kernel: refact (#113)

* refact * sort inlude * update * unregister execve kprobe * update log * don't unregister if not in kprobe * opt for no kprobe * opt for no kprobe * stop debug * don't forget to call ksu_uid_observer_exit * rename core to core_hook * direct call do_persistent_allow_list * add prefix * use getter, add warn * add wrapper * run clang-format clang-format --style="{BasedOnStyle: InheritParentConfig, SortIncludes: true}" -i kernel/**/*.[ch] * try fix wsa x64 build
2023-01-25 21:53:19 +08:00
parent 5fb8316e46
commit 2f970f7ab8
26 changed files with 1002 additions and 850 deletions
--- a/kernel/selinux/sepolicy.h
+++ b/kernel/selinux/sepolicy.h
@@ -1,37 +1,46 @@
 #ifndef __KSU_H_SEPOLICY
 #define __KSU_H_SEPOLICY

-#include <linux/types.h>
-#include <ss/sidtab.h>
-#include <ss/services.h>
-#include <objsec.h>
+#include "linux/types.h"

+#include "ss/policydb.h"

 // Operation on types
-bool ksu_type(struct policydb* db, const char* name, const char* attr);
-bool ksu_attribute(struct policydb* db, const char* name);
-bool ksu_permissive(struct policydb* db, const char* type);
-bool ksu_enforce(struct policydb* db, const char* type);
-bool ksu_typeattribute(struct policydb* db, const char* type, const char* attr);
-bool ksu_exists(struct policydb* db, const char* type);
+bool ksu_type(struct policydb *db, const char *name, const char *attr);
+bool ksu_attribute(struct policydb *db, const char *name);
+bool ksu_permissive(struct policydb *db, const char *type);
+bool ksu_enforce(struct policydb *db, const char *type);
+bool ksu_typeattribute(struct policydb *db, const char *type, const char *attr);
+bool ksu_exists(struct policydb *db, const char *type);

 // Access vector rules
-bool ksu_allow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
-bool ksu_deny(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
-bool ksu_auditallow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
-bool ksu_dontaudit(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm);
+bool ksu_allow(struct policydb *db, const char *src, const char *tgt,
+	       const char *cls, const char *perm);
+bool ksu_deny(struct policydb *db, const char *src, const char *tgt,
+	      const char *cls, const char *perm);
+bool ksu_auditallow(struct policydb *db, const char *src, const char *tgt,
+		    const char *cls, const char *perm);
+bool ksu_dontaudit(struct policydb *db, const char *src, const char *tgt,
+		   const char *cls, const char *perm);

 // Extended permissions access vector rules
-bool ksu_allowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range);
-bool ksu_auditallowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range);
-bool ksu_dontauditxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range);
+bool ksu_allowxperm(struct policydb *db, const char *src, const char *tgt,
+		    const char *cls, const char *range);
+bool ksu_auditallowxperm(struct policydb *db, const char *src, const char *tgt,
+			 const char *cls, const char *range);
+bool ksu_dontauditxperm(struct policydb *db, const char *src, const char *tgt,
+			const char *cls, const char *range);

 // Type rules
-bool ksu_type_transition(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def, const char* obj);
-bool ksu_type_change(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def);
-bool ksu_type_member(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def);
+bool ksu_type_transition(struct policydb *db, const char *src, const char *tgt,
+			 const char *cls, const char *def, const char *obj);
+bool ksu_type_change(struct policydb *db, const char *src, const char *tgt,
+		     const char *cls, const char *def);
+bool ksu_type_member(struct policydb *db, const char *src, const char *tgt,
+		     const char *cls, const char *def);

 // File system labeling
-bool ksu_genfscon(struct policydb* db, const char* fs_name, const char* path, const char* ctx);
+bool ksu_genfscon(struct policydb *db, const char *fs_name, const char *path,
+		  const char *ctx);

 #endif