diff options
| -rw-r--r-- | include/linux/netlink.h | 1 | ||||
| -rw-r--r-- | security/selinux/Makefile | 2 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 3 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 3 |
4 files changed, 8 insertions, 1 deletions
diff --git a/include/linux/netlink.h b/include/linux/netlink.h index 2e88f308c7b4..4e5ea27305a2 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h @@ -11,6 +11,7 @@ #define NETLINK_TCPDIAG 4 /* TCP socket monitoring */ #define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */ #define NETLINK_XFRM 6 /* ipsec */ +#define NETLINK_SELINUX 7 /* SELinux event notifications */ #define NETLINK_ARPD 8 #define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */ #define NETLINK_IP6_FW 13 diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 8862dea31ef4..890404ed2a5e 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -4,7 +4,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/ -selinux-y := avc.o hooks.o selinuxfs.o +selinux-y := avc.o hooks.o selinuxfs.o netlink.o selinux-$(CONFIG_SECURITY_NETWORK) += netif.o diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 682fb85010f8..531faa197107 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -17,6 +17,8 @@ #include "security.h" #include "objsec.h" +extern void selnl_notify_setenforce(int val); + /* Check whether a task is allowed to use a security operation. */ int task_has_security(struct task_struct *tsk, u32 perms) @@ -111,6 +113,7 @@ static ssize_t sel_write_enforce(struct file * file, const char * buf, selinux_enforcing = new_value; if (selinux_enforcing) avc_ss_reset(0); + selnl_notify_setenforce(selinux_enforcing); } length = count; out: diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index b2821d6f5567..d6cb5a1b2f8f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -28,6 +28,8 @@ #include "services.h" #include "mls.h" +extern void selnl_notify_policyload(u32 seqno); + static rwlock_t policy_rwlock = RW_LOCK_UNLOCKED; #define POLICY_RDLOCK read_lock(&policy_rwlock) #define POLICY_WRLOCK write_lock_irq(&policy_rwlock) @@ -1052,6 +1054,7 @@ int security_load_policy(void *data, size_t len) sidtab_destroy(&oldsidtab); avc_ss_reset(seqno); + selnl_notify_policyload(seqno); return 0; |