aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/avc.c2
-rw-r--r--security/selinux/hooks.c11
-rw-r--r--security/selinux/include/netif.h2
-rw-r--r--security/selinux/include/netlabel.h2
-rw-r--r--security/selinux/include/netnode.h2
-rw-r--r--security/selinux/include/netport.h2
-rw-r--r--security/selinux/netif.c2
-rw-r--r--security/selinux/netlabel.c2
-rw-r--r--security/selinux/netnode.c22
-rw-r--r--security/selinux/netport.c26
-rw-r--r--security/selinux/selinuxfs.c3
-rw-r--r--security/selinux/ss/ebitmap.c2
-rw-r--r--security/selinux/ss/mls.c2
-rw-r--r--security/selinux/ss/mls.h2
-rw-r--r--security/selinux/ss/policydb.c2
-rw-r--r--security/selinux/ss/services.c2
-rw-r--r--security/selinux/xfrm.c2
17 files changed, 30 insertions, 58 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index d515b2128a4..dca1c22d927 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -527,7 +527,7 @@ int avc_audit(u32 ssid, u32 tsid,
527 * happened a little later. 527 * happened a little later.
528 */ 528 */
529 if ((a->type == LSM_AUDIT_DATA_INODE) && 529 if ((a->type == LSM_AUDIT_DATA_INODE) &&
530 (flags & IPERM_FLAG_RCU)) 530 (flags & MAY_NOT_BLOCK))
531 return -ECHILD; 531 return -ECHILD;
532 532
533 a->selinux_audit_data.tclass = tclass; 533 a->selinux_audit_data.tclass = tclass;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 20219ef5439..266a2292451 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -14,7 +14,7 @@
14 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 14 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
15 * <dgoeddel@trustedcs.com> 15 * <dgoeddel@trustedcs.com>
16 * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P. 16 * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
17 * Paul Moore <paul.moore@hp.com> 17 * Paul Moore <paul@paul-moore.com>
18 * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. 18 * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
19 * Yuichi Nakamura <ynakam@hitachisoft.jp> 19 * Yuichi Nakamura <ynakam@hitachisoft.jp>
20 * 20 *
@@ -57,7 +57,7 @@
57#include <net/netlabel.h> 57#include <net/netlabel.h>
58#include <linux/uaccess.h> 58#include <linux/uaccess.h>
59#include <asm/ioctls.h> 59#include <asm/ioctls.h>
60#include <asm/atomic.h> 60#include <linux/atomic.h>
61#include <linux/bitops.h> 61#include <linux/bitops.h>
62#include <linux/interrupt.h> 62#include <linux/interrupt.h>
63#include <linux/netdevice.h> /* for network interface checks */ 63#include <linux/netdevice.h> /* for network interface checks */
@@ -2053,7 +2053,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2053 u32 ptsid = 0; 2053 u32 ptsid = 0;
2054 2054
2055 rcu_read_lock(); 2055 rcu_read_lock();
2056 tracer = tracehook_tracer_task(current); 2056 tracer = ptrace_parent(current);
2057 if (likely(tracer != NULL)) { 2057 if (likely(tracer != NULL)) {
2058 sec = __task_cred(tracer)->security; 2058 sec = __task_cred(tracer)->security;
2059 ptsid = sec->sid; 2059 ptsid = sec->sid;
@@ -2659,12 +2659,13 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
2659 return dentry_has_perm(cred, dentry, FILE__READ); 2659 return dentry_has_perm(cred, dentry, FILE__READ);
2660} 2660}
2661 2661
2662static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags) 2662static int selinux_inode_permission(struct inode *inode, int mask)
2663{ 2663{
2664 const struct cred *cred = current_cred(); 2664 const struct cred *cred = current_cred();
2665 struct common_audit_data ad; 2665 struct common_audit_data ad;
2666 u32 perms; 2666 u32 perms;
2667 bool from_access; 2667 bool from_access;
2668 unsigned flags = mask & MAY_NOT_BLOCK;
2668 2669
2669 from_access = mask & MAY_ACCESS; 2670 from_access = mask & MAY_ACCESS;
2670 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 2671 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
@@ -5319,7 +5320,7 @@ static int selinux_setprocattr(struct task_struct *p,
5319 Otherwise, leave SID unchanged and fail. */ 5320 Otherwise, leave SID unchanged and fail. */
5320 ptsid = 0; 5321 ptsid = 0;
5321 task_lock(p); 5322 task_lock(p);
5322 tracer = tracehook_tracer_task(p); 5323 tracer = ptrace_parent(p);
5323 if (tracer) 5324 if (tracer)
5324 ptsid = task_sid(tracer); 5325 ptsid = task_sid(tracer);
5325 task_unlock(p); 5326 task_unlock(p);
diff --git a/security/selinux/include/netif.h b/security/selinux/include/netif.h
index ce23edd128b..43d507242b4 100644
--- a/security/selinux/include/netif.h
+++ b/security/selinux/include/netif.h
@@ -8,7 +8,7 @@
8 * 8 *
9 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11 * Paul Moore, <paul.moore@hp.com> 11 * Paul Moore <paul@paul-moore.com>
12 * 12 *
13 * This program is free software; you can redistribute it and/or modify 13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License version 2, 14 * it under the terms of the GNU General Public License version 2,
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h
index cf2f628e6e2..8c59b8f150e 100644
--- a/security/selinux/include/netlabel.h
+++ b/security/selinux/include/netlabel.h
@@ -1,7 +1,7 @@
1/* 1/*
2 * SELinux interface to the NetLabel subsystem 2 * SELinux interface to the NetLabel subsystem
3 * 3 *
4 * Author : Paul Moore <paul.moore@hp.com> 4 * Author: Paul Moore <paul@paul-moore.com>
5 * 5 *
6 */ 6 */
7 7
diff --git a/security/selinux/include/netnode.h b/security/selinux/include/netnode.h
index 1b94450d11d..df7a5ed6c69 100644
--- a/security/selinux/include/netnode.h
+++ b/security/selinux/include/netnode.h
@@ -6,7 +6,7 @@
6 * needed to reduce the lookup overhead since most of these queries happen on 6 * needed to reduce the lookup overhead since most of these queries happen on
7 * a per-packet basis. 7 * a per-packet basis.
8 * 8 *
9 * Author: Paul Moore <paul.moore@hp.com> 9 * Author: Paul Moore <paul@paul-moore.com>
10 * 10 *
11 */ 11 */
12 12
diff --git a/security/selinux/include/netport.h b/security/selinux/include/netport.h
index 8991752eaf9..4d965b83d73 100644
--- a/security/selinux/include/netport.h
+++ b/security/selinux/include/netport.h
@@ -5,7 +5,7 @@
5 * mapping is maintained as part of the normal policy but a fast cache is 5 * mapping is maintained as part of the normal policy but a fast cache is
6 * needed to reduce the lookup overhead. 6 * needed to reduce the lookup overhead.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index 58cc481c93d..326f22cbe40 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -8,7 +8,7 @@
8 * 8 *
9 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 9 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11 * Paul Moore <paul.moore@hp.com> 11 * Paul Moore <paul@paul-moore.com>
12 * 12 *
13 * This program is free software; you can redistribute it and/or modify 13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License version 2, 14 * it under the terms of the GNU General Public License version 2,
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index c3bf3ed07b0..da4b8b23328 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -4,7 +4,7 @@
4 * This file provides the necessary glue to tie NetLabel into the SELinux 4 * This file provides the necessary glue to tie NetLabel into the SELinux
5 * subsystem. 5 * subsystem.
6 * 6 *
7 * Author: Paul Moore <paul.moore@hp.com> 7 * Author: Paul Moore <paul@paul-moore.com>
8 * 8 *
9 */ 9 */
10 10
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 3618251d0fd..3bf46abaa68 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -6,7 +6,7 @@
6 * needed to reduce the lookup overhead since most of these queries happen on 6 * needed to reduce the lookup overhead since most of these queries happen on
7 * a per-packet basis. 7 * a per-packet basis.
8 * 8 *
9 * Author: Paul Moore <paul.moore@hp.com> 9 * Author: Paul Moore <paul@paul-moore.com>
10 * 10 *
11 * This code is heavily based on the "netif" concept originally developed by 11 * This code is heavily based on the "netif" concept originally developed by
12 * James Morris <jmorris@redhat.com> 12 * James Morris <jmorris@redhat.com>
@@ -69,22 +69,6 @@ static DEFINE_SPINLOCK(sel_netnode_lock);
69static struct sel_netnode_bkt sel_netnode_hash[SEL_NETNODE_HASH_SIZE]; 69static struct sel_netnode_bkt sel_netnode_hash[SEL_NETNODE_HASH_SIZE];
70 70
71/** 71/**
72 * sel_netnode_free - Frees a node entry
73 * @p: the entry's RCU field
74 *
75 * Description:
76 * This function is designed to be used as a callback to the call_rcu()
77 * function so that memory allocated to a hash table node entry can be
78 * released safely.
79 *
80 */
81static void sel_netnode_free(struct rcu_head *p)
82{
83 struct sel_netnode *node = container_of(p, struct sel_netnode, rcu);
84 kfree(node);
85}
86
87/**
88 * sel_netnode_hashfn_ipv4 - IPv4 hashing function for the node table 72 * sel_netnode_hashfn_ipv4 - IPv4 hashing function for the node table
89 * @addr: IPv4 address 73 * @addr: IPv4 address
90 * 74 *
@@ -193,7 +177,7 @@ static void sel_netnode_insert(struct sel_netnode *node)
193 rcu_dereference(sel_netnode_hash[idx].list.prev), 177 rcu_dereference(sel_netnode_hash[idx].list.prev),
194 struct sel_netnode, list); 178 struct sel_netnode, list);
195 list_del_rcu(&tail->list); 179 list_del_rcu(&tail->list);
196 call_rcu(&tail->rcu, sel_netnode_free); 180 kfree_rcu(tail, rcu);
197 } else 181 } else
198 sel_netnode_hash[idx].size++; 182 sel_netnode_hash[idx].size++;
199} 183}
@@ -306,7 +290,7 @@ static void sel_netnode_flush(void)
306 list_for_each_entry_safe(node, node_tmp, 290 list_for_each_entry_safe(node, node_tmp,
307 &sel_netnode_hash[idx].list, list) { 291 &sel_netnode_hash[idx].list, list) {
308 list_del_rcu(&node->list); 292 list_del_rcu(&node->list);
309 call_rcu(&node->rcu, sel_netnode_free); 293 kfree_rcu(node, rcu);
310 } 294 }
311 sel_netnode_hash[idx].size = 0; 295 sel_netnode_hash[idx].size = 0;
312 } 296 }
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index cfe2d72d3fb..7b9eb1faf68 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -5,7 +5,7 @@
5 * mapping is maintained as part of the normal policy but a fast cache is 5 * mapping is maintained as part of the normal policy but a fast cache is
6 * needed to reduce the lookup overhead. 6 * needed to reduce the lookup overhead.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 * This code is heavily based on the "netif" concept originally developed by 10 * This code is heavily based on the "netif" concept originally developed by
11 * James Morris <jmorris@redhat.com> 11 * James Morris <jmorris@redhat.com>
@@ -68,22 +68,6 @@ static DEFINE_SPINLOCK(sel_netport_lock);
68static struct sel_netport_bkt sel_netport_hash[SEL_NETPORT_HASH_SIZE]; 68static struct sel_netport_bkt sel_netport_hash[SEL_NETPORT_HASH_SIZE];
69 69
70/** 70/**
71 * sel_netport_free - Frees a port entry
72 * @p: the entry's RCU field
73 *
74 * Description:
75 * This function is designed to be used as a callback to the call_rcu()
76 * function so that memory allocated to a hash table port entry can be
77 * released safely.
78 *
79 */
80static void sel_netport_free(struct rcu_head *p)
81{
82 struct sel_netport *port = container_of(p, struct sel_netport, rcu);
83 kfree(port);
84}
85
86/**
87 * sel_netport_hashfn - Hashing function for the port table 71 * sel_netport_hashfn - Hashing function for the port table
88 * @pnum: port number 72 * @pnum: port number
89 * 73 *
@@ -139,10 +123,12 @@ static void sel_netport_insert(struct sel_netport *port)
139 if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) { 123 if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
140 struct sel_netport *tail; 124 struct sel_netport *tail;
141 tail = list_entry( 125 tail = list_entry(
142 rcu_dereference(sel_netport_hash[idx].list.prev), 126 rcu_dereference_protected(
127 sel_netport_hash[idx].list.prev,
128 lockdep_is_held(&sel_netport_lock)),
143 struct sel_netport, list); 129 struct sel_netport, list);
144 list_del_rcu(&tail->list); 130 list_del_rcu(&tail->list);
145 call_rcu(&tail->rcu, sel_netport_free); 131 kfree_rcu(tail, rcu);
146 } else 132 } else
147 sel_netport_hash[idx].size++; 133 sel_netport_hash[idx].size++;
148} 134}
@@ -241,7 +227,7 @@ static void sel_netport_flush(void)
241 list_for_each_entry_safe(port, port_tmp, 227 list_for_each_entry_safe(port, port_tmp,
242 &sel_netport_hash[idx].list, list) { 228 &sel_netport_hash[idx].list, list) {
243 list_del_rcu(&port->list); 229 list_del_rcu(&port->list);
244 call_rcu(&port->rcu, sel_netport_free); 230 kfree_rcu(port, rcu);
245 } 231 }
246 sel_netport_hash[idx].size = 0; 232 sel_netport_hash[idx].size = 0;
247 } 233 }
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 35459340019..55d92cbb177 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2,7 +2,7 @@
2 * 2 *
3 * Added conditional policy language extensions 3 * Added conditional policy language extensions
4 * 4 *
5 * Updated: Hewlett-Packard <paul.moore@hp.com> 5 * Updated: Hewlett-Packard <paul@paul-moore.com>
6 * 6 *
7 * Added support for the policy capability bitmap 7 * Added support for the policy capability bitmap
8 * 8 *
@@ -1984,6 +1984,7 @@ __initcall(init_sel_fs);
1984void exit_sel_fs(void) 1984void exit_sel_fs(void)
1985{ 1985{
1986 kobject_put(selinuxfs_kobj); 1986 kobject_put(selinuxfs_kobj);
1987 kern_unmount(selinuxfs_mount);
1987 unregister_filesystem(&sel_fs_type); 1988 unregister_filesystem(&sel_fs_type);
1988} 1989}
1989#endif 1990#endif
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index d42951fcbe8..30f119b1d1e 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -4,7 +4,7 @@
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */ 5 */
6/* 6/*
7 * Updated: Hewlett-Packard <paul.moore@hp.com> 7 * Updated: Hewlett-Packard <paul@paul-moore.com>
8 * 8 *
9 * Added support to import/export the NetLabel category bitmap 9 * Added support to import/export the NetLabel category bitmap
10 * 10 *
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index e96174216bc..fbf9c5816c7 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -11,7 +11,7 @@
11 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. 11 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
12 */ 12 */
13/* 13/*
14 * Updated: Hewlett-Packard <paul.moore@hp.com> 14 * Updated: Hewlett-Packard <paul@paul-moore.com>
15 * 15 *
16 * Added support to import/export the MLS label from NetLabel 16 * Added support to import/export the MLS label from NetLabel
17 * 17 *
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index 037bf9d82d4..e4369e3e636 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -11,7 +11,7 @@
11 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. 11 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
12 */ 12 */
13/* 13/*
14 * Updated: Hewlett-Packard <paul.moore@hp.com> 14 * Updated: Hewlett-Packard <paul@paul-moore.com>
15 * 15 *
16 * Added support to import/export the MLS label from NetLabel 16 * Added support to import/export the MLS label from NetLabel
17 * 17 *
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index d246aca3f4f..2381d0ded22 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -13,7 +13,7 @@
13 * 13 *
14 * Added conditional policy language extensions 14 * Added conditional policy language extensions
15 * 15 *
16 * Updated: Hewlett-Packard <paul.moore@hp.com> 16 * Updated: Hewlett-Packard <paul@paul-moore.com>
17 * 17 *
18 * Added support for the policy capability bitmap 18 * Added support for the policy capability bitmap
19 * 19 *
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 973e00e34fa..f6917bc0aa0 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -13,7 +13,7 @@
13 * 13 *
14 * Added conditional policy language extensions 14 * Added conditional policy language extensions
15 * 15 *
16 * Updated: Hewlett-Packard <paul.moore@hp.com> 16 * Updated: Hewlett-Packard <paul@paul-moore.com>
17 * 17 *
18 * Added support for NetLabel 18 * Added support for NetLabel
19 * Added support for the policy capability bitmap 19 * Added support for the policy capability bitmap
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 68178b76a2b..48665ecd119 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -46,7 +46,7 @@
46#include <net/xfrm.h> 46#include <net/xfrm.h>
47#include <net/checksum.h> 47#include <net/checksum.h>
48#include <net/udp.h> 48#include <net/udp.h>
49#include <asm/atomic.h> 49#include <linux/atomic.h>
50 50
51#include "avc.h" 51#include "avc.h"
52#include "objsec.h" 52#include "objsec.h"
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-20 14:58:18 -0400