aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2009-12-08 04:58:33 -0500
committerDavid Woodhouse <David.Woodhouse@intel.com>2009-12-08 04:59:24 -0500
commitec208491936d6adb8a70c3dd4a517cdfe54e823d (patch)
treec7291450e8e559c5fbf3360df30999432204af3c /security/selinux/hooks.c
parentaa697079ee66315c4b9747a5eb3e48487fb1b8be (diff)
parent7b626acb8f983eb83b396ab96cc24b18d635d487 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Merge the BIOS workarounds from 2.6.32, and the swiotlb fallback on failure.
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c27
1 files changed, 16 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 417f7c994522..c96d63ec4753 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -91,7 +91,6 @@
91 91
92#define NUM_SEL_MNT_OPTS 5 92#define NUM_SEL_MNT_OPTS 5
93 93
94extern unsigned int policydb_loaded_version;
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); 94extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern struct security_operations *security_ops; 95extern struct security_operations *security_ops;
97 96
@@ -2411,7 +2410,7 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2411 /* Wake up the parent if it is waiting so that it can recheck 2410 /* Wake up the parent if it is waiting so that it can recheck
2412 * wait permission to the new task SID. */ 2411 * wait permission to the new task SID. */
2413 read_lock(&tasklist_lock); 2412 read_lock(&tasklist_lock);
2414 wake_up_interruptible(&current->real_parent->signal->wait_chldexit); 2413 __wake_up_parent(current, current->real_parent);
2415 read_unlock(&tasklist_lock); 2414 read_unlock(&tasklist_lock);
2416} 2415}
2417 2416
@@ -3338,9 +3337,18 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3338 return 0; 3337 return 0;
3339} 3338}
3340 3339
3341static int selinux_kernel_module_request(void) 3340static int selinux_kernel_module_request(char *kmod_name)
3342{ 3341{
3343 return task_has_system(current, SYSTEM__MODULE_REQUEST); 3342 u32 sid;
3343 struct common_audit_data ad;
3344
3345 sid = task_sid(current);
3346
3347 COMMON_AUDIT_DATA_INIT(&ad, KMOD);
3348 ad.u.kmod_name = kmod_name;
3349
3350 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3351 SYSTEM__MODULE_REQUEST, &ad);
3344} 3352}
3345 3353
3346static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) 3354static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
@@ -4714,10 +4722,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4714 if (err) 4722 if (err)
4715 return err; 4723 return err;
4716 4724
4717 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) 4725 return selinux_nlmsg_perm(sk, skb);
4718 err = selinux_nlmsg_perm(sk, skb);
4719
4720 return err;
4721} 4726}
4722 4727
4723static int selinux_netlink_recv(struct sk_buff *skb, int capability) 4728static int selinux_netlink_recv(struct sk_buff *skb, int capability)
@@ -5830,12 +5835,12 @@ int selinux_disable(void)
5830 selinux_disabled = 1; 5835 selinux_disabled = 1;
5831 selinux_enabled = 0; 5836 selinux_enabled = 0;
5832 5837
5833 /* Try to destroy the avc node cache */
5834 avc_disable();
5835
5836 /* Reset security_ops to the secondary module, dummy or capability. */ 5838 /* Reset security_ops to the secondary module, dummy or capability. */
5837 security_ops = secondary_ops; 5839 security_ops = secondary_ops;
5838 5840
5841 /* Try to destroy the avc node cache */
5842 avc_disable();
5843
5839 /* Unregister netfilter hooks. */ 5844 /* Unregister netfilter hooks. */
5840 selinux_nf_ip_exit(); 5845 selinux_nf_ip_exit();
5841 5846
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-29 23:49:21 -0400