diff options
| author | James Morris <jmorris@namei.org> | 2011-05-24 09:20:19 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-05-24 09:20:19 -0400 |
| commit | b7b57551bbda1390959207f79f2038aa7adb72ae (patch) | |
| tree | d591a08e7e45615b51d8b5ee1634a29920f62c3f /security/selinux/selinuxfs.c | |
| parent | 434d42cfd05a7cc452457a81d2029540cba12150 (diff) | |
| parent | 7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e (diff) | |
Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into for-linus
Conflicts:
lib/flex_array.c
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/ss/policydb.c
security/smack/smack_lsm.c
Manually resolve conflicts.
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/selinuxfs.c')
| -rw-r--r-- | security/selinux/selinuxfs.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 2d3373b2e256..77d44138864f 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -28,6 +28,7 @@ | |||
| 28 | #include <linux/percpu.h> | 28 | #include <linux/percpu.h> |
| 29 | #include <linux/audit.h> | 29 | #include <linux/audit.h> |
| 30 | #include <linux/uaccess.h> | 30 | #include <linux/uaccess.h> |
| 31 | #include <linux/kobject.h> | ||
| 31 | 32 | ||
| 32 | /* selinuxfs pseudo filesystem for exporting the security policy API. | 33 | /* selinuxfs pseudo filesystem for exporting the security policy API. |
| 33 | Based on the proc code and the fs/nfsd/nfsctl.c code. */ | 34 | Based on the proc code and the fs/nfsd/nfsctl.c code. */ |
| @@ -753,11 +754,13 @@ out: | |||
| 753 | static ssize_t sel_write_create(struct file *file, char *buf, size_t size) | 754 | static ssize_t sel_write_create(struct file *file, char *buf, size_t size) |
| 754 | { | 755 | { |
| 755 | char *scon = NULL, *tcon = NULL; | 756 | char *scon = NULL, *tcon = NULL; |
| 757 | char *namebuf = NULL, *objname = NULL; | ||
| 756 | u32 ssid, tsid, newsid; | 758 | u32 ssid, tsid, newsid; |
| 757 | u16 tclass; | 759 | u16 tclass; |
| 758 | ssize_t length; | 760 | ssize_t length; |
| 759 | char *newcon = NULL; | 761 | char *newcon = NULL; |
| 760 | u32 len; | 762 | u32 len; |
| 763 | int nargs; | ||
| 761 | 764 | ||
| 762 | length = task_has_security(current, SECURITY__COMPUTE_CREATE); | 765 | length = task_has_security(current, SECURITY__COMPUTE_CREATE); |
| 763 | if (length) | 766 | if (length) |
| @@ -773,9 +776,17 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) | |||
| 773 | if (!tcon) | 776 | if (!tcon) |
| 774 | goto out; | 777 | goto out; |
| 775 | 778 | ||
| 779 | length = -ENOMEM; | ||
| 780 | namebuf = kzalloc(size + 1, GFP_KERNEL); | ||
| 781 | if (!namebuf) | ||
| 782 | goto out; | ||
| 783 | |||
| 776 | length = -EINVAL; | 784 | length = -EINVAL; |
| 777 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) | 785 | nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); |
| 786 | if (nargs < 3 || nargs > 4) | ||
| 778 | goto out; | 787 | goto out; |
| 788 | if (nargs == 4) | ||
| 789 | objname = namebuf; | ||
| 779 | 790 | ||
| 780 | length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); | 791 | length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); |
| 781 | if (length) | 792 | if (length) |
| @@ -785,7 +796,8 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) | |||
| 785 | if (length) | 796 | if (length) |
| 786 | goto out; | 797 | goto out; |
| 787 | 798 | ||
| 788 | length = security_transition_sid_user(ssid, tsid, tclass, &newsid); | 799 | length = security_transition_sid_user(ssid, tsid, tclass, |
| 800 | objname, &newsid); | ||
| 789 | if (length) | 801 | if (length) |
| 790 | goto out; | 802 | goto out; |
| 791 | 803 | ||
| @@ -804,6 +816,7 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) | |||
| 804 | length = len; | 816 | length = len; |
| 805 | out: | 817 | out: |
| 806 | kfree(newcon); | 818 | kfree(newcon); |
| 819 | kfree(namebuf); | ||
| 807 | kfree(tcon); | 820 | kfree(tcon); |
| 808 | kfree(scon); | 821 | kfree(scon); |
| 809 | return length; | 822 | return length; |
| @@ -1901,6 +1914,7 @@ static struct file_system_type sel_fs_type = { | |||
| 1901 | }; | 1914 | }; |
| 1902 | 1915 | ||
| 1903 | struct vfsmount *selinuxfs_mount; | 1916 | struct vfsmount *selinuxfs_mount; |
| 1917 | static struct kobject *selinuxfs_kobj; | ||
| 1904 | 1918 | ||
| 1905 | static int __init init_sel_fs(void) | 1919 | static int __init init_sel_fs(void) |
| 1906 | { | 1920 | { |
| @@ -1908,9 +1922,16 @@ static int __init init_sel_fs(void) | |||
| 1908 | 1922 | ||
| 1909 | if (!selinux_enabled) | 1923 | if (!selinux_enabled) |
| 1910 | return 0; | 1924 | return 0; |
| 1925 | |||
| 1926 | selinuxfs_kobj = kobject_create_and_add("selinux", fs_kobj); | ||
| 1927 | if (!selinuxfs_kobj) | ||
| 1928 | return -ENOMEM; | ||
| 1929 | |||
| 1911 | err = register_filesystem(&sel_fs_type); | 1930 | err = register_filesystem(&sel_fs_type); |
| 1912 | if (err) | 1931 | if (err) { |
| 1932 | kobject_put(selinuxfs_kobj); | ||
| 1913 | return err; | 1933 | return err; |
| 1934 | } | ||
| 1914 | 1935 | ||
| 1915 | selinuxfs_mount = kern_mount(&sel_fs_type); | 1936 | selinuxfs_mount = kern_mount(&sel_fs_type); |
| 1916 | if (IS_ERR(selinuxfs_mount)) { | 1937 | if (IS_ERR(selinuxfs_mount)) { |
| @@ -1927,6 +1948,7 @@ __initcall(init_sel_fs); | |||
| 1927 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 1948 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
| 1928 | void exit_sel_fs(void) | 1949 | void exit_sel_fs(void) |
| 1929 | { | 1950 | { |
| 1951 | kobject_put(selinuxfs_kobj); | ||
| 1930 | unregister_filesystem(&sel_fs_type); | 1952 | unregister_filesystem(&sel_fs_type); |
| 1931 | } | 1953 | } |
| 1932 | #endif | 1954 | #endif |