diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f78318af8254..ad9a9b8e9979 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3860,7 +3860,7 @@ static int selinux_file_receive(struct file *file) | |||
| 3860 | return file_has_perm(cred, file, file_to_av(file)); | 3860 | return file_has_perm(cred, file, file_to_av(file)); |
| 3861 | } | 3861 | } |
| 3862 | 3862 | ||
| 3863 | static int selinux_file_open(struct file *file, const struct cred *cred) | 3863 | static int selinux_file_open(struct file *file) |
| 3864 | { | 3864 | { |
| 3865 | struct file_security_struct *fsec; | 3865 | struct file_security_struct *fsec; |
| 3866 | struct inode_security_struct *isec; | 3866 | struct inode_security_struct *isec; |
| @@ -3884,7 +3884,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred) | |||
| 3884 | * new inode label or new policy. | 3884 | * new inode label or new policy. |
| 3885 | * This check is not redundant - do not remove. | 3885 | * This check is not redundant - do not remove. |
| 3886 | */ | 3886 | */ |
| 3887 | return file_path_has_perm(cred, file, open_file_to_av(file)); | 3887 | return file_path_has_perm(file->f_cred, file, open_file_to_av(file)); |
| 3888 | } | 3888 | } |
| 3889 | 3889 | ||
| 3890 | /* task security operations */ | 3890 | /* task security operations */ |
| @@ -4071,6 +4071,20 @@ static int selinux_kernel_read_file(struct file *file, | |||
| 4071 | return rc; | 4071 | return rc; |
| 4072 | } | 4072 | } |
| 4073 | 4073 | ||
| 4074 | static int selinux_kernel_load_data(enum kernel_load_data_id id) | ||
| 4075 | { | ||
| 4076 | int rc = 0; | ||
| 4077 | |||
| 4078 | switch (id) { | ||
| 4079 | case LOADING_MODULE: | ||
| 4080 | rc = selinux_kernel_module_from_file(NULL); | ||
| 4081 | default: | ||
| 4082 | break; | ||
| 4083 | } | ||
| 4084 | |||
| 4085 | return rc; | ||
| 4086 | } | ||
| 4087 | |||
| 4074 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) | 4088 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) |
| 4075 | { | 4089 | { |
| 4076 | return avc_has_perm(&selinux_state, | 4090 | return avc_has_perm(&selinux_state, |
| @@ -6970,6 +6984,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6970 | LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), | 6984 | LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), |
| 6971 | LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), | 6985 | LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), |
| 6972 | LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), | 6986 | LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), |
| 6987 | LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data), | ||
| 6973 | LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file), | 6988 | LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file), |
| 6974 | LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid), | 6989 | LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid), |
| 6975 | LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid), | 6990 | LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid), |