diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2018-03-22 22:22:26 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2018-03-22 22:22:26 -0400 |
| commit | d8c6e8543294428426578d74dc7aaf121e762d58 (patch) | |
| tree | 5a7fb08578f66f55f030e7fd1de237e5f756a847 /security/selinux/hooks.c | |
| parent | 7191adff2a5566efb139c79ea03eda3d0520d44a (diff) | |
msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
All of the implementations of security hooks that take msg_queue only
access q_perm the struct kern_ipc_perm member. This means the
dependencies of the msg_queue security hooks can be simplified by
passing the kern_ipc_perm member of msg_queue.
Making this change will allow struct msg_queue to become private to
ipc/msg.c.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 14f9e6c08273..925e546b5a87 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -5532,52 +5532,52 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg) | |||
| 5532 | } | 5532 | } |
| 5533 | 5533 | ||
| 5534 | /* message queue security operations */ | 5534 | /* message queue security operations */ |
| 5535 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | 5535 | static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) |
| 5536 | { | 5536 | { |
| 5537 | struct ipc_security_struct *isec; | 5537 | struct ipc_security_struct *isec; |
| 5538 | struct common_audit_data ad; | 5538 | struct common_audit_data ad; |
| 5539 | u32 sid = current_sid(); | 5539 | u32 sid = current_sid(); |
| 5540 | int rc; | 5540 | int rc; |
| 5541 | 5541 | ||
| 5542 | rc = ipc_alloc_security(&msq->q_perm, SECCLASS_MSGQ); | 5542 | rc = ipc_alloc_security(msq, SECCLASS_MSGQ); |
| 5543 | if (rc) | 5543 | if (rc) |
| 5544 | return rc; | 5544 | return rc; |
| 5545 | 5545 | ||
| 5546 | isec = msq->q_perm.security; | 5546 | isec = msq->security; |
| 5547 | 5547 | ||
| 5548 | ad.type = LSM_AUDIT_DATA_IPC; | 5548 | ad.type = LSM_AUDIT_DATA_IPC; |
| 5549 | ad.u.ipc_id = msq->q_perm.key; | 5549 | ad.u.ipc_id = msq->key; |
| 5550 | 5550 | ||
| 5551 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 5551 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
| 5552 | MSGQ__CREATE, &ad); | 5552 | MSGQ__CREATE, &ad); |
| 5553 | if (rc) { | 5553 | if (rc) { |
| 5554 | ipc_free_security(&msq->q_perm); | 5554 | ipc_free_security(msq); |
| 5555 | return rc; | 5555 | return rc; |
| 5556 | } | 5556 | } |
| 5557 | return 0; | 5557 | return 0; |
| 5558 | } | 5558 | } |
| 5559 | 5559 | ||
| 5560 | static void selinux_msg_queue_free_security(struct msg_queue *msq) | 5560 | static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq) |
| 5561 | { | 5561 | { |
| 5562 | ipc_free_security(&msq->q_perm); | 5562 | ipc_free_security(msq); |
| 5563 | } | 5563 | } |
| 5564 | 5564 | ||
| 5565 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | 5565 | static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) |
| 5566 | { | 5566 | { |
| 5567 | struct ipc_security_struct *isec; | 5567 | struct ipc_security_struct *isec; |
| 5568 | struct common_audit_data ad; | 5568 | struct common_audit_data ad; |
| 5569 | u32 sid = current_sid(); | 5569 | u32 sid = current_sid(); |
| 5570 | 5570 | ||
| 5571 | isec = msq->q_perm.security; | 5571 | isec = msq->security; |
| 5572 | 5572 | ||
| 5573 | ad.type = LSM_AUDIT_DATA_IPC; | 5573 | ad.type = LSM_AUDIT_DATA_IPC; |
| 5574 | ad.u.ipc_id = msq->q_perm.key; | 5574 | ad.u.ipc_id = msq->key; |
| 5575 | 5575 | ||
| 5576 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 5576 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
| 5577 | MSGQ__ASSOCIATE, &ad); | 5577 | MSGQ__ASSOCIATE, &ad); |
| 5578 | } | 5578 | } |
| 5579 | 5579 | ||
| 5580 | static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) | 5580 | static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) |
| 5581 | { | 5581 | { |
| 5582 | int err; | 5582 | int err; |
| 5583 | int perms; | 5583 | int perms; |
| @@ -5602,11 +5602,11 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
| 5602 | return 0; | 5602 | return 0; |
| 5603 | } | 5603 | } |
| 5604 | 5604 | ||
| 5605 | err = ipc_has_perm(&msq->q_perm, perms); | 5605 | err = ipc_has_perm(msq, perms); |
| 5606 | return err; | 5606 | return err; |
| 5607 | } | 5607 | } |
| 5608 | 5608 | ||
| 5609 | static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) | 5609 | static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg) |
| 5610 | { | 5610 | { |
| 5611 | struct ipc_security_struct *isec; | 5611 | struct ipc_security_struct *isec; |
| 5612 | struct msg_security_struct *msec; | 5612 | struct msg_security_struct *msec; |
| @@ -5614,7 +5614,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
| 5614 | u32 sid = current_sid(); | 5614 | u32 sid = current_sid(); |
| 5615 | int rc; | 5615 | int rc; |
| 5616 | 5616 | ||
| 5617 | isec = msq->q_perm.security; | 5617 | isec = msq->security; |
| 5618 | msec = msg->security; | 5618 | msec = msg->security; |
| 5619 | 5619 | ||
| 5620 | /* | 5620 | /* |
| @@ -5632,7 +5632,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
| 5632 | } | 5632 | } |
| 5633 | 5633 | ||
| 5634 | ad.type = LSM_AUDIT_DATA_IPC; | 5634 | ad.type = LSM_AUDIT_DATA_IPC; |
| 5635 | ad.u.ipc_id = msq->q_perm.key; | 5635 | ad.u.ipc_id = msq->key; |
| 5636 | 5636 | ||
| 5637 | /* Can this process write to the queue? */ | 5637 | /* Can this process write to the queue? */ |
| 5638 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 5638 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
| @@ -5649,7 +5649,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
| 5649 | return rc; | 5649 | return rc; |
| 5650 | } | 5650 | } |
| 5651 | 5651 | ||
| 5652 | static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | 5652 | static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, |
| 5653 | struct task_struct *target, | 5653 | struct task_struct *target, |
| 5654 | long type, int mode) | 5654 | long type, int mode) |
| 5655 | { | 5655 | { |
| @@ -5659,11 +5659,11 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
| 5659 | u32 sid = task_sid(target); | 5659 | u32 sid = task_sid(target); |
| 5660 | int rc; | 5660 | int rc; |
| 5661 | 5661 | ||
| 5662 | isec = msq->q_perm.security; | 5662 | isec = msq->security; |
| 5663 | msec = msg->security; | 5663 | msec = msg->security; |
| 5664 | 5664 | ||
| 5665 | ad.type = LSM_AUDIT_DATA_IPC; | 5665 | ad.type = LSM_AUDIT_DATA_IPC; |
| 5666 | ad.u.ipc_id = msq->q_perm.key; | 5666 | ad.u.ipc_id = msq->key; |
| 5667 | 5667 | ||
| 5668 | rc = avc_has_perm(sid, isec->sid, | 5668 | rc = avc_has_perm(sid, isec->sid, |
| 5669 | SECCLASS_MSGQ, MSGQ__READ, &ad); | 5669 | SECCLASS_MSGQ, MSGQ__READ, &ad); |