aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-05-01 11:58:39 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-05-01 11:58:39 -0400
commit6af963f1d6789ef20abca5696cd52a758b396e52 (patch)
tree20990e909fc4a79789de54cfcae7ea150329cdc5
parentde7d5a3b6c9ff8429bf046c36b56d3192b75c3da (diff)
[PATCH] SELinux: cleanup ipc_has_perm
This patch removes the sclass argument from ipc_has_perm in the SELinux module, as it can be obtained from the ipc security structure. The use of a separate argument was a legacy of the older precondition function handling in SELinux and is obsolete. Please apply. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/hooks.c21
1 files changed, 8 insertions, 13 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0d378141c95a..aae1e794fe48 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3667,7 +3667,7 @@ static void msg_msg_free_security(struct msg_msg *msg)
3667} 3667}
3668 3668
3669static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, 3669static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
3670 u16 sclass, u32 perms) 3670 u32 perms)
3671{ 3671{
3672 struct task_security_struct *tsec; 3672 struct task_security_struct *tsec;
3673 struct ipc_security_struct *isec; 3673 struct ipc_security_struct *isec;
@@ -3679,7 +3679,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
3679 AVC_AUDIT_DATA_INIT(&ad, IPC); 3679 AVC_AUDIT_DATA_INIT(&ad, IPC);
3680 ad.u.ipc_id = ipc_perms->key; 3680 ad.u.ipc_id = ipc_perms->key;
3681 3681
3682 return avc_has_perm(tsec->sid, isec->sid, sclass, perms, &ad); 3682 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3683} 3683}
3684 3684
3685static int selinux_msg_msg_alloc_security(struct msg_msg *msg) 3685static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
@@ -3764,7 +3764,7 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
3764 return 0; 3764 return 0;
3765 } 3765 }
3766 3766
3767 err = ipc_has_perm(&msq->q_perm, SECCLASS_MSGQ, perms); 3767 err = ipc_has_perm(&msq->q_perm, perms);
3768 return err; 3768 return err;
3769} 3769}
3770 3770
@@ -3916,7 +3916,7 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
3916 return 0; 3916 return 0;
3917 } 3917 }
3918 3918
3919 err = ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms); 3919 err = ipc_has_perm(&shp->shm_perm, perms);
3920 return err; 3920 return err;
3921} 3921}
3922 3922
@@ -3935,7 +3935,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
3935 else 3935 else
3936 perms = SHM__READ | SHM__WRITE; 3936 perms = SHM__READ | SHM__WRITE;
3937 3937
3938 return ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms); 3938 return ipc_has_perm(&shp->shm_perm, perms);
3939} 3939}
3940 3940
3941/* Semaphore security operations */ 3941/* Semaphore security operations */
@@ -4024,7 +4024,7 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd)
4024 return 0; 4024 return 0;
4025 } 4025 }
4026 4026
4027 err = ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms); 4027 err = ipc_has_perm(&sma->sem_perm, perms);
4028 return err; 4028 return err;
4029} 4029}
4030 4030
@@ -4038,18 +4038,13 @@ static int selinux_sem_semop(struct sem_array *sma,
4038 else 4038 else
4039 perms = SEM__READ; 4039 perms = SEM__READ;
4040 4040
4041 return ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms); 4041 return ipc_has_perm(&sma->sem_perm, perms);
4042} 4042}
4043 4043
4044static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 4044static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4045{ 4045{
4046 struct ipc_security_struct *isec = ipcp->security;
4047 u16 sclass = SECCLASS_IPC;
4048 u32 av = 0; 4046 u32 av = 0;
4049 4047
4050 if (isec && isec->magic == SELINUX_MAGIC)
4051 sclass = isec->sclass;
4052
4053 av = 0; 4048 av = 0;
4054 if (flag & S_IRUGO) 4049 if (flag & S_IRUGO)
4055 av |= IPC__UNIX_READ; 4050 av |= IPC__UNIX_READ;
@@ -4059,7 +4054,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4059 if (av == 0) 4054 if (av == 0)
4060 return 0; 4055 return 0;
4061 4056
4062 return ipc_has_perm(ipcp, sclass, av); 4057 return ipc_has_perm(ipcp, av);
4063} 4058}
4064 4059
4065/* module stacking operations */ 4060/* module stacking operations */