selinux: access policycaps with READ_ONCE/WRITE_ONCE (e8ba53d0) · Commits · 戴 / test

security/selinux/include/security.h

+7 −7

Original line number	Diff line number	Diff line
		@@ -164,49 +164,49 @@ static inline bool selinux_policycap_netpeer(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->policycap[POLICYDB_CAPABILITY_NETPEER];
		return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NETPEER]);
		}

		static inline bool selinux_policycap_openperm(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->policycap[POLICYDB_CAPABILITY_OPENPERM];
		return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_OPENPERM]);
		}

		static inline bool selinux_policycap_extsockclass(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS];
		return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]);
		}

		static inline bool selinux_policycap_alwaysnetwork(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK];
		return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]);
		}

		static inline bool selinux_policycap_cgroupseclabel(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL];
		return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]);
		}

		static inline bool selinux_policycap_nnp_nosuid_transition(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION];
		return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]);
		}

		static inline bool selinux_policycap_genfs_seclabel_symlinks(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS];
		return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]);
		}

		int security_mls_enabled(struct selinux_state *state);

security/selinux/ss/services.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2123,7 +2123,8 @@ static void security_load_policycaps(struct selinux_state *state,
		p = &policy->policydb;

		for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
		state->policycap[i] = ebitmap_get_bit(&p->policycaps, i);
		WRITE_ONCE(state->policycap[i],
		ebitmap_get_bit(&p->policycaps, i));

		for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
		pr_info("SELinux: policy capability %s=%d\n",

Admin message