
-
-               return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET,
-                                   PACKET__RELABELTO, NULL);
-       }
-       return 0;
+       return selinux_enabled;
 }
-EXPORT_SYMBOL_GPL(selinux_relabel_packet_permission);
+EXPORT_SYMBOL_GPL(selinux_is_enabled);