[PATCH] Security: Rename SELinux to NSALinux
From: Pali RohÃr
Date: Fri Apr 01 2016 - 04:50:15 EST
This patch helps NSA agents, so they will know easily which part of Linux
kernel code and also which config options must be enabled for their
"customer" kernel builds.
Patch also protects people aware of NSA activities, so they will know which
part of kernel code comes from NSA and which should they disable or drop.
Signed-off-by: Pali RohÃr <pali.rohar@xxxxxxxxx>
---
CREDITS | 2 +-
Documentation/ABI/testing/ima_policy | 4 +-
Documentation/CodingStyle | 2 +-
Documentation/DocBook/lsm.tmpl | 6 +-
Documentation/RCU/RTFP.txt | 8 +-
Documentation/cgroup-v1/cgroups.txt | 2 +-
Documentation/filesystems/caching/backend-api.txt | 2 +-
Documentation/filesystems/caching/cachefiles.txt | 16 +-
Documentation/filesystems/cifs/TODO | 2 +-
Documentation/filesystems/orangefs.txt | 2 +-
Documentation/filesystems/proc.txt | 2 +-
Documentation/kernel-parameters.txt | 20 +-
Documentation/networking/secid.txt | 2 +-
Documentation/security/00-INDEX | 4 +-
Documentation/security/LSM.txt | 2 +-
.../security/{SELinux.txt => NSALinux.txt} | 18 +-
Documentation/security/credentials.txt | 4 +-
Documentation/security/keys.txt | 12 +-
Documentation/security/tomoyo.txt | 2 +-
Documentation/zh_CN/CodingStyle | 2 +-
MAINTAINERS | 8 +-
arch/mips/configs/bigsur_defconfig | 6 +-
arch/mips/configs/loongson3_defconfig | 6 +-
arch/mips/configs/nlm_xlp_defconfig | 8 +-
arch/mips/configs/nlm_xlr_defconfig | 8 +-
arch/powerpc/configs/c2k_defconfig | 6 +-
arch/powerpc/configs/ppc6xx_defconfig | 6 +-
arch/s390/configs/default_defconfig | 8 +-
arch/s390/configs/gcov_defconfig | 8 +-
arch/s390/configs/performance_defconfig | 8 +-
arch/tile/configs/tilegx_defconfig | 6 +-
arch/tile/configs/tilepro_defconfig | 6 +-
arch/x86/configs/i386_defconfig | 6 +-
arch/x86/configs/x86_64_defconfig | 6 +-
arch/xtensa/configs/iss_defconfig | 2 +-
drivers/staging/lustre/lustre/llite/xattr.c | 14 +-
fs/9p/Kconfig | 2 +-
fs/btrfs/inode.c | 8 +-
fs/btrfs/super.c | 2 +-
fs/ext2/Kconfig | 2 +-
fs/ext4/Kconfig | 2 +-
fs/ext4/namei.c | 2 +-
fs/f2fs/Kconfig | 2 +-
fs/gfs2/inode.c | 2 +-
fs/jffs2/Kconfig | 2 +-
fs/jfs/Kconfig | 2 +-
fs/nfs/super.c | 8 +-
fs/nfsd/Kconfig | 4 +-
fs/reiserfs/Kconfig | 2 +-
fs/reiserfs/xattr_security.c | 2 +-
fs/xfs/xfs_iops.c | 2 +-
include/linux/cred.h | 2 +-
include/linux/lsm_audit.h | 6 +-
include/linux/lsm_hooks.h | 8 +-
include/linux/{selinux.h => nsalinux.h} | 20 +-
include/net/netlabel.h | 2 +-
include/uapi/linux/Kbuild | 2 +-
include/uapi/linux/audit.h | 2 +-
include/uapi/linux/magic.h | 2 +-
include/uapi/linux/netfilter/xt_SECMARK.h | 2 +-
include/uapi/linux/netfilter_ipv4.h | 4 +-
include/uapi/linux/netfilter_ipv6.h | 4 +-
include/uapi/linux/netlink.h | 2 +-
.../{selinux_netlink.h => nsalinux_netlink.h} | 10 +-
include/uapi/linux/pfkeyv2.h | 2 +-
include/uapi/linux/prctl.h | 2 +-
include/uapi/linux/xattr.h | 4 +-
include/uapi/linux/xfrm.h | 4 +-
init/Kconfig | 2 +-
kernel/audit.c | 6 +-
kernel/audit.h | 2 +-
kernel/cred.c | 4 +-
lib/Kconfig.debug | 2 +-
lib/is_single_threaded.c | 2 +-
mm/shmem.c | 2 +-
net/netlabel/netlabel_domainhash.c | 2 +-
scripts/Makefile | 2 +-
scripts/{selinux => nsalinux}/Makefile | 0
scripts/nsalinux/README | 2 +
.../{selinux => nsalinux}/genheaders/.gitignore | 0
scripts/{selinux => nsalinux}/genheaders/Makefile | 2 +-
.../{selinux => nsalinux}/genheaders/genheaders.c | 4 +-
scripts/{selinux => nsalinux}/install_policy.sh | 42 +-
scripts/{selinux => nsalinux}/mdp/.gitignore | 0
scripts/{selinux => nsalinux}/mdp/Makefile | 2 +-
scripts/{selinux => nsalinux}/mdp/dbus_contexts | 4 +-
scripts/{selinux => nsalinux}/mdp/mdp.c | 0
scripts/selinux/README | 2 -
security/Kconfig | 14 +-
security/Makefile | 4 +-
security/integrity/evm/Kconfig | 2 +-
security/integrity/evm/evm_main.c | 4 +-
security/integrity/ima/Kconfig | 2 +-
security/integrity/ima/ima_policy.c | 4 +-
security/lsm_audit.c | 2 +-
security/{selinux => nsalinux}/.gitignore | 0
security/{selinux => nsalinux}/Kconfig | 108 +-
security/{selinux => nsalinux}/Makefile | 16 +-
security/{selinux => nsalinux}/avc.c | 34 +-
security/{selinux => nsalinux}/exports.c | 10 +-
security/{selinux => nsalinux}/hooks.c | 1222 ++++++++++----------
security/{selinux => nsalinux}/include/audit.h | 30 +-
security/{selinux => nsalinux}/include/avc.h | 18 +-
security/{selinux => nsalinux}/include/avc_ss.h | 6 +-
security/{selinux => nsalinux}/include/classmap.h | 2 +-
.../{selinux => nsalinux}/include/conditional.h | 6 +-
.../include/initial_sid_to_string.h | 0
security/{selinux => nsalinux}/include/netif.h | 6 +-
security/{selinux => nsalinux}/include/netlabel.h | 56 +-
security/{selinux => nsalinux}/include/netnode.h | 6 +-
security/{selinux => nsalinux}/include/netport.h | 6 +-
security/{selinux => nsalinux}/include/objsec.h | 12 +-
security/{selinux => nsalinux}/include/security.h | 40 +-
security/{selinux => nsalinux}/include/xfrm.h | 56 +-
security/{selinux => nsalinux}/netif.c | 6 +-
security/{selinux => nsalinux}/netlabel.c | 78 +-
security/{selinux => nsalinux}/netlink.c | 10 +-
security/{selinux => nsalinux}/netnode.c | 8 +-
security/{selinux => nsalinux}/netport.c | 8 +-
security/{selinux => nsalinux}/nlmsgtab.c | 2 +-
.../{selinux/selinuxfs.c => nsalinux/nsalinuxfs.c} | 90 +-
security/{selinux => nsalinux}/ss/avtab.c | 50 +-
security/{selinux => nsalinux}/ss/avtab.h | 0
security/{selinux => nsalinux}/ss/conditional.c | 16 +-
security/{selinux => nsalinux}/ss/conditional.h | 0
security/{selinux => nsalinux}/ss/constraint.h | 0
security/{selinux => nsalinux}/ss/context.h | 0
security/{selinux => nsalinux}/ss/ebitmap.c | 18 +-
security/{selinux => nsalinux}/ss/ebitmap.h | 0
security/{selinux => nsalinux}/ss/hashtab.c | 0
security/{selinux => nsalinux}/ss/hashtab.h | 0
security/{selinux => nsalinux}/ss/mls.c | 2 +-
security/{selinux => nsalinux}/ss/mls.h | 0
security/{selinux => nsalinux}/ss/mls_types.h | 0
security/{selinux => nsalinux}/ss/policydb.c | 76 +-
security/{selinux => nsalinux}/ss/policydb.h | 2 +-
security/{selinux => nsalinux}/ss/services.c | 180 +--
security/{selinux => nsalinux}/ss/services.h | 0
security/{selinux => nsalinux}/ss/sidtab.c | 2 +-
security/{selinux => nsalinux}/ss/sidtab.h | 0
security/{selinux => nsalinux}/ss/status.c | 66 +-
security/{selinux => nsalinux}/ss/symtab.c | 0
security/{selinux => nsalinux}/ss/symtab.h | 0
security/{selinux => nsalinux}/xfrm.c | 108 +-
security/security.c | 6 +-
security/smack/smack_lsm.c | 6 +-
security/smack/smack_netfilter.c | 4 +-
security/smack/smackfs.c | 2 +-
.../testing/selftests/rcutorture/bin/functions.sh | 2 +-
tools/usb/usbip/README | 2 +-
150 files changed, 1420 insertions(+), 1420 deletions(-)
rename Documentation/security/{SELinux.txt => NSALinux.txt} (58%)
rename include/linux/{selinux.h => nsalinux.h} (60%)
rename include/uapi/linux/{selinux_netlink.h => nsalinux_netlink.h} (84%)
rename scripts/{selinux => nsalinux}/Makefile (100%)
create mode 100644 scripts/nsalinux/README
rename scripts/{selinux => nsalinux}/genheaders/.gitignore (100%)
rename scripts/{selinux => nsalinux}/genheaders/Makefile (52%)
rename scripts/{selinux => nsalinux}/genheaders/genheaders.c (95%)
rename scripts/{selinux => nsalinux}/install_policy.sh (45%)
rename scripts/{selinux => nsalinux}/mdp/.gitignore (100%)
rename scripts/{selinux => nsalinux}/mdp/Makefile (63%)
rename scripts/{selinux => nsalinux}/mdp/dbus_contexts (86%)
rename scripts/{selinux => nsalinux}/mdp/mdp.c (100%)
delete mode 100644 scripts/selinux/README
rename security/{selinux => nsalinux}/.gitignore (100%)
rename security/{selinux => nsalinux}/Kconfig (47%)
rename security/{selinux => nsalinux}/Makefile (41%)
rename security/{selinux => nsalinux}/avc.c (97%)
rename security/{selinux => nsalinux}/exports.c (74%)
rename security/{selinux => nsalinux}/hooks.c (78%)
rename security/{selinux => nsalinux}/include/audit.h (62%)
rename security/{selinux => nsalinux}/include/avc.h (94%)
rename security/{selinux => nsalinux}/include/avc_ss.h (84%)
rename security/{selinux => nsalinux}/include/classmap.h (99%)
rename security/{selinux => nsalinux}/include/conditional.h (85%)
rename security/{selinux => nsalinux}/include/initial_sid_to_string.h (100%)
rename security/{selinux => nsalinux}/include/netif.h (89%)
rename security/{selinux => nsalinux}/include/netlabel.h (53%)
rename security/{selinux => nsalinux}/include/netnode.h (87%)
rename security/{selinux => nsalinux}/include/netport.h (86%)
rename security/{selinux => nsalinux}/include/objsec.h (92%)
rename security/{selinux => nsalinux}/include/security.h (88%)
rename security/{selinux => nsalinux}/include/xfrm.h (37%)
rename security/{selinux => nsalinux}/netif.c (98%)
rename security/{selinux => nsalinux}/netlabel.c (81%)
rename security/{selinux => nsalinux}/netlink.c (89%)
rename security/{selinux => nsalinux}/netnode.c (97%)
rename security/{selinux => nsalinux}/netport.c (96%)
rename security/{selinux => nsalinux}/nlmsgtab.c (99%)
rename security/{selinux/selinuxfs.c => nsalinux/nsalinuxfs.c} (95%)
rename security/{selinux => nsalinux}/ss/avtab.c (90%)
rename security/{selinux => nsalinux}/ss/avtab.h (100%)
rename security/{selinux => nsalinux}/ss/conditional.c (95%)
rename security/{selinux => nsalinux}/ss/conditional.h (100%)
rename security/{selinux => nsalinux}/ss/constraint.h (100%)
rename security/{selinux => nsalinux}/ss/context.h (100%)
rename security/{selinux => nsalinux}/ss/ebitmap.c (94%)
rename security/{selinux => nsalinux}/ss/ebitmap.h (100%)
rename security/{selinux => nsalinux}/ss/hashtab.c (100%)
rename security/{selinux => nsalinux}/ss/hashtab.h (100%)
rename security/{selinux => nsalinux}/ss/mls.c (99%)
rename security/{selinux => nsalinux}/ss/mls.h (100%)
rename security/{selinux => nsalinux}/ss/mls_types.h (100%)
rename security/{selinux => nsalinux}/ss/policydb.c (96%)
rename security/{selinux => nsalinux}/ss/policydb.h (99%)
rename security/{selinux => nsalinux}/ss/services.c (94%)
rename security/{selinux => nsalinux}/ss/services.h (100%)
rename security/{selinux => nsalinux}/ss/sidtab.c (98%)
rename security/{selinux => nsalinux}/ss/sidtab.h (100%)
rename security/{selinux => nsalinux}/ss/status.c (58%)
rename security/{selinux => nsalinux}/ss/symtab.c (100%)
rename security/{selinux => nsalinux}/ss/symtab.h (100%)
rename security/{selinux => nsalinux}/xfrm.c (75%)
diff --git a/CREDITS b/CREDITS
index 4312cd0..f5f19d6 100644
--- a/CREDITS
+++ b/CREDITS
@@ -2600,7 +2600,7 @@ S: Nashua, NH 03062
N: James Morris
E: jmorris@xxxxxxxxx
W: http://namei.org/
-D: Netfilter, Linux Security Modules (LSM), SELinux, IPSec,
+D: Netfilter, Linux Security Modules (LSM), NSALinux, IPSec,
D: Crypto API, general networking, miscellaneous.
S: PO Box 707
S: Spit Junction NSW 2088
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index bb0f9a1..bd88a08 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -62,7 +62,7 @@ Description:
# SECURITYFS_MAGIC
dont_measure fsmagic=0x73636673
dont_appraise fsmagic=0x73636673
- # SELINUX_MAGIC
+ # NSALINUX_MAGIC
dont_measure fsmagic=0xf97cff8c
dont_appraise fsmagic=0xf97cff8c
# CGROUP_SUPER_MAGIC
@@ -86,7 +86,7 @@ Description:
Examples of LSM specific definitions:
- SELinux:
+ NSALinux:
dont_measure obj_type=var_log_t
dont_appraise obj_type=var_log_t
dont_measure obj_type=auditd_log_t
diff --git a/Documentation/CodingStyle b/Documentation/CodingStyle
index 9a70ddd..205a615 100644
--- a/Documentation/CodingStyle
+++ b/Documentation/CodingStyle
@@ -564,7 +564,7 @@ config AUDIT
depends on NET
help
Enable auditing infrastructure that can be used with another
- kernel subsystem, such as SELinux (which requires this for
+ kernel subsystem, such as NSALinux (which requires this for
logging of avc messages output). Does not do system-call
auditing without CONFIG_AUDITSYSCALL.
diff --git a/Documentation/DocBook/lsm.tmpl b/Documentation/DocBook/lsm.tmpl
index fe7664c..487ec94 100644
--- a/Documentation/DocBook/lsm.tmpl
+++ b/Documentation/DocBook/lsm.tmpl
@@ -37,8 +37,8 @@
<para>
In March 2001, the National Security Agency (NSA) gave a presentation
-about Security-Enhanced Linux (SELinux) at the 2.5 Linux Kernel
-Summit. SELinux is an implementation of flexible and fine-grained
+about Security-Enhanced Linux (NSALinux) at the 2.5 Linux Kernel
+Summit. NSALinux is an implementation of flexible and fine-grained
nondiscretionary access controls in the Linux kernel, originally
implemented as its own particular kernel patch. Several other
security projects (e.g. RSBAC, Medusa) have also developed flexible
@@ -64,7 +64,7 @@ module.
<para>
The Linux Security Modules (LSM) project was started by WireX to
develop such a framework. LSM is a joint development effort by
-several security projects, including Immunix, SELinux, SGI and Janus,
+several security projects, including Immunix, NSALinux, SGI and Janus,
and several individuals, including Greg Kroah-Hartman and James
Morris, to develop a Linux kernel patch that implements this
framework. The patch is currently tracking the 2.4 series and is
diff --git a/Documentation/RCU/RTFP.txt b/Documentation/RCU/RTFP.txt
index 370ca00..c93b1fd 100644
--- a/Documentation/RCU/RTFP.txt
+++ b/Documentation/RCU/RTFP.txt
@@ -145,7 +145,7 @@ Hugh Dickins [Dickins02a] and an implementation by Mingming Cao
different CPUs [McKenney04b], a dissertation describing use of RCU in a
number of operating-system kernels [PaulEdwardMcKenneyPhD], a paper
describing how to make RCU safe for soft-realtime applications [Sarma04c],
-and a paper describing SELinux performance with RCU [JamesMorris04b].
+and a paper describing NSALinux performance with RCU [JamesMorris04b].
2005 brought further adaptation of RCU to realtime use, permitting
preemption of RCU realtime critical sections [PaulMcKenney05a,
@@ -1195,7 +1195,7 @@ Oregon Health and Sciences University"
@unpublished{JamesMorris04a
,Author="James Morris"
-,Title="{[PATCH 2/3] SELinux} scalability - convert {AVC} to {RCU}"
+,Title="{[PATCH 2/3] NSALinux} scalability - convert {AVC} to {RCU}"
,day="15"
,month="November"
,year="2004"
@@ -1209,14 +1209,14 @@ Oregon Health and Sciences University"
@unpublished{JamesMorris04b
,Author="James Morris"
-,Title="Recent Developments in {SELinux} Kernel Performance"
+,Title="Recent Developments in {NSALinux} Kernel Performance"
,month="December"
,year="2004"
,note="Available:
\url{http://www.livejournal.com/users/james_morris/2153.html}
[Viewed December 10, 2004]"
,annotation={
- RCU helps SELinux performance. ;-) Made LWN.
+ RCU helps NSALinux performance. ;-) Made LWN.
}
}
diff --git a/Documentation/cgroup-v1/cgroups.txt b/Documentation/cgroup-v1/cgroups.txt
index 947e6fe..531dbc4 100644
--- a/Documentation/cgroup-v1/cgroups.txt
+++ b/Documentation/cgroup-v1/cgroups.txt
@@ -664,7 +664,7 @@ using kernel memory and it's advised to keep the usage at minimum. This
is the reason why user defined extended attributes are not supported, since
any user can do it and there's no limit in the value size.
-The current known users for this feature are SELinux to limit cgroup usage
+The current known users for this feature are NSALinux to limit cgroup usage
in containers and systemd for assorted meta data like main PID in a cgroup
(systemd creates a cgroup per service).
diff --git a/Documentation/filesystems/caching/backend-api.txt b/Documentation/filesystems/caching/backend-api.txt
index c0bd567..f539884 100644
--- a/Documentation/filesystems/caching/backend-api.txt
+++ b/Documentation/filesystems/caching/backend-api.txt
@@ -84,7 +84,7 @@ The cache methods are executed one of two contexts:
In either case, this may not be an appropriate context in which to access the
cache.
-The calling process's fsuid, fsgid and SELinux security identities may need to
+The calling process's fsuid, fsgid and NSALinux security identities may need to
be masqueraded for the duration of the cache driver's access to the cache.
This is left to the cache to handle; FS-Cache makes no effort in this regard.
diff --git a/Documentation/filesystems/caching/cachefiles.txt b/Documentation/filesystems/caching/cachefiles.txt
index 748a1ae..164659a 100644
--- a/Documentation/filesystems/caching/cachefiles.txt
+++ b/Documentation/filesystems/caching/cachefiles.txt
@@ -18,7 +18,7 @@ Contents:
(*) Cache structure.
- (*) Security model and SELinux.
+ (*) Security model and NSALinux.
(*) A note on security.
@@ -308,11 +308,11 @@ any file of an incorrect type (such as a FIFO file or a device file).
==========================
-SECURITY MODEL AND SELINUX
+SECURITY MODEL AND NSALINUX
==========================
CacheFiles is implemented to deal properly with the LSM security features of
-the Linux kernel and the SELinux facility.
+the Linux kernel and the NSALinux facility.
One of the problems that CacheFiles faces is that it is generally acting on
behalf of a process, and running in that process's context, and that includes a
@@ -345,7 +345,7 @@ When the CacheFiles module is asked to bind to its cache, it:
cachefiles_kernel_t
- SELinux transitions the daemon's security ID to the module's security ID
+ NSALinux transitions the daemon's security ID to the module's security ID
based on a rule of this form in the policy.
type_transition <daemon's-ID> kernel_t : process <module's-ID>;
@@ -381,10 +381,10 @@ They are built and installed directly by the RPM.
If a non-RPM based system is being used, then copy the above files to their own
directory and run:
- make -f /usr/share/selinux/devel/Makefile
+ make -f /usr/share/nsalinux/devel/Makefile
semodule -i cachefilesd.pp
-You will need checkpolicy and selinux-policy-devel installed prior to the
+You will need checkpolicy and nsalinux-policy-devel installed prior to the
build.
@@ -394,7 +394,7 @@ an auxiliary policy must be installed to label the alternate location of the
cache.
For instructions on how to add an auxiliary policy to enable the cache to be
-located elsewhere when SELinux is in enforcing mode, please see:
+located elsewhere when NSALinux is in enforcing mode, please see:
/usr/share/doc/cachefilesd-*/move-cache.txt
@@ -440,7 +440,7 @@ may be overridden. This is not seen externally, and is used whan a process
acts upon another object, for example SIGKILLing another process or opening a
file.
-LSM hooks exist that allow SELinux (or Smack or whatever) to reject a request
+LSM hooks exist that allow NSALinux (or Smack or whatever) to reject a request
for CacheFiles to run in a context of a specific security label, or to create
files and directories with another security label.
diff --git a/Documentation/filesystems/cifs/TODO b/Documentation/filesystems/cifs/TODO
index 066ffdd..ddc407b 100644
--- a/Documentation/filesystems/cifs/TODO
+++ b/Documentation/filesystems/cifs/TODO
@@ -45,7 +45,7 @@ j) Add GUI tool to configure /proc/fs/cifs settings and for display of
the CIFS statistics (started)
k) implement support for security and trusted categories of xattrs
-(requires minor protocol extension) to enable better support for SELINUX
+(requires minor protocol extension) to enable better support for NSALINUX
l) Implement O_DIRECT flag on open (already supported on mount)
diff --git a/Documentation/filesystems/orangefs.txt b/Documentation/filesystems/orangefs.txt
index e1a0056..33d4666 100644
--- a/Documentation/filesystems/orangefs.txt
+++ b/Documentation/filesystems/orangefs.txt
@@ -82,7 +82,7 @@ prove things are working with:
/opt/osf/bin/pvfs2-ls /mymountpoint
-You might not want to enforce selinux, it doesn't seem to matter by
+You might not want to enforce nsalinux, it doesn't seem to matter by
linux 3.11...
If stuff seems to be working, turn on the client core:
diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
index 7f5607a..12ec0ef 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
@@ -1850,7 +1850,7 @@ the process is maintaining. Example output:
| lr-------- 1 root root 64 Jan 27 11:24 333c81f000-333c820000 -> /usr/lib64/ld-2.18.so
| lr-------- 1 root root 64 Jan 27 11:24 333c820000-333c821000 -> /usr/lib64/ld-2.18.so
| ...
- | lr-------- 1 root root 64 Jan 27 11:24 35d0421000-35d0422000 -> /usr/lib64/libselinux.so.1
+ | lr-------- 1 root root 64 Jan 27 11:24 35d0421000-35d0422000 -> /usr/lib64/libnsalinux.so.1
| lr-------- 1 root root 64 Jan 27 11:24 400000-41a000 -> /usr/bin/ls
The name of a link represents the virtual memory bounds of a mapping, i.e.
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index ecc74fa..5dfde04 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -107,7 +107,7 @@ parameter is applicable:
A lot of drivers have their options described inside
the Documentation/scsi/ sub-directory.
SECURITY Different security models are enabled.
- SELINUX SELinux support is enabled.
+ NSALINUX NSALinux support is enabled.
APPARMOR AppArmor support is enabled.
SERIAL Serial support is enabled.
SH SuperH architecture is enabled.
@@ -624,15 +624,15 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
nosocket -- Disable socket memory accounting.
nokmem -- Disable kernel memory accounting.
- checkreqprot [SELINUX] Set initial checkreqprot flag value.
+ checkreqprot [NSALINUX] Set initial checkreqprot flag value.
Format: { "0" | "1" }
- See security/selinux/Kconfig help text.
+ See security/nsalinux/Kconfig help text.
0 -- check protection applied by kernel (includes
any implied execute protection).
1 -- check protection requested by application.
Default value is set via a kernel config option.
Value can be changed at runtime via
- /selinux/checkreqprot.
+ /nsalinux/checkreqprot.
cio_ignore= [S390]
See Documentation/s390/CommonIO for details.
@@ -1193,13 +1193,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
(in particular on some ATI chipsets).
The kernel tries to set a reasonable default.
- enforcing [SELINUX] Set initial enforcing status.
+ enforcing [NSALINUX] Set initial enforcing status.
Format: {"0" | "1"}
- See security/selinux/Kconfig help text.
+ See security/nsalinux/Kconfig help text.
0 -- permissive (log only, no denials).
1 -- enforcing (deny and log).
Default value is 0.
- Value can be changed at runtime via /selinux/enforce.
+ Value can be changed at runtime via /nsalinux/enforce.
erst_disable [ACPI]
Disable Error Record Serialization Table (ERST)
@@ -3604,13 +3604,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
loaded. An invalid security module name will be treated
as if no module has been chosen.
- selinux= [SELINUX] Disable or enable SELinux at boot time.
+ nsalinux= [NSALINUX] Disable or enable NSALinux at boot time.
Format: { "0" | "1" }
- See security/selinux/Kconfig help text.
+ See security/nsalinux/Kconfig help text.
0 -- disable.
1 -- enable.
Default value is set via kernel config option.
- If enabled at boot time, /selinux/disable can be used
+ If enabled at boot time, /nsalinux/disable can be used
later to disable prior to initial policy load.
apparmor= [APPARMOR] Disable or enable AppArmor at boot time
diff --git a/Documentation/networking/secid.txt b/Documentation/networking/secid.txt
index 95ea067..e7186ac 100644
--- a/Documentation/networking/secid.txt
+++ b/Documentation/networking/secid.txt
@@ -1,6 +1,6 @@
flowi structure:
-The secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate
+The secid member in the flow structure is used in LSMs (e.g. NSALinux) to indicate
the label of the flow. This label of the flow is currently used in selecting
matching labeled xfrm(s).
diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX
index 45c82fd..4715b2a 100644
--- a/Documentation/security/00-INDEX
+++ b/Documentation/security/00-INDEX
@@ -2,8 +2,8 @@
- this file.
LSM.txt
- description of the Linux Security Module framework.
-SELinux.txt
- - how to get started with the SELinux security enhancement.
+NSALinux.txt
+ - how to get started with the NSALinux security enhancement.
Smack.txt
- documentation on the Smack Linux Security Module.
Yama.txt
diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
index 3db7e67..9a146c8 100644
--- a/Documentation/security/LSM.txt
+++ b/Documentation/security/LSM.txt
@@ -11,7 +11,7 @@ LSMs were built into a given kernel.
The primary users of the LSM interface are Mandatory Access Control
(MAC) extensions which provide a comprehensive security policy. Examples
-include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger
+include NSALinux, Smack, Tomoyo, and AppArmor. In addition to the larger
MAC extensions, other extensions can be built using the LSM to provide
specific changes to system operation when these tweaks are not available
in the core functionality of Linux itself.
diff --git a/Documentation/security/SELinux.txt b/Documentation/security/NSALinux.txt
similarity index 58%
rename from Documentation/security/SELinux.txt
rename to Documentation/security/NSALinux.txt
index 07eae00..f90df63 100644
--- a/Documentation/security/SELinux.txt
+++ b/Documentation/security/NSALinux.txt
@@ -1,27 +1,27 @@
-If you want to use SELinux, chances are you will want
+If you want to use NSALinux, chances are you will want
to use the distro-provided policies, or install the
latest reference policy release from
http://oss.tresys.com/projects/refpolicy
However, if you want to install a dummy policy for
testing, you can do using 'mdp' provided under
-scripts/selinux. Note that this requires the selinux
+scripts/nsalinux. Note that this requires the nsalinux
userspace to be installed - in particular you will
need checkpolicy to compile a kernel, and setfiles and
fixfiles to label the filesystem.
- 1. Compile the kernel with selinux enabled.
+ 1. Compile the kernel with nsalinux enabled.
2. Type 'make' to compile mdp.
3. Make sure that you are not running with
- SELinux enabled and a real policy. If
- you are, reboot with selinux disabled
+ NSALinux enabled and a real policy. If
+ you are, reboot with nsalinux disabled
before continuing.
4. Run install_policy.sh:
- cd scripts/selinux
+ cd scripts/nsalinux
sh install_policy.sh
Step 4 will create a new dummy policy valid for your
-kernel, with a single selinux user, role, and type.
-It will compile the policy, will set your SELINUXTYPE to
-dummy in /etc/selinux/config, install the compiled policy
+kernel, with a single nsalinux user, role, and type.
+It will compile the policy, will set your NSALINUXTYPE to
+dummy in /etc/nsalinux/config, install the compiled policy
as 'dummy', and relabel your filesystem.
diff --git a/Documentation/security/credentials.txt b/Documentation/security/credentials.txt
index 8625705..f34a111 100644
--- a/Documentation/security/credentials.txt
+++ b/Documentation/security/credentials.txt
@@ -131,9 +131,9 @@ object acts upon another:
The system as a whole may have one or more sets of rules that get
applied to all subjects and objects, regardless of their source.
- SELinux and Smack are examples of this.
+ NSALinux and Smack are examples of this.
- In the case of SELinux and Smack, each object is given a label as part
+ In the case of NSALinux and Smack, each object is given a label as part
of its credentials. When an action is requested, they take the
subject label, the object label and the action and look for a rule
that says that this action is either granted or denied.
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 8c18387..aec82ae 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -19,7 +19,7 @@ This document has the following sections:
- Key overview
- Key service overview
- Key access permissions
- - SELinux support
+ - NSALinux support
- New procfs files
- Userspace system call interface
- Kernel services
@@ -250,18 +250,18 @@ the key or having the sysadmin capability is sufficient.
===============
-SELINUX SUPPORT
+NSALINUX SUPPORT
===============
-The security class "key" has been added to SELinux so that mandatory access
+The security class "key" has been added to NSALinux so that mandatory access
controls can be applied to keys created within various contexts. This support
is preliminary, and is likely to change quite significantly in the near future.
-Currently, all of the basic permissions explained above are provided in SELinux
-as well; SELinux is simply invoked after all basic permission checks have been
+Currently, all of the basic permissions explained above are provided in NSALinux
+as well; NSALinux is simply invoked after all basic permission checks have been
performed.
The value of the file /proc/self/attr/keycreate influences the labeling of
-newly-created keys. If the contents of that file correspond to an SELinux
+newly-created keys. If the contents of that file correspond to an NSALinux
security context, then the key will be assigned that context. Otherwise, the
key will be assigned the current context of the task that invoked the key
creation request. Tasks must be granted explicit permission to assign a
diff --git a/Documentation/security/tomoyo.txt b/Documentation/security/tomoyo.txt
index 200a2d3..b2fa581 100644
--- a/Documentation/security/tomoyo.txt
+++ b/Documentation/security/tomoyo.txt
@@ -47,7 +47,7 @@ History of TOMOYO?
We believe that inode based security and name based security are complementary
and both should be used together. But unfortunately, so far, we cannot enable
multiple LSM modules at the same time. We feel sorry that you have to give up
-SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
+NSALinux/SMACK/AppArmor etc. when you want to use TOMOYO.
We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ .
diff --git a/Documentation/zh_CN/CodingStyle b/Documentation/zh_CN/CodingStyle
index 654afd7..9bf7a13 100644
--- a/Documentation/zh_CN/CodingStyle
+++ b/Documentation/zh_CN/CodingStyle
@@ -458,7 +458,7 @@ config AUDIT
depends on NET
help
Enable auditing infrastructure that can be used with another
- kernel subsystem, such as SELinux (which requires this for
+ kernel subsystem, such as NSALinux (which requires this for
logging of avc messages output). Does not do system-call
auditing without CONFIG_AUDITSYSCALL.
diff --git a/MAINTAINERS b/MAINTAINERS
index 378ebff..c9034dc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9939,7 +9939,7 @@ SECURITY CONTACT
M: Security Officers <security@xxxxxxxxxx>
S: Supported
-SELINUX SECURITY MODULE
+NSALINUX SECURITY MODULE
M: Paul Moore <paul@xxxxxxxxxxxxxx>
M: Stephen Smalley <sds@xxxxxxxxxxxxx>
M: Eric Paris <eparis@xxxxxxxxxxxxxx>
@@ -9947,9 +9947,9 @@ L: selinux@xxxxxxxxxxxxx (moderated for non-subscribers)
W: http://selinuxproject.org
T: git git://git.infradead.org/users/pcmoore/selinux
S: Supported
-F: include/linux/selinux*
-F: security/selinux/
-F: scripts/selinux/
+F: include/linux/nsalinux*
+F: security/nsalinux/
+F: scripts/nsalinux/
APPARMOR SECURITY MODULE
M: John Johansen <john.johansen@xxxxxxxxxxxxx>
diff --git a/arch/mips/configs/bigsur_defconfig b/arch/mips/configs/bigsur_defconfig
index e070dac..806c845 100644
--- a/arch/mips/configs/bigsur_defconfig
+++ b/arch/mips/configs/bigsur_defconfig
@@ -250,9 +250,9 @@ CONFIG_KEYS=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_CCM=m
diff --git a/arch/mips/configs/loongson3_defconfig b/arch/mips/configs/loongson3_defconfig
index f8bf915..e635154 100644
--- a/arch/mips/configs/loongson3_defconfig
+++ b/arch/mips/configs/loongson3_defconfig
@@ -342,9 +342,9 @@ CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_PATH=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_HMAC=y
diff --git a/arch/mips/configs/nlm_xlp_defconfig b/arch/mips/configs/nlm_xlp_defconfig
index b3d1d37..b721b11 100644
--- a/arch/mips/configs/nlm_xlp_defconfig
+++ b/arch/mips/configs/nlm_xlp_defconfig
@@ -569,10 +569,10 @@ CONFIG_BLK_DEV_IO_TRACE=y
CONFIG_KGDB=y
CONFIG_SECURITY=y
CONFIG_LSM_MMAP_MIN_ADDR=0
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_SECURITY_SMACK=y
CONFIG_SECURITY_TOMOYO=y
CONFIG_CRYPTO_NULL=m
diff --git a/arch/mips/configs/nlm_xlr_defconfig b/arch/mips/configs/nlm_xlr_defconfig
index 3d8016d..b92d94e 100644
--- a/arch/mips/configs/nlm_xlr_defconfig
+++ b/arch/mips/configs/nlm_xlr_defconfig
@@ -530,10 +530,10 @@ CONFIG_KGDB=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_LSM_MMAP_MIN_ADDR=0
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_SECURITY_SMACK=y
CONFIG_SECURITY_TOMOYO=y
CONFIG_CRYPTO_NULL=m
diff --git a/arch/powerpc/configs/c2k_defconfig b/arch/powerpc/configs/c2k_defconfig
index 340685c..a170128 100644
--- a/arch/powerpc/configs/c2k_defconfig
+++ b/arch/powerpc/configs/c2k_defconfig
@@ -389,9 +389,9 @@ CONFIG_BOOTX_TEXT=y
CONFIG_PPC_EARLY_DEBUG=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_CRYPTO_NULL=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_MICHAEL_MIC=m
diff --git a/arch/powerpc/configs/ppc6xx_defconfig b/arch/powerpc/configs/ppc6xx_defconfig
index 99ccbeba..3022dfd 100644
--- a/arch/powerpc/configs/ppc6xx_defconfig
+++ b/arch/powerpc/configs/ppc6xx_defconfig
@@ -1178,9 +1178,9 @@ CONFIG_PPC_EARLY_DEBUG=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_CRYPTO_TEST=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CTS=m
diff --git a/arch/s390/configs/default_defconfig b/arch/s390/configs/default_defconfig
index 0ac42cc..77ecee8 100644
--- a/arch/s390/configs/default_defconfig
+++ b/arch/s390/configs/default_defconfig
@@ -612,10 +612,10 @@ CONFIG_S390_PTDUMP=y
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_IMA=y
CONFIG_IMA_APPRAISE=y
CONFIG_CRYPTO_USER=m
diff --git a/arch/s390/configs/gcov_defconfig b/arch/s390/configs/gcov_defconfig
index a31dcd5..8c4a965 100644
--- a/arch/s390/configs/gcov_defconfig
+++ b/arch/s390/configs/gcov_defconfig
@@ -558,10 +558,10 @@ CONFIG_S390_PTDUMP=y
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_IMA=y
CONFIG_IMA_APPRAISE=y
CONFIG_CRYPTO_USER=m
diff --git a/arch/s390/configs/performance_defconfig b/arch/s390/configs/performance_defconfig
index 7b73bf3..836480e 100644
--- a/arch/s390/configs/performance_defconfig
+++ b/arch/s390/configs/performance_defconfig
@@ -555,10 +555,10 @@ CONFIG_S390_PTDUMP=y
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_IMA=y
CONFIG_IMA_APPRAISE=y
CONFIG_CRYPTO_USER=m
diff --git a/arch/tile/configs/tilegx_defconfig b/arch/tile/configs/tilegx_defconfig
index 3f3dfb8..fb9aef2 100644
--- a/arch/tile/configs/tilegx_defconfig
+++ b/arch/tile/configs/tilegx_defconfig
@@ -378,9 +378,9 @@ CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_TEST=m
diff --git a/arch/tile/configs/tilepro_defconfig b/arch/tile/configs/tilepro_defconfig
index ef9e27e..87134a8 100644
--- a/arch/tile/configs/tilepro_defconfig
+++ b/arch/tile/configs/tilepro_defconfig
@@ -490,9 +490,9 @@ CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_TEST=m
diff --git a/arch/x86/configs/i386_defconfig b/arch/x86/configs/i386_defconfig
index 265901a..0dd4d06d 100644
--- a/arch/x86/configs/i386_defconfig
+++ b/arch/x86/configs/i386_defconfig
@@ -305,8 +305,8 @@ CONFIG_DEBUG_BOOT_PARAMS=y
CONFIG_OPTIMIZE_INLINING=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
CONFIG_CRYPTO_AES_586=y
# CONFIG_CRYPTO_ANSI_CPRNG is not set
diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
index 4f404a6..fdf65ba 100644
--- a/arch/x86/configs/x86_64_defconfig
+++ b/arch/x86/configs/x86_64_defconfig
@@ -302,7 +302,7 @@ CONFIG_DEBUG_BOOT_PARAMS=y
CONFIG_OPTIMIZE_INLINING=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_NSALINUX=y
+CONFIG_SECURITY_NSALINUX_BOOTPARAM=y
+CONFIG_SECURITY_NSALINUX_DISABLE=y
# CONFIG_CRYPTO_ANSI_CPRNG is not set
diff --git a/arch/xtensa/configs/iss_defconfig b/arch/xtensa/configs/iss_defconfig
index 44c6764..55a55dd 100644
--- a/arch/xtensa/configs/iss_defconfig
+++ b/arch/xtensa/configs/iss_defconfig
@@ -643,7 +643,7 @@ CONFIG_RCU_CPU_STALL_DETECTOR=y
# CONFIG_KEYS is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_NSALINUX is not set
# CONFIG_DEFAULT_SECURITY_SMACK is not set
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
CONFIG_DEFAULT_SECURITY_DAC=y
diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c
index b68dcc9..5eed334 100644
--- a/drivers/staging/lustre/lustre/llite/xattr.c
+++ b/drivers/staging/lustre/lustre/llite/xattr.c
@@ -37,7 +37,7 @@
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/mm.h>
-#include <linux/selinux.h>
+#include <linux/nsalinux.h>
#define DEBUG_SUBSYSTEM S_LLITE
@@ -138,9 +138,9 @@ int ll_setxattr_common(struct inode *inode, const char *name,
strcmp(name, "security.capability") == 0))
return 0;
- /* LU-549: Disable security.selinux when selinux is disabled */
- if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled() &&
- strcmp(name, "security.selinux") == 0)
+ /* LU-549: Disable security.nsalinux when nsalinux is disabled */
+ if (xattr_type == XATTR_SECURITY_T && !nsalinux_is_enabled() &&
+ strcmp(name, "security.nsalinux") == 0)
return -EOPNOTSUPP;
#ifdef CONFIG_FS_POSIX_ACL
@@ -314,9 +314,9 @@ int ll_getxattr_common(struct inode *inode, const char *name,
strcmp(name, "security.capability") == 0))
return -ENODATA;
- /* LU-549: Disable security.selinux when selinux is disabled */
- if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled() &&
- strcmp(name, "security.selinux") == 0)
+ /* LU-549: Disable security.nsalinux when nsalinux is disabled */
+ if (xattr_type == XATTR_SECURITY_T && !nsalinux_is_enabled() &&
+ strcmp(name, "security.nsalinux") == 0)
return -EOPNOTSUPP;
#ifdef CONFIG_FS_POSIX_ACL
diff --git a/fs/9p/Kconfig b/fs/9p/Kconfig
index 6489e1f..e64308b 100644
--- a/fs/9p/Kconfig
+++ b/fs/9p/Kconfig
@@ -38,7 +38,7 @@ config 9P_FS_SECURITY
depends on 9P_FS
help
Security labels support alternative access control models
- implemented by security modules like SELinux. This option
+ implemented by security modules like NSALinux. This option
enables an extended attribute handler for file security
labels in the 9P filesystem.
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 41a5688..6568a52 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -6351,7 +6351,7 @@ static int btrfs_mknod(struct inode *dir, struct dentry *dentry,
/*
* 2 for inode item and ref
* 2 for dir items
- * 1 for xattr if selinux is on
+ * 1 for xattr if nsalinux is on
*/
trans = btrfs_start_transaction(root, 5);
if (IS_ERR(trans))
@@ -6422,7 +6422,7 @@ static int btrfs_create(struct inode *dir, struct dentry *dentry,
/*
* 2 for inode item and ref
* 2 for dir items
- * 1 for xattr if selinux is on
+ * 1 for xattr if nsalinux is on
*/
trans = btrfs_start_transaction(root, 5);
if (IS_ERR(trans))
@@ -6570,7 +6570,7 @@ static int btrfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
/*
* 2 items for inode and ref
* 2 items for dir items
- * 1 for xattr if selinux is on
+ * 1 for xattr if nsalinux is on
*/
trans = btrfs_start_transaction(root, 5);
if (IS_ERR(trans))
@@ -9799,7 +9799,7 @@ static int btrfs_symlink(struct inode *dir, struct dentry *dentry,
* 2 items for dir items
* 1 item for updating parent inode item
* 1 item for the inline extent item
- * 1 item for xattr if selinux is on
+ * 1 item for xattr if nsalinux is on
*/
trans = btrfs_start_transaction(root, 7);
if (IS_ERR(trans))
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 00b8f37..42342af 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1488,7 +1488,7 @@ static int setup_security_options(struct btrfs_fs_info *fs_info,
memcpy(&fs_info->security_opts, sec_opts, sizeof(*sec_opts));
} else {
/*
- * Since SELinux(the only one supports security_mnt_opts) does
+ * Since NSALinux(the only one supports security_mnt_opts) does
* NOT support changing context during remount/mount same sb,
* This must be the same or part of the same security options,
* just free it.
diff --git a/fs/ext2/Kconfig b/fs/ext2/Kconfig
index c634874..9a93197 100644
--- a/fs/ext2/Kconfig
+++ b/fs/ext2/Kconfig
@@ -36,7 +36,7 @@ config EXT2_FS_SECURITY
depends on EXT2_FS_XATTR
help
Security labels support alternative access control models
- implemented by security modules like SELinux. This option
+ implemented by security modules like NSALinux. This option
enables an extended attribute handler for file security
labels in the ext2 filesystem.
diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
index b46e9fc..ea62e4d 100644
--- a/fs/ext4/Kconfig
+++ b/fs/ext4/Kconfig
@@ -91,7 +91,7 @@ config EXT4_FS_SECURITY
depends on EXT4_FS
help
Security labels support alternative access control models
- implemented by security modules like SELinux. This option
+ implemented by security modules like NSALinux. This option
enables an extended attribute handler for file security
labels in the ext4 filesystem.
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 48e4b89..1251922 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3106,7 +3106,7 @@ static int ext4_symlink(struct inode *dir,
* For non-fast symlinks, we just allocate inode and put it on
* orphan list in the first transaction => we need bitmap,
* group descriptor, sb, inode block, quota blocks, and
- * possibly selinux xattr blocks.
+ * possibly nsalinux xattr blocks.
*/
credits = 4 + EXT4_MAXQUOTAS_INIT_BLOCKS(dir->i_sb) +
EXT4_XATTR_TRANS_BLOCKS;
diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig
index 1f8982a..5827963 100644
--- a/fs/f2fs/Kconfig
+++ b/fs/f2fs/Kconfig
@@ -59,7 +59,7 @@ config F2FS_FS_SECURITY
depends on F2FS_FS_XATTR
help
Security labels provide an access control facility to support Linux
- Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO
+ Security Models (LSMs) accepted by AppArmor, NSALinux, Smack and TOMOYO
Linux. This option enables an extended attribute handler for file
security labels in the f2fs filesystem, so that it requires enabling
the extended attribute support in advance.
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
index bb30f9a..72c968a 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
@@ -1976,7 +1976,7 @@ static ssize_t gfs2_getxattr(struct dentry *dentry, const char *name,
struct gfs2_holder gh;
int ret;
- /* For selinux during lookup */
+ /* For nsalinux during lookup */
if (gfs2_glock_is_locked_by_me(ip->i_gl))
return generic_getxattr(dentry, name, data, size);
diff --git a/fs/jffs2/Kconfig b/fs/jffs2/Kconfig
index d8bb6c4..a870943 100644
--- a/fs/jffs2/Kconfig
+++ b/fs/jffs2/Kconfig
@@ -93,7 +93,7 @@ config JFFS2_FS_SECURITY
default y
help
Security labels support alternative access control models
- implemented by security modules like SELinux. This option
+ implemented by security modules like NSALinux. This option
enables an extended attribute handler for file security
labels in the jffs2 filesystem.
diff --git a/fs/jfs/Kconfig b/fs/jfs/Kconfig
index 57cef19..964e159 100644
--- a/fs/jfs/Kconfig
+++ b/fs/jfs/Kconfig
@@ -26,7 +26,7 @@ config JFS_SECURITY
depends on JFS_FS
help
Security labels support alternative access control models
- implemented by security modules like SELinux. This option
+ implemented by security modules like NSALinux. This option
enables an extended attribute handler for file security
labels in the jfs filesystem.
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index f126828..2b21fe3 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -2040,14 +2040,14 @@ static int nfs23_validate_mount_data(void *options,
NFS_MOUNT_LOCAL_FCNTL);
/*
* The legacy version 6 binary mount data from userspace has a
- * field used only to transport selinux information into the
+ * field used only to transport nsalinux information into the
* the kernel. To continue to support that functionality we
- * have a touch of selinux knowledge here in the NFS code. The
+ * have a touch of nsalinux knowledge here in the NFS code. The
* userspace code converted context=blah to just blah so we are
- * converting back to the full string selinux understands.
+ * converting back to the full string nsalinux understands.
*/
if (data->context[0]){
-#ifdef CONFIG_SECURITY_SELINUX
+#ifdef CONFIG_SECURITY_NSALINUX
int rc;
char *opts_str = kmalloc(sizeof(data->context) + 8, GFP_KERNEL);
if (!opts_str)
diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
index c9f583d..7c70f71 100644
--- a/fs/nfsd/Kconfig
+++ b/fs/nfsd/Kconfig
@@ -118,10 +118,10 @@ config NFSD_V4_SECURITY_LABEL
Say Y here if you want enable fine-grained security label attribute
support for NFS version 4. Security labels allow security modules like
- SELinux and Smack to label files to facilitate enforcement of their policies.
+ NSALinux and Smack to label files to facilitate enforcement of their policies.
Without this an NFSv4 mount will have the same label on each file.
- If you do not wish to enable fine-grained security labels SELinux or
+ If you do not wish to enable fine-grained security labels NSALinux or
Smack policies on NFSv4 files, say N.
config NFSD_FAULT_INJECTION
diff --git a/fs/reiserfs/Kconfig b/fs/reiserfs/Kconfig
index 7cd4666..ae9c5ef 100644
--- a/fs/reiserfs/Kconfig
+++ b/fs/reiserfs/Kconfig
@@ -80,7 +80,7 @@ config REISERFS_FS_SECURITY
depends on REISERFS_FS_XATTR
help
Security labels support alternative access control models
- implemented by security modules like SELinux. This option
+ implemented by security modules like NSALinux. This option
enables an extended attribute handler for file security
labels in the ReiserFS filesystem.
diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c
index ab0217d..51a9e31 100644
--- a/fs/reiserfs/xattr_security.c
+++ b/fs/reiserfs/xattr_security.c
@@ -51,7 +51,7 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
sec->name = NULL;
- /* Don't add selinux attributes on xattrs - they'll never get used */
+ /* Don't add nsalinux attributes on xattrs - they'll never get used */
if (IS_PRIVATE(dir))
return 0;
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
index fb7dc61..36d6a6a 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
@@ -78,7 +78,7 @@ xfs_initxattrs(
}
/*
- * Hook in SELinux. This is not quite correct yet, what we really need
+ * Hook in NSALinux. This is not quite correct yet, what we really need
* here (as we do for default ACLs) is a mechanism by which creation of
* these attrs can be journalled at inode creation time (along with the
* inode, of course, such that log replay can't cause these to be lost).
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 257db64..2e81331 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -15,7 +15,7 @@
#include <linux/capability.h>
#include <linux/init.h>
#include <linux/key.h>
-#include <linux/selinux.h>
+#include <linux/nsalinux.h>
#include <linux/atomic.h>
#include <linux/uidgid.h>
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index ffb9c9d..d9c85ec 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -1,6 +1,6 @@
/*
* Common LSM logging functions
- * Heavily borrowed from selinux/avc.h
+ * Heavily borrowed from nsalinux/avc.h
*
* Author : Etienne BASSET <etienne.basset@xxxxxxxxx>
*
@@ -81,8 +81,8 @@ struct common_audit_data {
#ifdef CONFIG_SECURITY_SMACK
struct smack_audit_data *smack_audit_data;
#endif
-#ifdef CONFIG_SECURITY_SELINUX
- struct selinux_audit_data *selinux_audit_data;
+#ifdef CONFIG_SECURITY_NSALINUX
+ struct nsalinux_audit_data *nsalinux_audit_data;
#endif
#ifdef CONFIG_SECURITY_APPARMOR
struct apparmor_audit_data *apparmor_audit_data;
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index cdee11c..045f794 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -179,7 +179,7 @@
* @inode contains the inode structure of the newly created inode.
* @dir contains the inode structure of the parent directory.
* @qstr contains the last path component of the new object
- * @name will be set to the allocated name suffix (e.g. selinux).
+ * @name will be set to the allocated name suffix (e.g. nsalinux).
* @value will be set to the allocated attribute value.
* @len will be set to the length of the value.
* Returns 0 if @name and @value have been successfully set,
@@ -1863,7 +1863,7 @@ static inline void security_add_hooks(struct security_hook_list *hooks,
list_add_tail_rcu(&hooks[i].list, hooks[i].head);
}
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+#ifdef CONFIG_SECURITY_NSALINUX_DISABLE
/*
* Assuring the safety of deleting a security module is up to
* the security module involved. This may entail ordering the
@@ -1874,7 +1874,7 @@ static inline void security_add_hooks(struct security_hook_list *hooks,
* The name of the configuration option reflects the only module
* that currently uses the mechanism. Any developer who thinks
* disabling their module is a good idea needs to be at least as
- * careful as the SELinux team.
+ * careful as the NSALinux team.
*/
static inline void security_delete_hooks(struct security_hook_list *hooks,
int count)
@@ -1884,7 +1884,7 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
for (i = 0; i < count; i++)
list_del_rcu(&hooks[i].list);
}
-#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
+#endif /* CONFIG_SECURITY_NSALINUX_DISABLE */
extern int __init security_module_enable(const char *module);
extern void __init capability_add_hooks(void);
diff --git a/include/linux/selinux.h b/include/linux/nsalinux.h
similarity index 60%
rename from include/linux/selinux.h
rename to include/linux/nsalinux.h
index 44f4596..f5a100f 100644
--- a/include/linux/selinux.h
+++ b/include/linux/nsalinux.h
@@ -1,5 +1,5 @@
/*
- * SELinux services exported to the rest of the kernel.
+ * NSALinux services exported to the rest of the kernel.
*
* Author: James Morris <jmorris@xxxxxxxxxx>
*
@@ -11,25 +11,25 @@
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
-#ifndef _LINUX_SELINUX_H
-#define _LINUX_SELINUX_H
+#ifndef _LINUX_NSALINUX_H
+#define _LINUX_NSALINUX_H
-struct selinux_audit_rule;
+struct nsalinux_audit_rule;
struct audit_context;
struct kern_ipc_perm;
-#ifdef CONFIG_SECURITY_SELINUX
+#ifdef CONFIG_SECURITY_NSALINUX
/**
- * selinux_is_enabled - is SELinux enabled?
+ * nsalinux_is_enabled - is NSALinux enabled?
*/
-bool selinux_is_enabled(void);
+bool nsalinux_is_enabled(void);
#else
-static inline bool selinux_is_enabled(void)
+static inline bool nsalinux_is_enabled(void)
{
return false;
}
-#endif /* CONFIG_SECURITY_SELINUX */
+#endif /* CONFIG_SECURITY_NSALINUX */
-#endif /* _LINUX_SELINUX_H */
+#endif /* _LINUX_NSALINUX_H */
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 7b5a300..b201ac2 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -148,7 +148,7 @@ struct netlbl_lsm_cache {
* This structure is used to represent category bitmaps. Due to the large
* number of categories supported by most labeling protocols it is not
* practical to transfer a full bitmap internally so NetLabel adopts a sparse
- * bitmap structure modeled after SELinux's ebitmap structure.
+ * bitmap structure modeled after NSALinux's ebitmap structure.
* The catmap bitmap field MUST be a power of two in length and large
* enough to hold at least 240 bits. Special care (i.e. check the code!)
* should be used when changing these values as the LSM implementation
diff --git a/include/uapi/linux/Kbuild b/include/uapi/linux/Kbuild
index b71fd0b..c8204a6 100644
--- a/include/uapi/linux/Kbuild
+++ b/include/uapi/linux/Kbuild
@@ -368,7 +368,7 @@ header-y += sctp.h
header-y += sdla.h
header-y += seccomp.h
header-y += securebits.h
-header-y += selinux_netlink.h
+header-y += nsalinux_netlink.h
header-y += sem.h
header-y += serial_core.h
header-y += serial.h
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index d820aa9..a5307cf 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -113,7 +113,7 @@
#define AUDIT_REPLACE 1329 /* Replace auditd if this packet unanswerd */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
-#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
+#define AUDIT_NSALINUX_ERR 1401 /* Internal SE Linux Errors */
#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
diff --git a/include/uapi/linux/magic.h b/include/uapi/linux/magic.h
index 0de181a..c2c341e 100644
--- a/include/uapi/linux/magic.h
+++ b/include/uapi/linux/magic.h
@@ -10,7 +10,7 @@
#define CRAMFS_MAGIC_WEND 0x453dcd28 /* magic number with the wrong endianess */
#define DEBUGFS_MAGIC 0x64626720
#define SECURITYFS_MAGIC 0x73636673
-#define SELINUX_MAGIC 0xf97cff8c
+#define NSALINUX_MAGIC 0xf97cff8c
#define SMACK_MAGIC 0x43415d53 /* "SMAC" */
#define RAMFS_MAGIC 0x858458f6 /* some random number */
#define TMPFS_MAGIC 0x01021994
diff --git a/include/uapi/linux/netfilter/xt_SECMARK.h b/include/uapi/linux/netfilter/xt_SECMARK.h
index 989092b..8636d3d 100644
--- a/include/uapi/linux/netfilter/xt_SECMARK.h
+++ b/include/uapi/linux/netfilter/xt_SECMARK.h
@@ -10,7 +10,7 @@
* 'mode' refers to the specific security subsystem which the
* packets are being marked for.
*/
-#define SECMARK_MODE_SEL 0x01 /* SELinux */
+#define SECMARK_MODE_SEL 0x01 /* NSALinux */
#define SECMARK_SECCTX_MAX 256
struct xt_secmark_target_info {
diff --git a/include/uapi/linux/netfilter_ipv4.h b/include/uapi/linux/netfilter_ipv4.h
index 91ddd1f..a986795 100644
--- a/include/uapi/linux/netfilter_ipv4.h
+++ b/include/uapi/linux/netfilter_ipv4.h
@@ -58,14 +58,14 @@ enum nf_ip_hook_priorities {
NF_IP_PRI_FIRST = INT_MIN,
NF_IP_PRI_CONNTRACK_DEFRAG = -400,
NF_IP_PRI_RAW = -300,
- NF_IP_PRI_SELINUX_FIRST = -225,
+ NF_IP_PRI_NSALINUX_FIRST = -225,
NF_IP_PRI_CONNTRACK = -200,
NF_IP_PRI_MANGLE = -150,
NF_IP_PRI_NAT_DST = -100,
NF_IP_PRI_FILTER = 0,
NF_IP_PRI_SECURITY = 50,
NF_IP_PRI_NAT_SRC = 100,
- NF_IP_PRI_SELINUX_LAST = 225,
+ NF_IP_PRI_NSALINUX_LAST = 225,
NF_IP_PRI_CONNTRACK_HELPER = 300,
NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
NF_IP_PRI_LAST = INT_MAX,
diff --git a/include/uapi/linux/netfilter_ipv6.h b/include/uapi/linux/netfilter_ipv6.h
index 12497c6..22c2c00 100644
--- a/include/uapi/linux/netfilter_ipv6.h
+++ b/include/uapi/linux/netfilter_ipv6.h
@@ -63,14 +63,14 @@ enum nf_ip6_hook_priorities {
NF_IP6_PRI_FIRST = INT_MIN,
NF_IP6_PRI_CONNTRACK_DEFRAG = -400,
NF_IP6_PRI_RAW = -300,
- NF_IP6_PRI_SELINUX_FIRST = -225,
+ NF_IP6_PRI_NSALINUX_FIRST = -225,
NF_IP6_PRI_CONNTRACK = -200,
NF_IP6_PRI_MANGLE = -150,
NF_IP6_PRI_NAT_DST = -100,
NF_IP6_PRI_FILTER = 0,
NF_IP6_PRI_SECURITY = 50,
NF_IP6_PRI_NAT_SRC = 100,
- NF_IP6_PRI_SELINUX_LAST = 225,
+ NF_IP6_PRI_NSALINUX_LAST = 225,
NF_IP6_PRI_CONNTRACK_HELPER = 300,
NF_IP6_PRI_LAST = INT_MAX,
};
diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h
index 0dba4e4..9160cbe 100644
--- a/include/uapi/linux/netlink.h
+++ b/include/uapi/linux/netlink.h
@@ -12,7 +12,7 @@
#define NETLINK_SOCK_DIAG 4 /* socket monitoring */
#define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */
#define NETLINK_XFRM 6 /* ipsec */
-#define NETLINK_SELINUX 7 /* SELinux event notifications */
+#define NETLINK_NSALINUX 7 /* NSALinux event notifications */
#define NETLINK_ISCSI 8 /* Open-iSCSI */
#define NETLINK_AUDIT 9 /* auditing */
#define NETLINK_FIB_LOOKUP 10
diff --git a/include/uapi/linux/selinux_netlink.h b/include/uapi/linux/nsalinux_netlink.h
similarity index 84%
rename from include/uapi/linux/selinux_netlink.h
rename to include/uapi/linux/nsalinux_netlink.h
index d239797..e5baa6b 100644
--- a/include/uapi/linux/selinux_netlink.h
+++ b/include/uapi/linux/nsalinux_netlink.h
@@ -1,5 +1,5 @@
/*
- * Netlink event notifications for SELinux.
+ * Netlink event notifications for NSALinux.
*
* Author: James Morris <jmorris@xxxxxxxxxx>
*
@@ -9,8 +9,8 @@
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
-#ifndef _LINUX_SELINUX_NETLINK_H
-#define _LINUX_SELINUX_NETLINK_H
+#ifndef _LINUX_NSALINUX_NETLINK_H
+#define _LINUX_NSALINUX_NETLINK_H
#include <linux/types.h>
@@ -29,7 +29,7 @@ enum {
#define SELNL_GRP_ALL 0xffffffff
#endif
-enum selinux_nlgroups {
+enum nsalinux_nlgroups {
SELNLGRP_NONE,
#define SELNLGRP_NONE SELNLGRP_NONE
SELNLGRP_AVC,
@@ -47,4 +47,4 @@ struct selnl_msg_policyload {
__u32 seqno;
};
-#endif /* _LINUX_SELINUX_NETLINK_H */
+#endif /* _LINUX_NSALINUX_NETLINK_H */
diff --git a/include/uapi/linux/pfkeyv2.h b/include/uapi/linux/pfkeyv2.h
index ada7f01..7b95e12 100644
--- a/include/uapi/linux/pfkeyv2.h
+++ b/include/uapi/linux/pfkeyv2.h
@@ -220,7 +220,7 @@ struct sadb_x_nat_t_port {
struct sadb_x_sec_ctx {
__u16 sadb_x_sec_len;
__u16 sadb_x_sec_exttype;
- __u8 sadb_x_ctx_alg; /* LSMs: e.g., selinux == 1 */
+ __u8 sadb_x_ctx_alg; /* LSMs: e.g., nsalinux == 1 */
__u8 sadb_x_ctx_doi;
__u16 sadb_x_ctx_len;
} __attribute__((packed));
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index a8d0759..8b434ba 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -166,7 +166,7 @@ struct prctl_mm_map {
* capset, etc.) will still work. Drop those privileges if you want them gone.
*
* Changing LSM security domain is considered a new privilege. So, for example,
- * asking selinux for a specific new context (e.g. with runcon) will result
+ * asking nsalinux for a specific new context (e.g. with runcon) will result
* in execve returning -EPERM.
*
* See Documentation/prctl/no_new_privs.txt for more details.
diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
index 1590c49..993c8b8 100644
--- a/include/uapi/linux/xattr.h
+++ b/include/uapi/linux/xattr.h
@@ -49,8 +49,8 @@
#define XATTR_IMA_SUFFIX "ima"
#define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX
-#define XATTR_SELINUX_SUFFIX "selinux"
-#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
+#define XATTR_NSALINUX_SUFFIX "nsalinux"
+#define XATTR_NAME_NSALINUX XATTR_SECURITY_PREFIX XATTR_NSALINUX_SUFFIX
#define XATTR_SMACK_SUFFIX "SMACK64"
#define XATTR_SMACK_IPIN "SMACK64IPIN"
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 2cd9e60..9ed9bcd 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -41,7 +41,7 @@ struct xfrm_sec_ctx {
/* Security Context Algorithms */
#define XFRM_SC_ALG_RESERVED 0
-#define XFRM_SC_ALG_SELINUX 1
+#define XFRM_SC_ALG_NSALINUX 1
/* Selector, used as selector both on policy rules (SPD) and SAs. */
@@ -227,7 +227,7 @@ enum {
struct xfrm_user_sec_ctx {
__u16 len;
__u16 exttype;
- __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */
+ __u8 ctx_alg; /* LSMs: e.g., nsalinux == 1 */
__u8 ctx_doi;
__u16 ctx_len;
};
diff --git a/init/Kconfig b/init/Kconfig
index e0d2616..8025b4a 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -298,7 +298,7 @@ config AUDIT
depends on NET
help
Enable auditing infrastructure that can be used with another
- kernel subsystem, such as SELinux (which requires this for
+ kernel subsystem, such as NSALinux (which requires this for
logging of avc messages output). System call auditing is included
on architectures which support it.
diff --git a/kernel/audit.c b/kernel/audit.c
index 678c3f0..4ea612b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1,5 +1,5 @@
/* audit.c -- Auditing support
- * Gateway between the kernel (e.g., selinux) and the user-space audit daemon.
+ * Gateway between the kernel (e.g., nsalinux) and the user-space audit daemon.
* System-call specific features have moved to auditsc.c
*
* Copyright 2003-2007 Red Hat Inc., Durham, North Carolina.
@@ -2034,12 +2034,12 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
#ifdef CONFIG_SECURITY
/**
- * audit_log_secctx - Converts and logs SELinux context
+ * audit_log_secctx - Converts and logs NSALinux context
* @ab: audit_buffer
* @secid: security number
*
* This is a helper function that calls security_secid_to_secctx to convert
- * secid to secctx and then adds the (converted) SELinux context to the audit
+ * secid to secctx and then adds the (converted) NSALinux context to the audit
* log by calling audit_log_format, thus also preventing leak of internal secid
* to userspace. If secid cannot be converted audit_panic is called.
*/
diff --git a/kernel/audit.h b/kernel/audit.h
index cbbe6bb..fef7b9c 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -250,7 +250,7 @@ struct audit_net {
struct sock *nlsk;
};
-extern int selinux_audit_rule_update(void);
+extern int nsalinux_audit_rule_update(void);
extern struct mutex audit_filter_mutex;
extern int audit_del_rule(struct audit_entry *);
diff --git a/kernel/cred.c b/kernel/cred.c
index 0c0cd8a..fb1a50b 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -701,12 +701,12 @@ bool creds_are_invalid(const struct cred *cred)
{
if (cred->magic != CRED_MAGIC)
return true;
-#ifdef CONFIG_SECURITY_SELINUX
+#ifdef CONFIG_SECURITY_NSALINUX
/*
* cred->security == NULL if security_cred_alloc_blank() or
* security_prepare_creds() returned an error.
*/
- if (selinux_is_enabled() && cred->security) {
+ if (nsalinux_is_enabled() && cred->security) {
if ((unsigned long) cred->security < PAGE_SIZE)
return true;
if ((*(u32 *)cred->security & 0xffffff00) ==
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 1e9a607..a6a005d 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1246,7 +1246,7 @@ config DEBUG_CREDENTIALS
see that this number never exceeds the usage count of the cred
struct.
- Furthermore, if SELinux is enabled, this also checks that the
+ Furthermore, if NSALinux is enabled, this also checks that the
security pointer in the cred struct is never seen to be invalid.
If unsure, say N.
diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c
index 391fd23..4a918e9 100644
--- a/lib/is_single_threaded.c
+++ b/lib/is_single_threaded.c
@@ -2,7 +2,7 @@
*
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@xxxxxxxxxx)
- * - Derived from security/selinux/hooks.c
+ * - Derived from security/nsalinux/hooks.c
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public Licence
diff --git a/mm/shmem.c b/mm/shmem.c
index 9428c51..01641f3 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -3456,7 +3456,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
/*
* Cloning a new file under mmap_sem leads to a lock ordering conflict
- * between XFS directory reading and selinux: since this file is only
+ * between XFS directory reading and nsalinux: since this file is only
* accessible to the user through its mapping, use S_PRIVATE flag to
* bypass file security, in the same way as shmem_kernel_file_setup().
*/
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index ada6742..0c6fa19 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -119,7 +119,7 @@ static u32 netlbl_domhsh_hash(const char *key)
u32 len;
/* This is taken (with slight modification) from
- * security/selinux/ss/symtab.c:symhash() */
+ * security/nsalinux/ss/symtab.c:symhash() */
for (iter = 0, val = 0, len = strlen(key); iter < len; iter++)
val = (val << 4 | (val >> (8 * sizeof(u32) - 4))) ^ key[iter];
diff --git a/scripts/Makefile b/scripts/Makefile
index 822ab4a..0fd8fc6 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -42,7 +42,7 @@ build_check-lc_ctype: $(obj)/check-lc_ctype
subdir-$(CONFIG_MODVERSIONS) += genksyms
subdir-y += mod
-subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+subdir-$(CONFIG_SECURITY_NSALINUX) += nsalinux
subdir-$(CONFIG_DTC) += dtc
subdir-$(CONFIG_GDB_SCRIPTS) += gdb
diff --git a/scripts/selinux/Makefile b/scripts/nsalinux/Makefile
similarity index 100%
rename from scripts/selinux/Makefile
rename to scripts/nsalinux/Makefile
diff --git a/scripts/nsalinux/README b/scripts/nsalinux/README
new file mode 100644
index 0000000..dd501d3
--- /dev/null
+++ b/scripts/nsalinux/README
@@ -0,0 +1,2 @@
+Please see Documentation/security/NSALinux.txt for information on
+installing a dummy NSALinux policy.
diff --git a/scripts/selinux/genheaders/.gitignore b/scripts/nsalinux/genheaders/.gitignore
similarity index 100%
rename from scripts/selinux/genheaders/.gitignore
rename to scripts/nsalinux/genheaders/.gitignore
diff --git a/scripts/selinux/genheaders/Makefile b/scripts/nsalinux/genheaders/Makefile
similarity index 52%
rename from scripts/selinux/genheaders/Makefile
rename to scripts/nsalinux/genheaders/Makefile
index 1d1ac51..2a99775 100644
--- a/scripts/selinux/genheaders/Makefile
+++ b/scripts/nsalinux/genheaders/Makefile
@@ -1,4 +1,4 @@
hostprogs-y := genheaders
-HOST_EXTRACFLAGS += -Isecurity/selinux/include
+HOST_EXTRACFLAGS += -Isecurity/nsalinux/include
always := $(hostprogs-y)
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/nsalinux/genheaders/genheaders.c
similarity index 95%
rename from scripts/selinux/genheaders/genheaders.c
rename to scripts/nsalinux/genheaders/genheaders.c
index 539855f..7210769 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/nsalinux/genheaders/genheaders.c
@@ -70,7 +70,7 @@ int main(int argc, char *argv[])
initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);
fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
- fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
+ fprintf(fout, "#ifndef _NSALINUX_FLASK_H_\n#define _NSALINUX_FLASK_H_\n\n");
for (i = 0; secclass_map[i].name; i++) {
struct security_class_mapping *map = &secclass_map[i];
@@ -119,7 +119,7 @@ int main(int argc, char *argv[])
}
fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
- fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
+ fprintf(fout, "#ifndef _NSALINUX_AV_PERMISSIONS_H_\n#define _NSALINUX_AV_PERMISSIONS_H_\n\n");
for (i = 0; secclass_map[i].name; i++) {
struct security_class_mapping *map = &secclass_map[i];
diff --git a/scripts/selinux/install_policy.sh b/scripts/nsalinux/install_policy.sh
similarity index 45%
rename from scripts/selinux/install_policy.sh
rename to scripts/nsalinux/install_policy.sh
index f6a0ce7..41e1e79 100755
--- a/scripts/selinux/install_policy.sh
+++ b/scripts/nsalinux/install_policy.sh
@@ -1,6 +1,6 @@
#!/bin/sh
if [ `id -u` -ne 0 ]; then
- echo "$0: must be root to install the selinux policy"
+ echo "$0: must be root to install the nsalinux policy"
exit 1
fi
SF=`which setfiles`
@@ -8,7 +8,7 @@ if [ $? -eq 1 ]; then
if [ -f /sbin/setfiles ]; then
SF="/usr/setfiles"
else
- echo "no selinux tools installed: setfiles"
+ echo "no nsalinux tools installed: setfiles"
exit 1
fi
fi
@@ -21,39 +21,39 @@ VERS=`$CP -V | awk '{print $1}'`
./mdp policy.conf file_contexts
$CP -o policy.$VERS policy.conf
-mkdir -p /etc/selinux/dummy/policy
-mkdir -p /etc/selinux/dummy/contexts/files
+mkdir -p /etc/nsalinux/dummy/policy
+mkdir -p /etc/nsalinux/dummy/contexts/files
-cp file_contexts /etc/selinux/dummy/contexts/files
-cp dbus_contexts /etc/selinux/dummy/contexts
-cp policy.$VERS /etc/selinux/dummy/policy
-FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
+cp file_contexts /etc/nsalinux/dummy/contexts/files
+cp dbus_contexts /etc/nsalinux/dummy/contexts
+cp policy.$VERS /etc/nsalinux/dummy/policy
+FC_FILE=/etc/nsalinux/dummy/contexts/files/file_contexts
-if [ ! -d /etc/selinux ]; then
- mkdir -p /etc/selinux
+if [ ! -d /etc/nsalinux ]; then
+ mkdir -p /etc/nsalinux
fi
-if [ ! -f /etc/selinux/config ]; then
- cat > /etc/selinux/config << EOF
-SELINUX=enforcing
-SELINUXTYPE=dummy
+if [ ! -f /etc/nsalinux/config ]; then
+ cat > /etc/nsalinux/config << EOF
+NSALINUX=enforcing
+NSALINUXTYPE=dummy
EOF
else
- TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}`
+ TYPE=`cat /etc/nsalinux/config | grep "^NSALINUXTYPE" | tail -1 | awk -F= '{ print $2 '}`
if [ "eq$TYPE" != "eqdummy" ]; then
- selinuxenabled
+ nsalinuxenabled
if [ $? -eq 0 ]; then
- echo "SELinux already enabled with a non-dummy policy."
+ echo "NSALinux already enabled with a non-dummy policy."
echo "Exiting. Please install policy by hand if that"
echo "is what you REALLY want."
exit 1
fi
- mv /etc/selinux/config /etc/selinux/config.mdpbak
- grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config
- echo "SELINUXTYPE=dummy" >> /etc/selinux/config
+ mv /etc/nsalinux/config /etc/nsalinux/config.mdpbak
+ grep -v "^NSALINUXTYPE" /etc/nsalinux/config.mdpbak >> /etc/nsalinux/config
+ echo "NSALINUXTYPE=dummy" >> /etc/nsalinux/config
fi
fi
-cd /etc/selinux/dummy/contexts/files
+cd /etc/nsalinux/dummy/contexts/files
$SF file_contexts /
mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}`
diff --git a/scripts/selinux/mdp/.gitignore b/scripts/nsalinux/mdp/.gitignore
similarity index 100%
rename from scripts/selinux/mdp/.gitignore
rename to scripts/nsalinux/mdp/.gitignore
diff --git a/scripts/selinux/mdp/Makefile b/scripts/nsalinux/mdp/Makefile
similarity index 63%
rename from scripts/selinux/mdp/Makefile
rename to scripts/nsalinux/mdp/Makefile
index dba7eff..c66f30d 100644
--- a/scripts/selinux/mdp/Makefile
+++ b/scripts/nsalinux/mdp/Makefile
@@ -1,5 +1,5 @@
hostprogs-y := mdp
-HOST_EXTRACFLAGS += -Isecurity/selinux/include
+HOST_EXTRACFLAGS += -Isecurity/nsalinux/include
always := $(hostprogs-y)
clean-files := policy.* file_contexts
diff --git a/scripts/selinux/mdp/dbus_contexts b/scripts/nsalinux/mdp/dbus_contexts
similarity index 86%
rename from scripts/selinux/mdp/dbus_contexts
rename to scripts/nsalinux/mdp/dbus_contexts
index 116e684..86e49fb 100644
--- a/scripts/selinux/mdp/dbus_contexts
+++ b/scripts/nsalinux/mdp/dbus_contexts
@@ -1,6 +1,6 @@
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
- <selinux>
- </selinux>
+ <nsalinux>
+ </nsalinux>
</busconfig>
diff --git a/scripts/selinux/mdp/mdp.c b/scripts/nsalinux/mdp/mdp.c
similarity index 100%
rename from scripts/selinux/mdp/mdp.c
rename to scripts/nsalinux/mdp/mdp.c
diff --git a/scripts/selinux/README b/scripts/selinux/README
deleted file mode 100644
index 4d020ec..0000000
--- a/scripts/selinux/README
+++ /dev/null
@@ -1,2 +0,0 @@
-Please see Documentation/security/SELinux.txt for information on
-installing a dummy SELinux policy.
diff --git a/security/Kconfig b/security/Kconfig
index e452378..0b2973d 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -36,7 +36,7 @@ config SECURITYFS
help
This will build the securityfs filesystem. It is currently used by
the TPM bios character driver and IMA, an integrity provider. It is
- not used by SELinux or SMACK.
+ not used by NSALinux or SMACK.
If you are unsure how to answer this question, answer N.
@@ -103,7 +103,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
- depends on SECURITY && SECURITY_SELINUX
+ depends on SECURITY && SECURITY_NSALINUX
default 32768 if ARM || (ARM64 && COMPAT)
default 65536
help
@@ -118,7 +118,7 @@ config LSM_MMAP_MIN_ADDR
this low address space will need the permission specific to the
systems running LSM.
-source security/selinux/Kconfig
+source security/nsalinux/Kconfig
source security/smack/Kconfig
source security/tomoyo/Kconfig
source security/apparmor/Kconfig
@@ -128,7 +128,7 @@ source security/integrity/Kconfig
choice
prompt "Default security module"
- default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
+ default DEFAULT_SECURITY_NSALINUX if SECURITY_NSALINUX
default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
@@ -138,8 +138,8 @@ choice
Select the security module that will be used by default if the
kernel parameter security= is not specified.
- config DEFAULT_SECURITY_SELINUX
- bool "SELinux" if SECURITY_SELINUX=y
+ config DEFAULT_SECURITY_NSALINUX
+ bool "NSALinux" if SECURITY_NSALINUX=y
config DEFAULT_SECURITY_SMACK
bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
@@ -157,7 +157,7 @@ endchoice
config DEFAULT_SECURITY
string
- default "selinux" if DEFAULT_SECURITY_SELINUX
+ default "nsalinux" if DEFAULT_SECURITY_NSALINUX
default "smack" if DEFAULT_SECURITY_SMACK
default "tomoyo" if DEFAULT_SECURITY_TOMOYO
default "apparmor" if DEFAULT_SECURITY_APPARMOR
diff --git a/security/Makefile b/security/Makefile
index c9bfbc8..5323ecd 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_KEYS) += keys/
-subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+subdir-$(CONFIG_SECURITY_NSALINUX) += nsalinux
subdir-$(CONFIG_SECURITY_SMACK) += smack
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
@@ -16,7 +16,7 @@ obj-$(CONFIG_MMU) += min_addr.o
# Object file lists
obj-$(CONFIG_SECURITY) += security.o
obj-$(CONFIG_SECURITYFS) += inode.o
-obj-$(CONFIG_SECURITY_SELINUX) += selinux/
+obj-$(CONFIG_SECURITY_NSALINUX) += nsalinux/
obj-$(CONFIG_SECURITY_SMACK) += smack/
obj-$(CONFIG_AUDIT) += lsm_audit.o
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index e825e0a..08200ec 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -32,7 +32,7 @@ config EVM_EXTRA_SMACK_XATTRS
help
Include additional SMACK xattrs for HMAC calculation.
- In addition to the original security xattrs (eg. security.selinux,
+ In addition to the original security xattrs (eg. security.nsalinux,
security.SMACK64, security.capability, and security.ima) included
in the HMAC calculation, enabling this option includes newly defined
Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index e6ea9d4..bc0a87c 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -36,8 +36,8 @@ char *evm_hash = "sha1";
int evm_hmac_attrs;
char *evm_config_xattrnames[] = {
-#ifdef CONFIG_SECURITY_SELINUX
- XATTR_NAME_SELINUX,
+#ifdef CONFIG_SECURITY_NSALINUX
+ XATTR_NAME_NSALINUX,
#endif
#ifdef CONFIG_SECURITY_SMACK
XATTR_NAME_SMACK,
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index e54a8a8..45e8277 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -39,7 +39,7 @@ config IMA_MEASURE_PCR_IDX
config IMA_LSM_RULES
bool
- depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
+ depends on IMA && AUDIT && (SECURITY_NSALINUX || SECURITY_SMACK)
default y
help
Disabling this option will disregard LSM based policy rules.
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index be09e2c..0cfb998 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -86,7 +86,7 @@ static struct ima_rule_entry dont_measure_rules[] = {
{.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
- {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE, .fsmagic = NSALINUX_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
.flags = IMA_FSMAGIC},
{.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}
@@ -126,7 +126,7 @@ static struct ima_rule_entry default_appraise_rules[] = {
{.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
- {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
+ {.action = DONT_APPRAISE, .fsmagic = NSALINUX_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
{.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
#ifdef CONFIG_IMA_WRITE_POLICY
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index cccbf30..5f8c7a3 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -1,7 +1,7 @@
/*
* common LSM auditing functions
*
- * Based on code written for SELinux by :
+ * Based on code written for NSALinux by :
* Stephen Smalley, <sds@xxxxxxxxxxxxxx>
* James Morris <jmorris@xxxxxxxxxx>
* Author : Etienne Basset, <etienne.basset@xxxxxxxxx>
diff --git a/security/selinux/.gitignore b/security/nsalinux/.gitignore
similarity index 100%
rename from security/selinux/.gitignore
rename to security/nsalinux/.gitignore
diff --git a/security/selinux/Kconfig b/security/nsalinux/Kconfig
similarity index 47%
rename from security/selinux/Kconfig
rename to security/nsalinux/Kconfig
index 8691e92..0ceb3e5 100644
--- a/security/selinux/Kconfig
+++ b/security/nsalinux/Kconfig
@@ -1,107 +1,107 @@
-config SECURITY_SELINUX
- bool "NSA SELinux Support"
+config SECURITY_NSALINUX
+ bool "NSALinux Support"
depends on SECURITY_NETWORK && AUDIT && NET && INET
select NETWORK_SECMARK
default n
help
- This selects NSA Security-Enhanced Linux (SELinux).
+ This selects NSALinux.
You will also need a policy configuration and a labeled filesystem.
If you are unsure how to answer this question, answer N.
-config SECURITY_SELINUX_BOOTPARAM
- bool "NSA SELinux boot parameter"
- depends on SECURITY_SELINUX
+config SECURITY_NSALINUX_BOOTPARAM
+ bool "NSALinux boot parameter"
+ depends on SECURITY_NSALINUX
default n
help
- This option adds a kernel parameter 'selinux', which allows SELinux
- to be disabled at boot. If this option is selected, SELinux
- functionality can be disabled with selinux=0 on the kernel
+ This option adds a kernel parameter 'nsalinux', which allows NSALinux
+ to be disabled at boot. If this option is selected, NSALinux
+ functionality can be disabled with nsalinux=0 on the kernel
command line. The purpose of this option is to allow a single
- kernel image to be distributed with SELinux built in, but not
+ kernel image to be distributed with NSALinux built in, but not
necessarily enabled.
If you are unsure how to answer this question, answer N.
-config SECURITY_SELINUX_BOOTPARAM_VALUE
- int "NSA SELinux boot parameter default value"
- depends on SECURITY_SELINUX_BOOTPARAM
+config SECURITY_NSALINUX_BOOTPARAM_VALUE
+ int "NSALinux boot parameter default value"
+ depends on SECURITY_NSALINUX_BOOTPARAM
range 0 1
default 1
help
This option sets the default value for the kernel parameter
- 'selinux', which allows SELinux to be disabled at boot. If this
- option is set to 0 (zero), the SELinux kernel parameter will
- default to 0, disabling SELinux at bootup. If this option is
- set to 1 (one), the SELinux kernel parameter will default to 1,
- enabling SELinux at bootup.
+ 'nsalinux', which allows NSALinux to be disabled at boot. If this
+ option is set to 0 (zero), the NSALinux kernel parameter will
+ default to 0, disabling NSALinux at bootup. If this option is
+ set to 1 (one), the NSALinux kernel parameter will default to 1,
+ enabling NSALinux at bootup.
If you are unsure how to answer this question, answer 1.
-config SECURITY_SELINUX_DISABLE
- bool "NSA SELinux runtime disable"
- depends on SECURITY_SELINUX
+config SECURITY_NSALINUX_DISABLE
+ bool "NSALinux runtime disable"
+ depends on SECURITY_NSALINUX
default n
help
- This option enables writing to a selinuxfs node 'disable', which
- allows SELinux to be disabled at runtime prior to the policy load.
- SELinux will then remain disabled until the next boot.
- This option is similar to the selinux=0 boot parameter, but is to
- support runtime disabling of SELinux, e.g. from /sbin/init, for
+ This option enables writing to a nsalinuxfs node 'disable', which
+ allows NSALinux to be disabled at runtime prior to the policy load.
+ NSALinux will then remain disabled until the next boot.
+ This option is similar to the nsalinux=0 boot parameter, but is to
+ support runtime disabling of NSALinux, e.g. from /sbin/init, for
portability across platforms where boot parameters are difficult
to employ.
If you are unsure how to answer this question, answer N.
-config SECURITY_SELINUX_DEVELOP
- bool "NSA SELinux Development Support"
- depends on SECURITY_SELINUX
+config SECURITY_NSALINUX_DEVELOP
+ bool "NSALinux Development Support"
+ depends on SECURITY_NSALINUX
default y
help
- This enables the development support option of NSA SELinux,
- which is useful for experimenting with SELinux and developing
+ This enables the development support option of NSALinux,
+ which is useful for experimenting with NSALinux and developing
policies. If unsure, say Y. With this option enabled, the
kernel will start in permissive mode (log everything, deny nothing)
unless you specify enforcing=1 on the kernel command line. You
can interactively toggle the kernel between enforcing mode and
- permissive mode (if permitted by the policy) via /selinux/enforce.
+ permissive mode (if permitted by the policy) via /nsalinux/enforce.
-config SECURITY_SELINUX_AVC_STATS
- bool "NSA SELinux AVC Statistics"
- depends on SECURITY_SELINUX
+config SECURITY_NSALINUX_AVC_STATS
+ bool "NSALinux AVC Statistics"
+ depends on SECURITY_NSALINUX
default y
help
This option collects access vector cache statistics to
- /selinux/avc/cache_stats, which may be monitored via
+ /nsalinux/avc/cache_stats, which may be monitored via
tools such as avcstat.
-config SECURITY_SELINUX_CHECKREQPROT_VALUE
- int "NSA SELinux checkreqprot default value"
- depends on SECURITY_SELINUX
+config SECURITY_NSALINUX_CHECKREQPROT_VALUE
+ int "NSALinux checkreqprot default value"
+ depends on SECURITY_NSALINUX
range 0 1
default 0
help
This option sets the default value for the 'checkreqprot' flag
- that determines whether SELinux checks the protection requested
+ that determines whether NSALinux checks the protection requested
by the application or the protection that will be applied by the
kernel (including any implied execute for read-implies-exec) for
mmap and mprotect calls. If this option is set to 0 (zero),
- SELinux will default to checking the protection that will be applied
- by the kernel. If this option is set to 1 (one), SELinux will
+ NSALinux will default to checking the protection that will be applied
+ by the kernel. If this option is set to 1 (one), NSALinux will
default to checking the protection requested by the application.
The checkreqprot flag may be changed from the default via the
'checkreqprot=' boot parameter. It may also be changed at runtime
- via /selinux/checkreqprot if authorized by policy.
+ via /nsalinux/checkreqprot if authorized by policy.
If you are unsure how to answer this question, answer 0.
-config SECURITY_SELINUX_POLICYDB_VERSION_MAX
- bool "NSA SELinux maximum supported policy format version"
- depends on SECURITY_SELINUX
+config SECURITY_NSALINUX_POLICYDB_VERSION_MAX
+ bool "NSALinux maximum supported policy format version"
+ depends on SECURITY_NSALINUX
default n
help
This option enables the maximum policy format version supported
- by SELinux to be set to a particular value. This value is reported
- to userspace via /selinux/policyvers and used at policy load time.
+ by NSALinux to be set to a particular value. This value is reported
+ to userspace via /nsalinux/policyvers and used at policy load time.
It can be adjusted downward to support legacy userland (init) that
does not correctly handle kernels that support newer policy versions.
@@ -112,14 +112,14 @@ config SECURITY_SELINUX_POLICYDB_VERSION_MAX
If you are unsure how to answer this question, answer N.
-config SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
- int "NSA SELinux maximum supported policy format version value"
- depends on SECURITY_SELINUX_POLICYDB_VERSION_MAX
+config SECURITY_NSALINUX_POLICYDB_VERSION_MAX_VALUE
+ int "NSALinux maximum supported policy format version value"
+ depends on SECURITY_NSALINUX_POLICYDB_VERSION_MAX
range 15 23
default 19
help
This option sets the value for the maximum policy format version
- supported by SELinux.
+ supported by NSALinux.
Examples:
For Fedora Core 3, use 18.
@@ -128,6 +128,6 @@ config SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
If you are unsure how to answer this question, look for the
policy format version supported by your policy toolchain, by
running 'checkpolicy -V'. Or look at what policy you have
- installed under /etc/selinux/$SELINUXTYPE/policy, where
- SELINUXTYPE is defined in your /etc/selinux/config.
+ installed under /etc/nsalinux/$NSALINUXTYPE/policy, where
+ NSALINUXTYPE is defined in your /etc/nsalinux/config.
diff --git a/security/selinux/Makefile b/security/nsalinux/Makefile
similarity index 41%
rename from security/selinux/Makefile
rename to security/nsalinux/Makefile
index 3411c33..dd6d724 100644
--- a/security/selinux/Makefile
+++ b/security/nsalinux/Makefile
@@ -1,24 +1,24 @@
#
-# Makefile for building the SELinux module as part of the kernel tree.
+# Makefile for building the NSALinux module as part of the kernel tree.
#
-obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
+obj-$(CONFIG_SECURITY_NSALINUX) := nsalinux.o
-selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
+nsalinux-y := avc.o hooks.o nsalinuxfs.o netlink.o nlmsgtab.o netif.o \
netnode.o netport.o exports.o \
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
-selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
+nsalinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
-selinux-$(CONFIG_NETLABEL) += netlabel.o
+nsalinux-$(CONFIG_NETLABEL) += netlabel.o
-ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
+ccflags-y := -I$(srctree)/security/nsalinux -I$(srctree)/security/nsalinux/include
-$(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
+$(addprefix $(obj)/,$(nsalinux-y)): $(obj)/flask.h
quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
- cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
+ cmd_flask = scripts/nsalinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
targets += flask.h av_permissions.h
$(obj)/flask.h: $(src)/include/classmap.h FORCE
diff --git a/security/selinux/avc.c b/security/nsalinux/avc.c
similarity index 97%
rename from security/selinux/avc.c
rename to security/nsalinux/avc.c
index e60c79d..19a3a48 100644
--- a/security/selinux/avc.c
+++ b/security/nsalinux/avc.c
@@ -38,7 +38,7 @@
#define AVC_DEF_CACHE_THRESHOLD 512
#define AVC_CACHE_RECLAIM 16
-#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
+#ifdef CONFIG_SECURITY_NSALINUX_AVC_STATS
#define avc_cache_stats_incr(field) this_cpu_inc(avc_cache_stats.field)
#else
#define avc_cache_stats_incr(field) do {} while (0)
@@ -85,7 +85,7 @@ struct avc_callback_node {
/* Exported via selinufs */
unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
-#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
+#ifdef CONFIG_SECURITY_NSALINUX_AVC_STATS
DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 };
#endif
@@ -627,7 +627,7 @@ static int avc_latest_notif_update(int seqno, int is_insert)
spin_lock_irqsave(¬if_lock, flag);
if (is_insert) {
if (seqno < avc_cache.latest_notif) {
- printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
+ printk(KERN_WARNING "NSALinux: avc: seqno %d < latest_notif %d\n",
seqno, avc_cache.latest_notif);
ret = -EAGAIN;
}
@@ -703,7 +703,7 @@ out:
}
/**
- * avc_audit_pre_callback - SELinux specific information
+ * avc_audit_pre_callback - NSALinux specific information
* will be called by generic audit code
* @ab: the audit buffer
* @a: audit_data
@@ -712,14 +712,14 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
{
struct common_audit_data *ad = a;
audit_log_format(ab, "avc: %s ",
- ad->selinux_audit_data->denied ? "denied" : "granted");
- avc_dump_av(ab, ad->selinux_audit_data->tclass,
- ad->selinux_audit_data->audited);
+ ad->nsalinux_audit_data->denied ? "denied" : "granted");
+ avc_dump_av(ab, ad->nsalinux_audit_data->tclass,
+ ad->nsalinux_audit_data->audited);
audit_log_format(ab, " for ");
}
/**
- * avc_audit_post_callback - SELinux specific information
+ * avc_audit_post_callback - NSALinux specific information
* will be called by generic audit code
* @ab: the audit buffer
* @a: audit_data
@@ -728,12 +728,12 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
{
struct common_audit_data *ad = a;
audit_log_format(ab, " ");
- avc_dump_query(ab, ad->selinux_audit_data->ssid,
- ad->selinux_audit_data->tsid,
- ad->selinux_audit_data->tclass);
- if (ad->selinux_audit_data->denied) {
+ avc_dump_query(ab, ad->nsalinux_audit_data->ssid,
+ ad->nsalinux_audit_data->tsid,
+ ad->nsalinux_audit_data->tclass);
+ if (ad->nsalinux_audit_data->denied) {
audit_log_format(ab, " permissive=%u",
- ad->selinux_audit_data->result ? 0 : 1);
+ ad->nsalinux_audit_data->result ? 0 : 1);
}
}
@@ -744,7 +744,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
unsigned flags)
{
struct common_audit_data stack_data;
- struct selinux_audit_data sad;
+ struct nsalinux_audit_data sad;
if (!a) {
a = &stack_data;
@@ -770,7 +770,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
sad.denied = denied;
sad.result = result;
- a->selinux_audit_data = &sad;
+ a->nsalinux_audit_data = &sad;
common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
return 0;
@@ -986,7 +986,7 @@ static noinline int avc_denied(u32 ssid, u32 tsid,
if (flags & AVC_STRICT)
return -EACCES;
- if (selinux_enforcing && !(avd->flags & AVD_FLAGS_PERMISSIVE))
+ if (nsalinux_enforcing && !(avd->flags & AVD_FLAGS_PERMISSIVE))
return -EACCES;
avc_update_node(AVC_CALLBACK_GRANT, requested, driver, xperm, ssid,
@@ -1181,7 +1181,7 @@ void avc_disable(void)
* not destroying the avc_node_cachep it might be easy to fix, but
* I don't know the memory barrier semantics well enough to know. It's
* possible that some other task dereferenced security_ops when
- * it still pointed to selinux operations. If that is the case it's
+ * it still pointed to nsalinux operations. If that is the case it's
* possible that it is about to use the avc and is about to need the
* avc_node_cachep. I know I could wrap the security.c security_ops call
* in an rcu_lock, but seriously, it's not worth it. Instead I just flush
diff --git a/security/selinux/exports.c b/security/nsalinux/exports.c
similarity index 74%
rename from security/selinux/exports.c
rename to security/nsalinux/exports.c
index e75dd94..73a01e9 100644
--- a/security/selinux/exports.c
+++ b/security/nsalinux/exports.c
@@ -1,5 +1,5 @@
/*
- * SELinux services exported to the rest of the kernel.
+ * NSALinux services exported to the rest of the kernel.
*
* Author: James Morris <jmorris@xxxxxxxxxx>
*
@@ -12,12 +12,12 @@
* as published by the Free Software Foundation.
*/
#include <linux/module.h>
-#include <linux/selinux.h>
+#include <linux/nsalinux.h>
#include "security.h"
-bool selinux_is_enabled(void)
+bool nsalinux_is_enabled(void)
{
- return selinux_enabled;
+ return nsalinux_enabled;
}
-EXPORT_SYMBOL_GPL(selinux_is_enabled);
+EXPORT_SYMBOL_GPL(nsalinux_is_enabled);
diff --git a/security/selinux/hooks.c b/security/nsalinux/hooks.c
similarity index 78%
rename from security/selinux/hooks.c
rename to security/nsalinux/hooks.c
index 912deee..cd63e5e 100644
--- a/security/selinux/hooks.c
+++ b/security/nsalinux/hooks.c
@@ -1,7 +1,7 @@
/*
- * NSA Security-Enhanced Linux (SELinux) security module
+ * NSALinux security module
*
- * This file contains the SELinux hook function implementations.
+ * This file contains the NSALinux hook function implementations.
*
* Authors: Stephen Smalley, <sds@xxxxxxxxxxxxxx>
* Chris Vance, <cvance@xxxxxxx>
@@ -75,7 +75,7 @@
#include <linux/personality.h>
#include <linux/audit.h>
#include <linux/string.h>
-#include <linux/selinux.h>
+#include <linux/nsalinux.h>
#include <linux/mutex.h>
#include <linux/posix-timers.h>
#include <linux/syslog.h>
@@ -95,41 +95,41 @@
#include "avc_ss.h"
/* SECMARK reference count */
-static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
+static atomic_t nsalinux_secmark_refcount = ATOMIC_INIT(0);
-#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
-int selinux_enforcing;
+#ifdef CONFIG_SECURITY_NSALINUX_DEVELOP
+int nsalinux_enforcing;
static int __init enforcing_setup(char *str)
{
unsigned long enforcing;
if (!kstrtoul(str, 0, &enforcing))
- selinux_enforcing = enforcing ? 1 : 0;
+ nsalinux_enforcing = enforcing ? 1 : 0;
return 1;
}
__setup("enforcing=", enforcing_setup);
#endif
-#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
-int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
+#ifdef CONFIG_SECURITY_NSALINUX_BOOTPARAM
+int nsalinux_enabled = CONFIG_SECURITY_NSALINUX_BOOTPARAM_VALUE;
-static int __init selinux_enabled_setup(char *str)
+static int __init nsalinux_enabled_setup(char *str)
{
unsigned long enabled;
if (!kstrtoul(str, 0, &enabled))
- selinux_enabled = enabled ? 1 : 0;
+ nsalinux_enabled = enabled ? 1 : 0;
return 1;
}
-__setup("selinux=", selinux_enabled_setup);
+__setup("nsalinux=", nsalinux_enabled_setup);
#else
-int selinux_enabled = 1;
+int nsalinux_enabled = 1;
#endif
static struct kmem_cache *sel_inode_cache;
static struct kmem_cache *file_security_cache;
/**
- * selinux_secmark_enabled - Check to see if SECMARK is currently enabled
+ * nsalinux_secmark_enabled - Check to see if SECMARK is currently enabled
*
* Description:
* This function checks the SECMARK reference counter to see if any SECMARK
@@ -139,13 +139,13 @@ static struct kmem_cache *file_security_cache;
* policy capability is enabled, SECMARK is always considered enabled.
*
*/
-static int selinux_secmark_enabled(void)
+static int nsalinux_secmark_enabled(void)
{
- return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
+ return (nsalinux_policycap_alwaysnetwork || atomic_read(&nsalinux_secmark_refcount));
}
/**
- * selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled
+ * nsalinux_peerlbl_enabled - Check to see if peer labeling is currently enabled
*
* Description:
* This function checks if NetLabel or labeled IPSEC is enabled. Returns true
@@ -154,12 +154,12 @@ static int selinux_secmark_enabled(void)
* is always considered enabled.
*
*/
-static int selinux_peerlbl_enabled(void)
+static int nsalinux_peerlbl_enabled(void)
{
- return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
+ return (nsalinux_policycap_alwaysnetwork || netlbl_enabled() || nsalinux_xfrm_enabled());
}
-static int selinux_netcache_avc_callback(u32 event)
+static int nsalinux_netcache_avc_callback(u32 event)
{
if (event == AVC_CALLBACK_RESET) {
sel_netif_flush();
@@ -180,7 +180,7 @@ static void cred_init_security(void)
tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
if (!tsec)
- panic("SELinux: Failed to initialize initial task.\n");
+ panic("NSALinux: Failed to initialize initial task.\n");
tsec->osid = tsec->sid = SECINITSID_KERNEL;
cred->security = tsec;
@@ -339,7 +339,7 @@ static void inode_free_security(struct inode *inode)
/*
* The inode may still be referenced in a path walk and
- * a call to selinux_inode_permission() can be made
+ * a call to nsalinux_inode_permission() can be made
* after inode_free_security() is called. Ideally, the VFS
* wouldn't do this, but fixing that is a much harder
* job. For now, simply free the i_security via RCU, and
@@ -437,7 +437,7 @@ static const match_table_t tokens = {
{Opt_error, NULL},
};
-#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
+#define SEL_MOUNT_FAIL_MSG "NSALinux: duplicate or incompatible mount options\n"
static int may_context_mount_sb_relabel(u32 sid,
struct superblock_security_struct *sbsec,
@@ -472,7 +472,7 @@ static int may_context_mount_inode_relabel(u32 sid,
return rc;
}
-static int selinux_is_sblabel_mnt(struct super_block *sb)
+static int nsalinux_is_sblabel_mnt(struct super_block *sb)
{
struct superblock_security_struct *sbsec = sb->s_security;
@@ -498,22 +498,22 @@ static int sb_finish_set_opts(struct super_block *sb)
/* Make sure that the xattr handler exists and that no
error other than -ENODATA is returned by getxattr on
the root directory. -ENODATA is ok, as this may be
- the first boot of the SELinux kernel before we have
+ the first boot of the NSALinux kernel before we have
assigned xattr values to the filesystem. */
if (!root_inode->i_op->getxattr) {
- printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
+ printk(KERN_WARNING "NSALinux: (dev %s, type %s) has no "
"xattr support\n", sb->s_id, sb->s_type->name);
rc = -EOPNOTSUPP;
goto out;
}
- rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
+ rc = root_inode->i_op->getxattr(root, XATTR_NAME_NSALINUX, NULL, 0);
if (rc < 0 && rc != -ENODATA) {
if (rc == -EOPNOTSUPP)
- printk(KERN_WARNING "SELinux: (dev %s, type "
+ printk(KERN_WARNING "NSALinux: (dev %s, type "
"%s) has no security xattr handler\n",
sb->s_id, sb->s_type->name);
else
- printk(KERN_WARNING "SELinux: (dev %s, type "
+ printk(KERN_WARNING "NSALinux: (dev %s, type "
"%s) getxattr errno %d\n", sb->s_id,
sb->s_type->name, -rc);
goto out;
@@ -521,11 +521,11 @@ static int sb_finish_set_opts(struct super_block *sb)
}
if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
- printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
+ printk(KERN_ERR "NSALinux: initialized (dev %s, type %s), unknown behavior\n",
sb->s_id, sb->s_type->name);
sbsec->flags |= SE_SBINITIALIZED;
- if (selinux_is_sblabel_mnt(sb))
+ if (nsalinux_is_sblabel_mnt(sb))
sbsec->flags |= SBLABEL_MNT;
/* Initialize the root inode. */
@@ -563,7 +563,7 @@ out:
* options were so it can use those later for submounts, displaying
* mount options, or whatever.
*/
-static int selinux_get_mnt_opts(const struct super_block *sb,
+static int nsalinux_get_mnt_opts(const struct super_block *sb,
struct security_mnt_opts *opts)
{
int rc = 0, i;
@@ -676,7 +676,7 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag,
* Allow filesystems with binary mount data to explicitly set mount point
* labeling information.
*/
-static int selinux_set_mnt_opts(struct super_block *sb,
+static int nsalinux_set_mnt_opts(struct super_block *sb,
struct security_mnt_opts *opts,
unsigned long kern_flags,
unsigned long *set_kern_flags)
@@ -697,13 +697,13 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (!ss_initialized) {
if (!num_opts) {
- /* Defer initialization until selinux_complete_init,
+ /* Defer initialization until nsalinux_complete_init,
after the initial policy is loaded and the security
server is ready to handle calls. */
goto out;
}
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: Unable to set superblock options "
+ printk(KERN_WARNING "NSALinux: Unable to set superblock options "
"before the security server is initialized\n");
goto out;
}
@@ -741,7 +741,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
continue;
rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
if (rc) {
- printk(KERN_WARNING "SELinux: security_context_str_to_sid"
+ printk(KERN_WARNING "NSALinux: security_context_str_to_sid"
"(%s) failed for (dev %s, type %s) errno=%d\n",
mount_options[i], sb->s_id, name, rc);
goto out;
@@ -873,7 +873,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
sbsec->behavior != SECURITY_FS_USE_NATIVE) {
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: defcontext option is "
+ printk(KERN_WARNING "NSALinux: defcontext option is "
"invalid for this filesystem type\n");
goto out;
}
@@ -894,12 +894,12 @@ out:
return rc;
out_double_mount:
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
+ printk(KERN_WARNING "NSALinux: mount invalid. Same superblock, different "
"security settings for (dev %s, type %s)\n", sb->s_id, name);
goto out;
}
-static int selinux_cmp_sb_context(const struct super_block *oldsb,
+static int nsalinux_cmp_sb_context(const struct super_block *oldsb,
const struct super_block *newsb)
{
struct superblock_security_struct *old = oldsb->s_security;
@@ -923,13 +923,13 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb,
}
return 0;
mismatch:
- printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
+ printk(KERN_WARNING "NSALinux: mount invalid. Same superblock, "
"different security settings for (dev %s, "
"type %s)\n", newsb->s_id, newsb->s_type->name);
return -EBUSY;
}
-static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
+static int nsalinux_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb)
{
const struct superblock_security_struct *oldsbsec = oldsb->s_security;
@@ -951,7 +951,7 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
/* if fs is reusing a sb, make sure that the contexts match */
if (newsbsec->flags & SE_SBINITIALIZED)
- return selinux_cmp_sb_context(oldsb, newsb);
+ return nsalinux_cmp_sb_context(oldsb, newsb);
mutex_lock(&newsbsec->lock);
@@ -984,7 +984,7 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
return 0;
}
-static int selinux_parse_opts_str(char *options,
+static int nsalinux_parse_opts_str(char *options,
struct security_mnt_opts *opts)
{
char *p;
@@ -1060,7 +1060,7 @@ static int selinux_parse_opts_str(char *options,
break;
default:
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: unknown mount option\n");
+ printk(KERN_WARNING "NSALinux: unknown mount option\n");
goto out_err;
}
@@ -1120,19 +1120,19 @@ static int superblock_doinit(struct super_block *sb, void *data)
BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
- rc = selinux_parse_opts_str(options, &opts);
+ rc = nsalinux_parse_opts_str(options, &opts);
if (rc)
goto out_err;
out:
- rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
+ rc = nsalinux_set_mnt_opts(sb, &opts, 0, NULL);
out_err:
security_free_mnt_opts(&opts);
return rc;
}
-static void selinux_write_opts(struct seq_file *m,
+static void nsalinux_write_opts(struct seq_file *m,
struct security_mnt_opts *opts)
{
int i;
@@ -1178,12 +1178,12 @@ static void selinux_write_opts(struct seq_file *m,
}
}
-static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
+static int nsalinux_sb_show_options(struct seq_file *m, struct super_block *sb)
{
struct security_mnt_opts opts;
int rc;
- rc = selinux_get_mnt_opts(sb, &opts);
+ rc = nsalinux_get_mnt_opts(sb, &opts);
if (rc) {
/* before policy load we may get EINVAL, don't show anything */
if (rc == -EINVAL)
@@ -1191,7 +1191,7 @@ static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
return rc;
}
- selinux_write_opts(m, &opts);
+ nsalinux_write_opts(m, &opts);
security_free_mnt_opts(&opts);
@@ -1272,8 +1272,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
return SECCLASS_NETLINK_NFLOG_SOCKET;
case NETLINK_XFRM:
return SECCLASS_NETLINK_XFRM_SOCKET;
- case NETLINK_SELINUX:
- return SECCLASS_NETLINK_SELINUX_SOCKET;
+ case NETLINK_NSALINUX:
+ return SECCLASS_NETLINK_NSALINUX_SOCKET;
case NETLINK_ISCSI:
return SECCLASS_NETLINK_ISCSI_SOCKET;
case NETLINK_AUDIT:
@@ -1310,7 +1310,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
return SECCLASS_SOCKET;
}
-static int selinux_genfs_get_sid(struct dentry *dentry,
+static int nsalinux_genfs_get_sid(struct dentry *dentry,
u16 tclass,
u16 flags,
u32 *sid)
@@ -1329,7 +1329,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
else {
if (flags & SE_SBPROC) {
/* each process gets a /proc/PID/ entry. Strip off the
- * PID part to get a valid selinux labeling.
+ * PID part to get a valid nsalinux labeling.
* e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
while (path[1] >= '0' && path[1] <= '9') {
path[1] = '/';
@@ -1363,7 +1363,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
sbsec = inode->i_sb->s_security;
if (!(sbsec->flags & SE_SBINITIALIZED)) {
- /* Defer initialization until selinux_complete_init,
+ /* Defer initialization until nsalinux_complete_init,
after the initial policy is loaded and the security
server is ready to handle calls. */
spin_lock(&sbsec->isec_lock);
@@ -1388,7 +1388,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
/* Called from d_instantiate or d_splice_alias. */
dentry = dget(opt_dentry);
} else {
- /* Called from selinux_complete_init, try to find a dentry. */
+ /* Called from nsalinux_complete_init, try to find a dentry. */
dentry = d_find_alias(inode);
}
if (!dentry) {
@@ -1412,13 +1412,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
goto out_unlock;
}
context[len] = '\0';
- rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
+ rc = inode->i_op->getxattr(dentry, XATTR_NAME_NSALINUX,
context, len);
if (rc == -ERANGE) {
kfree(context);
/* Need a larger buffer. Query for the right size. */
- rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
+ rc = inode->i_op->getxattr(dentry, XATTR_NAME_NSALINUX,
NULL, 0);
if (rc < 0) {
dput(dentry);
@@ -1433,13 +1433,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
}
context[len] = '\0';
rc = inode->i_op->getxattr(dentry,
- XATTR_NAME_SELINUX,
+ XATTR_NAME_NSALINUX,
context, len);
}
dput(dentry);
if (rc < 0) {
if (rc != -ENODATA) {
- printk(KERN_WARNING "SELinux: %s: getxattr returned "
+ printk(KERN_WARNING "NSALinux: %s: getxattr returned "
"%d for dev=%s ino=%ld\n", __func__,
-rc, inode->i_sb->s_id, inode->i_ino);
kfree(context);
@@ -1458,11 +1458,11 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
if (rc == -EINVAL) {
if (printk_ratelimit())
- printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
+ printk(KERN_NOTICE "NSALinux: inode=%lu on dev=%s was found to have an invalid "
"context=%s. This indicates you may need to relabel the inode or the "
"filesystem in question.\n", ino, dev, context);
} else {
- printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
+ printk(KERN_WARNING "NSALinux: %s: context_to_sid(%s) "
"returned %d for dev=%s ino=%ld\n",
__func__, context, -rc, dev, ino);
}
@@ -1505,7 +1505,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* d_splice_alias. */
dentry = dget(opt_dentry);
else
- /* Called from selinux_complete_init, try to
+ /* Called from nsalinux_complete_init, try to
* find a dentry. */
dentry = d_find_alias(inode);
/*
@@ -1520,7 +1520,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
if (!dentry)
goto out_unlock;
isec->sclass = inode_mode_to_security_class(inode->i_mode);
- rc = selinux_genfs_get_sid(dentry, isec->sclass,
+ rc = nsalinux_genfs_get_sid(dentry, isec->sclass,
sbsec->flags, &sid);
dput(dentry);
if (rc)
@@ -1617,7 +1617,7 @@ static int current_has_perm(const struct task_struct *tsk,
}
#if CAP_LAST_CAP > 63
-#error Fix SELinux to handle capabilities > 63.
+#error Fix NSALinux to handle capabilities > 63.
#endif
/* Check whether a task is allowed to use a capability. */
@@ -1643,7 +1643,7 @@ static int cred_has_capability(const struct cred *cred,
break;
default:
printk(KERN_ERR
- "SELinux: out of range capability %d\n", cap);
+ "NSALinux: out of range capability %d\n", cap);
BUG();
return -EINVAL;
}
@@ -1775,7 +1775,7 @@ out:
/*
* Determine the label for an inode that might be unioned.
*/
-static int selinux_determine_inode_label(struct inode *dir,
+static int nsalinux_determine_inode_label(struct inode *dir,
const struct qstr *name,
u16 tclass,
u32 *_new_isid)
@@ -1824,7 +1824,7 @@ static int may_create(struct inode *dir,
if (rc)
return rc;
- rc = selinux_determine_inode_label(dir, &dentry->d_name, tclass,
+ rc = nsalinux_determine_inode_label(dir, &dentry->d_name, tclass,
&newsid);
if (rc)
return rc;
@@ -1886,7 +1886,7 @@ static int may_link(struct inode *dir,
av = DIR__RMDIR;
break;
default:
- printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
+ printk(KERN_WARNING "NSALinux: %s: unrecognized kind %d\n",
__func__, kind);
return 0;
}
@@ -2022,7 +2022,7 @@ static inline u32 open_file_to_av(struct file *file)
{
u32 av = file_to_av(file);
- if (selinux_policycap_openperm)
+ if (nsalinux_policycap_openperm)
av |= FILE__OPEN;
return av;
@@ -2030,7 +2030,7 @@ static inline u32 open_file_to_av(struct file *file)
/* Hook functions begin here. */
-static int selinux_binder_set_context_mgr(struct task_struct *mgr)
+static int nsalinux_binder_set_context_mgr(struct task_struct *mgr)
{
u32 mysid = current_sid();
u32 mgrsid = task_sid(mgr);
@@ -2039,7 +2039,7 @@ static int selinux_binder_set_context_mgr(struct task_struct *mgr)
BINDER__SET_CONTEXT_MGR, NULL);
}
-static int selinux_binder_transaction(struct task_struct *from,
+static int nsalinux_binder_transaction(struct task_struct *from,
struct task_struct *to)
{
u32 mysid = current_sid();
@@ -2058,7 +2058,7 @@ static int selinux_binder_transaction(struct task_struct *from,
NULL);
}
-static int selinux_binder_transfer_binder(struct task_struct *from,
+static int nsalinux_binder_transfer_binder(struct task_struct *from,
struct task_struct *to)
{
u32 fromsid = task_sid(from);
@@ -2068,7 +2068,7 @@ static int selinux_binder_transfer_binder(struct task_struct *from,
NULL);
}
-static int selinux_binder_transfer_file(struct task_struct *from,
+static int nsalinux_binder_transfer_file(struct task_struct *from,
struct task_struct *to,
struct file *file)
{
@@ -2098,7 +2098,7 @@ static int selinux_binder_transfer_file(struct task_struct *from,
&ad);
}
-static int selinux_ptrace_access_check(struct task_struct *child,
+static int nsalinux_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
if (mode & PTRACE_MODE_READ) {
@@ -2110,18 +2110,18 @@ static int selinux_ptrace_access_check(struct task_struct *child,
return current_has_perm(child, PROCESS__PTRACE);
}
-static int selinux_ptrace_traceme(struct task_struct *parent)
+static int nsalinux_ptrace_traceme(struct task_struct *parent)
{
return task_has_perm(parent, current, PROCESS__PTRACE);
}
-static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
+static int nsalinux_capget(struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
{
return current_has_perm(target, PROCESS__GETCAP);
}
-static int selinux_capset(struct cred *new, const struct cred *old,
+static int nsalinux_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *effective,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted)
@@ -2130,22 +2130,22 @@ static int selinux_capset(struct cred *new, const struct cred *old,
}
/*
- * (This comment used to live with the selinux_task_setuid hook,
+ * (This comment used to live with the nsalinux_task_setuid hook,
* which was removed).
*
- * Since setuid only affects the current process, and since the SELinux
- * controls are not based on the Linux identity attributes, SELinux does not
- * need to control this operation. However, SELinux does control the use of
+ * Since setuid only affects the current process, and since the NSALinux
+ * controls are not based on the Linux identity attributes, NSALinux does not
+ * need to control this operation. However, NSALinux does control the use of
* the CAP_SETUID and CAP_SETGID capabilities using the capable hook.
*/
-static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
+static int nsalinux_capable(const struct cred *cred, struct user_namespace *ns,
int cap, int audit)
{
return cred_has_capability(cred, cap, audit);
}
-static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
+static int nsalinux_quotactl(int cmds, int type, int id, struct super_block *sb)
{
const struct cred *cred = current_cred();
int rc = 0;
@@ -2173,14 +2173,14 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
return rc;
}
-static int selinux_quota_on(struct dentry *dentry)
+static int nsalinux_quota_on(struct dentry *dentry)
{
const struct cred *cred = current_cred();
return dentry_has_perm(cred, dentry, FILE__QUOTAON);
}
-static int selinux_syslog(int type)
+static int nsalinux_syslog(int type)
{
int rc;
@@ -2212,10 +2212,10 @@ static int selinux_syslog(int type)
* mapping. 0 means there is enough memory for the allocation to
* succeed and -ENOMEM implies there is not.
*
- * Do not audit the selinux permission check, as this is applied to all
+ * Do not audit the nsalinux permission check, as this is applied to all
* processes that allocate mappings.
*/
-static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
+static int nsalinux_vm_enough_memory(struct mm_struct *mm, long pages)
{
int rc, cap_sys_admin = 0;
@@ -2264,7 +2264,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
return 0;
}
-static int selinux_bprm_set_creds(struct linux_binprm *bprm)
+static int nsalinux_bprm_set_creds(struct linux_binprm *bprm)
{
const struct task_security_struct *old_tsec;
struct task_security_struct *new_tsec;
@@ -2273,7 +2273,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
struct inode *inode = file_inode(bprm->file);
int rc;
- /* SELinux context only depends on initial program or script and not
+ /* NSALinux context only depends on initial program or script and not
* the script interpreter */
if (bprm->cred_prepared)
return 0;
@@ -2378,7 +2378,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
return 0;
}
-static int selinux_bprm_secureexec(struct linux_binprm *bprm)
+static int nsalinux_bprm_secureexec(struct linux_binprm *bprm)
{
const struct task_security_struct *tsec = current_security();
u32 sid, osid;
@@ -2442,7 +2442,7 @@ static inline void flush_unauthorized_files(const struct cred *cred,
if (!n) /* none found? */
return;
- devnull = dentry_open(&selinux_null, O_RDWR, cred);
+ devnull = dentry_open(&nsalinux_null, O_RDWR, cred);
if (IS_ERR(devnull))
devnull = NULL;
/* replace all the matching ones with this */
@@ -2456,7 +2456,7 @@ static inline void flush_unauthorized_files(const struct cred *cred,
/*
* Prepare a process for imminent new credential changes due to exec
*/
-static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
+static void nsalinux_bprm_committing_creds(struct linux_binprm *bprm)
{
struct task_security_struct *new_tsec;
struct rlimit *rlim, *initrlim;
@@ -2501,7 +2501,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
* Clean up the process immediately after the installation of new credentials
* due to exec
*/
-static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
+static void nsalinux_bprm_committed_creds(struct linux_binprm *bprm)
{
const struct task_security_struct *tsec = current_security();
struct itimerval itimer;
@@ -2546,12 +2546,12 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
/* superblock security operations */
-static int selinux_sb_alloc_security(struct super_block *sb)
+static int nsalinux_sb_alloc_security(struct super_block *sb)
{
return superblock_alloc_security(sb);
}
-static void selinux_sb_free_security(struct super_block *sb)
+static void nsalinux_sb_free_security(struct super_block *sb)
{
superblock_free_security(sb);
}
@@ -2564,7 +2564,7 @@ static inline int match_prefix(char *prefix, int plen, char *option, int olen)
return !memcmp(prefix, option, plen);
}
-static inline int selinux_option(char *option, int len)
+static inline int nsalinux_option(char *option, int len)
{
return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
@@ -2584,7 +2584,7 @@ static inline void take_option(char **to, char *from, int *first, int len)
*to += len;
}
-static inline void take_selinux_option(char **to, char *from, int *first,
+static inline void take_nsalinux_option(char **to, char *from, int *first,
int len)
{
int current_size = 0;
@@ -2605,7 +2605,7 @@ static inline void take_selinux_option(char **to, char *from, int *first,
}
}
-static int selinux_sb_copy_data(char *orig, char *copy)
+static int nsalinux_sb_copy_data(char *orig, char *copy)
{
int fnosec, fsec, rc = 0;
char *in_save, *in_curr, *in_end;
@@ -2632,8 +2632,8 @@ static int selinux_sb_copy_data(char *orig, char *copy)
*in_end == '\0') {
int len = in_end - in_curr;
- if (selinux_option(in_curr, len))
- take_selinux_option(&sec_curr, in_curr, &fsec, len);
+ if (nsalinux_option(in_curr, len))
+ take_nsalinux_option(&sec_curr, in_curr, &fsec, len);
else
take_option(&nosec, in_curr, &fnosec, len);
@@ -2647,7 +2647,7 @@ out:
return rc;
}
-static int selinux_sb_remount(struct super_block *sb, void *data)
+static int nsalinux_sb_remount(struct super_block *sb, void *data)
{
int rc, i, *flags;
struct security_mnt_opts opts;
@@ -2667,11 +2667,11 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
secdata = alloc_secdata();
if (!secdata)
return -ENOMEM;
- rc = selinux_sb_copy_data(data, secdata);
+ rc = nsalinux_sb_copy_data(data, secdata);
if (rc)
goto out_free_secdata;
- rc = selinux_parse_opts_str(secdata, &opts);
+ rc = nsalinux_parse_opts_str(secdata, &opts);
if (rc)
goto out_free_secdata;
@@ -2685,7 +2685,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
continue;
rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
if (rc) {
- printk(KERN_WARNING "SELinux: security_context_str_to_sid"
+ printk(KERN_WARNING "NSALinux: security_context_str_to_sid"
"(%s) failed for (dev %s, type %s) errno=%d\n",
mount_options[i], sb->s_id, sb->s_type->name, rc);
goto out_free_opts;
@@ -2724,13 +2724,13 @@ out_free_secdata:
free_secdata(secdata);
return rc;
out_bad_option:
- printk(KERN_WARNING "SELinux: unable to change security options "
+ printk(KERN_WARNING "NSALinux: unable to change security options "
"during remount (dev %s, type=%s)\n", sb->s_id,
sb->s_type->name);
goto out_free_opts;
}
-static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
+static int nsalinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
const struct cred *cred = current_cred();
struct common_audit_data ad;
@@ -2749,7 +2749,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
}
-static int selinux_sb_statfs(struct dentry *dentry)
+static int nsalinux_sb_statfs(struct dentry *dentry)
{
const struct cred *cred = current_cred();
struct common_audit_data ad;
@@ -2759,7 +2759,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
}
-static int selinux_mount(const char *dev_name,
+static int nsalinux_mount(const char *dev_name,
struct path *path,
const char *type,
unsigned long flags,
@@ -2774,7 +2774,7 @@ static int selinux_mount(const char *dev_name,
return path_has_perm(cred, path, FILE__MOUNTON);
}
-static int selinux_umount(struct vfsmount *mnt, int flags)
+static int nsalinux_umount(struct vfsmount *mnt, int flags)
{
const struct cred *cred = current_cred();
@@ -2784,24 +2784,24 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
/* inode security operations */
-static int selinux_inode_alloc_security(struct inode *inode)
+static int nsalinux_inode_alloc_security(struct inode *inode)
{
return inode_alloc_security(inode);
}
-static void selinux_inode_free_security(struct inode *inode)
+static void nsalinux_inode_free_security(struct inode *inode)
{
inode_free_security(inode);
}
-static int selinux_dentry_init_security(struct dentry *dentry, int mode,
+static int nsalinux_dentry_init_security(struct dentry *dentry, int mode,
struct qstr *name, void **ctx,
u32 *ctxlen)
{
u32 newsid;
int rc;
- rc = selinux_determine_inode_label(d_inode(dentry->d_parent), name,
+ rc = nsalinux_determine_inode_label(d_inode(dentry->d_parent), name,
inode_mode_to_security_class(mode),
&newsid);
if (rc)
@@ -2810,7 +2810,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
return security_sid_to_context(newsid, (char **)ctx, ctxlen);
}
-static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
+static int nsalinux_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr,
const char **name,
void **value, size_t *len)
@@ -2826,14 +2826,14 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
sid = tsec->sid;
newsid = tsec->create_sid;
- rc = selinux_determine_inode_label(
+ rc = nsalinux_determine_inode_label(
dir, qstr,
inode_mode_to_security_class(inode->i_mode),
&newsid);
if (rc)
return rc;
- /* Possibly defer initialization to selinux_complete_init. */
+ /* Possibly defer initialization to nsalinux_complete_init. */
if (sbsec->flags & SE_SBINITIALIZED) {
struct inode_security_struct *isec = inode->i_security;
isec->sclass = inode_mode_to_security_class(inode->i_mode);
@@ -2845,7 +2845,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
return -EOPNOTSUPP;
if (name)
- *name = XATTR_SELINUX_SUFFIX;
+ *name = XATTR_NSALINUX_SUFFIX;
if (value && len) {
rc = security_sid_to_context_force(newsid, &context, &clen);
@@ -2858,55 +2858,55 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
return 0;
}
-static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
+static int nsalinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
{
return may_create(dir, dentry, SECCLASS_FILE);
}
-static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
+static int nsalinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
{
return may_link(dir, old_dentry, MAY_LINK);
}
-static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
+static int nsalinux_inode_unlink(struct inode *dir, struct dentry *dentry)
{
return may_link(dir, dentry, MAY_UNLINK);
}
-static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
+static int nsalinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
{
return may_create(dir, dentry, SECCLASS_LNK_FILE);
}
-static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
+static int nsalinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
{
return may_create(dir, dentry, SECCLASS_DIR);
}
-static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
+static int nsalinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
{
return may_link(dir, dentry, MAY_RMDIR);
}
-static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
+static int nsalinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
return may_create(dir, dentry, inode_mode_to_security_class(mode));
}
-static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
+static int nsalinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
struct inode *new_inode, struct dentry *new_dentry)
{
return may_rename(old_inode, old_dentry, new_inode, new_dentry);
}
-static int selinux_inode_readlink(struct dentry *dentry)
+static int nsalinux_inode_readlink(struct dentry *dentry)
{
const struct cred *cred = current_cred();
return dentry_has_perm(cred, dentry, FILE__READ);
}
-static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
+static int nsalinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
{
const struct cred *cred = current_cred();
@@ -2946,7 +2946,7 @@ static noinline int audit_inode_permission(struct inode *inode,
return 0;
}
-static int selinux_inode_permission(struct inode *inode, int mask)
+static int nsalinux_inode_permission(struct inode *inode, int mask)
{
const struct cred *cred = current_cred();
u32 perms;
@@ -2990,7 +2990,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
return rc;
}
-static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+static int nsalinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
{
const struct cred *cred = current_cred();
unsigned int ia_valid = iattr->ia_valid;
@@ -3008,19 +3008,19 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
return dentry_has_perm(cred, dentry, FILE__SETATTR);
- if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)
+ if (nsalinux_policycap_openperm && (ia_valid & ATTR_SIZE)
&& !(ia_valid & ATTR_FILE))
av |= FILE__OPEN;
return dentry_has_perm(cred, dentry, av);
}
-static int selinux_inode_getattr(const struct path *path)
+static int nsalinux_inode_getattr(const struct path *path)
{
return path_has_perm(current_cred(), path, FILE__GETATTR);
}
-static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
+static int nsalinux_inode_setotherxattr(struct dentry *dentry, const char *name)
{
const struct cred *cred = current_cred();
@@ -3041,7 +3041,7 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
return dentry_has_perm(cred, dentry, FILE__SETATTR);
}
-static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
+static int nsalinux_inode_setxattr(struct dentry *dentry, const char *name,
const void *value, size_t size, int flags)
{
struct inode *inode = d_backing_inode(dentry);
@@ -3051,8 +3051,8 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
u32 newsid, sid = current_sid();
int rc = 0;
- if (strcmp(name, XATTR_NAME_SELINUX))
- return selinux_inode_setotherxattr(dentry, name);
+ if (strcmp(name, XATTR_NAME_NSALINUX))
+ return nsalinux_inode_setotherxattr(dentry, name);
sbsec = inode->i_sb->s_security;
if (!(sbsec->flags & SBLABEL_MNT))
@@ -3088,7 +3088,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
str = "";
audit_size = 0;
}
- ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
+ ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_NSALINUX_ERR);
audit_log_format(ab, "op=setxattr invalid_context=");
audit_log_n_untrustedstring(ab, value, audit_size);
audit_log_end(ab);
@@ -3117,7 +3117,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
&ad);
}
-static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
+static void nsalinux_inode_post_setxattr(struct dentry *dentry, const char *name,
const void *value, size_t size,
int flags)
{
@@ -3126,14 +3126,14 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
u32 newsid;
int rc;
- if (strcmp(name, XATTR_NAME_SELINUX)) {
+ if (strcmp(name, XATTR_NAME_NSALINUX)) {
/* Not an attribute we recognize, so nothing to do. */
return;
}
rc = security_context_to_sid_force(value, size, &newsid);
if (rc) {
- printk(KERN_ERR "SELinux: unable to map context to SID"
+ printk(KERN_ERR "NSALinux: unable to map context to SID"
"for (%s, %lu), rc=%d\n",
inode->i_sb->s_id, inode->i_ino, -rc);
return;
@@ -3146,26 +3146,26 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
return;
}
-static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
+static int nsalinux_inode_getxattr(struct dentry *dentry, const char *name)
{
const struct cred *cred = current_cred();
return dentry_has_perm(cred, dentry, FILE__GETATTR);
}
-static int selinux_inode_listxattr(struct dentry *dentry)
+static int nsalinux_inode_listxattr(struct dentry *dentry)
{
const struct cred *cred = current_cred();
return dentry_has_perm(cred, dentry, FILE__GETATTR);
}
-static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
+static int nsalinux_inode_removexattr(struct dentry *dentry, const char *name)
{
- if (strcmp(name, XATTR_NAME_SELINUX))
- return selinux_inode_setotherxattr(dentry, name);
+ if (strcmp(name, XATTR_NAME_NSALINUX))
+ return nsalinux_inode_setotherxattr(dentry, name);
- /* No one is allowed to remove a SELinux security label.
+ /* No one is allowed to remove a NSALinux security label.
You can change the label, but all data must be labeled. */
return -EACCES;
}
@@ -3173,16 +3173,16 @@ static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
/*
* Copy the inode security context value to the user.
*
- * Permission check is handled by selinux_inode_getxattr hook.
+ * Permission check is handled by nsalinux_inode_getxattr hook.
*/
-static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
+static int nsalinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
{
u32 size;
int error;
char *context = NULL;
struct inode_security_struct *isec = inode_security(inode);
- if (strcmp(name, XATTR_SELINUX_SUFFIX))
+ if (strcmp(name, XATTR_NSALINUX_SUFFIX))
return -EOPNOTSUPP;
/*
@@ -3216,14 +3216,14 @@ out_nofree:
return error;
}
-static int selinux_inode_setsecurity(struct inode *inode, const char *name,
+static int nsalinux_inode_setsecurity(struct inode *inode, const char *name,
const void *value, size_t size, int flags)
{
struct inode_security_struct *isec = inode_security(inode);
u32 newsid;
int rc;
- if (strcmp(name, XATTR_SELINUX_SUFFIX))
+ if (strcmp(name, XATTR_NSALINUX_SUFFIX))
return -EOPNOTSUPP;
if (!value || !size)
@@ -3239,15 +3239,15 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
return 0;
}
-static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
+static int nsalinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
{
- const int len = sizeof(XATTR_NAME_SELINUX);
+ const int len = sizeof(XATTR_NAME_NSALINUX);
if (buffer && len <= buffer_size)
- memcpy(buffer, XATTR_NAME_SELINUX, len);
+ memcpy(buffer, XATTR_NAME_NSALINUX, len);
return len;
}
-static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
+static void nsalinux_inode_getsecid(struct inode *inode, u32 *secid)
{
struct inode_security_struct *isec = inode_security_novalidate(inode);
*secid = isec->sid;
@@ -3255,7 +3255,7 @@ static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
/* file security operations */
-static int selinux_revalidate_file_permission(struct file *file, int mask)
+static int nsalinux_revalidate_file_permission(struct file *file, int mask)
{
const struct cred *cred = current_cred();
struct inode *inode = file_inode(file);
@@ -3268,7 +3268,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
file_mask_to_av(inode->i_mode, mask));
}
-static int selinux_file_permission(struct file *file, int mask)
+static int nsalinux_file_permission(struct file *file, int mask)
{
struct inode *inode = file_inode(file);
struct file_security_struct *fsec = file->f_security;
@@ -3285,15 +3285,15 @@ static int selinux_file_permission(struct file *file, int mask)
/* No change since file_open check. */
return 0;
- return selinux_revalidate_file_permission(file, mask);
+ return nsalinux_revalidate_file_permission(file, mask);
}
-static int selinux_file_alloc_security(struct file *file)
+static int nsalinux_file_alloc_security(struct file *file)
{
return file_alloc_security(file);
}
-static void selinux_file_free_security(struct file *file)
+static void nsalinux_file_free_security(struct file *file)
{
file_free_security(file);
}
@@ -3338,7 +3338,7 @@ out:
return rc;
}
-static int selinux_file_ioctl(struct file *file, unsigned int cmd,
+static int nsalinux_file_ioctl(struct file *file, unsigned int cmd,
unsigned long arg)
{
const struct cred *cred = current_cred();
@@ -3423,7 +3423,7 @@ error:
return rc;
}
-static int selinux_mmap_addr(unsigned long addr)
+static int nsalinux_mmap_addr(unsigned long addr)
{
int rc = 0;
@@ -3436,23 +3436,23 @@ static int selinux_mmap_addr(unsigned long addr)
return rc;
}
-static int selinux_mmap_file(struct file *file, unsigned long reqprot,
+static int nsalinux_mmap_file(struct file *file, unsigned long reqprot,
unsigned long prot, unsigned long flags)
{
- if (selinux_checkreqprot)
+ if (nsalinux_checkreqprot)
prot = reqprot;
return file_map_prot_check(file, prot,
(flags & MAP_TYPE) == MAP_SHARED);
}
-static int selinux_file_mprotect(struct vm_area_struct *vma,
+static int nsalinux_file_mprotect(struct vm_area_struct *vma,
unsigned long reqprot,
unsigned long prot)
{
const struct cred *cred = current_cred();
- if (selinux_checkreqprot)
+ if (nsalinux_checkreqprot)
prot = reqprot;
if (default_noexec &&
@@ -3482,14 +3482,14 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
}
-static int selinux_file_lock(struct file *file, unsigned int cmd)
+static int nsalinux_file_lock(struct file *file, unsigned int cmd)
{
const struct cred *cred = current_cred();
return file_has_perm(cred, file, FILE__LOCK);
}
-static int selinux_file_fcntl(struct file *file, unsigned int cmd,
+static int nsalinux_file_fcntl(struct file *file, unsigned int cmd,
unsigned long arg)
{
const struct cred *cred = current_cred();
@@ -3529,7 +3529,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
return err;
}
-static void selinux_file_set_fowner(struct file *file)
+static void nsalinux_file_set_fowner(struct file *file)
{
struct file_security_struct *fsec;
@@ -3537,7 +3537,7 @@ static void selinux_file_set_fowner(struct file *file)
fsec->fown_sid = current_sid();
}
-static int selinux_file_send_sigiotask(struct task_struct *tsk,
+static int nsalinux_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int signum)
{
struct file *file;
@@ -3559,14 +3559,14 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
SECCLASS_PROCESS, perm, NULL);
}
-static int selinux_file_receive(struct file *file)
+static int nsalinux_file_receive(struct file *file)
{
const struct cred *cred = current_cred();
return file_has_perm(cred, file, file_to_av(file));
}
-static int selinux_file_open(struct file *file, const struct cred *cred)
+static int nsalinux_file_open(struct file *file, const struct cred *cred)
{
struct file_security_struct *fsec;
struct inode_security_struct *isec;
@@ -3575,7 +3575,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
isec = inode_security(file_inode(file));
/*
* Save inode label and policy sequence number
- * at open-time so that selinux_file_permission
+ * at open-time so that nsalinux_file_permission
* can determine whether revalidation is necessary.
* Task label is already saved in the file security
* struct as its SID.
@@ -3584,7 +3584,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
fsec->pseqno = avc_policy_seqno();
/*
* Since the inode label or policy seqno may have changed
- * between the selinux_inode_permission check and the saving
+ * between the nsalinux_inode_permission check and the saving
* of state above, recheck that access is still permitted.
* Otherwise, access might never be revalidated against the
* new inode label or new policy.
@@ -3595,15 +3595,15 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
/* task security operations */
-static int selinux_task_create(unsigned long clone_flags)
+static int nsalinux_task_create(unsigned long clone_flags)
{
return current_has_perm(current, PROCESS__FORK);
}
/*
- * allocate the SELinux part of blank credentials
+ * allocate the NSALinux part of blank credentials
*/
-static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
+static int nsalinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
struct task_security_struct *tsec;
@@ -3618,7 +3618,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
/*
* detach and free the LSM part of a set of credentials
*/
-static void selinux_cred_free(struct cred *cred)
+static void nsalinux_cred_free(struct cred *cred)
{
struct task_security_struct *tsec = cred->security;
@@ -3634,7 +3634,7 @@ static void selinux_cred_free(struct cred *cred)
/*
* prepare a new set of credentials for modification
*/
-static int selinux_cred_prepare(struct cred *new, const struct cred *old,
+static int nsalinux_cred_prepare(struct cred *new, const struct cred *old,
gfp_t gfp)
{
const struct task_security_struct *old_tsec;
@@ -3651,9 +3651,9 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old,
}
/*
- * transfer the SELinux data to a blank set of creds
+ * transfer the NSALinux data to a blank set of creds
*/
-static void selinux_cred_transfer(struct cred *new, const struct cred *old)
+static void nsalinux_cred_transfer(struct cred *new, const struct cred *old)
{
const struct task_security_struct *old_tsec = old->security;
struct task_security_struct *tsec = new->security;
@@ -3665,7 +3665,7 @@ static void selinux_cred_transfer(struct cred *new, const struct cred *old)
* set the security data for a kernel service
* - all the creation contexts are set to unlabelled
*/
-static int selinux_kernel_act_as(struct cred *new, u32 secid)
+static int nsalinux_kernel_act_as(struct cred *new, u32 secid)
{
struct task_security_struct *tsec = new->security;
u32 sid = current_sid();
@@ -3688,7 +3688,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid)
* set the file creation context in a security record to the same as the
* objective context of the specified inode
*/
-static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
+static int nsalinux_kernel_create_files_as(struct cred *new, struct inode *inode)
{
struct inode_security_struct *isec = inode_security(inode);
struct task_security_struct *tsec = new->security;
@@ -3705,7 +3705,7 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
return ret;
}
-static int selinux_kernel_module_request(char *kmod_name)
+static int nsalinux_kernel_module_request(char *kmod_name)
{
u32 sid;
struct common_audit_data ad;
@@ -3719,42 +3719,42 @@ static int selinux_kernel_module_request(char *kmod_name)
SYSTEM__MODULE_REQUEST, &ad);
}
-static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
+static int nsalinux_task_setpgid(struct task_struct *p, pid_t pgid)
{
return current_has_perm(p, PROCESS__SETPGID);
}
-static int selinux_task_getpgid(struct task_struct *p)
+static int nsalinux_task_getpgid(struct task_struct *p)
{
return current_has_perm(p, PROCESS__GETPGID);
}
-static int selinux_task_getsid(struct task_struct *p)
+static int nsalinux_task_getsid(struct task_struct *p)
{
return current_has_perm(p, PROCESS__GETSESSION);
}
-static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
+static void nsalinux_task_getsecid(struct task_struct *p, u32 *secid)
{
*secid = task_sid(p);
}
-static int selinux_task_setnice(struct task_struct *p, int nice)
+static int nsalinux_task_setnice(struct task_struct *p, int nice)
{
return current_has_perm(p, PROCESS__SETSCHED);
}
-static int selinux_task_setioprio(struct task_struct *p, int ioprio)
+static int nsalinux_task_setioprio(struct task_struct *p, int ioprio)
{
return current_has_perm(p, PROCESS__SETSCHED);
}
-static int selinux_task_getioprio(struct task_struct *p)
+static int nsalinux_task_getioprio(struct task_struct *p)
{
return current_has_perm(p, PROCESS__GETSCHED);
}
-static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
+static int nsalinux_task_setrlimit(struct task_struct *p, unsigned int resource,
struct rlimit *new_rlim)
{
struct rlimit *old_rlim = p->signal->rlim + resource;
@@ -3762,29 +3762,29 @@ static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
/* Control the ability to change the hard limit (whether
lowering or raising it), so that the hard limit can
later be used as a safe reset point for the soft limit
- upon context transitions. See selinux_bprm_committing_creds. */
+ upon context transitions. See nsalinux_bprm_committing_creds. */
if (old_rlim->rlim_max != new_rlim->rlim_max)
return current_has_perm(p, PROCESS__SETRLIMIT);
return 0;
}
-static int selinux_task_setscheduler(struct task_struct *p)
+static int nsalinux_task_setscheduler(struct task_struct *p)
{
return current_has_perm(p, PROCESS__SETSCHED);
}
-static int selinux_task_getscheduler(struct task_struct *p)
+static int nsalinux_task_getscheduler(struct task_struct *p)
{
return current_has_perm(p, PROCESS__GETSCHED);
}
-static int selinux_task_movememory(struct task_struct *p)
+static int nsalinux_task_movememory(struct task_struct *p)
{
return current_has_perm(p, PROCESS__SETSCHED);
}
-static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
+static int nsalinux_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
u32 perm;
@@ -3802,12 +3802,12 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
return rc;
}
-static int selinux_task_wait(struct task_struct *p)
+static int nsalinux_task_wait(struct task_struct *p)
{
return task_has_perm(p, current, PROCESS__SIGCHLD);
}
-static void selinux_task_to_inode(struct task_struct *p,
+static void nsalinux_task_to_inode(struct task_struct *p,
struct inode *inode)
{
struct inode_security_struct *isec = inode->i_security;
@@ -3818,7 +3818,7 @@ static void selinux_task_to_inode(struct task_struct *p,
}
/* Returns error only if unable to parse addresses */
-static int selinux_parse_skb_ipv4(struct sk_buff *skb,
+static int nsalinux_parse_skb_ipv4(struct sk_buff *skb,
struct common_audit_data *ad, u8 *proto)
{
int offset, ihlen, ret = -EINVAL;
@@ -3899,7 +3899,7 @@ out:
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
/* Returns error only if unable to parse addresses */
-static int selinux_parse_skb_ipv6(struct sk_buff *skb,
+static int nsalinux_parse_skb_ipv6(struct sk_buff *skb,
struct common_audit_data *ad, u8 *proto)
{
u8 nexthdr;
@@ -3972,7 +3972,7 @@ out:
#endif /* IPV6 */
-static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
+static int nsalinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
char **_addrp, int src, u8 *proto)
{
char *addrp;
@@ -3980,7 +3980,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
switch (ad->u.net->family) {
case PF_INET:
- ret = selinux_parse_skb_ipv4(skb, ad, proto);
+ ret = nsalinux_parse_skb_ipv4(skb, ad, proto);
if (ret)
goto parse_error;
addrp = (char *)(src ? &ad->u.net->v4info.saddr :
@@ -3989,7 +3989,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
case PF_INET6:
- ret = selinux_parse_skb_ipv6(skb, ad, proto);
+ ret = nsalinux_parse_skb_ipv6(skb, ad, proto);
if (ret)
goto parse_error;
addrp = (char *)(src ? &ad->u.net->v6info.saddr :
@@ -4003,7 +4003,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
parse_error:
printk(KERN_WARNING
- "SELinux: failure in selinux_parse_skb(),"
+ "NSALinux: failure in nsalinux_parse_skb(),"
" unable to parse packet\n");
return ret;
@@ -4014,7 +4014,7 @@ okay:
}
/**
- * selinux_skb_peerlbl_sid - Determine the peer label of a packet
+ * nsalinux_skb_peerlbl_sid - Determine the peer label of a packet
* @skb: the packet
* @family: protocol family
* @sid: the packet's peer label SID
@@ -4028,24 +4028,24 @@ okay:
* peer labels.
*
*/
-static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
+static int nsalinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
{
int err;
u32 xfrm_sid;
u32 nlbl_sid;
u32 nlbl_type;
- err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
+ err = nsalinux_xfrm_skb_sid(skb, &xfrm_sid);
if (unlikely(err))
return -EACCES;
- err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
+ err = nsalinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
if (unlikely(err))
return -EACCES;
err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
if (unlikely(err)) {
printk(KERN_WARNING
- "SELinux: failure in selinux_skb_peerlbl_sid(),"
+ "NSALinux: failure in nsalinux_skb_peerlbl_sid(),"
" unable to determine packet's peer label\n");
return -EACCES;
}
@@ -4054,7 +4054,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
}
/**
- * selinux_conn_sid - Determine the child socket label for a connection
+ * nsalinux_conn_sid - Determine the child socket label for a connection
* @sk_sid: the parent socket's SID
* @skb_sid: the packet's SID
* @conn_sid: the resulting connection SID
@@ -4065,7 +4065,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
* of @sk_sid. Returns zero on success, negative values on failure.
*
*/
-static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
+static int nsalinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
{
int err = 0;
@@ -4108,7 +4108,7 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
}
-static int selinux_socket_create(int family, int type,
+static int nsalinux_socket_create(int family, int type,
int protocol, int kern)
{
const struct task_security_struct *tsec = current_security();
@@ -4127,7 +4127,7 @@ static int selinux_socket_create(int family, int type,
return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
}
-static int selinux_socket_post_create(struct socket *sock, int family,
+static int nsalinux_socket_post_create(struct socket *sock, int family,
int type, int protocol, int kern)
{
const struct task_security_struct *tsec = current_security();
@@ -4151,7 +4151,7 @@ static int selinux_socket_post_create(struct socket *sock, int family,
sksec = sock->sk->sk_security;
sksec->sid = isec->sid;
sksec->sclass = isec->sclass;
- err = selinux_netlbl_socket_post_create(sock->sk, family);
+ err = nsalinux_netlbl_socket_post_create(sock->sk, family);
}
return err;
@@ -4161,7 +4161,7 @@ static int selinux_socket_post_create(struct socket *sock, int family,
Need to determine whether we should perform a name_bind
permission check between the socket and the port number. */
-static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
+static int nsalinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
{
struct sock *sk = sock->sk;
u16 family;
@@ -4260,7 +4260,7 @@ out:
return err;
}
-static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
+static int nsalinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
{
struct sock *sk = sock->sk;
struct sk_security_struct *sksec = sk->sk_security;
@@ -4310,18 +4310,18 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
goto out;
}
- err = selinux_netlbl_socket_connect(sk, address);
+ err = nsalinux_netlbl_socket_connect(sk, address);
out:
return err;
}
-static int selinux_socket_listen(struct socket *sock, int backlog)
+static int nsalinux_socket_listen(struct socket *sock, int backlog)
{
return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
}
-static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
+static int nsalinux_socket_accept(struct socket *sock, struct socket *newsock)
{
int err;
struct inode_security_struct *isec;
@@ -4341,29 +4341,29 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
return 0;
}
-static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
+static int nsalinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
int size)
{
return sock_has_perm(current, sock->sk, SOCKET__WRITE);
}
-static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
+static int nsalinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
int size, int flags)
{
return sock_has_perm(current, sock->sk, SOCKET__READ);
}
-static int selinux_socket_getsockname(struct socket *sock)
+static int nsalinux_socket_getsockname(struct socket *sock)
{
return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
}
-static int selinux_socket_getpeername(struct socket *sock)
+static int nsalinux_socket_getpeername(struct socket *sock)
{
return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
}
-static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
+static int nsalinux_socket_setsockopt(struct socket *sock, int level, int optname)
{
int err;
@@ -4371,21 +4371,21 @@ static int selinux_socket_setsockopt(struct socket *sock, int level, int optname
if (err)
return err;
- return selinux_netlbl_socket_setsockopt(sock, level, optname);
+ return nsalinux_netlbl_socket_setsockopt(sock, level, optname);
}
-static int selinux_socket_getsockopt(struct socket *sock, int level,
+static int nsalinux_socket_getsockopt(struct socket *sock, int level,
int optname)
{
return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
}
-static int selinux_socket_shutdown(struct socket *sock, int how)
+static int nsalinux_socket_shutdown(struct socket *sock, int how)
{
return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
}
-static int selinux_socket_unix_stream_connect(struct sock *sock,
+static int nsalinux_socket_unix_stream_connect(struct sock *sock,
struct sock *other,
struct sock *newsk)
{
@@ -4419,7 +4419,7 @@ static int selinux_socket_unix_stream_connect(struct sock *sock,
return 0;
}
-static int selinux_socket_unix_may_send(struct socket *sock,
+static int nsalinux_socket_unix_may_send(struct socket *sock,
struct socket *other)
{
struct sk_security_struct *ssec = sock->sk->sk_security;
@@ -4435,7 +4435,7 @@ static int selinux_socket_unix_may_send(struct socket *sock,
&ad);
}
-static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
+static int nsalinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
char *addrp, u16 family, u32 peer_sid,
struct common_audit_data *ad)
{
@@ -4458,7 +4458,7 @@ static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
SECCLASS_NODE, NODE__RECVFROM, ad);
}
-static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
+static int nsalinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
u16 family)
{
int err = 0;
@@ -4472,26 +4472,26 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
ad.u.net = &net;
ad.u.net->netif = skb->skb_iif;
ad.u.net->family = family;
- err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
+ err = nsalinux_parse_skb(skb, &ad, &addrp, 1, NULL);
if (err)
return err;
- if (selinux_secmark_enabled()) {
+ if (nsalinux_secmark_enabled()) {
err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
PACKET__RECV, &ad);
if (err)
return err;
}
- err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
+ err = nsalinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
if (err)
return err;
- err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
+ err = nsalinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
return err;
}
-static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
+static int nsalinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
{
int err;
struct sk_security_struct *sksec = sk->sk_security;
@@ -4511,14 +4511,14 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
family = PF_INET;
/* If any sort of compatibility mode is enabled then handoff processing
- * to the selinux_sock_rcv_skb_compat() function to deal with the
+ * to the nsalinux_sock_rcv_skb_compat() function to deal with the
* special handling. We do this in an attempt to keep this function
* as fast and as clean as possible. */
- if (!selinux_policycap_netpeer)
- return selinux_sock_rcv_skb_compat(sk, skb, family);
+ if (!nsalinux_policycap_netpeer)
+ return nsalinux_sock_rcv_skb_compat(sk, skb, family);
- secmark_active = selinux_secmark_enabled();
- peerlbl_active = selinux_peerlbl_enabled();
+ secmark_active = nsalinux_secmark_enabled();
+ peerlbl_active = nsalinux_peerlbl_enabled();
if (!secmark_active && !peerlbl_active)
return 0;
@@ -4526,26 +4526,26 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
ad.u.net = &net;
ad.u.net->netif = skb->skb_iif;
ad.u.net->family = family;
- err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
+ err = nsalinux_parse_skb(skb, &ad, &addrp, 1, NULL);
if (err)
return err;
if (peerlbl_active) {
u32 peer_sid;
- err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
+ err = nsalinux_skb_peerlbl_sid(skb, family, &peer_sid);
if (err)
return err;
- err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
+ err = nsalinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
addrp, family, peer_sid, &ad);
if (err) {
- selinux_netlbl_err(skb, err, 0);
+ nsalinux_netlbl_err(skb, err, 0);
return err;
}
err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
PEER__RECV, &ad);
if (err) {
- selinux_netlbl_err(skb, err, 0);
+ nsalinux_netlbl_err(skb, err, 0);
return err;
}
}
@@ -4560,7 +4560,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
return err;
}
-static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
+static int nsalinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len)
{
int err = 0;
@@ -4594,7 +4594,7 @@ out_len:
return err;
}
-static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
+static int nsalinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
{
u32 peer_secid = SECSID_NULL;
u16 family;
@@ -4609,9 +4609,9 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *
goto out;
if (sock && family == PF_UNIX)
- selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
+ nsalinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
else if (skb)
- selinux_skb_peerlbl_sid(skb, family, &peer_secid);
+ nsalinux_skb_peerlbl_sid(skb, family, &peer_secid);
out:
*secid = peer_secid;
@@ -4620,7 +4620,7 @@ out:
return 0;
}
-static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
+static int nsalinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
{
struct sk_security_struct *sksec;
@@ -4631,22 +4631,22 @@ static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority
sksec->peer_sid = SECINITSID_UNLABELED;
sksec->sid = SECINITSID_UNLABELED;
sksec->sclass = SECCLASS_SOCKET;
- selinux_netlbl_sk_security_reset(sksec);
+ nsalinux_netlbl_sk_security_reset(sksec);
sk->sk_security = sksec;
return 0;
}
-static void selinux_sk_free_security(struct sock *sk)
+static void nsalinux_sk_free_security(struct sock *sk)
{
struct sk_security_struct *sksec = sk->sk_security;
sk->sk_security = NULL;
- selinux_netlbl_sk_security_free(sksec);
+ nsalinux_netlbl_sk_security_free(sksec);
kfree(sksec);
}
-static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
+static void nsalinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
{
struct sk_security_struct *sksec = sk->sk_security;
struct sk_security_struct *newsksec = newsk->sk_security;
@@ -4655,10 +4655,10 @@ static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
newsksec->peer_sid = sksec->peer_sid;
newsksec->sclass = sksec->sclass;
- selinux_netlbl_sk_security_reset(newsksec);
+ nsalinux_netlbl_sk_security_reset(newsksec);
}
-static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
+static void nsalinux_sk_getsecid(struct sock *sk, u32 *secid)
{
if (!sk)
*secid = SECINITSID_ANY_SOCKET;
@@ -4669,7 +4669,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
}
}
-static void selinux_sock_graft(struct sock *sk, struct socket *parent)
+static void nsalinux_sock_graft(struct sock *sk, struct socket *parent)
{
struct inode_security_struct *isec =
inode_security_novalidate(SOCK_INODE(parent));
@@ -4681,7 +4681,7 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
sksec->sclass = isec->sclass;
}
-static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
+static int nsalinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
struct request_sock *req)
{
struct sk_security_struct *sksec = sk->sk_security;
@@ -4690,19 +4690,19 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
u32 connsid;
u32 peersid;
- err = selinux_skb_peerlbl_sid(skb, family, &peersid);
+ err = nsalinux_skb_peerlbl_sid(skb, family, &peersid);
if (err)
return err;
- err = selinux_conn_sid(sksec->sid, peersid, &connsid);
+ err = nsalinux_conn_sid(sksec->sid, peersid, &connsid);
if (err)
return err;
req->secid = connsid;
req->peer_secid = peersid;
- return selinux_netlbl_inet_conn_request(req, family);
+ return nsalinux_netlbl_inet_conn_request(req, family);
}
-static void selinux_inet_csk_clone(struct sock *newsk,
+static void nsalinux_inet_csk_clone(struct sock *newsk,
const struct request_sock *req)
{
struct sk_security_struct *newsksec = newsk->sk_security;
@@ -4716,10 +4716,10 @@ static void selinux_inet_csk_clone(struct sock *newsk,
/* We don't need to take any sort of lock here as we are the only
* thread with access to newsksec */
- selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
+ nsalinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
}
-static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
+static void nsalinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
{
u16 family = sk->sk_family;
struct sk_security_struct *sksec = sk->sk_security;
@@ -4728,10 +4728,10 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
family = PF_INET;
- selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
+ nsalinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
}
-static int selinux_secmark_relabel_packet(u32 sid)
+static int nsalinux_secmark_relabel_packet(u32 sid)
{
const struct task_security_struct *__tsec;
u32 tsid;
@@ -4742,23 +4742,23 @@ static int selinux_secmark_relabel_packet(u32 sid)
return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
}
-static void selinux_secmark_refcount_inc(void)
+static void nsalinux_secmark_refcount_inc(void)
{
- atomic_inc(&selinux_secmark_refcount);
+ atomic_inc(&nsalinux_secmark_refcount);
}
-static void selinux_secmark_refcount_dec(void)
+static void nsalinux_secmark_refcount_dec(void)
{
- atomic_dec(&selinux_secmark_refcount);
+ atomic_dec(&nsalinux_secmark_refcount);
}
-static void selinux_req_classify_flow(const struct request_sock *req,
+static void nsalinux_req_classify_flow(const struct request_sock *req,
struct flowi *fl)
{
fl->flowi_secid = req->secid;
}
-static int selinux_tun_dev_alloc_security(void **security)
+static int nsalinux_tun_dev_alloc_security(void **security)
{
struct tun_security_struct *tunsec;
@@ -4771,12 +4771,12 @@ static int selinux_tun_dev_alloc_security(void **security)
return 0;
}
-static void selinux_tun_dev_free_security(void *security)
+static void nsalinux_tun_dev_free_security(void *security)
{
kfree(security);
}
-static int selinux_tun_dev_create(void)
+static int nsalinux_tun_dev_create(void)
{
u32 sid = current_sid();
@@ -4791,7 +4791,7 @@ static int selinux_tun_dev_create(void)
NULL);
}
-static int selinux_tun_dev_attach_queue(void *security)
+static int nsalinux_tun_dev_attach_queue(void *security)
{
struct tun_security_struct *tunsec = security;
@@ -4799,7 +4799,7 @@ static int selinux_tun_dev_attach_queue(void *security)
TUN_SOCKET__ATTACH_QUEUE, NULL);
}
-static int selinux_tun_dev_attach(struct sock *sk, void *security)
+static int nsalinux_tun_dev_attach(struct sock *sk, void *security)
{
struct tun_security_struct *tunsec = security;
struct sk_security_struct *sksec = sk->sk_security;
@@ -4817,7 +4817,7 @@ static int selinux_tun_dev_attach(struct sock *sk, void *security)
return 0;
}
-static int selinux_tun_dev_open(void *security)
+static int nsalinux_tun_dev_open(void *security)
{
struct tun_security_struct *tunsec = security;
u32 sid = current_sid();
@@ -4836,7 +4836,7 @@ static int selinux_tun_dev_open(void *security)
return 0;
}
-static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
+static int nsalinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
{
int err = 0;
u32 perm;
@@ -4849,16 +4849,16 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
}
nlh = nlmsg_hdr(skb);
- err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
+ err = nsalinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
if (err) {
if (err == -EINVAL) {
- pr_warn_ratelimited("SELinux: unrecognized netlink"
+ pr_warn_ratelimited("NSALinux: unrecognized netlink"
" message: protocol=%hu nlmsg_type=%hu sclass=%s"
" pig=%d comm=%s\n",
sk->sk_protocol, nlh->nlmsg_type,
secclass_map[sksec->sclass - 1].name,
task_pid_nr(current), current->comm);
- if (!selinux_enforcing || security_get_allow_unknown())
+ if (!nsalinux_enforcing || security_get_allow_unknown())
err = 0;
}
@@ -4875,7 +4875,7 @@ out:
#ifdef CONFIG_NETFILTER
-static unsigned int selinux_ip_forward(struct sk_buff *skb,
+static unsigned int nsalinux_ip_forward(struct sk_buff *skb,
const struct net_device *indev,
u16 family)
{
@@ -4888,30 +4888,30 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb,
u8 netlbl_active;
u8 peerlbl_active;
- if (!selinux_policycap_netpeer)
+ if (!nsalinux_policycap_netpeer)
return NF_ACCEPT;
- secmark_active = selinux_secmark_enabled();
+ secmark_active = nsalinux_secmark_enabled();
netlbl_active = netlbl_enabled();
- peerlbl_active = selinux_peerlbl_enabled();
+ peerlbl_active = nsalinux_peerlbl_enabled();
if (!secmark_active && !peerlbl_active)
return NF_ACCEPT;
- if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
+ if (nsalinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
return NF_DROP;
ad.type = LSM_AUDIT_DATA_NET;
ad.u.net = &net;
ad.u.net->netif = indev->ifindex;
ad.u.net->family = family;
- if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
+ if (nsalinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
return NF_DROP;
if (peerlbl_active) {
- err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
+ err = nsalinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
addrp, family, peer_sid, &ad);
if (err) {
- selinux_netlbl_err(skb, err, 1);
+ nsalinux_netlbl_err(skb, err, 1);
return NF_DROP;
}
}
@@ -4926,29 +4926,29 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb,
* path because we want to make sure we apply the necessary
* labeling before IPsec is applied so we can leverage AH
* protection */
- if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
+ if (nsalinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
return NF_DROP;
return NF_ACCEPT;
}
-static unsigned int selinux_ipv4_forward(void *priv,
+static unsigned int nsalinux_ipv4_forward(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return selinux_ip_forward(skb, state->in, PF_INET);
+ return nsalinux_ip_forward(skb, state->in, PF_INET);
}
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int selinux_ipv6_forward(void *priv,
+static unsigned int nsalinux_ipv6_forward(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return selinux_ip_forward(skb, state->in, PF_INET6);
+ return nsalinux_ip_forward(skb, state->in, PF_INET6);
}
#endif /* IPV6 */
-static unsigned int selinux_ip_output(struct sk_buff *skb,
+static unsigned int nsalinux_ip_output(struct sk_buff *skb,
u16 family)
{
struct sock *sk;
@@ -4984,20 +4984,20 @@ static unsigned int selinux_ip_output(struct sk_buff *skb,
sid = sksec->sid;
} else
sid = SECINITSID_KERNEL;
- if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
+ if (nsalinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
return NF_DROP;
return NF_ACCEPT;
}
-static unsigned int selinux_ipv4_output(void *priv,
+static unsigned int nsalinux_ipv4_output(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return selinux_ip_output(skb, PF_INET);
+ return nsalinux_ip_output(skb, PF_INET);
}
-static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
+static unsigned int nsalinux_ip_postroute_compat(struct sk_buff *skb,
int ifindex,
u16 family)
{
@@ -5016,21 +5016,21 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
ad.u.net = &net;
ad.u.net->netif = ifindex;
ad.u.net->family = family;
- if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
+ if (nsalinux_parse_skb(skb, &ad, &addrp, 0, &proto))
return NF_DROP;
- if (selinux_secmark_enabled())
+ if (nsalinux_secmark_enabled())
if (avc_has_perm(sksec->sid, skb->secmark,
SECCLASS_PACKET, PACKET__SEND, &ad))
return NF_DROP_ERR(-ECONNREFUSED);
- if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
+ if (nsalinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
return NF_DROP_ERR(-ECONNREFUSED);
return NF_ACCEPT;
}
-static unsigned int selinux_ip_postroute(struct sk_buff *skb,
+static unsigned int nsalinux_ip_postroute(struct sk_buff *skb,
const struct net_device *outdev,
u16 family)
{
@@ -5045,14 +5045,14 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
u8 peerlbl_active;
/* If any sort of compatibility mode is enabled then handoff processing
- * to the selinux_ip_postroute_compat() function to deal with the
+ * to the nsalinux_ip_postroute_compat() function to deal with the
* special handling. We do this in an attempt to keep this function
* as fast and as clean as possible. */
- if (!selinux_policycap_netpeer)
- return selinux_ip_postroute_compat(skb, ifindex, family);
+ if (!nsalinux_policycap_netpeer)
+ return nsalinux_ip_postroute_compat(skb, ifindex, family);
- secmark_active = selinux_secmark_enabled();
- peerlbl_active = selinux_peerlbl_enabled();
+ secmark_active = nsalinux_secmark_enabled();
+ peerlbl_active = nsalinux_peerlbl_enabled();
if (!secmark_active && !peerlbl_active)
return NF_ACCEPT;
@@ -5082,7 +5082,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
* query the packet directly to determine the security label. */
if (skb->skb_iif) {
secmark_perm = PACKET__FORWARD_OUT;
- if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
+ if (nsalinux_skb_peerlbl_sid(skb, family, &peer_sid))
return NF_DROP;
} else {
secmark_perm = PACKET__SEND;
@@ -5096,13 +5096,13 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
* query the request_sock as it isn't queued on the parent
* socket until after the SYN-ACK packet is sent; the only
* viable choice is to regenerate the label like we do in
- * selinux_inet_conn_request(). See also selinux_ip_output()
+ * nsalinux_inet_conn_request(). See also nsalinux_ip_output()
* for similar problems. */
u32 skb_sid;
struct sk_security_struct *sksec;
sksec = sk->sk_security;
- if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
+ if (nsalinux_skb_peerlbl_sid(skb, family, &skb_sid))
return NF_DROP;
/* At this point, if the returned skb peerlbl is SECSID_NULL
* and the packet has been through at least one XFRM
@@ -5124,7 +5124,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
return NF_DROP_ERR(-ECONNREFUSED);
}
}
- if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
+ if (nsalinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
return NF_DROP;
secmark_perm = PACKET__SEND;
} else {
@@ -5139,7 +5139,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
ad.u.net = &net;
ad.u.net->netif = ifindex;
ad.u.net->family = family;
- if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
+ if (nsalinux_parse_skb(skb, &ad, &addrp, 0, NULL))
return NF_DROP;
if (secmark_active)
@@ -5167,27 +5167,27 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
return NF_ACCEPT;
}
-static unsigned int selinux_ipv4_postroute(void *priv,
+static unsigned int nsalinux_ipv4_postroute(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return selinux_ip_postroute(skb, state->out, PF_INET);
+ return nsalinux_ip_postroute(skb, state->out, PF_INET);
}
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int selinux_ipv6_postroute(void *priv,
+static unsigned int nsalinux_ipv6_postroute(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return selinux_ip_postroute(skb, state->out, PF_INET6);
+ return nsalinux_ip_postroute(skb, state->out, PF_INET6);
}
#endif /* IPV6 */
#endif /* CONFIG_NETFILTER */
-static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
+static int nsalinux_netlink_send(struct sock *sk, struct sk_buff *skb)
{
- return selinux_nlmsg_perm(sk, skb);
+ return nsalinux_nlmsg_perm(sk, skb);
}
static int ipc_alloc_security(struct task_struct *task,
@@ -5253,18 +5253,18 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
}
-static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
+static int nsalinux_msg_msg_alloc_security(struct msg_msg *msg)
{
return msg_msg_alloc_security(msg);
}
-static void selinux_msg_msg_free_security(struct msg_msg *msg)
+static void nsalinux_msg_msg_free_security(struct msg_msg *msg)
{
msg_msg_free_security(msg);
}
/* message queue security operations */
-static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
+static int nsalinux_msg_queue_alloc_security(struct msg_queue *msq)
{
struct ipc_security_struct *isec;
struct common_audit_data ad;
@@ -5289,12 +5289,12 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
return 0;
}
-static void selinux_msg_queue_free_security(struct msg_queue *msq)
+static void nsalinux_msg_queue_free_security(struct msg_queue *msq)
{
ipc_free_security(&msq->q_perm);
}
-static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
+static int nsalinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
{
struct ipc_security_struct *isec;
struct common_audit_data ad;
@@ -5309,7 +5309,7 @@ static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
MSGQ__ASSOCIATE, &ad);
}
-static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
+static int nsalinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
{
int err;
int perms;
@@ -5337,7 +5337,7 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
return err;
}
-static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
+static int nsalinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
{
struct ipc_security_struct *isec;
struct msg_security_struct *msec;
@@ -5380,7 +5380,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
return rc;
}
-static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
+static int nsalinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
struct task_struct *target,
long type, int mode)
{
@@ -5405,7 +5405,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
}
/* Shared Memory security operations */
-static int selinux_shm_alloc_security(struct shmid_kernel *shp)
+static int nsalinux_shm_alloc_security(struct shmid_kernel *shp)
{
struct ipc_security_struct *isec;
struct common_audit_data ad;
@@ -5430,12 +5430,12 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
return 0;
}
-static void selinux_shm_free_security(struct shmid_kernel *shp)
+static void nsalinux_shm_free_security(struct shmid_kernel *shp)
{
ipc_free_security(&shp->shm_perm);
}
-static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
+static int nsalinux_shm_associate(struct shmid_kernel *shp, int shmflg)
{
struct ipc_security_struct *isec;
struct common_audit_data ad;
@@ -5451,7 +5451,7 @@ static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
}
/* Note, at this point, shp is locked down */
-static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
+static int nsalinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
{
int perms;
int err;
@@ -5483,7 +5483,7 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
return err;
}
-static int selinux_shm_shmat(struct shmid_kernel *shp,
+static int nsalinux_shm_shmat(struct shmid_kernel *shp,
char __user *shmaddr, int shmflg)
{
u32 perms;
@@ -5497,7 +5497,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
}
/* Semaphore security operations */
-static int selinux_sem_alloc_security(struct sem_array *sma)
+static int nsalinux_sem_alloc_security(struct sem_array *sma)
{
struct ipc_security_struct *isec;
struct common_audit_data ad;
@@ -5522,12 +5522,12 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
return 0;
}
-static void selinux_sem_free_security(struct sem_array *sma)
+static void nsalinux_sem_free_security(struct sem_array *sma)
{
ipc_free_security(&sma->sem_perm);
}
-static int selinux_sem_associate(struct sem_array *sma, int semflg)
+static int nsalinux_sem_associate(struct sem_array *sma, int semflg)
{
struct ipc_security_struct *isec;
struct common_audit_data ad;
@@ -5543,7 +5543,7 @@ static int selinux_sem_associate(struct sem_array *sma, int semflg)
}
/* Note, at this point, sma is locked down */
-static int selinux_sem_semctl(struct sem_array *sma, int cmd)
+static int nsalinux_sem_semctl(struct sem_array *sma, int cmd)
{
int err;
u32 perms;
@@ -5584,7 +5584,7 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd)
return err;
}
-static int selinux_sem_semop(struct sem_array *sma,
+static int nsalinux_sem_semop(struct sem_array *sma,
struct sembuf *sops, unsigned nsops, int alter)
{
u32 perms;
@@ -5597,7 +5597,7 @@ static int selinux_sem_semop(struct sem_array *sma,
return ipc_has_perm(&sma->sem_perm, perms);
}
-static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
+static int nsalinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
{
u32 av = 0;
@@ -5613,19 +5613,19 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
return ipc_has_perm(ipcp, av);
}
-static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+static void nsalinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
{
struct ipc_security_struct *isec = ipcp->security;
*secid = isec->sid;
}
-static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
+static void nsalinux_d_instantiate(struct dentry *dentry, struct inode *inode)
{
if (inode)
inode_doinit_with_dentry(inode, dentry);
}
-static int selinux_getprocattr(struct task_struct *p,
+static int nsalinux_getprocattr(struct task_struct *p,
char *name, char **value)
{
const struct task_security_struct *__tsec;
@@ -5671,7 +5671,7 @@ invalid:
return -EINVAL;
}
-static int selinux_setprocattr(struct task_struct *p,
+static int nsalinux_setprocattr(struct task_struct *p,
char *name, void *value, size_t size)
{
struct task_security_struct *tsec;
@@ -5682,7 +5682,7 @@ static int selinux_setprocattr(struct task_struct *p,
char *str = value;
if (current != p) {
- /* SELinux only allows a process to change its own
+ /* NSALinux only allows a process to change its own
security attributes. */
return -EACCES;
}
@@ -5725,7 +5725,7 @@ static int selinux_setprocattr(struct task_struct *p,
audit_size = size - 1;
else
audit_size = size;
- ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
+ ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_NSALINUX_ERR);
audit_log_format(ab, "op=fscreate invalid_context=");
audit_log_n_untrustedstring(ab, value, audit_size);
audit_log_end(ab);
@@ -5746,7 +5746,7 @@ static int selinux_setprocattr(struct task_struct *p,
/* Permission checking based on the specified context is
performed during the actual operation (execve,
open/mkdir/...), when we know the full context of the
- operation. See selinux_bprm_set_creds for the execve
+ operation. See nsalinux_bprm_set_creds for the execve
checks and may_create for the file creation checks. The
operation will then fail if the context is not permitted. */
tsec = new->security;
@@ -5810,27 +5810,27 @@ abort_change:
return error;
}
-static int selinux_ismaclabel(const char *name)
+static int nsalinux_ismaclabel(const char *name)
{
- return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
+ return (strcmp(name, XATTR_NSALINUX_SUFFIX) == 0);
}
-static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+static int nsalinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
{
return security_sid_to_context(secid, secdata, seclen);
}
-static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
+static int nsalinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
{
return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
}
-static void selinux_release_secctx(char *secdata, u32 seclen)
+static void nsalinux_release_secctx(char *secdata, u32 seclen)
{
kfree(secdata);
}
-static void selinux_inode_invalidate_secctx(struct inode *inode)
+static void nsalinux_inode_invalidate_secctx(struct inode *inode)
{
struct inode_security_struct *isec = inode->i_security;
@@ -5842,23 +5842,23 @@ static void selinux_inode_invalidate_secctx(struct inode *inode)
/*
* called with inode->i_mutex locked
*/
-static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+static int nsalinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
{
- return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
+ return nsalinux_inode_setsecurity(inode, XATTR_NSALINUX_SUFFIX, ctx, ctxlen, 0);
}
/*
* called with inode->i_mutex locked
*/
-static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+static int nsalinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
{
- return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
+ return __vfs_setxattr_noperm(dentry, XATTR_NAME_NSALINUX, ctx, ctxlen, 0);
}
-static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+static int nsalinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
{
int len = 0;
- len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
+ len = nsalinux_inode_getsecurity(inode, XATTR_NSALINUX_SUFFIX,
ctx, true);
if (len < 0)
return len;
@@ -5867,7 +5867,7 @@ static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
}
#ifdef CONFIG_KEYS
-static int selinux_key_alloc(struct key *k, const struct cred *cred,
+static int nsalinux_key_alloc(struct key *k, const struct cred *cred,
unsigned long flags)
{
const struct task_security_struct *tsec;
@@ -5887,7 +5887,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred,
return 0;
}
-static void selinux_key_free(struct key *k)
+static void nsalinux_key_free(struct key *k)
{
struct key_security_struct *ksec = k->security;
@@ -5895,7 +5895,7 @@ static void selinux_key_free(struct key *k)
kfree(ksec);
}
-static int selinux_key_permission(key_ref_t key_ref,
+static int nsalinux_key_permission(key_ref_t key_ref,
const struct cred *cred,
unsigned perm)
{
@@ -5917,7 +5917,7 @@ static int selinux_key_permission(key_ref_t key_ref,
return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
}
-static int selinux_key_getsecurity(struct key *key, char **_buffer)
+static int nsalinux_key_getsecurity(struct key *key, char **_buffer)
{
struct key_security_struct *ksec = key->security;
char *context = NULL;
@@ -5933,254 +5933,254 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
-static struct security_hook_list selinux_hooks[] = {
- LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
- LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
- LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
- LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
-
- LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
- LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
- LSM_HOOK_INIT(capget, selinux_capget),
- LSM_HOOK_INIT(capset, selinux_capset),
- LSM_HOOK_INIT(capable, selinux_capable),
- LSM_HOOK_INIT(quotactl, selinux_quotactl),
- LSM_HOOK_INIT(quota_on, selinux_quota_on),
- LSM_HOOK_INIT(syslog, selinux_syslog),
- LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
-
- LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
-
- LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
- LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
- LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
- LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec),
-
- LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
- LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
- LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
- LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
- LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
- LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
- LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
- LSM_HOOK_INIT(sb_mount, selinux_mount),
- LSM_HOOK_INIT(sb_umount, selinux_umount),
- LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
- LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
- LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
-
- LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
-
- LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
- LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
- LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
- LSM_HOOK_INIT(inode_create, selinux_inode_create),
- LSM_HOOK_INIT(inode_link, selinux_inode_link),
- LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
- LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
- LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
- LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
- LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
- LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
- LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
- LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
- LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
- LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
- LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
- LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
- LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
- LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
- LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
- LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
- LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
- LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
- LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
- LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
-
- LSM_HOOK_INIT(file_permission, selinux_file_permission),
- LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
- LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
- LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
- LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
- LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
- LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
- LSM_HOOK_INIT(file_lock, selinux_file_lock),
- LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
- LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
- LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
- LSM_HOOK_INIT(file_receive, selinux_file_receive),
-
- LSM_HOOK_INIT(file_open, selinux_file_open),
-
- LSM_HOOK_INIT(task_create, selinux_task_create),
- LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
- LSM_HOOK_INIT(cred_free, selinux_cred_free),
- LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
- LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
- LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
- LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
- LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
- LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
- LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
- LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
- LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
- LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
- LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
- LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
- LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
- LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
- LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
- LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
- LSM_HOOK_INIT(task_kill, selinux_task_kill),
- LSM_HOOK_INIT(task_wait, selinux_task_wait),
- LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
-
- LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
- LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
-
- LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
- LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
+static struct security_hook_list nsalinux_hooks[] = {
+ LSM_HOOK_INIT(binder_set_context_mgr, nsalinux_binder_set_context_mgr),
+ LSM_HOOK_INIT(binder_transaction, nsalinux_binder_transaction),
+ LSM_HOOK_INIT(binder_transfer_binder, nsalinux_binder_transfer_binder),
+ LSM_HOOK_INIT(binder_transfer_file, nsalinux_binder_transfer_file),
+
+ LSM_HOOK_INIT(ptrace_access_check, nsalinux_ptrace_access_check),
+ LSM_HOOK_INIT(ptrace_traceme, nsalinux_ptrace_traceme),
+ LSM_HOOK_INIT(capget, nsalinux_capget),
+ LSM_HOOK_INIT(capset, nsalinux_capset),
+ LSM_HOOK_INIT(capable, nsalinux_capable),
+ LSM_HOOK_INIT(quotactl, nsalinux_quotactl),
+ LSM_HOOK_INIT(quota_on, nsalinux_quota_on),
+ LSM_HOOK_INIT(syslog, nsalinux_syslog),
+ LSM_HOOK_INIT(vm_enough_memory, nsalinux_vm_enough_memory),
+
+ LSM_HOOK_INIT(netlink_send, nsalinux_netlink_send),
+
+ LSM_HOOK_INIT(bprm_set_creds, nsalinux_bprm_set_creds),
+ LSM_HOOK_INIT(bprm_committing_creds, nsalinux_bprm_committing_creds),
+ LSM_HOOK_INIT(bprm_committed_creds, nsalinux_bprm_committed_creds),
+ LSM_HOOK_INIT(bprm_secureexec, nsalinux_bprm_secureexec),
+
+ LSM_HOOK_INIT(sb_alloc_security, nsalinux_sb_alloc_security),
+ LSM_HOOK_INIT(sb_free_security, nsalinux_sb_free_security),
+ LSM_HOOK_INIT(sb_copy_data, nsalinux_sb_copy_data),
+ LSM_HOOK_INIT(sb_remount, nsalinux_sb_remount),
+ LSM_HOOK_INIT(sb_kern_mount, nsalinux_sb_kern_mount),
+ LSM_HOOK_INIT(sb_show_options, nsalinux_sb_show_options),
+ LSM_HOOK_INIT(sb_statfs, nsalinux_sb_statfs),
+ LSM_HOOK_INIT(sb_mount, nsalinux_mount),
+ LSM_HOOK_INIT(sb_umount, nsalinux_umount),
+ LSM_HOOK_INIT(sb_set_mnt_opts, nsalinux_set_mnt_opts),
+ LSM_HOOK_INIT(sb_clone_mnt_opts, nsalinux_sb_clone_mnt_opts),
+ LSM_HOOK_INIT(sb_parse_opts_str, nsalinux_parse_opts_str),
+
+ LSM_HOOK_INIT(dentry_init_security, nsalinux_dentry_init_security),
+
+ LSM_HOOK_INIT(inode_alloc_security, nsalinux_inode_alloc_security),
+ LSM_HOOK_INIT(inode_free_security, nsalinux_inode_free_security),
+ LSM_HOOK_INIT(inode_init_security, nsalinux_inode_init_security),
+ LSM_HOOK_INIT(inode_create, nsalinux_inode_create),
+ LSM_HOOK_INIT(inode_link, nsalinux_inode_link),
+ LSM_HOOK_INIT(inode_unlink, nsalinux_inode_unlink),
+ LSM_HOOK_INIT(inode_symlink, nsalinux_inode_symlink),
+ LSM_HOOK_INIT(inode_mkdir, nsalinux_inode_mkdir),
+ LSM_HOOK_INIT(inode_rmdir, nsalinux_inode_rmdir),
+ LSM_HOOK_INIT(inode_mknod, nsalinux_inode_mknod),
+ LSM_HOOK_INIT(inode_rename, nsalinux_inode_rename),
+ LSM_HOOK_INIT(inode_readlink, nsalinux_inode_readlink),
+ LSM_HOOK_INIT(inode_follow_link, nsalinux_inode_follow_link),
+ LSM_HOOK_INIT(inode_permission, nsalinux_inode_permission),
+ LSM_HOOK_INIT(inode_setattr, nsalinux_inode_setattr),
+ LSM_HOOK_INIT(inode_getattr, nsalinux_inode_getattr),
+ LSM_HOOK_INIT(inode_setxattr, nsalinux_inode_setxattr),
+ LSM_HOOK_INIT(inode_post_setxattr, nsalinux_inode_post_setxattr),
+ LSM_HOOK_INIT(inode_getxattr, nsalinux_inode_getxattr),
+ LSM_HOOK_INIT(inode_listxattr, nsalinux_inode_listxattr),
+ LSM_HOOK_INIT(inode_removexattr, nsalinux_inode_removexattr),
+ LSM_HOOK_INIT(inode_getsecurity, nsalinux_inode_getsecurity),
+ LSM_HOOK_INIT(inode_setsecurity, nsalinux_inode_setsecurity),
+ LSM_HOOK_INIT(inode_listsecurity, nsalinux_inode_listsecurity),
+ LSM_HOOK_INIT(inode_getsecid, nsalinux_inode_getsecid),
+
+ LSM_HOOK_INIT(file_permission, nsalinux_file_permission),
+ LSM_HOOK_INIT(file_alloc_security, nsalinux_file_alloc_security),
+ LSM_HOOK_INIT(file_free_security, nsalinux_file_free_security),
+ LSM_HOOK_INIT(file_ioctl, nsalinux_file_ioctl),
+ LSM_HOOK_INIT(mmap_file, nsalinux_mmap_file),
+ LSM_HOOK_INIT(mmap_addr, nsalinux_mmap_addr),
+ LSM_HOOK_INIT(file_mprotect, nsalinux_file_mprotect),
+ LSM_HOOK_INIT(file_lock, nsalinux_file_lock),
+ LSM_HOOK_INIT(file_fcntl, nsalinux_file_fcntl),
+ LSM_HOOK_INIT(file_set_fowner, nsalinux_file_set_fowner),
+ LSM_HOOK_INIT(file_send_sigiotask, nsalinux_file_send_sigiotask),
+ LSM_HOOK_INIT(file_receive, nsalinux_file_receive),
+
+ LSM_HOOK_INIT(file_open, nsalinux_file_open),
+
+ LSM_HOOK_INIT(task_create, nsalinux_task_create),
+ LSM_HOOK_INIT(cred_alloc_blank, nsalinux_cred_alloc_blank),
+ LSM_HOOK_INIT(cred_free, nsalinux_cred_free),
+ LSM_HOOK_INIT(cred_prepare, nsalinux_cred_prepare),
+ LSM_HOOK_INIT(cred_transfer, nsalinux_cred_transfer),
+ LSM_HOOK_INIT(kernel_act_as, nsalinux_kernel_act_as),
+ LSM_HOOK_INIT(kernel_create_files_as, nsalinux_kernel_create_files_as),
+ LSM_HOOK_INIT(kernel_module_request, nsalinux_kernel_module_request),
+ LSM_HOOK_INIT(task_setpgid, nsalinux_task_setpgid),
+ LSM_HOOK_INIT(task_getpgid, nsalinux_task_getpgid),
+ LSM_HOOK_INIT(task_getsid, nsalinux_task_getsid),
+ LSM_HOOK_INIT(task_getsecid, nsalinux_task_getsecid),
+ LSM_HOOK_INIT(task_setnice, nsalinux_task_setnice),
+ LSM_HOOK_INIT(task_setioprio, nsalinux_task_setioprio),
+ LSM_HOOK_INIT(task_getioprio, nsalinux_task_getioprio),
+ LSM_HOOK_INIT(task_setrlimit, nsalinux_task_setrlimit),
+ LSM_HOOK_INIT(task_setscheduler, nsalinux_task_setscheduler),
+ LSM_HOOK_INIT(task_getscheduler, nsalinux_task_getscheduler),
+ LSM_HOOK_INIT(task_movememory, nsalinux_task_movememory),
+ LSM_HOOK_INIT(task_kill, nsalinux_task_kill),
+ LSM_HOOK_INIT(task_wait, nsalinux_task_wait),
+ LSM_HOOK_INIT(task_to_inode, nsalinux_task_to_inode),
+
+ LSM_HOOK_INIT(ipc_permission, nsalinux_ipc_permission),
+ LSM_HOOK_INIT(ipc_getsecid, nsalinux_ipc_getsecid),
+
+ LSM_HOOK_INIT(msg_msg_alloc_security, nsalinux_msg_msg_alloc_security),
+ LSM_HOOK_INIT(msg_msg_free_security, nsalinux_msg_msg_free_security),
LSM_HOOK_INIT(msg_queue_alloc_security,
- selinux_msg_queue_alloc_security),
- LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
- LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
- LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
- LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
- LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
-
- LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
- LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
- LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
- LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
- LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
-
- LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
- LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
- LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
- LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
- LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
-
- LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
-
- LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
- LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
-
- LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
- LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
- LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
- LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
- LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
- LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
- LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
- LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
-
- LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
- LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
-
- LSM_HOOK_INIT(socket_create, selinux_socket_create),
- LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
- LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
- LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
- LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
- LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
- LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
- LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
- LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
- LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
- LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
- LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
- LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
- LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
+ nsalinux_msg_queue_alloc_security),
+ LSM_HOOK_INIT(msg_queue_free_security, nsalinux_msg_queue_free_security),
+ LSM_HOOK_INIT(msg_queue_associate, nsalinux_msg_queue_associate),
+ LSM_HOOK_INIT(msg_queue_msgctl, nsalinux_msg_queue_msgctl),
+ LSM_HOOK_INIT(msg_queue_msgsnd, nsalinux_msg_queue_msgsnd),
+ LSM_HOOK_INIT(msg_queue_msgrcv, nsalinux_msg_queue_msgrcv),
+
+ LSM_HOOK_INIT(shm_alloc_security, nsalinux_shm_alloc_security),
+ LSM_HOOK_INIT(shm_free_security, nsalinux_shm_free_security),
+ LSM_HOOK_INIT(shm_associate, nsalinux_shm_associate),
+ LSM_HOOK_INIT(shm_shmctl, nsalinux_shm_shmctl),
+ LSM_HOOK_INIT(shm_shmat, nsalinux_shm_shmat),
+
+ LSM_HOOK_INIT(sem_alloc_security, nsalinux_sem_alloc_security),
+ LSM_HOOK_INIT(sem_free_security, nsalinux_sem_free_security),
+ LSM_HOOK_INIT(sem_associate, nsalinux_sem_associate),
+ LSM_HOOK_INIT(sem_semctl, nsalinux_sem_semctl),
+ LSM_HOOK_INIT(sem_semop, nsalinux_sem_semop),
+
+ LSM_HOOK_INIT(d_instantiate, nsalinux_d_instantiate),
+
+ LSM_HOOK_INIT(getprocattr, nsalinux_getprocattr),
+ LSM_HOOK_INIT(setprocattr, nsalinux_setprocattr),
+
+ LSM_HOOK_INIT(ismaclabel, nsalinux_ismaclabel),
+ LSM_HOOK_INIT(secid_to_secctx, nsalinux_secid_to_secctx),
+ LSM_HOOK_INIT(secctx_to_secid, nsalinux_secctx_to_secid),
+ LSM_HOOK_INIT(release_secctx, nsalinux_release_secctx),
+ LSM_HOOK_INIT(inode_invalidate_secctx, nsalinux_inode_invalidate_secctx),
+ LSM_HOOK_INIT(inode_notifysecctx, nsalinux_inode_notifysecctx),
+ LSM_HOOK_INIT(inode_setsecctx, nsalinux_inode_setsecctx),
+ LSM_HOOK_INIT(inode_getsecctx, nsalinux_inode_getsecctx),
+
+ LSM_HOOK_INIT(unix_stream_connect, nsalinux_socket_unix_stream_connect),
+ LSM_HOOK_INIT(unix_may_send, nsalinux_socket_unix_may_send),
+
+ LSM_HOOK_INIT(socket_create, nsalinux_socket_create),
+ LSM_HOOK_INIT(socket_post_create, nsalinux_socket_post_create),
+ LSM_HOOK_INIT(socket_bind, nsalinux_socket_bind),
+ LSM_HOOK_INIT(socket_connect, nsalinux_socket_connect),
+ LSM_HOOK_INIT(socket_listen, nsalinux_socket_listen),
+ LSM_HOOK_INIT(socket_accept, nsalinux_socket_accept),
+ LSM_HOOK_INIT(socket_sendmsg, nsalinux_socket_sendmsg),
+ LSM_HOOK_INIT(socket_recvmsg, nsalinux_socket_recvmsg),
+ LSM_HOOK_INIT(socket_getsockname, nsalinux_socket_getsockname),
+ LSM_HOOK_INIT(socket_getpeername, nsalinux_socket_getpeername),
+ LSM_HOOK_INIT(socket_getsockopt, nsalinux_socket_getsockopt),
+ LSM_HOOK_INIT(socket_setsockopt, nsalinux_socket_setsockopt),
+ LSM_HOOK_INIT(socket_shutdown, nsalinux_socket_shutdown),
+ LSM_HOOK_INIT(socket_sock_rcv_skb, nsalinux_socket_sock_rcv_skb),
LSM_HOOK_INIT(socket_getpeersec_stream,
- selinux_socket_getpeersec_stream),
- LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
- LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
- LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
- LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
- LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
- LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
- LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
- LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
- LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
- LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
- LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
- LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
- LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
- LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
- LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
- LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
- LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
- LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
- LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
+ nsalinux_socket_getpeersec_stream),
+ LSM_HOOK_INIT(socket_getpeersec_dgram, nsalinux_socket_getpeersec_dgram),
+ LSM_HOOK_INIT(sk_alloc_security, nsalinux_sk_alloc_security),
+ LSM_HOOK_INIT(sk_free_security, nsalinux_sk_free_security),
+ LSM_HOOK_INIT(sk_clone_security, nsalinux_sk_clone_security),
+ LSM_HOOK_INIT(sk_getsecid, nsalinux_sk_getsecid),
+ LSM_HOOK_INIT(sock_graft, nsalinux_sock_graft),
+ LSM_HOOK_INIT(inet_conn_request, nsalinux_inet_conn_request),
+ LSM_HOOK_INIT(inet_csk_clone, nsalinux_inet_csk_clone),
+ LSM_HOOK_INIT(inet_conn_established, nsalinux_inet_conn_established),
+ LSM_HOOK_INIT(secmark_relabel_packet, nsalinux_secmark_relabel_packet),
+ LSM_HOOK_INIT(secmark_refcount_inc, nsalinux_secmark_refcount_inc),
+ LSM_HOOK_INIT(secmark_refcount_dec, nsalinux_secmark_refcount_dec),
+ LSM_HOOK_INIT(req_classify_flow, nsalinux_req_classify_flow),
+ LSM_HOOK_INIT(tun_dev_alloc_security, nsalinux_tun_dev_alloc_security),
+ LSM_HOOK_INIT(tun_dev_free_security, nsalinux_tun_dev_free_security),
+ LSM_HOOK_INIT(tun_dev_create, nsalinux_tun_dev_create),
+ LSM_HOOK_INIT(tun_dev_attach_queue, nsalinux_tun_dev_attach_queue),
+ LSM_HOOK_INIT(tun_dev_attach, nsalinux_tun_dev_attach),
+ LSM_HOOK_INIT(tun_dev_open, nsalinux_tun_dev_open),
#ifdef CONFIG_SECURITY_NETWORK_XFRM
- LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
- LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
- LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
- LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
- LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
+ LSM_HOOK_INIT(xfrm_policy_alloc_security, nsalinux_xfrm_policy_alloc),
+ LSM_HOOK_INIT(xfrm_policy_clone_security, nsalinux_xfrm_policy_clone),
+ LSM_HOOK_INIT(xfrm_policy_free_security, nsalinux_xfrm_policy_free),
+ LSM_HOOK_INIT(xfrm_policy_delete_security, nsalinux_xfrm_policy_delete),
+ LSM_HOOK_INIT(xfrm_state_alloc, nsalinux_xfrm_state_alloc),
LSM_HOOK_INIT(xfrm_state_alloc_acquire,
- selinux_xfrm_state_alloc_acquire),
- LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
- LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
- LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
+ nsalinux_xfrm_state_alloc_acquire),
+ LSM_HOOK_INIT(xfrm_state_free_security, nsalinux_xfrm_state_free),
+ LSM_HOOK_INIT(xfrm_state_delete_security, nsalinux_xfrm_state_delete),
+ LSM_HOOK_INIT(xfrm_policy_lookup, nsalinux_xfrm_policy_lookup),
LSM_HOOK_INIT(xfrm_state_pol_flow_match,
- selinux_xfrm_state_pol_flow_match),
- LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
+ nsalinux_xfrm_state_pol_flow_match),
+ LSM_HOOK_INIT(xfrm_decode_session, nsalinux_xfrm_decode_session),
#endif
#ifdef CONFIG_KEYS
- LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
- LSM_HOOK_INIT(key_free, selinux_key_free),
- LSM_HOOK_INIT(key_permission, selinux_key_permission),
- LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
+ LSM_HOOK_INIT(key_alloc, nsalinux_key_alloc),
+ LSM_HOOK_INIT(key_free, nsalinux_key_free),
+ LSM_HOOK_INIT(key_permission, nsalinux_key_permission),
+ LSM_HOOK_INIT(key_getsecurity, nsalinux_key_getsecurity),
#endif
#ifdef CONFIG_AUDIT
- LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
- LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
- LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
- LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
+ LSM_HOOK_INIT(audit_rule_init, nsalinux_audit_rule_init),
+ LSM_HOOK_INIT(audit_rule_known, nsalinux_audit_rule_known),
+ LSM_HOOK_INIT(audit_rule_match, nsalinux_audit_rule_match),
+ LSM_HOOK_INIT(audit_rule_free, nsalinux_audit_rule_free),
#endif
};
-static __init int selinux_init(void)
+static __init int nsalinux_init(void)
{
- if (!security_module_enable("selinux")) {
- selinux_enabled = 0;
+ if (!security_module_enable("nsalinux")) {
+ nsalinux_enabled = 0;
return 0;
}
- if (!selinux_enabled) {
- printk(KERN_INFO "SELinux: Disabled at boot.\n");
+ if (!nsalinux_enabled) {
+ printk(KERN_INFO "NSALinux: Disabled at boot.\n");
return 0;
}
- printk(KERN_INFO "SELinux: Initializing.\n");
+ printk(KERN_INFO "NSALinux: Initializing.\n");
/* Set the security state for the initial task. */
cred_init_security();
default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
- sel_inode_cache = kmem_cache_create("selinux_inode_security",
+ sel_inode_cache = kmem_cache_create("nsalinux_inode_security",
sizeof(struct inode_security_struct),
0, SLAB_PANIC, NULL);
- file_security_cache = kmem_cache_create("selinux_file_security",
+ file_security_cache = kmem_cache_create("nsalinux_file_security",
sizeof(struct file_security_struct),
0, SLAB_PANIC, NULL);
avc_init();
- security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
+ security_add_hooks(nsalinux_hooks, ARRAY_SIZE(nsalinux_hooks));
- if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
- panic("SELinux: Unable to register AVC netcache callback\n");
+ if (avc_add_callback(nsalinux_netcache_avc_callback, AVC_CALLBACK_RESET))
+ panic("NSALinux: Unable to register AVC netcache callback\n");
- if (selinux_enforcing)
- printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
+ if (nsalinux_enforcing)
+ printk(KERN_DEBUG "NSALinux: Starting in enforcing mode\n");
else
- printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
+ printk(KERN_DEBUG "NSALinux: Starting in permissive mode\n");
return 0;
}
@@ -6190,120 +6190,120 @@ static void delayed_superblock_init(struct super_block *sb, void *unused)
superblock_doinit(sb, NULL);
}
-void selinux_complete_init(void)
+void nsalinux_complete_init(void)
{
- printk(KERN_DEBUG "SELinux: Completing initialization.\n");
+ printk(KERN_DEBUG "NSALinux: Completing initialization.\n");
/* Set up any superblocks initialized prior to the policy load. */
- printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
+ printk(KERN_DEBUG "NSALinux: Setting up existing superblocks.\n");
iterate_supers(delayed_superblock_init, NULL);
}
-/* SELinux requires early initialization in order to label
+/* NSALinux requires early initialization in order to label
all processes and objects when they are created. */
-security_initcall(selinux_init);
+security_initcall(nsalinux_init);
#if defined(CONFIG_NETFILTER)
-static struct nf_hook_ops selinux_nf_ops[] = {
+static struct nf_hook_ops nsalinux_nf_ops[] = {
{
- .hook = selinux_ipv4_postroute,
+ .hook = nsalinux_ipv4_postroute,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_POST_ROUTING,
- .priority = NF_IP_PRI_SELINUX_LAST,
+ .priority = NF_IP_PRI_NSALINUX_LAST,
},
{
- .hook = selinux_ipv4_forward,
+ .hook = nsalinux_ipv4_forward,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD,
- .priority = NF_IP_PRI_SELINUX_FIRST,
+ .priority = NF_IP_PRI_NSALINUX_FIRST,
},
{
- .hook = selinux_ipv4_output,
+ .hook = nsalinux_ipv4_output,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
- .priority = NF_IP_PRI_SELINUX_FIRST,
+ .priority = NF_IP_PRI_NSALINUX_FIRST,
},
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
{
- .hook = selinux_ipv6_postroute,
+ .hook = nsalinux_ipv6_postroute,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_POST_ROUTING,
- .priority = NF_IP6_PRI_SELINUX_LAST,
+ .priority = NF_IP6_PRI_NSALINUX_LAST,
},
{
- .hook = selinux_ipv6_forward,
+ .hook = nsalinux_ipv6_forward,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD,
- .priority = NF_IP6_PRI_SELINUX_FIRST,
+ .priority = NF_IP6_PRI_NSALINUX_FIRST,
},
#endif /* IPV6 */
};
-static int __init selinux_nf_ip_init(void)
+static int __init nsalinux_nf_ip_init(void)
{
int err;
- if (!selinux_enabled)
+ if (!nsalinux_enabled)
return 0;
- printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
+ printk(KERN_DEBUG "NSALinux: Registering netfilter hooks\n");
- err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
+ err = nf_register_hooks(nsalinux_nf_ops, ARRAY_SIZE(nsalinux_nf_ops));
if (err)
- panic("SELinux: nf_register_hooks: error %d\n", err);
+ panic("NSALinux: nf_register_hooks: error %d\n", err);
return 0;
}
-__initcall(selinux_nf_ip_init);
+__initcall(nsalinux_nf_ip_init);
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-static void selinux_nf_ip_exit(void)
+#ifdef CONFIG_SECURITY_NSALINUX_DISABLE
+static void nsalinux_nf_ip_exit(void)
{
- printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
+ printk(KERN_DEBUG "NSALinux: Unregistering netfilter hooks\n");
- nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
+ nf_unregister_hooks(nsalinux_nf_ops, ARRAY_SIZE(nsalinux_nf_ops));
}
#endif
#else /* CONFIG_NETFILTER */
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-#define selinux_nf_ip_exit()
+#ifdef CONFIG_SECURITY_NSALINUX_DISABLE
+#define nsalinux_nf_ip_exit()
#endif
#endif /* CONFIG_NETFILTER */
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-static int selinux_disabled;
+#ifdef CONFIG_SECURITY_NSALINUX_DISABLE
+static int nsalinux_disabled;
-int selinux_disable(void)
+int nsalinux_disable(void)
{
if (ss_initialized) {
/* Not permitted after initial policy load. */
return -EINVAL;
}
- if (selinux_disabled) {
+ if (nsalinux_disabled) {
/* Only do this once. */
return -EINVAL;
}
- printk(KERN_INFO "SELinux: Disabled at runtime.\n");
+ printk(KERN_INFO "NSALinux: Disabled at runtime.\n");
- selinux_disabled = 1;
- selinux_enabled = 0;
+ nsalinux_disabled = 1;
+ nsalinux_enabled = 0;
- security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
+ security_delete_hooks(nsalinux_hooks, ARRAY_SIZE(nsalinux_hooks));
/* Try to destroy the avc node cache */
avc_disable();
/* Unregister netfilter hooks. */
- selinux_nf_ip_exit();
+ nsalinux_nf_ip_exit();
- /* Unregister selinuxfs. */
+ /* Unregister nsalinuxfs. */
exit_sel_fs();
return 0;
diff --git a/security/selinux/include/audit.h b/security/nsalinux/include/audit.h
similarity index 62%
rename from security/selinux/include/audit.h
rename to security/nsalinux/include/audit.h
index 1bdf973..aab8c7c 100644
--- a/security/selinux/include/audit.h
+++ b/security/nsalinux/include/audit.h
@@ -1,7 +1,7 @@
/*
- * SELinux support for the Audit LSM hooks
+ * NSALinux support for the Audit LSM hooks
*
- * Most of below header was moved from include/linux/selinux.h which
+ * Most of below header was moved from include/linux/nsalinux.h which
* is released under below copyrights:
*
* Author: James Morris <jmorris@xxxxxxxxxx>
@@ -15,11 +15,11 @@
* as published by the Free Software Foundation.
*/
-#ifndef _SELINUX_AUDIT_H
-#define _SELINUX_AUDIT_H
+#ifndef _NSALINUX_AUDIT_H
+#define _NSALINUX_AUDIT_H
/**
- * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
+ * nsalinux_audit_rule_init - alloc/init an nsalinux audit rule structure.
* @field: the field this rule refers to
* @op: the operater the rule uses
* @rulestr: the text "target" of the rule
@@ -27,21 +27,21 @@
*
* Returns 0 if successful, -errno if not. On success, the rule structure
* will be allocated internally. The caller must free this structure with
- * selinux_audit_rule_free() after use.
+ * nsalinux_audit_rule_free() after use.
*/
-int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);
+int nsalinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);
/**
- * selinux_audit_rule_free - free an selinux audit rule structure.
+ * nsalinux_audit_rule_free - free an nsalinux audit rule structure.
* @rule: pointer to the audit rule to be freed
*
* This will free all memory associated with the given rule.
* If @rule is NULL, no operation is performed.
*/
-void selinux_audit_rule_free(void *rule);
+void nsalinux_audit_rule_free(void *rule);
/**
- * selinux_audit_rule_match - determine if a context ID matches a rule.
+ * nsalinux_audit_rule_match - determine if a context ID matches a rule.
* @sid: the context ID to check
* @field: the field this rule refers to
* @op: the operater the rule uses
@@ -51,15 +51,15 @@ void selinux_audit_rule_free(void *rule);
* Returns 1 if the context id matches the rule, 0 if it does not, and
* -errno on failure.
*/
-int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
+int nsalinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
struct audit_context *actx);
/**
- * selinux_audit_rule_known - check to see if rule contains selinux fields.
+ * nsalinux_audit_rule_known - check to see if rule contains nsalinux fields.
* @rule: rule to be checked
- * Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
+ * Returns 1 if there are nsalinux fields specified in the rule, 0 otherwise.
*/
-int selinux_audit_rule_known(struct audit_krule *krule);
+int nsalinux_audit_rule_known(struct audit_krule *krule);
-#endif /* _SELINUX_AUDIT_H */
+#endif /* _NSALINUX_AUDIT_H */
diff --git a/security/selinux/include/avc.h b/security/nsalinux/include/avc.h
similarity index 94%
rename from security/selinux/include/avc.h
rename to security/nsalinux/include/avc.h
index 0999df0..e7e2880 100644
--- a/security/selinux/include/avc.h
+++ b/security/nsalinux/include/avc.h
@@ -3,8 +3,8 @@
*
* Author : Stephen Smalley, <sds@xxxxxxxxxxxxxx>
*/
-#ifndef _SELINUX_AVC_H_
-#define _SELINUX_AVC_H_
+#ifndef _NSALINUX_AVC_H_
+#define _NSALINUX_AVC_H_
#include <linux/stddef.h>
#include <linux/errno.h>
@@ -19,10 +19,10 @@
#include "av_permissions.h"
#include "security.h"
-#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
-extern int selinux_enforcing;
+#ifdef CONFIG_SECURITY_NSALINUX_DEVELOP
+extern int nsalinux_enforcing;
#else
-#define selinux_enforcing 1
+#define nsalinux_enforcing 1
#endif
/*
@@ -49,7 +49,7 @@ struct avc_cache_stats {
/*
* We only need this data after we have decided to send an audit message.
*/
-struct selinux_audit_data {
+struct nsalinux_audit_data {
u32 ssid;
u32 tsid;
u16 tclass;
@@ -175,16 +175,16 @@ u32 avc_policy_seqno(void);
int avc_add_callback(int (*callback)(u32 event), u32 events);
-/* Exported to selinuxfs */
+/* Exported to nsalinuxfs */
int avc_get_hash_stats(char *page);
extern unsigned int avc_cache_threshold;
/* Attempt to free avc node cache */
void avc_disable(void);
-#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
+#ifdef CONFIG_SECURITY_NSALINUX_AVC_STATS
DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
#endif
-#endif /* _SELINUX_AVC_H_ */
+#endif /* _NSALINUX_AVC_H_ */
diff --git a/security/selinux/include/avc_ss.h b/security/nsalinux/include/avc_ss.h
similarity index 84%
rename from security/selinux/include/avc_ss.h
rename to security/nsalinux/include/avc_ss.h
index d5c3284..13b2fc5 100644
--- a/security/selinux/include/avc_ss.h
+++ b/security/nsalinux/include/avc_ss.h
@@ -3,8 +3,8 @@
*
* Author : Stephen Smalley, <sds@xxxxxxxxxxxxxx>
*/
-#ifndef _SELINUX_AVC_SS_H_
-#define _SELINUX_AVC_SS_H_
+#ifndef _NSALINUX_AVC_SS_H_
+#define _NSALINUX_AVC_SS_H_
#include "flask.h"
@@ -24,5 +24,5 @@ extern struct security_class_mapping secclass_map[];
*/
extern int ss_initialized;
-#endif /* _SELINUX_AVC_SS_H_ */
+#endif /* _NSALINUX_AVC_SS_H_ */
diff --git a/security/selinux/include/classmap.h b/security/nsalinux/include/classmap.h
similarity index 99%
rename from security/selinux/include/classmap.h
rename to security/nsalinux/include/classmap.h
index ef83c4b..40d2a93 100644
--- a/security/selinux/include/classmap.h
+++ b/security/nsalinux/include/classmap.h
@@ -109,7 +109,7 @@ struct security_class_mapping secclass_map[] = {
{ "netlink_xfrm_socket",
{ COMMON_SOCK_PERMS,
"nlmsg_read", "nlmsg_write", NULL } },
- { "netlink_selinux_socket",
+ { "netlink_nsalinux_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "netlink_iscsi_socket",
{ COMMON_SOCK_PERMS, NULL } },
diff --git a/security/selinux/include/conditional.h b/security/nsalinux/include/conditional.h
similarity index 85%
rename from security/selinux/include/conditional.h
rename to security/nsalinux/include/conditional.h
index 67ce7a8..2cd22cd 100644
--- a/security/selinux/include/conditional.h
+++ b/security/nsalinux/include/conditional.h
@@ -1,6 +1,6 @@
/*
* Interface to booleans in the security server. This is exported
- * for the selinuxfs.
+ * for the nsalinuxfs.
*
* Author: Karl MacMillan <kmacmillan@xxxxxxxxxx>
*
@@ -10,8 +10,8 @@
* the Free Software Foundation, version 2.
*/
-#ifndef _SELINUX_CONDITIONAL_H_
-#define _SELINUX_CONDITIONAL_H_
+#ifndef _NSALINUX_CONDITIONAL_H_
+#define _NSALINUX_CONDITIONAL_H_
int security_get_bools(int *len, char ***names, int **values);
diff --git a/security/selinux/include/initial_sid_to_string.h b/security/nsalinux/include/initial_sid_to_string.h
similarity index 100%
rename from security/selinux/include/initial_sid_to_string.h
rename to security/nsalinux/include/initial_sid_to_string.h
diff --git a/security/selinux/include/netif.h b/security/nsalinux/include/netif.h
similarity index 89%
rename from security/selinux/include/netif.h
rename to security/nsalinux/include/netif.h
index c721454..8316c05 100644
--- a/security/selinux/include/netif.h
+++ b/security/nsalinux/include/netif.h
@@ -14,8 +14,8 @@
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
-#ifndef _SELINUX_NETIF_H_
-#define _SELINUX_NETIF_H_
+#ifndef _NSALINUX_NETIF_H_
+#define _NSALINUX_NETIF_H_
#include <net/net_namespace.h>
@@ -23,5 +23,5 @@ void sel_netif_flush(void);
int sel_netif_sid(struct net *ns, int ifindex, u32 *sid);
-#endif /* _SELINUX_NETIF_H_ */
+#endif /* _NSALINUX_NETIF_H_ */
diff --git a/security/selinux/include/netlabel.h b/security/nsalinux/include/netlabel.h
similarity index 53%
rename from security/selinux/include/netlabel.h
rename to security/nsalinux/include/netlabel.h
index 8c59b8f..2febd5a 100644
--- a/security/selinux/include/netlabel.h
+++ b/security/nsalinux/include/netlabel.h
@@ -1,5 +1,5 @@
/*
- * SELinux interface to the NetLabel subsystem
+ * NSALinux interface to the NetLabel subsystem
*
* Author: Paul Moore <paul@xxxxxxxxxxxxxx>
*
@@ -24,8 +24,8 @@
*
*/
-#ifndef _SELINUX_NETLABEL_H_
-#define _SELINUX_NETLABEL_H_
+#ifndef _NSALINUX_NETLABEL_H_
+#define _NSALINUX_NETLABEL_H_
#include <linux/types.h>
#include <linux/fs.h>
@@ -38,59 +38,59 @@
#include "objsec.h"
#ifdef CONFIG_NETLABEL
-void selinux_netlbl_cache_invalidate(void);
+void nsalinux_netlbl_cache_invalidate(void);
-void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway);
+void nsalinux_netlbl_err(struct sk_buff *skb, int error, int gateway);
-void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
-void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
+void nsalinux_netlbl_sk_security_free(struct sk_security_struct *sksec);
+void nsalinux_netlbl_sk_security_reset(struct sk_security_struct *sksec);
-int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
+int nsalinux_netlbl_skbuff_getsid(struct sk_buff *skb,
u16 family,
u32 *type,
u32 *sid);
-int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
+int nsalinux_netlbl_skbuff_setsid(struct sk_buff *skb,
u16 family,
u32 sid);
-int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
-void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
-int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
-int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
+int nsalinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
+void nsalinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
+int nsalinux_netlbl_socket_post_create(struct sock *sk, u16 family);
+int nsalinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
struct sk_buff *skb,
u16 family,
struct common_audit_data *ad);
-int selinux_netlbl_socket_setsockopt(struct socket *sock,
+int nsalinux_netlbl_socket_setsockopt(struct socket *sock,
int level,
int optname);
-int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
+int nsalinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
#else
-static inline void selinux_netlbl_cache_invalidate(void)
+static inline void nsalinux_netlbl_cache_invalidate(void)
{
return;
}
-static inline void selinux_netlbl_err(struct sk_buff *skb,
+static inline void nsalinux_netlbl_err(struct sk_buff *skb,
int error,
int gateway)
{
return;
}
-static inline void selinux_netlbl_sk_security_free(
+static inline void nsalinux_netlbl_sk_security_free(
struct sk_security_struct *sksec)
{
return;
}
-static inline void selinux_netlbl_sk_security_reset(
+static inline void nsalinux_netlbl_sk_security_reset(
struct sk_security_struct *sksec)
{
return;
}
-static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
+static inline int nsalinux_netlbl_skbuff_getsid(struct sk_buff *skb,
u16 family,
u32 *type,
u32 *sid)
@@ -99,47 +99,47 @@ static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
*sid = SECSID_NULL;
return 0;
}
-static inline int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
+static inline int nsalinux_netlbl_skbuff_setsid(struct sk_buff *skb,
u16 family,
u32 sid)
{
return 0;
}
-static inline int selinux_netlbl_conn_setsid(struct sock *sk,
+static inline int nsalinux_netlbl_conn_setsid(struct sock *sk,
struct sockaddr *addr)
{
return 0;
}
-static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
+static inline int nsalinux_netlbl_inet_conn_request(struct request_sock *req,
u16 family)
{
return 0;
}
-static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
+static inline void nsalinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
{
return;
}
-static inline int selinux_netlbl_socket_post_create(struct sock *sk,
+static inline int nsalinux_netlbl_socket_post_create(struct sock *sk,
u16 family)
{
return 0;
}
-static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
+static inline int nsalinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
struct sk_buff *skb,
u16 family,
struct common_audit_data *ad)
{
return 0;
}
-static inline int selinux_netlbl_socket_setsockopt(struct socket *sock,
+static inline int nsalinux_netlbl_socket_setsockopt(struct socket *sock,
int level,
int optname)
{
return 0;
}
-static inline int selinux_netlbl_socket_connect(struct sock *sk,
+static inline int nsalinux_netlbl_socket_connect(struct sock *sk,
struct sockaddr *addr)
{
return 0;
diff --git a/security/selinux/include/netnode.h b/security/nsalinux/include/netnode.h
similarity index 87%
rename from security/selinux/include/netnode.h
rename to security/nsalinux/include/netnode.h
index 937668d..be77a6b 100644
--- a/security/selinux/include/netnode.h
+++ b/security/nsalinux/include/netnode.h
@@ -1,7 +1,7 @@
/*
* Network node table
*
- * SELinux must keep a mapping of network nodes to labels/SIDs. This
+ * NSALinux must keep a mapping of network nodes to labels/SIDs. This
* mapping is maintained as part of the normal policy but a fast cache is
* needed to reduce the lookup overhead since most of these queries happen on
* a per-packet basis.
@@ -24,8 +24,8 @@
*
*/
-#ifndef _SELINUX_NETNODE_H
-#define _SELINUX_NETNODE_H
+#ifndef _NSALINUX_NETNODE_H
+#define _NSALINUX_NETNODE_H
void sel_netnode_flush(void);
diff --git a/security/selinux/include/netport.h b/security/nsalinux/include/netport.h
similarity index 86%
rename from security/selinux/include/netport.h
rename to security/nsalinux/include/netport.h
index d1ce896..e402266 100644
--- a/security/selinux/include/netport.h
+++ b/security/nsalinux/include/netport.h
@@ -1,7 +1,7 @@
/*
* Network port table
*
- * SELinux must keep a mapping of network ports to labels/SIDs. This
+ * NSALinux must keep a mapping of network ports to labels/SIDs. This
* mapping is maintained as part of the normal policy but a fast cache is
* needed to reduce the lookup overhead.
*
@@ -23,8 +23,8 @@
*
*/
-#ifndef _SELINUX_NETPORT_H
-#define _SELINUX_NETPORT_H
+#ifndef _NSALINUX_NETPORT_H
+#define _NSALINUX_NETPORT_H
void sel_netport_flush(void);
diff --git a/security/selinux/include/objsec.h b/security/nsalinux/include/objsec.h
similarity index 92%
rename from security/selinux/include/objsec.h
rename to security/nsalinux/include/objsec.h
index a2ae054..da888c5 100644
--- a/security/selinux/include/objsec.h
+++ b/security/nsalinux/include/objsec.h
@@ -1,7 +1,7 @@
/*
- * NSA Security-Enhanced Linux (SELinux) security module
+ * NSALinux security module
*
- * This file contains the SELinux security data structures for kernel objects.
+ * This file contains the NSALinux security data structures for kernel objects.
*
* Author(s): Stephen Smalley, <sds@xxxxxxxxxxxxxx>
* Chris Vance, <cvance@xxxxxxx>
@@ -15,8 +15,8 @@
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
-#ifndef _SELINUX_OBJSEC_H_
-#define _SELINUX_OBJSEC_H_
+#ifndef _NSALINUX_OBJSEC_H_
+#define _NSALINUX_OBJSEC_H_
#include <linux/list.h>
#include <linux/sched.h>
@@ -129,6 +129,6 @@ struct key_security_struct {
u32 sid; /* SID of key */
};
-extern unsigned int selinux_checkreqprot;
+extern unsigned int nsalinux_checkreqprot;
-#endif /* _SELINUX_OBJSEC_H_ */
+#endif /* _NSALINUX_OBJSEC_H_ */
diff --git a/security/selinux/include/security.h b/security/nsalinux/include/security.h
similarity index 88%
rename from security/selinux/include/security.h
rename to security/nsalinux/include/security.h
index 38feb55..85731f7 100644
--- a/security/selinux/include/security.h
+++ b/security/nsalinux/include/security.h
@@ -5,8 +5,8 @@
*
*/
-#ifndef _SELINUX_SECURITY_H_
-#define _SELINUX_SECURITY_H_
+#ifndef _NSALINUX_SECURITY_H_
+#define _NSALINUX_SECURITY_H_
#include <linux/compiler.h>
#include <linux/dcache.h>
@@ -39,8 +39,8 @@
/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
-#ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX
-#define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
+#ifdef CONFIG_SECURITY_NSALINUX_POLICYDB_VERSION_MAX
+#define POLICYDB_VERSION_MAX CONFIG_SECURITY_NSALINUX_POLICYDB_VERSION_MAX_VALUE
#else
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_XPERMS_IOCTL
#endif
@@ -48,7 +48,7 @@
/* Mask for just the mount related flags */
#define SE_MNTMASK 0x0f
/* Super block security struct flags for mount options */
-/* BE CAREFUL, these need to be the low order bits for selinux_get_mnt_opts */
+/* BE CAREFUL, these need to be the low order bits for nsalinux_get_mnt_opts */
#define CONTEXT_MNT 0x01
#define FSCONTEXT_MNT 0x02
#define ROOTCONTEXT_MNT 0x04
@@ -67,7 +67,7 @@
struct netlbl_lsm_secattr;
-extern int selinux_enabled;
+extern int nsalinux_enabled;
/* Policy capabilities */
enum {
@@ -79,9 +79,9 @@ enum {
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
-extern int selinux_policycap_netpeer;
-extern int selinux_policycap_openperm;
-extern int selinux_policycap_alwaysnetwork;
+extern int nsalinux_policycap_netpeer;
+extern int nsalinux_policycap_openperm;
+extern int nsalinux_policycap_alwaysnetwork;
/*
* type_datum properties
@@ -243,10 +243,10 @@ const char *security_get_initial_sid_context(u32 sid);
/*
* status notifier using mmap interface
*/
-extern struct page *selinux_kernel_status_page(void);
+extern struct page *nsalinux_kernel_status_page(void);
-#define SELINUX_KERNEL_STATUS_VERSION 1
-struct selinux_kernel_status {
+#define NSALINUX_KERNEL_STATUS_VERSION 1
+struct nsalinux_kernel_status {
u32 version; /* version number of thie structure */
u32 sequence; /* sequence number of seqlock logic */
u32 enforcing; /* current setting of enforcing mode */
@@ -257,16 +257,16 @@ struct selinux_kernel_status {
*/
} __packed;
-extern void selinux_status_update_setenforce(int enforcing);
-extern void selinux_status_update_policyload(int seqno);
-extern void selinux_complete_init(void);
-extern int selinux_disable(void);
+extern void nsalinux_status_update_setenforce(int enforcing);
+extern void nsalinux_status_update_policyload(int seqno);
+extern void nsalinux_complete_init(void);
+extern int nsalinux_disable(void);
extern void exit_sel_fs(void);
-extern struct path selinux_null;
-extern struct vfsmount *selinuxfs_mount;
+extern struct path nsalinux_null;
+extern struct vfsmount *nsalinuxfs_mount;
extern void selnl_notify_setenforce(int val);
extern void selnl_notify_policyload(u32 seqno);
-extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
+extern int nsalinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
-#endif /* _SELINUX_SECURITY_H_ */
+#endif /* _NSALINUX_SECURITY_H_ */
diff --git a/security/selinux/include/xfrm.h b/security/nsalinux/include/xfrm.h
similarity index 37%
rename from security/selinux/include/xfrm.h
rename to security/nsalinux/include/xfrm.h
index 1450f85..fc142c6 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/nsalinux/include/xfrm.h
@@ -1,48 +1,48 @@
/*
- * SELinux support for the XFRM LSM hooks
+ * NSALinux support for the XFRM LSM hooks
*
* Author : Trent Jaeger, <jaegert@xxxxxxxxxx>
* Updated : Venkat Yekkirala, <vyekkirala@xxxxxxxxxxxxx>
*/
-#ifndef _SELINUX_XFRM_H_
-#define _SELINUX_XFRM_H_
+#ifndef _NSALINUX_XFRM_H_
+#define _NSALINUX_XFRM_H_
#include <net/flow.h>
-int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+int nsalinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
struct xfrm_user_sec_ctx *uctx,
gfp_t gfp);
-int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
+int nsalinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
struct xfrm_sec_ctx **new_ctxp);
-void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
-int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
-int selinux_xfrm_state_alloc(struct xfrm_state *x,
+void nsalinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
+int nsalinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
+int nsalinux_xfrm_state_alloc(struct xfrm_state *x,
struct xfrm_user_sec_ctx *uctx);
-int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
+int nsalinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid);
-void selinux_xfrm_state_free(struct xfrm_state *x);
-int selinux_xfrm_state_delete(struct xfrm_state *x);
-int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
-int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
+void nsalinux_xfrm_state_free(struct xfrm_state *x);
+int nsalinux_xfrm_state_delete(struct xfrm_state *x);
+int nsalinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
+int nsalinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
const struct flowi *fl);
#ifdef CONFIG_SECURITY_NETWORK_XFRM
-extern atomic_t selinux_xfrm_refcount;
+extern atomic_t nsalinux_xfrm_refcount;
-static inline int selinux_xfrm_enabled(void)
+static inline int nsalinux_xfrm_enabled(void)
{
- return (atomic_read(&selinux_xfrm_refcount) > 0);
+ return (atomic_read(&nsalinux_xfrm_refcount) > 0);
}
-int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
+int nsalinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
struct common_audit_data *ad);
-int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
+int nsalinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
struct common_audit_data *ad, u8 proto);
-int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
-int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid);
+int nsalinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
+int nsalinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid);
-static inline void selinux_xfrm_notify_policyload(void)
+static inline void nsalinux_xfrm_notify_policyload(void)
{
struct net *net;
@@ -54,40 +54,40 @@ static inline void selinux_xfrm_notify_policyload(void)
rtnl_unlock();
}
#else
-static inline int selinux_xfrm_enabled(void)
+static inline int nsalinux_xfrm_enabled(void)
{
return 0;
}
-static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
+static inline int nsalinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
struct common_audit_data *ad)
{
return 0;
}
-static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
+static inline int nsalinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
struct common_audit_data *ad,
u8 proto)
{
return 0;
}
-static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid,
+static inline int nsalinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid,
int ckall)
{
*sid = SECSID_NULL;
return 0;
}
-static inline void selinux_xfrm_notify_policyload(void)
+static inline void nsalinux_xfrm_notify_policyload(void)
{
}
-static inline int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
+static inline int nsalinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
{
*sid = SECSID_NULL;
return 0;
}
#endif
-#endif /* _SELINUX_XFRM_H_ */
+#endif /* _NSALINUX_XFRM_H_ */
diff --git a/security/selinux/netif.c b/security/nsalinux/netif.c
similarity index 98%
rename from security/selinux/netif.c
rename to security/nsalinux/netif.c
index e607b44..f929ca1 100644
--- a/security/selinux/netif.c
+++ b/security/nsalinux/netif.c
@@ -146,7 +146,7 @@ static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)
dev = dev_get_by_index(ns, ifindex);
if (unlikely(dev == NULL)) {
printk(KERN_WARNING
- "SELinux: failure in sel_netif_sid_slow(),"
+ "NSALinux: failure in sel_netif_sid_slow(),"
" invalid network interface (%d)\n", ifindex);
return -ENOENT;
}
@@ -178,7 +178,7 @@ out:
dev_put(dev);
if (unlikely(ret)) {
printk(KERN_WARNING
- "SELinux: failure in sel_netif_sid_slow(),"
+ "NSALinux: failure in sel_netif_sid_slow(),"
" unable to determine network interface label (%d)\n",
ifindex);
kfree(new);
@@ -277,7 +277,7 @@ static __init int sel_netif_init(void)
{
int i;
- if (!selinux_enabled)
+ if (!nsalinux_enabled)
return 0;
for (i = 0; i < SEL_NETIF_HASH_SIZE; i++)
diff --git a/security/selinux/netlabel.c b/security/nsalinux/netlabel.c
similarity index 81%
rename from security/selinux/netlabel.c
rename to security/nsalinux/netlabel.c
index 1f989a5..5c73e02 100644
--- a/security/selinux/netlabel.c
+++ b/security/nsalinux/netlabel.c
@@ -1,7 +1,7 @@
/*
- * SELinux NetLabel Support
+ * NSALinux NetLabel Support
*
- * This file provides the necessary glue to tie NetLabel into the SELinux
+ * This file provides the necessary glue to tie NetLabel into the NSALinux
* subsystem.
*
* Author: Paul Moore <paul@xxxxxxxxxxxxxx>
@@ -42,18 +42,18 @@
#include "netlabel.h"
/**
- * selinux_netlbl_sidlookup_cached - Cache a SID lookup
+ * nsalinux_netlbl_sidlookup_cached - Cache a SID lookup
* @skb: the packet
* @secattr: the NetLabel security attributes
* @sid: the SID
*
* Description:
- * Query the SELinux security server to lookup the correct SID for the given
+ * Query the NSALinux security server to lookup the correct SID for the given
* security attributes. If the query is successful, cache the result to speed
* up future lookups. Returns zero on success, negative values on failure.
*
*/
-static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb,
+static int nsalinux_netlbl_sidlookup_cached(struct sk_buff *skb,
struct netlbl_lsm_secattr *secattr,
u32 *sid)
{
@@ -69,7 +69,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb,
}
/**
- * selinux_netlbl_sock_genattr - Generate the NetLabel socket secattr
+ * nsalinux_netlbl_sock_genattr - Generate the NetLabel socket secattr
* @sk: the socket
*
* Description:
@@ -78,7 +78,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb,
* on success, NULL on failure.
*
*/
-static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk)
+static struct netlbl_lsm_secattr *nsalinux_netlbl_sock_genattr(struct sock *sk)
{
int rc;
struct sk_security_struct *sksec = sk->sk_security;
@@ -101,7 +101,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk)
}
/**
- * selinux_netlbl_sock_getattr - Get the cached NetLabel secattr
+ * nsalinux_netlbl_sock_getattr - Get the cached NetLabel secattr
* @sk: the socket
* @sid: the SID
*
@@ -109,7 +109,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk)
* return the cache, otherwise return NULL.
*
*/
-static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr(
+static struct netlbl_lsm_secattr *nsalinux_netlbl_sock_getattr(
const struct sock *sk,
u32 sid)
{
@@ -127,19 +127,19 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_getattr(
}
/**
- * selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache
+ * nsalinux_netlbl_cache_invalidate - Invalidate the NetLabel cache
*
* Description:
* Invalidate the NetLabel security attribute mapping cache.
*
*/
-void selinux_netlbl_cache_invalidate(void)
+void nsalinux_netlbl_cache_invalidate(void)
{
netlbl_cache_invalidate();
}
/**
- * selinux_netlbl_err - Handle a NetLabel packet error
+ * nsalinux_netlbl_err - Handle a NetLabel packet error
* @skb: the packet
* @error: the error code
* @gateway: true if host is acting as a gateway, false otherwise
@@ -151,27 +151,27 @@ void selinux_netlbl_cache_invalidate(void)
* present on the packet, NetLabel is smart enough to only act when it should.
*
*/
-void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway)
+void nsalinux_netlbl_err(struct sk_buff *skb, int error, int gateway)
{
netlbl_skbuff_err(skb, error, gateway);
}
/**
- * selinux_netlbl_sk_security_free - Free the NetLabel fields
+ * nsalinux_netlbl_sk_security_free - Free the NetLabel fields
* @sksec: the sk_security_struct
*
* Description:
* Free all of the memory in the NetLabel fields of a sk_security_struct.
*
*/
-void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
+void nsalinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
{
if (sksec->nlbl_secattr != NULL)
netlbl_secattr_free(sksec->nlbl_secattr);
}
/**
- * selinux_netlbl_sk_security_reset - Reset the NetLabel fields
+ * nsalinux_netlbl_sk_security_reset - Reset the NetLabel fields
* @sksec: the sk_security_struct
* @family: the socket family
*
@@ -180,13 +180,13 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
* The caller is responsible for all the NetLabel sk_security_struct locking.
*
*/
-void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec)
+void nsalinux_netlbl_sk_security_reset(struct sk_security_struct *sksec)
{
sksec->nlbl_state = NLBL_UNSET;
}
/**
- * selinux_netlbl_skbuff_getsid - Get the sid of a packet using NetLabel
+ * nsalinux_netlbl_skbuff_getsid - Get the sid of a packet using NetLabel
* @skb: the packet
* @family: protocol family
* @type: NetLabel labeling protocol type
@@ -198,7 +198,7 @@ void selinux_netlbl_sk_security_reset(struct sk_security_struct *sksec)
* assign to the packet. Returns zero on success, negative values on failure.
*
*/
-int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
+int nsalinux_netlbl_skbuff_getsid(struct sk_buff *skb,
u16 family,
u32 *type,
u32 *sid)
@@ -214,7 +214,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
netlbl_secattr_init(&secattr);
rc = netlbl_skbuff_getattr(skb, family, &secattr);
if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
- rc = selinux_netlbl_sidlookup_cached(skb, &secattr, sid);
+ rc = nsalinux_netlbl_sidlookup_cached(skb, &secattr, sid);
else
*sid = SECSID_NULL;
*type = secattr.type;
@@ -224,7 +224,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
}
/**
- * selinux_netlbl_skbuff_setsid - Set the NetLabel on a packet given a sid
+ * nsalinux_netlbl_skbuff_setsid - Set the NetLabel on a packet given a sid
* @skb: the packet
* @family: protocol family
* @sid: the SID
@@ -234,7 +234,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb,
* Returns zero on success, negative values on failure.
*
*/
-int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
+int nsalinux_netlbl_skbuff_setsid(struct sk_buff *skb,
u16 family,
u32 sid)
{
@@ -250,7 +250,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
struct sk_security_struct *sksec = sk->sk_security;
if (sksec->nlbl_state != NLBL_REQSKB)
return 0;
- secattr = selinux_netlbl_sock_getattr(sk, sid);
+ secattr = nsalinux_netlbl_sock_getattr(sk, sid);
}
if (secattr == NULL) {
secattr = &secattr_storage;
@@ -269,7 +269,7 @@ skbuff_setsid_return:
}
/**
- * selinux_netlbl_inet_conn_request - Label an incoming stream connection
+ * nsalinux_netlbl_inet_conn_request - Label an incoming stream connection
* @req: incoming connection request socket
*
* Description:
@@ -279,7 +279,7 @@ skbuff_setsid_return:
* is complete. Returns zero on success, negative values on failure.
*
*/
-int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family)
+int nsalinux_netlbl_inet_conn_request(struct request_sock *req, u16 family)
{
int rc;
struct netlbl_lsm_secattr secattr;
@@ -298,16 +298,16 @@ inet_conn_request_return:
}
/**
- * selinux_netlbl_inet_csk_clone - Initialize the newly created sock
+ * nsalinux_netlbl_inet_csk_clone - Initialize the newly created sock
* @sk: the new sock
*
* Description:
* A new connection has been established using @sk, we've already labeled the
- * socket via the request_sock struct in selinux_netlbl_inet_conn_request() but
+ * socket via the request_sock struct in nsalinux_netlbl_inet_conn_request() but
* we need to set the NetLabel state here since we now have a sock structure.
*
*/
-void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
+void nsalinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
{
struct sk_security_struct *sksec = sk->sk_security;
@@ -318,7 +318,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
}
/**
- * selinux_netlbl_socket_post_create - Label a socket using NetLabel
+ * nsalinux_netlbl_socket_post_create - Label a socket using NetLabel
* @sock: the socket to label
* @family: protocol family
*
@@ -327,7 +327,7 @@ void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
* SID. Returns zero values on success, negative values on failure.
*
*/
-int selinux_netlbl_socket_post_create(struct sock *sk, u16 family)
+int nsalinux_netlbl_socket_post_create(struct sock *sk, u16 family)
{
int rc;
struct sk_security_struct *sksec = sk->sk_security;
@@ -336,7 +336,7 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family)
if (family != PF_INET)
return 0;
- secattr = selinux_netlbl_sock_genattr(sk);
+ secattr = nsalinux_netlbl_sock_genattr(sk);
if (secattr == NULL)
return -ENOMEM;
rc = netlbl_sock_setattr(sk, family, secattr);
@@ -354,7 +354,7 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family)
}
/**
- * selinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel
+ * nsalinux_netlbl_sock_rcv_skb - Do an inbound access check using NetLabel
* @sksec: the sock's sk_security_struct
* @skb: the packet
* @family: protocol family
@@ -366,7 +366,7 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family)
* error.
*
*/
-int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
+int nsalinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
struct sk_buff *skb,
u16 family,
struct common_audit_data *ad)
@@ -382,7 +382,7 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
netlbl_secattr_init(&secattr);
rc = netlbl_skbuff_getattr(skb, family, &secattr);
if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
- rc = selinux_netlbl_sidlookup_cached(skb, &secattr, &nlbl_sid);
+ rc = nsalinux_netlbl_sidlookup_cached(skb, &secattr, &nlbl_sid);
else
nlbl_sid = SECINITSID_UNLABELED;
netlbl_secattr_destroy(&secattr);
@@ -410,7 +410,7 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
}
/**
- * selinux_netlbl_socket_setsockopt - Do not allow users to remove a NetLabel
+ * nsalinux_netlbl_socket_setsockopt - Do not allow users to remove a NetLabel
* @sock: the socket
* @level: the socket level or protocol
* @optname: the socket option name
@@ -422,7 +422,7 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
* allowed, -EACCES when denied, and other negative values on error.
*
*/
-int selinux_netlbl_socket_setsockopt(struct socket *sock,
+int nsalinux_netlbl_socket_setsockopt(struct socket *sock,
int level,
int optname)
{
@@ -452,7 +452,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock,
}
/**
- * selinux_netlbl_socket_connect - Label a client-side socket on connect
+ * nsalinux_netlbl_socket_connect - Label a client-side socket on connect
* @sk: the socket to label
* @addr: the destination address
*
@@ -461,7 +461,7 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock,
* Returns zero values on success, negative values on failure.
*
*/
-int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr)
+int nsalinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr)
{
int rc;
struct sk_security_struct *sksec = sk->sk_security;
@@ -482,7 +482,7 @@ int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr)
rc = 0;
goto socket_connect_return;
}
- secattr = selinux_netlbl_sock_genattr(sk);
+ secattr = nsalinux_netlbl_sock_genattr(sk);
if (secattr == NULL) {
rc = -ENOMEM;
goto socket_connect_return;
diff --git a/security/selinux/netlink.c b/security/nsalinux/netlink.c
similarity index 89%
rename from security/selinux/netlink.c
rename to security/nsalinux/netlink.c
index 828fb6a..a3e94ff 100644
--- a/security/selinux/netlink.c
+++ b/security/nsalinux/netlink.c
@@ -1,5 +1,5 @@
/*
- * Netlink event notifications for SELinux.
+ * Netlink event notifications for NSALinux.
*
* Author: James Morris <jmorris@xxxxxxxxxx>
*
@@ -16,7 +16,7 @@
#include <linux/kernel.h>
#include <linux/export.h>
#include <linux/skbuff.h>
-#include <linux/selinux_netlink.h>
+#include <linux/nsalinux_netlink.h>
#include <net/net_namespace.h>
#include <net/netlink.h>
@@ -94,7 +94,7 @@ out:
out_kfree_skb:
kfree_skb(skb);
oom:
- printk(KERN_ERR "SELinux: OOM in %s\n", __func__);
+ printk(KERN_ERR "NSALinux: OOM in %s\n", __func__);
goto out;
}
@@ -115,9 +115,9 @@ static int __init selnl_init(void)
.flags = NL_CFG_F_NONROOT_RECV,
};
- selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX, &cfg);
+ selnl = netlink_kernel_create(&init_net, NETLINK_NSALINUX, &cfg);
if (selnl == NULL)
- panic("SELinux: Cannot create netlink socket.");
+ panic("NSALinux: Cannot create netlink socket.");
return 0;
}
diff --git a/security/selinux/netnode.c b/security/nsalinux/netnode.c
similarity index 97%
rename from security/selinux/netnode.c
rename to security/nsalinux/netnode.c
index da923f8..0d65209 100644
--- a/security/selinux/netnode.c
+++ b/security/nsalinux/netnode.c
@@ -1,7 +1,7 @@
/*
* Network node table
*
- * SELinux must keep a mapping of network nodes to labels/SIDs. This
+ * NSALinux must keep a mapping of network nodes to labels/SIDs. This
* mapping is maintained as part of the normal policy but a fast cache is
* needed to reduce the lookup overhead since most of these queries happen on
* a per-packet basis.
@@ -10,7 +10,7 @@
*
* This code is heavily based on the "netif" concept originally developed by
* James Morris <jmorris@xxxxxxxxxx>
- * (see security/selinux/netif.c for more information)
+ * (see security/nsalinux/netif.c for more information)
*
*/
@@ -239,7 +239,7 @@ out:
spin_unlock_bh(&sel_netnode_lock);
if (unlikely(ret)) {
printk(KERN_WARNING
- "SELinux: failure in sel_netnode_sid_slow(),"
+ "NSALinux: failure in sel_netnode_sid_slow(),"
" unable to determine network node label\n");
kfree(new);
}
@@ -304,7 +304,7 @@ static __init int sel_netnode_init(void)
{
int iter;
- if (!selinux_enabled)
+ if (!nsalinux_enabled)
return 0;
for (iter = 0; iter < SEL_NETNODE_HASH_SIZE; iter++) {
diff --git a/security/selinux/netport.c b/security/nsalinux/netport.c
similarity index 96%
rename from security/selinux/netport.c
rename to security/nsalinux/netport.c
index 3311cc3..f4dead9 100644
--- a/security/selinux/netport.c
+++ b/security/nsalinux/netport.c
@@ -1,7 +1,7 @@
/*
* Network port table
*
- * SELinux must keep a mapping of network ports to labels/SIDs. This
+ * NSALinux must keep a mapping of network ports to labels/SIDs. This
* mapping is maintained as part of the normal policy but a fast cache is
* needed to reduce the lookup overhead.
*
@@ -9,7 +9,7 @@
*
* This code is heavily based on the "netif" concept originally developed by
* James Morris <jmorris@xxxxxxxxxx>
- * (see security/selinux/netif.c for more information)
+ * (see security/nsalinux/netif.c for more information)
*
*/
@@ -174,7 +174,7 @@ out:
spin_unlock_bh(&sel_netport_lock);
if (unlikely(ret)) {
printk(KERN_WARNING
- "SELinux: failure in sel_netport_sid_slow(),"
+ "NSALinux: failure in sel_netport_sid_slow(),"
" unable to determine network port label\n");
kfree(new);
}
@@ -238,7 +238,7 @@ static __init int sel_netport_init(void)
{
int iter;
- if (!selinux_enabled)
+ if (!nsalinux_enabled)
return 0;
for (iter = 0; iter < SEL_NETPORT_HASH_SIZE; iter++) {
diff --git a/security/selinux/nlmsgtab.c b/security/nsalinux/nlmsgtab.c
similarity index 99%
rename from security/selinux/nlmsgtab.c
rename to security/nsalinux/nlmsgtab.c
index 8495b93..4c9fffb 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/nsalinux/nlmsgtab.c
@@ -148,7 +148,7 @@ static int nlmsg_perm(u16 nlmsg_type, u32 *perm, struct nlmsg_perm *tab, size_t
return err;
}
-int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
+int nsalinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
{
int err = 0;
diff --git a/security/selinux/selinuxfs.c b/security/nsalinux/nsalinuxfs.c
similarity index 95%
rename from security/selinux/selinuxfs.c
rename to security/nsalinux/nsalinuxfs.c
index 1b1fd27..160b5e4 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/nsalinux/nsalinuxfs.c
@@ -31,7 +31,7 @@
#include <linux/kobject.h>
#include <linux/ctype.h>
-/* selinuxfs pseudo filesystem for exporting the security policy API.
+/* nsalinuxfs pseudo filesystem for exporting the security policy API.
Based on the proc code and the fs/nfsd/nfsctl.c code. */
#include "flask.h"
@@ -49,13 +49,13 @@ static char *policycap_names[] = {
"always_check_network"
};
-unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
+unsigned int nsalinux_checkreqprot = CONFIG_SECURITY_NSALINUX_CHECKREQPROT_VALUE;
static int __init checkreqprot_setup(char *str)
{
unsigned long checkreqprot;
if (!kstrtoul(str, 0, &checkreqprot))
- selinux_checkreqprot = checkreqprot ? 1 : 0;
+ nsalinux_checkreqprot = checkreqprot ? 1 : 0;
return 1;
}
__setup("checkreqprot=", checkreqprot_setup);
@@ -108,7 +108,7 @@ enum sel_inos {
SEL_POLICYVERS, /* return policy version for this kernel */
SEL_COMMIT_BOOLS, /* commit new boolean values */
SEL_MLS, /* return if MLS policy is enabled */
- SEL_DISABLE, /* disable SELinux until next reboot */
+ SEL_DISABLE, /* disable NSALinux until next reboot */
SEL_MEMBER, /* compute polyinstantiation membership decision */
SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
SEL_COMPAT_NET, /* whether to use old compat network packet controls */
@@ -135,11 +135,11 @@ static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
char tmpbuf[TMPBUFLEN];
ssize_t length;
- length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
+ length = scnprintf(tmpbuf, TMPBUFLEN, "%d", nsalinux_enforcing);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
-#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+#ifdef CONFIG_SECURITY_NSALINUX_DEVELOP
static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
@@ -163,20 +163,20 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
if (sscanf(page, "%d", &new_value) != 1)
goto out;
- if (new_value != selinux_enforcing) {
+ if (new_value != nsalinux_enforcing) {
length = task_has_security(current, SECURITY__SETENFORCE);
if (length)
goto out;
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
"enforcing=%d old_enforcing=%d auid=%u ses=%u",
- new_value, selinux_enforcing,
+ new_value, nsalinux_enforcing,
from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current));
- selinux_enforcing = new_value;
- if (selinux_enforcing)
+ nsalinux_enforcing = new_value;
+ if (nsalinux_enforcing)
avc_ss_reset(0);
- selnl_notify_setenforce(selinux_enforcing);
- selinux_status_update_setenforce(selinux_enforcing);
+ selnl_notify_setenforce(nsalinux_enforcing);
+ nsalinux_status_update_setenforce(nsalinux_enforcing);
}
length = count;
out:
@@ -213,7 +213,7 @@ static const struct file_operations sel_handle_unknown_ops = {
static int sel_open_handle_status(struct inode *inode, struct file *filp)
{
- struct page *status = selinux_kernel_status_page();
+ struct page *status = nsalinux_kernel_status_page();
if (!status)
return -ENOMEM;
@@ -232,7 +232,7 @@ static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
return simple_read_from_buffer(buf, count, ppos,
page_address(status),
- sizeof(struct selinux_kernel_status));
+ sizeof(struct nsalinux_kernel_status));
}
static int sel_mmap_handle_status(struct file *filp,
@@ -264,7 +264,7 @@ static const struct file_operations sel_handle_status_ops = {
.llseek = generic_file_llseek,
};
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+#ifdef CONFIG_SECURITY_NSALINUX_DISABLE
static ssize_t sel_write_disable(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
@@ -289,11 +289,11 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
goto out;
if (new_value) {
- length = selinux_disable();
+ length = nsalinux_disable();
if (length)
goto out;
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
- "selinux=0 auid=%u ses=%u",
+ "nsalinux=0 auid=%u ses=%u",
from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current));
}
@@ -573,7 +573,7 @@ static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
+ printk(KERN_ERR "NSALinux: %s: context size (%u) exceeds "
"payload max\n", __func__, len);
goto out;
}
@@ -591,7 +591,7 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
char tmpbuf[TMPBUFLEN];
ssize_t length;
- length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
+ length = scnprintf(tmpbuf, TMPBUFLEN, "%u", nsalinux_checkreqprot);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
@@ -621,7 +621,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
if (sscanf(page, "%u", &new_value) != 1)
goto out;
- selinux_checkreqprot = new_value ? 1 : 0;
+ nsalinux_checkreqprot = new_value ? 1 : 0;
length = count;
out:
kfree(page);
@@ -728,7 +728,7 @@ static ssize_t (*write_op[])(struct file *, char *, size_t) = {
[SEL_CONTEXT] = sel_write_context,
};
-static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
+static ssize_t nsalinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
{
ino_t ino = file_inode(file)->i_ino;
char *data;
@@ -750,7 +750,7 @@ static ssize_t selinux_transaction_write(struct file *file, const char __user *b
}
static const struct file_operations transaction_ops = {
- .write = selinux_transaction_write,
+ .write = nsalinux_transaction_write,
.read = simple_transaction_read,
.release = simple_transaction_release,
.llseek = generic_file_llseek,
@@ -893,7 +893,7 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
+ printk(KERN_ERR "NSALinux: %s: context size (%u) exceeds "
"payload max\n", __func__, len);
goto out;
}
@@ -1069,7 +1069,7 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
+ printk(KERN_ERR "NSALinux: %s: context size (%u) exceeds "
"payload max\n", __func__, len);
goto out;
}
@@ -1296,7 +1296,7 @@ static int sel_make_bools(void)
goto out;
isec = (struct inode_security_struct *)inode->i_security;
- ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
+ ret = security_genfs_sid("nsalinuxfs", page, SECCLASS_FILE, &sid);
if (ret)
goto out;
@@ -1328,7 +1328,7 @@ out:
#define NULL_FILE_NAME "null"
-struct path selinux_null;
+struct path nsalinux_null;
static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
@@ -1405,7 +1405,7 @@ static const struct file_operations sel_avc_hash_stats_ops = {
.llseek = generic_file_llseek,
};
-#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
+#ifdef CONFIG_SECURITY_NSALINUX_AVC_STATS
static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
{
int cpu;
@@ -1482,7 +1482,7 @@ static int sel_make_avc_files(struct dentry *dir)
{ "cache_threshold",
&sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
{ "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
-#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
+#ifdef CONFIG_SECURITY_NSALINUX_AVC_STATS
{ "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
#endif
};
@@ -1787,7 +1787,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
struct inode *inode;
struct inode_security_struct *isec;
- static struct tree_descr selinux_files[] = {
+ static struct tree_descr nsalinux_files[] = {
[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
[SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
@@ -1809,7 +1809,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
S_IWUGO},
/* last one */ {""}
};
- ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
+ ret = simple_fill_super(sb, NSALINUX_MAGIC, nsalinux_files);
if (ret)
goto err;
@@ -1838,7 +1838,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
d_add(dentry, inode);
- selinux_null.dentry = dentry;
+ nsalinux_null.dentry = dentry;
dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
if (IS_ERR(dentry)) {
@@ -1875,7 +1875,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
}
return 0;
err:
- printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
+ printk(KERN_ERR "NSALinux: %s: failed while creating inodes\n",
__func__);
return ret;
}
@@ -1887,35 +1887,35 @@ static struct dentry *sel_mount(struct file_system_type *fs_type,
}
static struct file_system_type sel_fs_type = {
- .name = "selinuxfs",
+ .name = "nsalinuxfs",
.mount = sel_mount,
.kill_sb = kill_litter_super,
};
-struct vfsmount *selinuxfs_mount;
+struct vfsmount *nsalinuxfs_mount;
static int __init init_sel_fs(void)
{
int err;
- if (!selinux_enabled)
+ if (!nsalinux_enabled)
return 0;
- err = sysfs_create_mount_point(fs_kobj, "selinux");
+ err = sysfs_create_mount_point(fs_kobj, "nsalinux");
if (err)
return err;
err = register_filesystem(&sel_fs_type);
if (err) {
- sysfs_remove_mount_point(fs_kobj, "selinux");
+ sysfs_remove_mount_point(fs_kobj, "nsalinux");
return err;
}
- selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
- if (IS_ERR(selinuxfs_mount)) {
- printk(KERN_ERR "selinuxfs: could not mount!\n");
- err = PTR_ERR(selinuxfs_mount);
- selinuxfs_mount = NULL;
+ nsalinux_null.mnt = nsalinuxfs_mount = kern_mount(&sel_fs_type);
+ if (IS_ERR(nsalinuxfs_mount)) {
+ printk(KERN_ERR "nsalinuxfs: could not mount!\n");
+ err = PTR_ERR(nsalinuxfs_mount);
+ nsalinuxfs_mount = NULL;
}
return err;
@@ -1923,11 +1923,11 @@ static int __init init_sel_fs(void)
__initcall(init_sel_fs);
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+#ifdef CONFIG_SECURITY_NSALINUX_DISABLE
void exit_sel_fs(void)
{
- sysfs_remove_mount_point(fs_kobj, "selinux");
- kern_unmount(selinuxfs_mount);
+ sysfs_remove_mount_point(fs_kobj, "nsalinux");
+ kern_unmount(nsalinuxfs_mount);
unregister_filesystem(&sel_fs_type);
}
#endif
diff --git a/security/selinux/ss/avtab.c b/security/nsalinux/ss/avtab.c
similarity index 90%
rename from security/selinux/ss/avtab.c
rename to security/nsalinux/ss/avtab.c
index 3628d3a..763c92c 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/nsalinux/ss/avtab.c
@@ -338,7 +338,7 @@ int avtab_alloc(struct avtab *h, u32 nrules)
h->nel = 0;
h->nslot = nslot;
h->mask = mask;
- printk(KERN_DEBUG "SELinux: %d avtab hash slots, %d rules.\n",
+ printk(KERN_DEBUG "NSALinux: %d avtab hash slots, %d rules.\n",
h->nslot, nrules);
return 0;
}
@@ -368,7 +368,7 @@ void avtab_hash_eval(struct avtab *h, char *tag)
}
}
- printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
+ printk(KERN_DEBUG "NSALinux: %s: %d entries and %d/%d buckets used, "
"longest chain length %d sum of chain length^2 %llu\n",
tag, h->nel, slots_used, h->nslot, max_chain_len,
chain2_len_sum);
@@ -407,18 +407,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (vers < POLICYDB_VERSION_AVTAB) {
rc = next_entry(buf32, fp, sizeof(u32));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated entry\n");
return rc;
}
items2 = le32_to_cpu(buf32[0]);
if (items2 > ARRAY_SIZE(buf32)) {
- printk(KERN_ERR "SELinux: avtab: entry overflow\n");
+ printk(KERN_ERR "NSALinux: avtab: entry overflow\n");
return -EINVAL;
}
rc = next_entry(buf32, fp, sizeof(u32)*items2);
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated entry\n");
return rc;
}
items = 0;
@@ -426,19 +426,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
val = le32_to_cpu(buf32[items++]);
key.source_type = (u16)val;
if (key.source_type != val) {
- printk(KERN_ERR "SELinux: avtab: truncated source type\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated source type\n");
return -EINVAL;
}
val = le32_to_cpu(buf32[items++]);
key.target_type = (u16)val;
if (key.target_type != val) {
- printk(KERN_ERR "SELinux: avtab: truncated target type\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated target type\n");
return -EINVAL;
}
val = le32_to_cpu(buf32[items++]);
key.target_class = (u16)val;
if (key.target_class != val) {
- printk(KERN_ERR "SELinux: avtab: truncated target class\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated target class\n");
return -EINVAL;
}
@@ -446,16 +446,16 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
- printk(KERN_ERR "SELinux: avtab: null entry\n");
+ printk(KERN_ERR "NSALinux: avtab: null entry\n");
return -EINVAL;
}
if ((val & AVTAB_AV) &&
(val & AVTAB_TYPE)) {
- printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
+ printk(KERN_ERR "NSALinux: avtab: entry has both access vectors and types\n");
return -EINVAL;
}
if (val & AVTAB_XPERMS) {
- printk(KERN_ERR "SELinux: avtab: entry has extended permissions\n");
+ printk(KERN_ERR "NSALinux: avtab: entry has extended permissions\n");
return -EINVAL;
}
@@ -470,7 +470,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
}
if (items != items2) {
- printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
+ printk(KERN_ERR "NSALinux: avtab: entry only had %d items, expected %d\n", items2, items);
return -EINVAL;
}
return 0;
@@ -478,7 +478,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
rc = next_entry(buf16, fp, sizeof(u16)*4);
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated entry\n");
return rc;
}
@@ -491,7 +491,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (!policydb_type_isvalid(pol, key.source_type) ||
!policydb_type_isvalid(pol, key.target_type) ||
!policydb_class_isvalid(pol, key.target_class)) {
- printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
+ printk(KERN_ERR "NSALinux: avtab: invalid type or class\n");
return -EINVAL;
}
@@ -501,13 +501,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
set++;
}
if (!set || set > 1) {
- printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
+ printk(KERN_ERR "NSALinux: avtab: more than one specifier\n");
return -EINVAL;
}
if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
(key.specified & AVTAB_XPERMS)) {
- printk(KERN_ERR "SELinux: avtab: policy version %u does not "
+ printk(KERN_ERR "NSALinux: avtab: policy version %u does not "
"support extended permissions rules and one "
"was specified\n", vers);
return -EINVAL;
@@ -515,17 +515,17 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
memset(&xperms, 0, sizeof(struct avtab_extended_perms));
rc = next_entry(&xperms.specified, fp, sizeof(u8));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated entry\n");
return rc;
}
rc = next_entry(&xperms.driver, fp, sizeof(u8));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated entry\n");
return rc;
}
rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(xperms.perms.p));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated entry\n");
return rc;
}
for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
@@ -534,14 +534,14 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
} else {
rc = next_entry(buf32, fp, sizeof(u32));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated entry\n");
return rc;
}
datum.u.data = le32_to_cpu(*buf32);
}
if ((key.specified & AVTAB_TYPE) &&
!policydb_type_isvalid(pol, datum.u.data)) {
- printk(KERN_ERR "SELinux: avtab: invalid type\n");
+ printk(KERN_ERR "NSALinux: avtab: invalid type\n");
return -EINVAL;
}
return insertf(a, &key, &datum, p);
@@ -562,12 +562,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
rc = next_entry(buf, fp, sizeof(u32));
if (rc < 0) {
- printk(KERN_ERR "SELinux: avtab: truncated table\n");
+ printk(KERN_ERR "NSALinux: avtab: truncated table\n");
goto bad;
}
nel = le32_to_cpu(buf[0]);
if (!nel) {
- printk(KERN_ERR "SELinux: avtab: table is empty\n");
+ printk(KERN_ERR "NSALinux: avtab: table is empty\n");
rc = -EINVAL;
goto bad;
}
@@ -580,9 +580,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL);
if (rc) {
if (rc == -ENOMEM)
- printk(KERN_ERR "SELinux: avtab: out of memory\n");
+ printk(KERN_ERR "NSALinux: avtab: out of memory\n");
else if (rc == -EEXIST)
- printk(KERN_ERR "SELinux: avtab: duplicate entry\n");
+ printk(KERN_ERR "NSALinux: avtab: duplicate entry\n");
goto bad;
}
diff --git a/security/selinux/ss/avtab.h b/security/nsalinux/ss/avtab.h
similarity index 100%
rename from security/selinux/ss/avtab.h
rename to security/nsalinux/ss/avtab.h
diff --git a/security/selinux/ss/conditional.c b/security/nsalinux/ss/conditional.c
similarity index 95%
rename from security/selinux/ss/conditional.c
rename to security/nsalinux/ss/conditional.c
index 456e1a9..478fa21 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/nsalinux/ss/conditional.c
@@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
if (new_state != node->cur_state) {
node->cur_state = new_state;
if (new_state == -1)
- printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
+ printk(KERN_ERR "NSALinux: expression result was undefined - disabling all rules.\n");
/* turn the rules on or off */
for (cur = node->true_list; cur; cur = cur->next) {
if (new_state <= 0)
@@ -284,7 +284,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
*/
if (k->specified & AVTAB_TYPE) {
if (avtab_search(&p->te_avtab, k)) {
- printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
+ printk(KERN_ERR "NSALinux: type rule already exists outside of a conditional.\n");
goto err;
}
/*
@@ -299,7 +299,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_search_node(&p->te_cond_avtab, k);
if (node_ptr) {
if (avtab_search_node_next(node_ptr, k->specified)) {
- printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
+ printk(KERN_ERR "NSALinux: too many conflicting type rules.\n");
goto err;
}
found = 0;
@@ -310,13 +310,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
}
}
if (!found) {
- printk(KERN_ERR "SELinux: conflicting type rules.\n");
+ printk(KERN_ERR "NSALinux: conflicting type rules.\n");
goto err;
}
}
} else {
if (avtab_search(&p->te_cond_avtab, k)) {
- printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
+ printk(KERN_ERR "NSALinux: conflicting type rules when adding type rule for true.\n");
goto err;
}
}
@@ -324,7 +324,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) {
- printk(KERN_ERR "SELinux: could not insert rule.\n");
+ printk(KERN_ERR "NSALinux: could not insert rule.\n");
rc = -ENOMEM;
goto err;
}
@@ -385,12 +385,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
{
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
+ printk(KERN_ERR "NSALinux: conditional expressions uses unknown operator.\n");
return 0;
}
if (expr->bool > p->p_bools.nprim) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
+ printk(KERN_ERR "NSALinux: conditional expressions uses unknown bool.\n");
return 0;
}
return 1;
diff --git a/security/selinux/ss/conditional.h b/security/nsalinux/ss/conditional.h
similarity index 100%
rename from security/selinux/ss/conditional.h
rename to security/nsalinux/ss/conditional.h
diff --git a/security/selinux/ss/constraint.h b/security/nsalinux/ss/constraint.h
similarity index 100%
rename from security/selinux/ss/constraint.h
rename to security/nsalinux/ss/constraint.h
diff --git a/security/selinux/ss/context.h b/security/nsalinux/ss/context.h
similarity index 100%
rename from security/selinux/ss/context.h
rename to security/nsalinux/ss/context.h
diff --git a/security/selinux/ss/ebitmap.c b/security/nsalinux/ss/ebitmap.c
similarity index 94%
rename from security/selinux/ss/ebitmap.c
rename to security/nsalinux/ss/ebitmap.c
index 57644b1..fa25970 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/nsalinux/ss/ebitmap.c
@@ -81,7 +81,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
* @catmap: the NetLabel category bitmap
*
* Description:
- * Export a SELinux extensibile bitmap into a NetLabel category bitmap.
+ * Export a NSALinux extensibile bitmap into a NetLabel category bitmap.
* Returns zero on success, negative values on error.
*
*/
@@ -133,7 +133,7 @@ netlbl_export_failure:
* @catmap: the NetLabel category bitmap
*
* Description:
- * Import a NetLabel category bitmap into a SELinux extensibile bitmap.
+ * Import a NetLabel category bitmap into a NSALinux extensibile bitmap.
* Returns zero on success, negative values on error.
*
*/
@@ -359,7 +359,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
count = le32_to_cpu(buf[2]);
if (mapunit != BITS_PER_U64) {
- printk(KERN_ERR "SELinux: ebitmap: map size %u does not "
+ printk(KERN_ERR "NSALinux: ebitmap: map size %u does not "
"match my size %Zd (high bit was %d)\n",
mapunit, BITS_PER_U64, e->highbit);
goto bad;
@@ -377,19 +377,19 @@ int ebitmap_read(struct ebitmap *e, void *fp)
for (i = 0; i < count; i++) {
rc = next_entry(&startbit, fp, sizeof(u32));
if (rc < 0) {
- printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
+ printk(KERN_ERR "NSALinux: ebitmap: truncated map\n");
goto bad;
}
startbit = le32_to_cpu(startbit);
if (startbit & (mapunit - 1)) {
- printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
+ printk(KERN_ERR "NSALinux: ebitmap start bit (%d) is "
"not a multiple of the map unit size (%u)\n",
startbit, mapunit);
goto bad;
}
if (startbit > e->highbit - mapunit) {
- printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
+ printk(KERN_ERR "NSALinux: ebitmap start bit (%d) is "
"beyond the end of the bitmap (%u)\n",
startbit, (e->highbit - mapunit));
goto bad;
@@ -400,7 +400,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
if (!tmp) {
printk(KERN_ERR
- "SELinux: ebitmap: out of memory\n");
+ "NSALinux: ebitmap: out of memory\n");
rc = -ENOMEM;
goto bad;
}
@@ -412,7 +412,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
e->node = tmp;
n = tmp;
} else if (startbit <= n->startbit) {
- printk(KERN_ERR "SELinux: ebitmap: start bit %d"
+ printk(KERN_ERR "NSALinux: ebitmap: start bit %d"
" comes after start bit %d\n",
startbit, n->startbit);
goto bad;
@@ -420,7 +420,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
rc = next_entry(&map, fp, sizeof(u64));
if (rc < 0) {
- printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
+ printk(KERN_ERR "NSALinux: ebitmap: truncated map\n");
goto bad;
}
map = le64_to_cpu(map);
diff --git a/security/selinux/ss/ebitmap.h b/security/nsalinux/ss/ebitmap.h
similarity index 100%
rename from security/selinux/ss/ebitmap.h
rename to security/nsalinux/ss/ebitmap.h
diff --git a/security/selinux/ss/hashtab.c b/security/nsalinux/ss/hashtab.c
similarity index 100%
rename from security/selinux/ss/hashtab.c
rename to security/nsalinux/ss/hashtab.c
diff --git a/security/selinux/ss/hashtab.h b/security/nsalinux/ss/hashtab.h
similarity index 100%
rename from security/selinux/ss/hashtab.h
rename to security/nsalinux/ss/hashtab.h
diff --git a/security/selinux/ss/mls.c b/security/nsalinux/ss/mls.c
similarity index 99%
rename from security/selinux/ss/mls.c
rename to security/nsalinux/ss/mls.c
index e108884..7fe6606 100644
--- a/security/selinux/ss/mls.c
+++ b/security/nsalinux/ss/mls.c
@@ -638,7 +638,7 @@ int mls_export_netlbl_cat(struct context *context,
* @secattr: the NetLabel security attributes
*
* Description:
- * Copy the NetLabel security attributes into the SELinux context; since the
+ * Copy the NetLabel security attributes into the NSALinux context; since the
* NetLabel security attribute only contains a single MLS category use it for
* both the low and high categories of the context. Returns zero on success,
* negative values on failure.
diff --git a/security/selinux/ss/mls.h b/security/nsalinux/ss/mls.h
similarity index 100%
rename from security/selinux/ss/mls.h
rename to security/nsalinux/ss/mls.h
diff --git a/security/selinux/ss/mls_types.h b/security/nsalinux/ss/mls_types.h
similarity index 100%
rename from security/selinux/ss/mls_types.h
rename to security/nsalinux/ss/mls_types.h
diff --git a/security/selinux/ss/policydb.c b/security/nsalinux/ss/policydb.c
similarity index 96%
rename from security/selinux/ss/policydb.c
rename to security/nsalinux/ss/policydb.c
index 992a315..199f2f9 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/nsalinux/ss/policydb.c
@@ -495,7 +495,7 @@ static void hash_eval(struct hashtab *h, const char *hash_name)
struct hashtab_info info;
hashtab_stat(h, &info);
- printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
+ printk(KERN_DEBUG "NSALinux: %s: %d entries and %d/%d buckets used, "
"longest chain length %d\n", hash_name, h->nel,
info.slots_used, h->size, info.max_chain_len);
}
@@ -524,14 +524,14 @@ static int policydb_index(struct policydb *p)
{
int i, rc;
- printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
+ printk(KERN_DEBUG "NSALinux: %d users, %d roles, %d types, %d bools",
p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
if (p->mls_enabled)
printk(", %d sens, %d cats", p->p_levels.nprim,
p->p_cats.nprim);
printk("\n");
- printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
+ printk(KERN_DEBUG "NSALinux: %d classes, %d rules\n",
p->p_classes.nprim, p->te_avtab.nel);
#ifdef DEBUG_HASHES
@@ -895,7 +895,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
rc = sidtab_init(s);
if (rc) {
- printk(KERN_ERR "SELinux: out of memory on SID table init\n");
+ printk(KERN_ERR "NSALinux: out of memory on SID table init\n");
goto out;
}
@@ -903,14 +903,14 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
for (c = head; c; c = c->next) {
rc = -EINVAL;
if (!c->context[0].user) {
- printk(KERN_ERR "SELinux: SID %s was never defined.\n",
+ printk(KERN_ERR "NSALinux: SID %s was never defined.\n",
c->u.name);
goto out;
}
rc = sidtab_insert(s, c->sid[0], &c->context[0]);
if (rc) {
- printk(KERN_ERR "SELinux: unable to load initial SID %s.\n",
+ printk(KERN_ERR "NSALinux: unable to load initial SID %s.\n",
c->u.name);
goto out;
}
@@ -1003,13 +1003,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
rc = -EINVAL;
items = le32_to_cpu(buf[0]);
if (items > ARRAY_SIZE(buf)) {
- printk(KERN_ERR "SELinux: mls: range overflow\n");
+ printk(KERN_ERR "NSALinux: mls: range overflow\n");
goto out;
}
rc = next_entry(buf, fp, sizeof(u32) * items);
if (rc) {
- printk(KERN_ERR "SELinux: mls: truncated range\n");
+ printk(KERN_ERR "NSALinux: mls: truncated range\n");
goto out;
}
@@ -1021,19 +1021,19 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
rc = ebitmap_read(&r->level[0].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading low categories\n");
+ printk(KERN_ERR "NSALinux: mls: error reading low categories\n");
goto out;
}
if (items > 1) {
rc = ebitmap_read(&r->level[1].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading high categories\n");
+ printk(KERN_ERR "NSALinux: mls: error reading high categories\n");
goto bad_high;
}
} else {
rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
if (rc) {
- printk(KERN_ERR "SELinux: mls: out of memory\n");
+ printk(KERN_ERR "NSALinux: mls: out of memory\n");
goto bad_high;
}
}
@@ -1058,7 +1058,7 @@ static int context_read_and_validate(struct context *c,
rc = next_entry(buf, fp, sizeof buf);
if (rc) {
- printk(KERN_ERR "SELinux: context truncated\n");
+ printk(KERN_ERR "NSALinux: context truncated\n");
goto out;
}
c->user = le32_to_cpu(buf[0]);
@@ -1067,14 +1067,14 @@ static int context_read_and_validate(struct context *c,
if (p->policyvers >= POLICYDB_VERSION_MLS) {
rc = mls_read_range_helper(&c->range, fp);
if (rc) {
- printk(KERN_ERR "SELinux: error reading MLS range of context\n");
+ printk(KERN_ERR "NSALinux: error reading MLS range of context\n");
goto out;
}
}
rc = -EINVAL;
if (!policydb_context_isvalid(p, c)) {
- printk(KERN_ERR "SELinux: invalid security context\n");
+ printk(KERN_ERR "NSALinux: invalid security context\n");
context_destroy(c);
goto out;
}
@@ -1350,7 +1350,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
rc = -EINVAL;
cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
if (!cladatum->comdatum) {
- printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey);
+ printk(KERN_ERR "NSALinux: unknown common %s\n", cladatum->comkey);
goto bad;
}
}
@@ -1443,7 +1443,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
if (strcmp(key, OBJECT_R) == 0) {
rc = -EINVAL;
if (role->value != OBJECT_R_VAL) {
- printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
+ printk(KERN_ERR "NSALinux: Role %s has wrong value %d\n",
OBJECT_R, role->value);
goto bad;
}
@@ -1522,14 +1522,14 @@ static int mls_read_level(struct mls_level *lp, void *fp)
rc = next_entry(buf, fp, sizeof buf);
if (rc) {
- printk(KERN_ERR "SELinux: mls: truncated level\n");
+ printk(KERN_ERR "NSALinux: mls: truncated level\n");
return rc;
}
lp->sens = le32_to_cpu(buf[0]);
rc = ebitmap_read(&lp->cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading level categories\n");
+ printk(KERN_ERR "NSALinux: mls: error reading level categories\n");
return rc;
}
return 0;
@@ -1686,7 +1686,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
unsigned long bit;
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: user %s: "
+ printk(KERN_ERR "NSALinux: user %s: "
"too deep or looped boundary",
(char *) key);
return -EINVAL;
@@ -1698,7 +1698,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
continue;
printk(KERN_ERR
- "SELinux: boundary violated policy: "
+ "NSALinux: boundary violated policy: "
"user=%s role=%s bounds=%s\n",
sym_name(p, SYM_USERS, user->value - 1),
sym_name(p, SYM_ROLES, bit),
@@ -1723,7 +1723,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
unsigned long bit;
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: role %s: "
+ printk(KERN_ERR "NSALinux: role %s: "
"too deep or looped bounds\n",
(char *) key);
return -EINVAL;
@@ -1735,7 +1735,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
continue;
printk(KERN_ERR
- "SELinux: boundary violated policy: "
+ "NSALinux: boundary violated policy: "
"role=%s type=%s bounds=%s\n",
sym_name(p, SYM_ROLES, role->value - 1),
sym_name(p, SYM_TYPES, bit),
@@ -1757,7 +1757,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
upper = datum;
while (upper->bounds) {
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: type %s: "
+ printk(KERN_ERR "NSALinux: type %s: "
"too deep or looped boundary\n",
(char *) key);
return -EINVAL;
@@ -1768,7 +1768,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
BUG_ON(!upper);
if (upper->attribute) {
- printk(KERN_ERR "SELinux: type %s: "
+ printk(KERN_ERR "NSALinux: type %s: "
"bounded by attribute %s",
(char *) key,
sym_name(p, SYM_TYPES, upper->value - 1));
@@ -1891,7 +1891,7 @@ static int range_read(struct policydb *p, void *fp)
rc = -EINVAL;
if (!mls_range_isvalid(p, r)) {
- printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
+ printk(KERN_WARNING "NSALinux: rangetrans: invalid range\n");
goto out;
}
@@ -2027,7 +2027,7 @@ static int genfs_read(struct policydb *p, void *fp)
genfs_p = genfs, genfs = genfs->next) {
rc = -EINVAL;
if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
- printk(KERN_ERR "SELinux: dup genfs fstype %s\n",
+ printk(KERN_ERR "NSALinux: dup genfs fstype %s\n",
newgenfs->fstype);
goto out;
}
@@ -2077,7 +2077,7 @@ static int genfs_read(struct policydb *p, void *fp)
if (!strcmp(newc->u.name, c->u.name) &&
(!c->v.sclass || !newc->v.sclass ||
newc->v.sclass == c->v.sclass)) {
- printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n",
+ printk(KERN_ERR "NSALinux: dup genfs entry (%s,%s)\n",
genfs->fstype, c->u.name);
goto out;
}
@@ -2253,7 +2253,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
- printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
+ printk(KERN_ERR "NSALinux: policydb magic number 0x%x does "
"not match expected magic number 0x%x\n",
le32_to_cpu(buf[0]), POLICYDB_MAGIC);
goto bad;
@@ -2262,7 +2262,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
- printk(KERN_ERR "SELinux: policydb string length %d does not "
+ printk(KERN_ERR "NSALinux: policydb string length %d does not "
"match expected length %Zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
@@ -2271,14 +2271,14 @@ int policydb_read(struct policydb *p, void *fp)
rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
if (!policydb_str) {
- printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
+ printk(KERN_ERR "NSALinux: unable to allocate memory for policydb "
"string of length %d\n", len);
goto bad;
}
rc = next_entry(policydb_str, fp, len);
if (rc) {
- printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
+ printk(KERN_ERR "NSALinux: truncated policydb string identifier\n");
kfree(policydb_str);
goto bad;
}
@@ -2286,7 +2286,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
policydb_str[len] = '\0';
if (strcmp(policydb_str, POLICYDB_STRING)) {
- printk(KERN_ERR "SELinux: policydb string %s does not match "
+ printk(KERN_ERR "NSALinux: policydb string %s does not match "
"my string %s\n", policydb_str, POLICYDB_STRING);
kfree(policydb_str);
goto bad;
@@ -2304,7 +2304,7 @@ int policydb_read(struct policydb *p, void *fp)
p->policyvers = le32_to_cpu(buf[0]);
if (p->policyvers < POLICYDB_VERSION_MIN ||
p->policyvers > POLICYDB_VERSION_MAX) {
- printk(KERN_ERR "SELinux: policydb version %d does not match "
+ printk(KERN_ERR "NSALinux: policydb version %d does not match "
"my version range %d-%d\n",
le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
goto bad;
@@ -2315,7 +2315,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
if (p->policyvers < POLICYDB_VERSION_MLS) {
- printk(KERN_ERR "SELinux: security policydb version %d "
+ printk(KERN_ERR "NSALinux: security policydb version %d "
"(MLS) not backwards compatible\n",
p->policyvers);
goto bad;
@@ -2339,7 +2339,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
info = policydb_lookup_compat(p->policyvers);
if (!info) {
- printk(KERN_ERR "SELinux: unable to find policy compat info "
+ printk(KERN_ERR "NSALinux: unable to find policy compat info "
"for version %d\n", p->policyvers);
goto bad;
}
@@ -2347,7 +2347,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
if (le32_to_cpu(buf[2]) != info->sym_num ||
le32_to_cpu(buf[3]) != info->ocon_num) {
- printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
+ printk(KERN_ERR "NSALinux: policydb table sizes (%d,%d) do "
"not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
le32_to_cpu(buf[3]),
info->sym_num, info->ocon_num);
@@ -3347,7 +3347,7 @@ int policydb_write(struct policydb *p, void *fp)
* careful if you ever try to remove this restriction
*/
if (p->policyvers < POLICYDB_VERSION_AVTAB) {
- printk(KERN_ERR "SELinux: refusing to write policy version %d."
+ printk(KERN_ERR "NSALinux: refusing to write policy version %d."
" Because it is less than version %d\n", p->policyvers,
POLICYDB_VERSION_AVTAB);
return -EINVAL;
@@ -3376,7 +3376,7 @@ int policydb_write(struct policydb *p, void *fp)
/* Write the version, config, and table sizes. */
info = policydb_lookup_compat(p->policyvers);
if (!info) {
- printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
+ printk(KERN_ERR "NSALinux: compatibility lookup failed for policy "
"version %d", p->policyvers);
return -EINVAL;
}
diff --git a/security/selinux/ss/policydb.h b/security/nsalinux/ss/policydb.h
similarity index 99%
rename from security/selinux/ss/policydb.h
rename to security/nsalinux/ss/policydb.h
index 725d594..a2d471f 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/nsalinux/ss/policydb.h
@@ -321,7 +321,7 @@ extern int policydb_write(struct policydb *p, void *fp);
#define OBJECT_R "object_r"
#define OBJECT_R_VAL 1
-#define POLICYDB_MAGIC SELINUX_MAGIC
+#define POLICYDB_MAGIC NSALINUX_MAGIC
#define POLICYDB_STRING "SE Linux"
struct policy_file {
diff --git a/security/selinux/ss/services.c b/security/nsalinux/ss/services.c
similarity index 94%
rename from security/selinux/ss/services.c
rename to security/nsalinux/ss/services.c
index ebda973..d3da385 100644
--- a/security/selinux/ss/services.c
+++ b/security/nsalinux/ss/services.c
@@ -49,7 +49,7 @@
#include <linux/sched.h>
#include <linux/audit.h>
#include <linux/mutex.h>
-#include <linux/selinux.h>
+#include <linux/nsalinux.h>
#include <linux/flex_array.h>
#include <linux/vmalloc.h>
#include <net/netlabel.h>
@@ -70,9 +70,9 @@
#include "ebitmap.h"
#include "audit.h"
-int selinux_policycap_netpeer;
-int selinux_policycap_openperm;
-int selinux_policycap_alwaysnetwork;
+int nsalinux_policycap_netpeer;
+int nsalinux_policycap_openperm;
+int nsalinux_policycap_alwaysnetwork;
static DEFINE_RWLOCK(policy_rwlock);
@@ -98,22 +98,22 @@ static void context_struct_compute_av(struct context *scontext,
struct av_decision *avd,
struct extended_perms *xperms);
-struct selinux_mapping {
+struct nsalinux_mapping {
u16 value; /* policy value */
unsigned num_perms;
u32 perms[sizeof(u32) * 8];
};
-static struct selinux_mapping *current_mapping;
+static struct nsalinux_mapping *current_mapping;
static u16 current_mapping_size;
-static int selinux_set_mapping(struct policydb *pol,
+static int nsalinux_set_mapping(struct policydb *pol,
struct security_class_mapping *map,
- struct selinux_mapping **out_map_p,
+ struct nsalinux_mapping **out_map_p,
u16 *out_map_size)
{
- struct selinux_mapping *out_map = NULL;
- size_t size = sizeof(struct selinux_mapping);
+ struct nsalinux_mapping *out_map = NULL;
+ size_t size = sizeof(struct nsalinux_mapping);
u16 i, j;
unsigned k;
bool print_unknown_handle = false;
@@ -134,7 +134,7 @@ static int selinux_set_mapping(struct policydb *pol,
j = 0;
while (map[j].name) {
struct security_class_mapping *p_in = map + (j++);
- struct selinux_mapping *p_out = out_map + j;
+ struct nsalinux_mapping *p_out = out_map + j;
/* An empty class string skips ahead */
if (!strcmp(p_in->name, "")) {
@@ -145,7 +145,7 @@ static int selinux_set_mapping(struct policydb *pol,
p_out->value = string_to_security_class(pol, p_in->name);
if (!p_out->value) {
printk(KERN_INFO
- "SELinux: Class %s not defined in policy.\n",
+ "NSALinux: Class %s not defined in policy.\n",
p_in->name);
if (pol->reject_unknown)
goto err;
@@ -165,7 +165,7 @@ static int selinux_set_mapping(struct policydb *pol,
p_in->perms[k]);
if (!p_out->perms[k]) {
printk(KERN_INFO
- "SELinux: Permission %s in class %s not defined in policy.\n",
+ "NSALinux: Permission %s in class %s not defined in policy.\n",
p_in->perms[k], p_in->name);
if (pol->reject_unknown)
goto err;
@@ -178,7 +178,7 @@ static int selinux_set_mapping(struct policydb *pol,
}
if (print_unknown_handle)
- printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
+ printk(KERN_INFO "NSALinux: the above unknown classes and permissions will be %s\n",
pol->allow_unknown ? "allowed" : "denied");
*out_map_p = out_map;
@@ -504,7 +504,7 @@ static void security_dump_masked_av(struct context *scontext,
/* audit a message */
ab = audit_log_start(current->audit_context,
- GFP_ATOMIC, AUDIT_SELINUX_ERR);
+ GFP_ATOMIC, AUDIT_NSALINUX_ERR);
if (!ab)
goto out;
@@ -670,7 +670,7 @@ static void context_struct_compute_av(struct context *scontext,
if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {
if (printk_ratelimit())
- printk(KERN_WARNING "SELinux: Invalid class %hu\n", tclass);
+ printk(KERN_WARNING "NSALinux: Invalid class %hu\n", tclass);
return;
}
@@ -764,7 +764,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
goto out;
if (context_struct_to_string(tcontext, &t, &tlen))
goto out;
- audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
+ audit_log(current->audit_context, GFP_ATOMIC, AUDIT_NSALINUX_ERR,
"op=security_validate_transition seresult=denied"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
@@ -773,7 +773,7 @@ out:
kfree(n);
kfree(t);
- if (!selinux_enforcing)
+ if (!nsalinux_enforcing)
return 0;
return -EPERM;
}
@@ -807,7 +807,7 @@ static int security_compute_validatetrans(u32 oldsid, u32 newsid, u32 tasksid,
ocontext = sidtab_search(&sidtab, oldsid);
if (!ocontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, oldsid);
rc = -EINVAL;
goto out;
@@ -815,7 +815,7 @@ static int security_compute_validatetrans(u32 oldsid, u32 newsid, u32 tasksid,
ncontext = sidtab_search(&sidtab, newsid);
if (!ncontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, newsid);
rc = -EINVAL;
goto out;
@@ -823,7 +823,7 @@ static int security_compute_validatetrans(u32 oldsid, u32 newsid, u32 tasksid,
tcontext = sidtab_search(&sidtab, tasksid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, tasksid);
rc = -EINVAL;
goto out;
@@ -885,7 +885,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
rc = -EINVAL;
old_context = sidtab_search(&sidtab, old_sid);
if (!old_context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %u\n",
__func__, old_sid);
goto out;
}
@@ -893,7 +893,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
rc = -EINVAL;
new_context = sidtab_search(&sidtab, new_sid);
if (!new_context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %u\n",
__func__, new_sid);
goto out;
}
@@ -932,7 +932,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
!context_struct_to_string(new_context,
&new_name, &length)) {
audit_log(current->audit_context,
- GFP_ATOMIC, AUDIT_SELINUX_ERR,
+ GFP_ATOMIC, AUDIT_NSALINUX_ERR,
"op=security_bounded_transition "
"seresult=denied "
"oldcontext=%s newcontext=%s",
@@ -1036,14 +1036,14 @@ void security_compute_xperms_decision(u32 ssid,
scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, ssid);
goto out;
}
tcontext = sidtab_search(&sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, tsid);
goto out;
}
@@ -1057,7 +1057,7 @@ void security_compute_xperms_decision(u32 ssid,
if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {
- pr_warn_ratelimited("SELinux: Invalid class %hu\n", tclass);
+ pr_warn_ratelimited("NSALinux: Invalid class %hu\n", tclass);
goto out;
}
@@ -1118,7 +1118,7 @@ void security_compute_av(u32 ssid,
scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, ssid);
goto out;
}
@@ -1129,7 +1129,7 @@ void security_compute_av(u32 ssid,
tcontext = sidtab_search(&sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, tsid);
goto out;
}
@@ -1164,7 +1164,7 @@ void security_compute_av_user(u32 ssid,
scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, ssid);
goto out;
}
@@ -1175,7 +1175,7 @@ void security_compute_av_user(u32 ssid,
tcontext = sidtab_search(&sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, tsid);
goto out;
}
@@ -1285,7 +1285,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
*scontext = scontextp;
goto out;
}
- printk(KERN_ERR "SELinux: %s: called before initial "
+ printk(KERN_ERR "NSALinux: %s: called before initial "
"load_policy on unknown SID %d\n", __func__, sid);
rc = -EINVAL;
goto out;
@@ -1296,7 +1296,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
else
context = sidtab_search(&sidtab, sid);
if (!context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, sid);
rc = -EINVAL;
goto out_unlock;
@@ -1545,7 +1545,7 @@ static int compute_sid_handle_invalid_context(
goto out;
if (context_struct_to_string(newcontext, &n, &nlen))
goto out;
- audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
+ audit_log(current->audit_context, GFP_ATOMIC, AUDIT_NSALINUX_ERR,
"op=security_compute_sid invalid_context=%s"
" scontext=%s"
" tcontext=%s"
@@ -1555,7 +1555,7 @@ out:
kfree(s);
kfree(t);
kfree(n);
- if (!selinux_enforcing)
+ if (!nsalinux_enforcing)
return 0;
return -EACCES;
}
@@ -1629,14 +1629,14 @@ static int security_compute_sid(u32 ssid,
scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, ssid);
rc = -EINVAL;
goto out_unlock;
}
tcontext = sidtab_search(&sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, tsid);
rc = -EINVAL;
goto out_unlock;
@@ -1846,11 +1846,11 @@ static inline int convert_context_handle_invalid_context(struct context *context
char *s;
u32 len;
- if (selinux_enforcing)
+ if (nsalinux_enforcing)
return -EINVAL;
if (!context_struct_to_string(context, &s, &len)) {
- printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s);
+ printk(KERN_WARNING "NSALinux: Context %s would be invalid if enforcing\n", s);
kfree(s);
}
return 0;
@@ -1900,7 +1900,7 @@ static int convert_context(u32 key,
c->len, &ctx, SECSID_NULL);
kfree(s);
if (!rc) {
- printk(KERN_INFO "SELinux: Context %s became valid (mapped).\n",
+ printk(KERN_INFO "NSALinux: Context %s became valid (mapped).\n",
c->str);
/* Replace string with mapped representation. */
kfree(c->str);
@@ -1912,7 +1912,7 @@ static int convert_context(u32 key,
goto out;
} else {
/* Other error condition, e.g. ENOMEM. */
- printk(KERN_ERR "SELinux: Unable to map context %s, rc = %d.\n",
+ printk(KERN_ERR "NSALinux: Unable to map context %s, rc = %d.\n",
c->str, -rc);
goto out;
}
@@ -1971,7 +1971,7 @@ static int convert_context(u32 key,
oc = oc->next;
rc = -EINVAL;
if (!oc) {
- printk(KERN_ERR "SELinux: unable to look up"
+ printk(KERN_ERR "NSALinux: unable to look up"
" the initial SIDs list\n");
goto bad;
}
@@ -2002,7 +2002,7 @@ bad:
context_destroy(c);
c->str = s;
c->len = len;
- printk(KERN_INFO "SELinux: Context %s became invalid (unmapped).\n",
+ printk(KERN_INFO "NSALinux: Context %s became invalid (unmapped).\n",
c->str);
rc = 0;
goto out;
@@ -2010,11 +2010,11 @@ bad:
static void security_load_policycaps(void)
{
- selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,
+ nsalinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_NETPEER);
- selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
+ nsalinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_OPENPERM);
- selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,
+ nsalinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_ALWAYSNETWORK);
}
@@ -2034,7 +2034,7 @@ int security_load_policy(void *data, size_t len)
{
struct policydb *oldpolicydb, *newpolicydb;
struct sidtab oldsidtab, newsidtab;
- struct selinux_mapping *oldmap, *map = NULL;
+ struct nsalinux_mapping *oldmap, *map = NULL;
struct convert_context_args args;
u32 seqno;
u16 map_size;
@@ -2057,7 +2057,7 @@ int security_load_policy(void *data, size_t len)
}
policydb.len = len;
- rc = selinux_set_mapping(&policydb, secclass_map,
+ rc = nsalinux_set_mapping(&policydb, secclass_map,
¤t_mapping,
¤t_mapping_size);
if (rc) {
@@ -2076,12 +2076,12 @@ int security_load_policy(void *data, size_t len)
security_load_policycaps();
ss_initialized = 1;
seqno = ++latest_granting;
- selinux_complete_init();
+ nsalinux_complete_init();
avc_ss_reset(seqno);
selnl_notify_policyload(seqno);
- selinux_status_update_policyload(seqno);
- selinux_netlbl_cache_invalidate();
- selinux_xfrm_notify_policyload();
+ nsalinux_status_update_policyload(seqno);
+ nsalinux_netlbl_cache_invalidate();
+ nsalinux_xfrm_notify_policyload();
goto out;
}
@@ -2096,24 +2096,24 @@ int security_load_policy(void *data, size_t len)
newpolicydb->len = len;
/* If switching between different policy types, log MLS status */
if (policydb.mls_enabled && !newpolicydb->mls_enabled)
- printk(KERN_INFO "SELinux: Disabling MLS support...\n");
+ printk(KERN_INFO "NSALinux: Disabling MLS support...\n");
else if (!policydb.mls_enabled && newpolicydb->mls_enabled)
- printk(KERN_INFO "SELinux: Enabling MLS support...\n");
+ printk(KERN_INFO "NSALinux: Enabling MLS support...\n");
rc = policydb_load_isids(newpolicydb, &newsidtab);
if (rc) {
- printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
+ printk(KERN_ERR "NSALinux: unable to load the initial SIDs\n");
policydb_destroy(newpolicydb);
goto out;
}
- rc = selinux_set_mapping(newpolicydb, secclass_map, &map, &map_size);
+ rc = nsalinux_set_mapping(newpolicydb, secclass_map, &map, &map_size);
if (rc)
goto err;
rc = security_preserve_bools(newpolicydb);
if (rc) {
- printk(KERN_ERR "SELinux: unable to preserve booleans\n");
+ printk(KERN_ERR "NSALinux: unable to preserve booleans\n");
goto err;
}
@@ -2132,7 +2132,7 @@ int security_load_policy(void *data, size_t len)
args.newp = newpolicydb;
rc = sidtab_map(&newsidtab, convert_context, &args);
if (rc) {
- printk(KERN_ERR "SELinux: unable to convert the internal"
+ printk(KERN_ERR "NSALinux: unable to convert the internal"
" representation of contexts in the new SID"
" table\n");
goto err;
@@ -2160,9 +2160,9 @@ int security_load_policy(void *data, size_t len)
avc_ss_reset(seqno);
selnl_notify_policyload(seqno);
- selinux_status_update_policyload(seqno);
- selinux_netlbl_cache_invalidate();
- selinux_xfrm_notify_policyload();
+ nsalinux_status_update_policyload(seqno);
+ nsalinux_netlbl_cache_invalidate();
+ nsalinux_xfrm_notify_policyload();
rc = 0;
goto out;
@@ -2690,8 +2690,8 @@ out:
if (!rc) {
avc_ss_reset(seqno);
selnl_notify_policyload(seqno);
- selinux_status_update_policyload(seqno);
- selinux_xfrm_notify_policyload();
+ nsalinux_status_update_policyload(seqno);
+ nsalinux_xfrm_notify_policyload();
}
return rc;
}
@@ -2771,7 +2771,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
rc = -EINVAL;
context1 = sidtab_search(&sidtab, sid);
if (!context1) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, sid);
goto out_unlock;
}
@@ -2779,7 +2779,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
rc = -EINVAL;
context2 = sidtab_search(&sidtab, mls_sid);
if (!context2) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, mls_sid);
goto out_unlock;
}
@@ -2797,7 +2797,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
if (rc) {
if (!context_struct_to_string(&newcon, &s, &len)) {
audit_log(current->audit_context,
- GFP_ATOMIC, AUDIT_SELINUX_ERR,
+ GFP_ATOMIC, AUDIT_NSALINUX_ERR,
"op=security_sid_mls_copy "
"invalid_context=%s", s);
kfree(s);
@@ -2870,14 +2870,14 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
rc = -EINVAL;
nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
if (!nlbl_ctx) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, nlbl_sid);
goto out;
}
rc = -EINVAL;
xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
if (!xfrm_ctx) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized SID %d\n",
__func__, xfrm_sid);
goto out;
}
@@ -2958,7 +2958,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
rc = -EINVAL;
match = hashtab_search(policydb.p_classes.table, class);
if (!match) {
- printk(KERN_ERR "SELinux: %s: unrecognized class %s\n",
+ printk(KERN_ERR "NSALinux: %s: unrecognized class %s\n",
__func__, class);
goto out;
}
@@ -3024,14 +3024,14 @@ int security_policycap_supported(unsigned int req_cap)
return rc;
}
-struct selinux_audit_rule {
+struct nsalinux_audit_rule {
u32 au_seqno;
struct context au_ctxt;
};
-void selinux_audit_rule_free(void *vrule)
+void nsalinux_audit_rule_free(void *vrule)
{
- struct selinux_audit_rule *rule = vrule;
+ struct nsalinux_audit_rule *rule = vrule;
if (rule) {
context_destroy(&rule->au_ctxt);
@@ -3039,13 +3039,13 @@ void selinux_audit_rule_free(void *vrule)
}
}
-int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
+int nsalinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
{
- struct selinux_audit_rule *tmprule;
+ struct nsalinux_audit_rule *tmprule;
struct role_datum *roledatum;
struct type_datum *typedatum;
struct user_datum *userdatum;
- struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule;
+ struct nsalinux_audit_rule **rule = (struct nsalinux_audit_rule **)vrule;
int rc = 0;
*rule = NULL;
@@ -3077,7 +3077,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
return -EINVAL;
}
- tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
+ tmprule = kzalloc(sizeof(struct nsalinux_audit_rule), GFP_KERNEL);
if (!tmprule)
return -ENOMEM;
@@ -3126,7 +3126,7 @@ out:
read_unlock(&policy_rwlock);
if (rc) {
- selinux_audit_rule_free(tmprule);
+ nsalinux_audit_rule_free(tmprule);
tmprule = NULL;
}
@@ -3135,8 +3135,8 @@ out:
return rc;
}
-/* Check to see if the rule contains any selinux fields */
-int selinux_audit_rule_known(struct audit_krule *rule)
+/* Check to see if the rule contains any nsalinux fields */
+int nsalinux_audit_rule_known(struct audit_krule *rule)
{
int i;
@@ -3160,16 +3160,16 @@ int selinux_audit_rule_known(struct audit_krule *rule)
return 0;
}
-int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
+int nsalinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
struct audit_context *actx)
{
struct context *ctxt;
struct mls_level *level;
- struct selinux_audit_rule *rule = vrule;
+ struct nsalinux_audit_rule *rule = vrule;
int match = 0;
if (unlikely(!rule)) {
- WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
+ WARN_ONCE(1, "nsalinux_audit_rule_match: missing rule\n");
return -ENOENT;
}
@@ -3182,7 +3182,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
ctxt = sidtab_search(&sidtab, sid);
if (unlikely(!ctxt)) {
- WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
+ WARN_ONCE(1, "nsalinux_audit_rule_match: unrecognized SID %d\n",
sid);
match = -ENOENT;
goto out;
@@ -3295,7 +3295,7 @@ __initcall(aurule_init);
/**
* security_netlbl_cache_add - Add an entry to the NetLabel cache
* @secattr: the NetLabel packet security attributes
- * @sid: the SELinux SID
+ * @sid: the NSALinux SID
*
* Description:
* Attempt to cache the context in @ctx, which was derived from the packet in
@@ -3324,13 +3324,13 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
}
/**
- * security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
+ * security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a NSALinux SID
* @secattr: the NetLabel packet security attributes
- * @sid: the SELinux SID
+ * @sid: the NSALinux SID
*
* Description:
* Convert the given NetLabel security attributes in @secattr into a
- * SELinux SID. If the @secattr field does not contain a full SELinux
+ * NSALinux SID. If the @secattr field does not contain a full NSALinux
* SID/context then use SECINITSID_NETMSG as the foundation. If possible the
* 'cache' field of @secattr is set and the CACHE flag is set; this is to
* allow the @secattr to be used by NetLabel to cache the secattr to SID
@@ -3396,12 +3396,12 @@ out:
}
/**
- * security_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
- * @sid: the SELinux SID
+ * security_netlbl_sid_to_secattr - Convert a NSALinux SID to a NetLabel secattr
+ * @sid: the NSALinux SID
* @secattr: the NetLabel packet security attributes
*
* Description:
- * Convert the given SELinux SID in @sid into a NetLabel security attribute.
+ * Convert the given NSALinux SID in @sid into a NetLabel security attribute.
* Returns zero on success, negative values on failure.
*
*/
diff --git a/security/selinux/ss/services.h b/security/nsalinux/ss/services.h
similarity index 100%
rename from security/selinux/ss/services.h
rename to security/nsalinux/ss/services.h
diff --git a/security/selinux/ss/sidtab.c b/security/nsalinux/ss/sidtab.c
similarity index 98%
rename from security/selinux/ss/sidtab.c
rename to security/nsalinux/ss/sidtab.c
index 5840a35..d3d05fe 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/nsalinux/ss/sidtab.c
@@ -221,7 +221,7 @@ int sidtab_context_to_sid(struct sidtab *s,
sid = s->next_sid++;
if (context->len)
printk(KERN_INFO
- "SELinux: Context %s is not valid (left unmapped).\n",
+ "NSALinux: Context %s is not valid (left unmapped).\n",
context->str);
ret = sidtab_insert(s, sid, context);
if (ret)
diff --git a/security/selinux/ss/sidtab.h b/security/nsalinux/ss/sidtab.h
similarity index 100%
rename from security/selinux/ss/sidtab.h
rename to security/nsalinux/ss/sidtab.h
diff --git a/security/selinux/ss/status.c b/security/nsalinux/ss/status.c
similarity index 58%
rename from security/selinux/ss/status.c
rename to security/nsalinux/ss/status.c
index d982365..6a9edff 100644
--- a/security/selinux/ss/status.c
+++ b/security/nsalinux/ss/status.c
@@ -1,5 +1,5 @@
/*
- * mmap based event notifications for SELinux
+ * mmap based event notifications for NSALinux
*
* Author: KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
*
@@ -17,12 +17,12 @@
#include "services.h"
/*
- * The selinux_status_page shall be exposed to userspace applications
- * using mmap interface on /selinux/status.
+ * The nsalinux_status_page shall be exposed to userspace applications
+ * using mmap interface on /nsalinux/status.
* It enables to notify applications a few events that will cause reset
* of userspace access vector without context switching.
*
- * The selinux_kernel_status structure on the head of status page is
+ * The nsalinux_kernel_status structure on the head of status page is
* protected from concurrent accesses using seqlock logic, so userspace
* application should reference the status page according to the seqlock
* logic.
@@ -35,30 +35,30 @@
* In most cases, application shall confirm the kernel status is not
* changed without any system call invocations.
*/
-static struct page *selinux_status_page;
-static DEFINE_MUTEX(selinux_status_lock);
+static struct page *nsalinux_status_page;
+static DEFINE_MUTEX(nsalinux_status_lock);
/*
- * selinux_kernel_status_page
+ * nsalinux_kernel_status_page
*
- * It returns a reference to selinux_status_page. If the status page is
+ * It returns a reference to nsalinux_status_page. If the status page is
* not allocated yet, it also tries to allocate it at the first time.
*/
-struct page *selinux_kernel_status_page(void)
+struct page *nsalinux_kernel_status_page(void)
{
- struct selinux_kernel_status *status;
+ struct nsalinux_kernel_status *status;
struct page *result = NULL;
- mutex_lock(&selinux_status_lock);
- if (!selinux_status_page) {
- selinux_status_page = alloc_page(GFP_KERNEL|__GFP_ZERO);
+ mutex_lock(&nsalinux_status_lock);
+ if (!nsalinux_status_page) {
+ nsalinux_status_page = alloc_page(GFP_KERNEL|__GFP_ZERO);
- if (selinux_status_page) {
- status = page_address(selinux_status_page);
+ if (nsalinux_status_page) {
+ status = page_address(nsalinux_status_page);
- status->version = SELINUX_KERNEL_STATUS_VERSION;
+ status->version = NSALINUX_KERNEL_STATUS_VERSION;
status->sequence = 0;
- status->enforcing = selinux_enforcing;
+ status->enforcing = nsalinux_enforcing;
/*
* NOTE: the next policyload event shall set
* a positive value on the status->policyload,
@@ -69,24 +69,24 @@ struct page *selinux_kernel_status_page(void)
status->deny_unknown = !security_get_allow_unknown();
}
}
- result = selinux_status_page;
- mutex_unlock(&selinux_status_lock);
+ result = nsalinux_status_page;
+ mutex_unlock(&nsalinux_status_lock);
return result;
}
/*
- * selinux_status_update_setenforce
+ * nsalinux_status_update_setenforce
*
* It updates status of the current enforcing/permissive mode.
*/
-void selinux_status_update_setenforce(int enforcing)
+void nsalinux_status_update_setenforce(int enforcing)
{
- struct selinux_kernel_status *status;
+ struct nsalinux_kernel_status *status;
- mutex_lock(&selinux_status_lock);
- if (selinux_status_page) {
- status = page_address(selinux_status_page);
+ mutex_lock(&nsalinux_status_lock);
+ if (nsalinux_status_page) {
+ status = page_address(nsalinux_status_page);
status->sequence++;
smp_wmb();
@@ -96,22 +96,22 @@ void selinux_status_update_setenforce(int enforcing)
smp_wmb();
status->sequence++;
}
- mutex_unlock(&selinux_status_lock);
+ mutex_unlock(&nsalinux_status_lock);
}
/*
- * selinux_status_update_policyload
+ * nsalinux_status_update_policyload
*
* It updates status of the times of policy reloaded, and current
* setting of deny_unknown.
*/
-void selinux_status_update_policyload(int seqno)
+void nsalinux_status_update_policyload(int seqno)
{
- struct selinux_kernel_status *status;
+ struct nsalinux_kernel_status *status;
- mutex_lock(&selinux_status_lock);
- if (selinux_status_page) {
- status = page_address(selinux_status_page);
+ mutex_lock(&nsalinux_status_lock);
+ if (nsalinux_status_page) {
+ status = page_address(nsalinux_status_page);
status->sequence++;
smp_wmb();
@@ -122,5 +122,5 @@ void selinux_status_update_policyload(int seqno)
smp_wmb();
status->sequence++;
}
- mutex_unlock(&selinux_status_lock);
+ mutex_unlock(&nsalinux_status_lock);
}
diff --git a/security/selinux/ss/symtab.c b/security/nsalinux/ss/symtab.c
similarity index 100%
rename from security/selinux/ss/symtab.c
rename to security/nsalinux/ss/symtab.c
diff --git a/security/selinux/ss/symtab.h b/security/nsalinux/ss/symtab.h
similarity index 100%
rename from security/selinux/ss/symtab.h
rename to security/nsalinux/ss/symtab.h
diff --git a/security/selinux/xfrm.c b/security/nsalinux/xfrm.c
similarity index 75%
rename from security/selinux/xfrm.c
rename to security/nsalinux/xfrm.c
index 56e354f..47decd5 100644
--- a/security/selinux/xfrm.c
+++ b/security/nsalinux/xfrm.c
@@ -1,7 +1,7 @@
/*
- * NSA Security-Enhanced Linux (SELinux) security module
+ * NSALinux security module
*
- * This file contains the SELinux XFRM hook function implementations.
+ * This file contains the NSALinux XFRM hook function implementations.
*
* Authors: Serge Hallyn <sergeh@xxxxxxxxxx>
* Trent Jaeger <jaegert@xxxxxxxxxx>
@@ -25,7 +25,7 @@
* CONFIG_SECURITY=y
* CONFIG_SECURITY_NETWORK=y
* CONFIG_SECURITY_NETWORK_XFRM=y
- * CONFIG_SECURITY_SELINUX=m/y
+ * CONFIG_SECURITY_NSALINUX=m/y
* ISSUES:
* 1. Caching packets, so they are not dropped during negotiation
* 2. Emulating a reasonable SO_PEERSEC across machines
@@ -50,31 +50,31 @@
#include "xfrm.h"
/* Labeled XFRM instance counter */
-atomic_t selinux_xfrm_refcount = ATOMIC_INIT(0);
+atomic_t nsalinux_xfrm_refcount = ATOMIC_INIT(0);
/*
- * Returns true if the context is an LSM/SELinux context.
+ * Returns true if the context is an LSM/NSALinux context.
*/
-static inline int selinux_authorizable_ctx(struct xfrm_sec_ctx *ctx)
+static inline int nsalinux_authorizable_ctx(struct xfrm_sec_ctx *ctx)
{
return (ctx &&
(ctx->ctx_doi == XFRM_SC_DOI_LSM) &&
- (ctx->ctx_alg == XFRM_SC_ALG_SELINUX));
+ (ctx->ctx_alg == XFRM_SC_ALG_NSALINUX));
}
/*
- * Returns true if the xfrm contains a security blob for SELinux.
+ * Returns true if the xfrm contains a security blob for NSALinux.
*/
-static inline int selinux_authorizable_xfrm(struct xfrm_state *x)
+static inline int nsalinux_authorizable_xfrm(struct xfrm_state *x)
{
- return selinux_authorizable_ctx(x->security);
+ return nsalinux_authorizable_ctx(x->security);
}
/*
* Allocates a xfrm_sec_state and populates it using the supplied security
* xfrm_user_sec_ctx context.
*/
-static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
+static int nsalinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
struct xfrm_user_sec_ctx *uctx,
gfp_t gfp)
{
@@ -85,7 +85,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
if (ctxp == NULL || uctx == NULL ||
uctx->ctx_doi != XFRM_SC_DOI_LSM ||
- uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
+ uctx->ctx_alg != XFRM_SC_ALG_NSALINUX)
return -EINVAL;
str_len = uctx->ctx_len;
@@ -97,7 +97,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
return -ENOMEM;
ctx->ctx_doi = XFRM_SC_DOI_LSM;
- ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
+ ctx->ctx_alg = XFRM_SC_ALG_NSALINUX;
ctx->ctx_len = str_len;
memcpy(ctx->ctx_str, &uctx[1], str_len);
ctx->ctx_str[str_len] = '\0';
@@ -111,7 +111,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
goto err;
*ctxp = ctx;
- atomic_inc(&selinux_xfrm_refcount);
+ atomic_inc(&nsalinux_xfrm_refcount);
return 0;
err:
@@ -122,19 +122,19 @@ err:
/*
* Free the xfrm_sec_ctx structure.
*/
-static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx)
+static void nsalinux_xfrm_free(struct xfrm_sec_ctx *ctx)
{
if (!ctx)
return;
- atomic_dec(&selinux_xfrm_refcount);
+ atomic_dec(&nsalinux_xfrm_refcount);
kfree(ctx);
}
/*
* Authorize the deletion of a labeled SA or policy rule.
*/
-static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx)
+static int nsalinux_xfrm_delete(struct xfrm_sec_ctx *ctx)
{
const struct task_security_struct *tsec = current_security();
@@ -150,7 +150,7 @@ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx)
* LSM hook implementation that authorizes that a flow can use a xfrm policy
* rule.
*/
-int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
+int nsalinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
{
int rc;
@@ -160,7 +160,7 @@ int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
return 0;
/* Context sid is either set to label or ANY_ASSOC */
- if (!selinux_authorizable_ctx(ctx))
+ if (!nsalinux_authorizable_ctx(ctx))
return -EINVAL;
rc = avc_has_perm(fl_secid, ctx->ctx_sid,
@@ -172,7 +172,7 @@ int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
* LSM hook implementation that authorizes that a state matches
* the given policy, flow combo.
*/
-int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
+int nsalinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
const struct flowi *fl)
{
@@ -190,8 +190,8 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
/* unlabeled SA and labeled policy can't match */
return 0;
else
- if (!selinux_authorizable_xfrm(x))
- /* Not a SELinux-labeled SA */
+ if (!nsalinux_authorizable_xfrm(x))
+ /* Not a NSALinux-labeled SA */
return 0;
state_sid = x->security->ctx_sid;
@@ -201,13 +201,13 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
/* We don't need a separate SA Vs. policy polmatch check since the SA
* is now of the same label as the flow and a flow Vs. policy polmatch
- * check had already happened in selinux_xfrm_policy_lookup() above. */
+ * check had already happened in nsalinux_xfrm_policy_lookup() above. */
return (avc_has_perm(fl->flowi_secid, state_sid,
SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO,
NULL) ? 0 : 1);
}
-static u32 selinux_xfrm_skb_sid_egress(struct sk_buff *skb)
+static u32 nsalinux_xfrm_skb_sid_egress(struct sk_buff *skb)
{
struct dst_entry *dst = skb_dst(skb);
struct xfrm_state *x;
@@ -215,13 +215,13 @@ static u32 selinux_xfrm_skb_sid_egress(struct sk_buff *skb)
if (dst == NULL)
return SECSID_NULL;
x = dst->xfrm;
- if (x == NULL || !selinux_authorizable_xfrm(x))
+ if (x == NULL || !nsalinux_authorizable_xfrm(x))
return SECSID_NULL;
return x->security->ctx_sid;
}
-static int selinux_xfrm_skb_sid_ingress(struct sk_buff *skb,
+static int nsalinux_xfrm_skb_sid_ingress(struct sk_buff *skb,
u32 *sid, int ckall)
{
u32 sid_session = SECSID_NULL;
@@ -232,7 +232,7 @@ static int selinux_xfrm_skb_sid_ingress(struct sk_buff *skb,
for (i = sp->len - 1; i >= 0; i--) {
struct xfrm_state *x = sp->xvec[i];
- if (selinux_authorizable_xfrm(x)) {
+ if (nsalinux_authorizable_xfrm(x)) {
struct xfrm_sec_ctx *ctx = x->security;
if (sid_session == SECSID_NULL) {
@@ -256,22 +256,22 @@ out:
* LSM hook implementation that checks and/or returns the xfrm sid for the
* incoming packet.
*/
-int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
+int nsalinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
{
if (skb == NULL) {
*sid = SECSID_NULL;
return 0;
}
- return selinux_xfrm_skb_sid_ingress(skb, sid, ckall);
+ return nsalinux_xfrm_skb_sid_ingress(skb, sid, ckall);
}
-int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
+int nsalinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
{
int rc;
- rc = selinux_xfrm_skb_sid_ingress(skb, sid, 0);
+ rc = nsalinux_xfrm_skb_sid_ingress(skb, sid, 0);
if (rc == 0 && *sid == SECSID_NULL)
- *sid = selinux_xfrm_skb_sid_egress(skb);
+ *sid = nsalinux_xfrm_skb_sid_egress(skb);
return rc;
}
@@ -279,18 +279,18 @@ int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
/*
* LSM hook implementation that allocs and transfers uctx spec to xfrm_policy.
*/
-int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+int nsalinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
struct xfrm_user_sec_ctx *uctx,
gfp_t gfp)
{
- return selinux_xfrm_alloc_user(ctxp, uctx, gfp);
+ return nsalinux_xfrm_alloc_user(ctxp, uctx, gfp);
}
/*
* LSM hook implementation that copies security data structure from old to new
* for policy cloning.
*/
-int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
+int nsalinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
struct xfrm_sec_ctx **new_ctxp)
{
struct xfrm_sec_ctx *new_ctx;
@@ -302,7 +302,7 @@ int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
GFP_ATOMIC);
if (!new_ctx)
return -ENOMEM;
- atomic_inc(&selinux_xfrm_refcount);
+ atomic_inc(&nsalinux_xfrm_refcount);
*new_ctxp = new_ctx;
return 0;
@@ -311,34 +311,34 @@ int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
/*
* LSM hook implementation that frees xfrm_sec_ctx security information.
*/
-void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
+void nsalinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
{
- selinux_xfrm_free(ctx);
+ nsalinux_xfrm_free(ctx);
}
/*
* LSM hook implementation that authorizes deletion of labeled policies.
*/
-int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
+int nsalinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
{
- return selinux_xfrm_delete(ctx);
+ return nsalinux_xfrm_delete(ctx);
}
/*
* LSM hook implementation that allocates a xfrm_sec_state, populates it using
* the supplied security context, and assigns it to the xfrm_state.
*/
-int selinux_xfrm_state_alloc(struct xfrm_state *x,
+int nsalinux_xfrm_state_alloc(struct xfrm_state *x,
struct xfrm_user_sec_ctx *uctx)
{
- return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL);
+ return nsalinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL);
}
/*
* LSM hook implementation that allocates a xfrm_sec_state and populates based
* on a secid.
*/
-int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
+int nsalinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid)
{
int rc;
@@ -363,13 +363,13 @@ int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
}
ctx->ctx_doi = XFRM_SC_DOI_LSM;
- ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
+ ctx->ctx_alg = XFRM_SC_ALG_NSALINUX;
ctx->ctx_sid = secid;
ctx->ctx_len = str_len;
memcpy(ctx->ctx_str, ctx_str, str_len);
x->security = ctx;
- atomic_inc(&selinux_xfrm_refcount);
+ atomic_inc(&nsalinux_xfrm_refcount);
out:
kfree(ctx_str);
return rc;
@@ -378,17 +378,17 @@ out:
/*
* LSM hook implementation that frees xfrm_state security information.
*/
-void selinux_xfrm_state_free(struct xfrm_state *x)
+void nsalinux_xfrm_state_free(struct xfrm_state *x)
{
- selinux_xfrm_free(x->security);
+ nsalinux_xfrm_free(x->security);
}
/*
* LSM hook implementation that authorizes deletion of labeled SAs.
*/
-int selinux_xfrm_state_delete(struct xfrm_state *x)
+int nsalinux_xfrm_state_delete(struct xfrm_state *x)
{
- return selinux_xfrm_delete(x->security);
+ return nsalinux_xfrm_delete(x->security);
}
/*
@@ -398,7 +398,7 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
* we need to check for unlabelled access since this may not have
* gone thru the IPSec process.
*/
-int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
+int nsalinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
struct common_audit_data *ad)
{
int i;
@@ -409,7 +409,7 @@ int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
for (i = 0; i < sp->len; i++) {
struct xfrm_state *x = sp->xvec[i];
- if (x && selinux_authorizable_xfrm(x)) {
+ if (x && nsalinux_authorizable_xfrm(x)) {
struct xfrm_sec_ctx *ctx = x->security;
peer_sid = ctx->ctx_sid;
break;
@@ -429,9 +429,9 @@ int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
* If we have no security association, then we need to determine
* whether the socket is allowed to send to an unlabelled destination.
* If we do have a authorizable security association, then it has already been
- * checked in the selinux_xfrm_state_pol_flow_match hook above.
+ * checked in the nsalinux_xfrm_state_pol_flow_match hook above.
*/
-int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
+int nsalinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
struct common_audit_data *ad, u8 proto)
{
struct dst_entry *dst;
@@ -455,7 +455,7 @@ int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
for (iter = dst; iter != NULL; iter = iter->child) {
struct xfrm_state *x = iter->xfrm;
- if (x && selinux_authorizable_xfrm(x))
+ if (x && nsalinux_authorizable_xfrm(x))
return 0;
}
}
diff --git a/security/security.c b/security/security.c
index 3644b03..6531d8e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -627,7 +627,7 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
return 0;
/*
- * SELinux and Smack integrate the cap call,
+ * NSALinux and Smack integrate the cap call,
* so assume that all LSMs supplying this call do so.
*/
ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size,
@@ -673,7 +673,7 @@ int security_inode_removexattr(struct dentry *dentry, const char *name)
if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
return 0;
/*
- * SELinux and Smack integrate the cap call,
+ * NSALinux and Smack integrate the cap call,
* so assume that all LSMs supplying this call do so.
*/
ret = call_int_hook(inode_removexattr, 1, dentry, name);
@@ -1464,7 +1464,7 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
/*
* Since this function is expected to return 0 or 1, the judgment
* becomes difficult if multiple LSMs supply this call. Fortunately,
- * we can use the first LSM's judgment because currently only SELinux
+ * we can use the first LSM's judgment because currently only NSALinux
* supplies this call.
*
* For speed optimization, we explicitly break the loop rather than
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 11f7901..016a527 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1553,11 +1553,11 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid)
* There is no smack_file_permission hook
*
* Should access checks be done on each read or write?
- * UNICOS and SELinux say yes.
+ * UNICOS and NSALinux say yes.
* Trusted Solaris, Trusted Irix, and just about everyone else says no.
*
* I'll say no for now. Smack does not do the frequent
- * label changing that SELinux does.
+ * label changing that NSALinux does.
*/
/**
@@ -2216,7 +2216,7 @@ static int smack_task_movememory(struct task_struct *p)
*
* Return 0 if write access is permitted
*
- * The secid behavior is an artifact of an SELinux hack
+ * The secid behavior is an artifact of an NSALinux hack
* in the USB code. Someday it may go away.
*/
static int smack_task_kill(struct task_struct *p, struct siginfo *info,
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index aa6bf1b..81ed436 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -62,14 +62,14 @@ static struct nf_hook_ops smack_nf_ops[] = {
.hook = smack_ipv4_output,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
- .priority = NF_IP_PRI_SELINUX_FIRST,
+ .priority = NF_IP_PRI_NSALINUX_FIRST,
},
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
{
.hook = smack_ipv6_output,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
- .priority = NF_IP6_PRI_SELINUX_FIRST,
+ .priority = NF_IP6_PRI_NSALINUX_FIRST,
},
#endif /* IPV6 */
};
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index e249a66..458c1b9 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -9,7 +9,7 @@
* Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
* Ahmed S. Darwish <darwish.07@xxxxxxxxx>
*
- * Special thanks to the authors of selinuxfs.
+ * Special thanks to the authors of nsalinuxfs.
*
* Karl MacMillan <kmacmillan@xxxxxxxxxx>
* James Morris <jmorris@xxxxxxxxxx>
diff --git a/tools/testing/selftests/rcutorture/bin/functions.sh b/tools/testing/selftests/rcutorture/bin/functions.sh
index b325470..09e6f77 100644
--- a/tools/testing/selftests/rcutorture/bin/functions.sh
+++ b/tools/testing/selftests/rcutorture/bin/functions.sh
@@ -155,7 +155,7 @@ identify_qemu () {
identify_qemu_append () {
case "$1" in
qemu-system-x86_64|qemu-system-i386)
- echo noapic selinux=0 initcall_debug debug
+ echo noapic nsalinux=0 initcall_debug debug
;;
esac
if test -n "$TORTURE_QEMU_INTERACTIVE"
diff --git a/tools/usb/usbip/README b/tools/usb/usbip/README
index 831f49f..3ae72b3 100644
--- a/tools/usb/usbip/README
+++ b/tools/usb/usbip/README
@@ -194,7 +194,7 @@ Detach the imported device:
- See /proc/bus/usb/devices and find "Driver=..." lines of the device.
- Shutdown firewall.
- usbip now uses TCP port 3240.
- - Disable SELinux.
+ - Disable NSALinux.
- Check the kernel and daemon messages.
--
1.7.9.5