diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 25 |
1 files changed, 2 insertions, 23 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 620be0367c0b..632813821da6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -146,7 +146,6 @@ static int __init checkreqprot_setup(char *str) | |||
| 146 | __setup("checkreqprot=", checkreqprot_setup); | 146 | __setup("checkreqprot=", checkreqprot_setup); |
| 147 | 147 | ||
| 148 | static struct kmem_cache *sel_inode_cache; | 148 | static struct kmem_cache *sel_inode_cache; |
| 149 | static struct kmem_cache *file_security_cache; | ||
| 150 | 149 | ||
| 151 | /** | 150 | /** |
| 152 | * selinux_secmark_enabled - Check to see if SECMARK is currently enabled | 151 | * selinux_secmark_enabled - Check to see if SECMARK is currently enabled |
| @@ -378,27 +377,15 @@ static void inode_free_security(struct inode *inode) | |||
| 378 | 377 | ||
| 379 | static int file_alloc_security(struct file *file) | 378 | static int file_alloc_security(struct file *file) |
| 380 | { | 379 | { |
| 381 | struct file_security_struct *fsec; | 380 | struct file_security_struct *fsec = selinux_file(file); |
| 382 | u32 sid = current_sid(); | 381 | u32 sid = current_sid(); |
| 383 | 382 | ||
| 384 | fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL); | ||
| 385 | if (!fsec) | ||
| 386 | return -ENOMEM; | ||
| 387 | |||
| 388 | fsec->sid = sid; | 383 | fsec->sid = sid; |
| 389 | fsec->fown_sid = sid; | 384 | fsec->fown_sid = sid; |
| 390 | file->f_security = fsec; | ||
| 391 | 385 | ||
| 392 | return 0; | 386 | return 0; |
| 393 | } | 387 | } |
| 394 | 388 | ||
| 395 | static void file_free_security(struct file *file) | ||
| 396 | { | ||
| 397 | struct file_security_struct *fsec = selinux_file(file); | ||
| 398 | file->f_security = NULL; | ||
| 399 | kmem_cache_free(file_security_cache, fsec); | ||
| 400 | } | ||
| 401 | |||
| 402 | static int superblock_alloc_security(struct super_block *sb) | 389 | static int superblock_alloc_security(struct super_block *sb) |
| 403 | { | 390 | { |
| 404 | struct superblock_security_struct *sbsec; | 391 | struct superblock_security_struct *sbsec; |
| @@ -3345,11 +3332,6 @@ static int selinux_file_alloc_security(struct file *file) | |||
| 3345 | return file_alloc_security(file); | 3332 | return file_alloc_security(file); |
| 3346 | } | 3333 | } |
| 3347 | 3334 | ||
| 3348 | static void selinux_file_free_security(struct file *file) | ||
| 3349 | { | ||
| 3350 | file_free_security(file); | ||
| 3351 | } | ||
| 3352 | |||
| 3353 | /* | 3335 | /* |
| 3354 | * Check whether a task has the ioctl permission and cmd | 3336 | * Check whether a task has the ioctl permission and cmd |
| 3355 | * operation to an inode. | 3337 | * operation to an inode. |
| @@ -6646,6 +6628,7 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux) | |||
| 6646 | 6628 | ||
| 6647 | struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { | 6629 | struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { |
| 6648 | .lbs_cred = sizeof(struct task_security_struct), | 6630 | .lbs_cred = sizeof(struct task_security_struct), |
| 6631 | .lbs_file = sizeof(struct file_security_struct), | ||
| 6649 | }; | 6632 | }; |
| 6650 | 6633 | ||
| 6651 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | 6634 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { |
| @@ -6717,7 +6700,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6717 | 6700 | ||
| 6718 | LSM_HOOK_INIT(file_permission, selinux_file_permission), | 6701 | LSM_HOOK_INIT(file_permission, selinux_file_permission), |
| 6719 | LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), | 6702 | LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), |
| 6720 | LSM_HOOK_INIT(file_free_security, selinux_file_free_security), | ||
| 6721 | LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), | 6703 | LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), |
| 6722 | LSM_HOOK_INIT(mmap_file, selinux_mmap_file), | 6704 | LSM_HOOK_INIT(mmap_file, selinux_mmap_file), |
| 6723 | LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), | 6705 | LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), |
| @@ -6902,9 +6884,6 @@ static __init int selinux_init(void) | |||
| 6902 | sel_inode_cache = kmem_cache_create("selinux_inode_security", | 6884 | sel_inode_cache = kmem_cache_create("selinux_inode_security", |
| 6903 | sizeof(struct inode_security_struct), | 6885 | sizeof(struct inode_security_struct), |
| 6904 | 0, SLAB_PANIC, NULL); | 6886 | 0, SLAB_PANIC, NULL); |
| 6905 | file_security_cache = kmem_cache_create("selinux_file_security", | ||
| 6906 | sizeof(struct file_security_struct), | ||
| 6907 | 0, SLAB_PANIC, NULL); | ||
| 6908 | avc_init(); | 6887 | avc_init(); |
| 6909 | 6888 | ||
| 6910 | avtab_cache_init(); | 6889 | avtab_cache_init(); |