Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (38 commits) SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0 TOMOYO: Protect find_task_by_vpid() with RCU. Security: add static to security_ops and default_security_ops variable selinux: libsepol: remove dead code in check_avtab_hierarchy_callback() TOMOYO: Remove __func__ from tomoyo_is_correct_path/domain security: fix a couple of sparse warnings TOMOYO: Remove unneeded parameter. TOMOYO: Use shorter names. TOMOYO: Use enum for index numbers. TOMOYO: Add garbage collector. TOMOYO: Add refcounter on domain structure. TOMOYO: Merge headers. TOMOYO: Add refcounter on string data. TOMOYO: Reduce lines by using common path for addition and deletion. selinux: fix memory leak in sel_make_bools TOMOYO: Extract bitfield syslog: clean up needless comment syslog: use defined constants instead of raw numbers syslog: distinguish between /proc/kmsg and syscalls selinux: allow MLS->non-MLS and vice versa upon policy reload ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-03-02 17:47:24 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-03-02 17:47:24 -0500
commit: 832d30ca72c0a59058e66e097f5ea11f99640819 (patch)
tree: ab71581c4ad66b2a151298ed13c0eb2506fc8068 /security/selinux/avc.c
parent: 3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff)
parent: b4ccebdd37ff70d349321a198f416ba737a5e833 (diff)
1 files changed, 8 insertions, 14 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index f2dde268165a..db0fd9f33499 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -489,17 +489,14 @@ void avc_audit(u32 ssid, u32 tsid,
        struct common_audit_data stack_data;
        u32 denied, audited;
        denied = requested & ~avd->allowed;
-        if (denied) {
+        if (denied)
-                audited = denied;
+                audited = denied & avd->auditdeny;
-                if (!(audited & avd->auditdeny))
+        else if (result)
-                        return;
-        } else if (result) {
                audited = denied = requested;
-        } else {
+        else
-                audited = requested;
+                audited = requested & avd->auditallow;
-                if (!(audited & avd->auditallow))
+        if (!audited)
-                        return;
+                return;
-        }
        if (!a) {
                a = &stack_data;
                memset(a, 0, sizeof(*a));
@@ -746,9 +743,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
                else
                        avd = &avd_entry;
-                rc = security_compute_av(ssid, tsid, tclass, requested, avd);
+                security_compute_av(ssid, tsid, tclass, avd);
-                if (rc)
-                        goto out;
                rcu_read_lock();
                node = avc_insert(ssid, tsid, tclass, avd);
        } else {
@@ -770,7 +765,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
        }
        rcu_read_unlock();
-out:
        return rc;
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-03-02 17:47:24 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-03-02 17:47:24 -0500
commit	832d30ca72c0a59058e66e097f5ea11f99640819 (patch)
tree	ab71581c4ad66b2a151298ed13c0eb2506fc8068 /security/selinux/avc.c
parent	3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff)
parent	b4ccebdd37ff70d349321a198f416ba737a5e833 (diff)