[SELINUX]: Event notifications via netlink.

include/linux/netlink.h

@@ -11,6 +11,7 @@
 #define NETLINK_TCPDIAG		4	/* TCP socket monitoring			*/
 #define NETLINK_NFLOG		5	/* netfilter/iptables ULOG */
 #define NETLINK_XFRM		6	/* ipsec */
+#define NETLINK_SELINUX		7	/* SELinux event notifications */
 #define NETLINK_ARPD		8
 #define NETLINK_ROUTE6		11	/* af_inet6 route comm channel */
 #define NETLINK_IP6_FW		13

security/selinux/Makefile

@@ -4,7 +4,7 @@
 
 obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/
 
-selinux-y := avc.o hooks.o selinuxfs.o
+selinux-y := avc.o hooks.o selinuxfs.o netlink.o
 
 selinux-$(CONFIG_SECURITY_NETWORK) += netif.o
 

security/selinux/selinuxfs.c

@@ -17,6 +17,8 @@
 #include "security.h"
 #include "objsec.h"
 
+extern void selnl_notify_setenforce(int val);
+
 /* Check whether a task is allowed to use a security operation. */
 int task_has_security(struct task_struct *tsk,
 		      u32 perms)
@@ -111,6 +113,7 @@ static ssize_t sel_write_enforce(struct file * file, const char * buf,
 		selinux_enforcing = new_value;
 		if (selinux_enforcing)
 			avc_ss_reset(0);
+		selnl_notify_setenforce(selinux_enforcing);
 	}
 	length = count;
 out:

security/selinux/ss/services.c

@@ -28,6 +28,8 @@
 #include "services.h"
 #include "mls.h"
 
+extern void selnl_notify_policyload(u32 seqno);
+
 static rwlock_t policy_rwlock = RW_LOCK_UNLOCKED;
 #define POLICY_RDLOCK read_lock(&policy_rwlock)
 #define POLICY_WRLOCK write_lock_irq(&policy_rwlock)
@@ -1052,6 +1054,7 @@ int security_load_policy(void *data, size_t len)
 	sidtab_destroy(&oldsidtab);
 
 	avc_ss_reset(seqno);
+	selnl_notify_policyload(seqno);
 
 	return 0;