diff options
author | Eric Paris <eparis@redhat.com> | 2006-09-26 02:32:00 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-26 11:48:53 -0400 |
commit | 296fddf7513c155adbd3a443d12add1f62b5cddb (patch) | |
tree | 1fc7e3067f1b635b34a178fcb9a96b88bf5c626e | |
parent | f3f8771420737004da55159c2f2dc0b6f483a4ef (diff) |
[PATCH] SELinux: eliminate inode_security_set_security
inode_security_set_sid is only called by security_inode_init_security, which
is called when a new file is being created and needs to have its incore
security state initialized and its security xattr set. This helper used to be
called in other places in the past, but now only has the one. So this patch
rolls inode_security_set_sid directly back into security_inode_init_security.
There also is no need to hold the isec->sem while doing this, as the inode is
not available to other threads at this point in time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | security/selinux/hooks.c | 27 |
1 files changed, 7 insertions, 20 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5a66c4c09f7a..14a78199ee1f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1364,25 +1364,6 @@ static inline u32 file_to_av(struct file *file) | |||
1364 | return av; | 1364 | return av; |
1365 | } | 1365 | } |
1366 | 1366 | ||
1367 | /* Set an inode's SID to a specified value. */ | ||
1368 | static int inode_security_set_sid(struct inode *inode, u32 sid) | ||
1369 | { | ||
1370 | struct inode_security_struct *isec = inode->i_security; | ||
1371 | struct superblock_security_struct *sbsec = inode->i_sb->s_security; | ||
1372 | |||
1373 | if (!sbsec->initialized) { | ||
1374 | /* Defer initialization to selinux_complete_init. */ | ||
1375 | return 0; | ||
1376 | } | ||
1377 | |||
1378 | down(&isec->sem); | ||
1379 | isec->sclass = inode_mode_to_security_class(inode->i_mode); | ||
1380 | isec->sid = sid; | ||
1381 | isec->initialized = 1; | ||
1382 | up(&isec->sem); | ||
1383 | return 0; | ||
1384 | } | ||
1385 | |||
1386 | /* Hook functions begin here. */ | 1367 | /* Hook functions begin here. */ |
1387 | 1368 | ||
1388 | static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) | 1369 | static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) |
@@ -2091,7 +2072,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2091 | } | 2072 | } |
2092 | } | 2073 | } |
2093 | 2074 | ||
2094 | inode_security_set_sid(inode, newsid); | 2075 | /* Possibly defer initialization to selinux_complete_init. */ |
2076 | if (sbsec->initialized) { | ||
2077 | struct inode_security_struct *isec = inode->i_security; | ||
2078 | isec->sclass = inode_mode_to_security_class(inode->i_mode); | ||
2079 | isec->sid = newsid; | ||
2080 | isec->initialized = 1; | ||
2081 | } | ||
2095 | 2082 | ||
2096 | if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) | 2083 | if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) |
2097 | return -EOPNOTSUPP; | 2084 | return -EOPNOTSUPP; |