xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

selinux: Add helper functions to get and set checkreqprot

Browse Source 
checkreqprot data member in selinux_state struct is accessed directly by
SELinux functions to get and set. This could cause unexpected read or
write access to this data member due to compiler optimizations and/or
compiler's reordering of access to this field.

Add helper functions to get and set checkreqprot data member in
selinux_state struct. These helper functions use READ_ONCE and
WRITE_ONCE macros to ensure atomic read or write of memory for
this data member.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Suggested-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Lakshmi Ramasubramanian
2020-09-14 10:31:57 -07:00
committed by Paul Moore
parent e8ba53d002
commit 8861d0af64
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
security/selinux/include/security.h
View File

@@ -143,6 +143,16 @@ static inline void enforcing_set(struct selinux_state *state, bool value)
}
#endif
static inline bool checkreqprot_get(const struct selinux_state *state)
{
return READ_ONCE(state->checkreqprot);
}
static inline void checkreqprot_set(struct selinux_state *state, bool value)
{
WRITE_ONCE(state->checkreqprot, value);
}
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static inline bool selinux_disabled(struct selinux_state *state)
{