diff options
| author | James Morris <james.l.morris@oracle.com> | 2016-01-13 20:11:58 -0500 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2016-01-13 20:11:58 -0500 |
| commit | acb2cfdb316ddc3fac8183c0f71edd1680713b10 (patch) | |
| tree | ce94b3236d6b60dc67334ad30e938b8fd8ad80de | |
| parent | 607259e17b37017e9ec0249a8b0a7d8b76b572aa (diff) | |
| parent | b197367ed1ba81b0d26f7e7f76f61731ac6e5842 (diff) | |
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into next
| -rw-r--r-- | security/selinux/hooks.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 40e071af7783..f8110cfd80ff 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -273,11 +273,6 @@ static int __inode_security_revalidate(struct inode *inode, | |||
| 273 | return 0; | 273 | return 0; |
| 274 | } | 274 | } |
| 275 | 275 | ||
| 276 | static void inode_security_revalidate(struct inode *inode) | ||
| 277 | { | ||
| 278 | __inode_security_revalidate(inode, NULL, true); | ||
| 279 | } | ||
| 280 | |||
| 281 | static struct inode_security_struct *inode_security_novalidate(struct inode *inode) | 276 | static struct inode_security_struct *inode_security_novalidate(struct inode *inode) |
| 282 | { | 277 | { |
| 283 | return inode->i_security; | 278 | return inode->i_security; |
| @@ -3277,19 +3272,19 @@ static int selinux_file_permission(struct file *file, int mask) | |||
| 3277 | { | 3272 | { |
| 3278 | struct inode *inode = file_inode(file); | 3273 | struct inode *inode = file_inode(file); |
| 3279 | struct file_security_struct *fsec = file->f_security; | 3274 | struct file_security_struct *fsec = file->f_security; |
| 3280 | struct inode_security_struct *isec = inode_security(inode); | 3275 | struct inode_security_struct *isec; |
| 3281 | u32 sid = current_sid(); | 3276 | u32 sid = current_sid(); |
| 3282 | 3277 | ||
| 3283 | if (!mask) | 3278 | if (!mask) |
| 3284 | /* No permission to check. Existence test. */ | 3279 | /* No permission to check. Existence test. */ |
| 3285 | return 0; | 3280 | return 0; |
| 3286 | 3281 | ||
| 3282 | isec = inode_security(inode); | ||
| 3287 | if (sid == fsec->sid && fsec->isid == isec->sid && | 3283 | if (sid == fsec->sid && fsec->isid == isec->sid && |
| 3288 | fsec->pseqno == avc_policy_seqno()) | 3284 | fsec->pseqno == avc_policy_seqno()) |
| 3289 | /* No change since file_open check. */ | 3285 | /* No change since file_open check. */ |
| 3290 | return 0; | 3286 | return 0; |
| 3291 | 3287 | ||
| 3292 | inode_security_revalidate(inode); | ||
| 3293 | return selinux_revalidate_file_permission(file, mask); | 3288 | return selinux_revalidate_file_permission(file, mask); |
| 3294 | } | 3289 | } |
| 3295 | 3290 | ||
| @@ -3595,7 +3590,6 @@ static int selinux_file_open(struct file *file, const struct cred *cred) | |||
| 3595 | * new inode label or new policy. | 3590 | * new inode label or new policy. |
| 3596 | * This check is not redundant - do not remove. | 3591 | * This check is not redundant - do not remove. |
| 3597 | */ | 3592 | */ |
| 3598 | inode_security_revalidate(file_inode(file)); | ||
| 3599 | return file_path_has_perm(cred, file, open_file_to_av(file)); | 3593 | return file_path_has_perm(cred, file, open_file_to_av(file)); |
| 3600 | } | 3594 | } |
| 3601 | 3595 | ||