kernel: move some defs to single file

* Much cleaner code, although setenforce is not used anymore
* Guard is_ksu_transition only for 4.19 and under.

Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>

kernel/selinux/selinux.c

@@ -1,13 +1,6 @@
-#include "selinux.h"
+#include <linux/version.h>
-#include "objsec.h"
+#include "selinux_defs.h"
-#include "linux/version.h"
 #include "../klog.h" // IWYU pragma: keep
-#ifdef SAMSUNG_SELINUX_PORTING
-#include "security.h" // Samsung SELinux Porting
-#endif
-#ifndef KSU_COMPAT_USE_SELINUX_STATE
-#include "avc.h"
-#endif
 
 #define KERNEL_SU_DOMAIN "u:r:su:s0"
 
@@ -41,15 +34,18 @@ static int transive_to_domain(const char *domain)
 		pr_info("security_secctx_to_secid %s -> sid: %d, error: %d\n",
 			domain, sid, error);
 	}
+
 	if (!error) {
 		tsec->sid = sid;
 		tsec->create_sid = 0;
 		tsec->keycreate_sid = 0;
 		tsec->sockcreate_sid = 0;
 	}
+
 	return error;
 }
 
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(4, 19, 0)
 bool __maybe_unused is_ksu_transition(const struct task_security_struct *old_tsec,
 			const struct task_security_struct *new_tsec)
 {
@@ -59,7 +55,7 @@ bool __maybe_unused is_ksu_transition(const struct task_security_struct *old_tse
 	bool allowed = false;
 
 	if (!ksu_sid)
-		security_secctx_to_secid("u:r:su:s0", strlen("u:r:su:s0"), &ksu_sid);
+		security_secctx_to_secid(KERNEL_SU_DOMAIN, strlen(KERNEL_SU_DOMAIN), &ksu_sid);
 
 	if (security_secid_to_secctx(old_tsec->sid, &secdata, &seclen))
 		return false;
@@ -68,6 +64,7 @@ bool __maybe_unused is_ksu_transition(const struct task_security_struct *old_tse
 	security_release_secctx(secdata, seclen);
 	return allowed;
 }
+#endif
 
 void ksu_setup_selinux(const char *domain)
 {
@@ -79,42 +76,16 @@ void ksu_setup_selinux(const char *domain)
 
 void ksu_setenforce(bool enforce)
 {
-#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+	__setenforce(enforce);
-#ifdef SAMSUNG_SELINUX_PORTING
-	selinux_enforcing = enforce;
-#endif
-#ifdef KSU_COMPAT_USE_SELINUX_STATE
-	selinux_state.enforcing = enforce;
-#else
-	selinux_enforcing = enforce;
-#endif
-#endif
 }
 
-bool ksu_getenforce()
+bool ksu_getenforce(void)
 {
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+	if (is_selinux_disabled()) {
-#ifdef KSU_COMPAT_USE_SELINUX_STATE
-	if (selinux_state.disabled) {
-#else
-	if (selinux_disabled) {
-#endif
 		return false;
 	}
-#endif
 	
-#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+	return __is_selinux_enforcing();
-#ifdef SAMSUNG_SELINUX_PORTING
-	return selinux_enforcing;
-#endif
-#ifdef KSU_COMPAT_USE_SELINUX_STATE
-	return selinux_state.enforcing;
-#else
-	return selinux_enforcing;
-#endif
-#else
-	return true;
-#endif
 }
 
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 10, 0)) &&                         \
@@ -135,10 +106,12 @@ bool ksu_is_ksu_domain()
 	char *domain;
 	u32 seclen;
 	bool result;
+
 	int err = security_secid_to_secctx(current_sid(), &domain, &seclen);
 	if (err) {
 		return false;
 	}
+
 	result = strncmp(KERNEL_SU_DOMAIN, domain, seclen) == 0;
 	security_release_secctx(domain, seclen);
 	return result;
@@ -150,13 +123,16 @@ bool ksu_is_zygote(void *sec)
 	if (!tsec) {
 		return false;
 	}
+
 	char *domain;
 	u32 seclen;
 	bool result;
+
 	int err = security_secid_to_secctx(tsec->sid, &domain, &seclen);
 	if (err) {
 		return false;
 	}
+
 	result = strncmp("u:r:zygote:s0", domain, seclen) == 0;
 	security_release_secctx(domain, seclen);
 	return result;
@@ -251,8 +227,9 @@ u32 ksu_get_devpts_sid()
 	u32 devpts_sid = 0;
 	int err = security_secctx_to_secid(DEVPTS_DOMAIN, strlen(DEVPTS_DOMAIN),
 					   &devpts_sid);
-	if (err) {
+
+	if (err)
 		pr_info("get devpts sid err %d\n", err);
-	}
+
 	return devpts_sid;
 }

kernel/selinux/selinux.h

@@ -1,8 +1,8 @@
 #ifndef __KSU_H_SELINUX
 #define __KSU_H_SELINUX
 
-#include "linux/types.h"
+#include <linux/types.h>
-#include "linux/version.h"
+#include <linux/version.h>
 
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)) || defined(KSU_COMPAT_HAS_SELINUX_STATE)
 #define KSU_COMPAT_USE_SELINUX_STATE
@@ -12,7 +12,7 @@ void ksu_setup_selinux(const char *);
 
 void ksu_setenforce(bool);
 
-bool ksu_getenforce();
+bool ksu_getenforce(void);
 
 bool ksu_is_ksu_domain();
 

kernel/selinux/selinux_defs.h

@@ -0,0 +1,36 @@
+#ifndef __KSU_H_SELINUX_DEFS
+#define __KSU_H_SELINUX_DEFS
+
+#include "selinux.h"
+#include "objsec.h"
+#ifdef SAMSUNG_SELINUX_PORTING
+#include "security.h" // Samsung SELinux Porting
+#endif
+#ifndef KSU_COMPAT_USE_SELINUX_STATE
+#include "avc.h"
+#endif
+
+#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+#ifdef KSU_COMPAT_USE_SELINUX_STATE
+#define is_selinux_disabled()	(selinux_state.disabled)
+#else
+#define is_selinux_disabled()	(selinux_disabled)
+#endif
+#else
+#define is_selinux_disabled()	(0)
+#endif
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+#ifdef KSU_COMPAT_USE_SELINUX_STATE
+#define __is_selinux_enforcing()	(selinux_state.enforcing)
+#define __setenforce(val)		selinux_state.enforcing = val
+#elif defined(SAMSUNG_SELINUX_PORTING) || !defined(KSU_COMPAT_USE_SELINUX_STATE)
+#define __is_selinux_enforcing()	(selinux_enforcing)
+#define __setenforce(val)		selinux_enforcing = val
+#endif
+#else
+#define __is_selinux_enforcing()	(1)
+#define __setenforce(val)
+#endif
+
+#endif