Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (38 commits) SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0 TOMOYO: Protect find_task_by_vpid() with RCU. Security: add static to security_ops and default_security_ops variable selinux: libsepol: remove dead code in check_avtab_hierarchy_callback() TOMOYO: Remove __func__ from tomoyo_is_correct_path/domain security: fix a couple of sparse warnings TOMOYO: Remove unneeded parameter. TOMOYO: Use shorter names. TOMOYO: Use enum for index numbers. TOMOYO: Add garbage collector. TOMOYO: Add refcounter on domain structure. TOMOYO: Merge headers. TOMOYO: Add refcounter on string data. TOMOYO: Reduce lines by using common path for addition and deletion. selinux: fix memory leak in sel_make_bools TOMOYO: Extract bitfield syslog: clean up needless comment syslog: use defined constants instead of raw numbers syslog: distinguish between /proc/kmsg and syscalls selinux: allow MLS->non-MLS and vice versa upon policy reload ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-03-02 17:47:24 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-03-02 17:47:24 -0500
commit: 832d30ca72c0a59058e66e097f5ea11f99640819 (patch)
tree: ab71581c4ad66b2a151298ed13c0eb2506fc8068 /security/selinux/hooks.c
parent: 3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff)
parent: b4ccebdd37ff70d349321a198f416ba737a5e833 (diff)
1 files changed, 16 insertions, 25 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9a2ee845e9d4..5feecb41009d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -76,6 +76,7 @@
 #include <linux/selinux.h>
 #include <linux/mutex.h>
 #include <linux/posix-timers.h>
+#include <linux/syslog.h>
 #include "avc.h"
 #include "objsec.h"
@@ -125,13 +126,6 @@ __setup("selinux=", selinux_enabled_setup);
 int selinux_enabled = 1;
 #endif
-/*
- * Minimal support for a secondary security module,
- * just to allow the use of the capability module.
- */
-static struct security_operations *secondary_ops;
 /* Lists of inode and superblock security structures initialized
   before the policy was loaded. */
 static LIST_HEAD(superblock_security_head);
@@ -2049,29 +2043,30 @@ static int selinux_quota_on(struct dentry *dentry)
        return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
 }
-static int selinux_syslog(int type)
+static int selinux_syslog(int type, bool from_file)
 {
        int rc;
-        rc = cap_syslog(type);
+        rc = cap_syslog(type, from_file);
        if (rc)
                return rc;
        switch (type) {
-        case 3:         /* Read last kernel messages */
+        case SYSLOG_ACTION_READ_ALL:    /* Read last kernel messages */
-        case 10:        /* Return size of the log buffer */
+        case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
                rc = task_has_system(current, SYSTEM__SYSLOG_READ);
                break;
-        case 6:         /* Disable logging to console */
+        case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
-        case 7:         /* Enable logging to console */
+        case SYSLOG_ACTION_CONSOLE_ON:  /* Enable logging to console */
-        case 8:         /* Set level of messages printed to console */
+        /* Set level of messages printed to console */
+        case SYSLOG_ACTION_CONSOLE_LEVEL:
                rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
                break;
-        case 0:         /* Close log */
+        case SYSLOG_ACTION_CLOSE:       /* Close log */
-        case 1:         /* Open log */
+        case SYSLOG_ACTION_OPEN:        /* Open log */
-        case 2:         /* Read from log */
+        case SYSLOG_ACTION_READ:        /* Read from log */
-        case 4:         /* Read/clear last kernel messages */
+        case SYSLOG_ACTION_READ_CLEAR:  /* Read/clear last kernel messages */
-        case 5:         /* Clear ring buffer */
+        case SYSLOG_ACTION_CLEAR:       /* Clear ring buffer */
        default:
                rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
                break;
@@ -3334,7 +3329,7 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
        if (ret == 0)
                tsec->create_sid = isec->sid;
-        return 0;
+        return ret;
 }
 static int selinux_kernel_module_request(char *kmod_name)
@@ -5672,9 +5667,6 @@ static __init int selinux_init(void)
                                            0, SLAB_PANIC, NULL);
        avc_init();
-        secondary_ops = security_ops;
-        if (!secondary_ops)
-                panic("SELinux: No initial security operations\n");
        if (register_security(&selinux_ops))
                panic("SELinux: Unable to register with kernel.\n");
@@ -5835,8 +5827,7 @@ int selinux_disable(void)
        selinux_disabled = 1;
        selinux_enabled = 0;
-        /* Reset security_ops to the secondary module, dummy or capability. */
+        reset_security_ops();
-        security_ops = secondary_ops;
        /* Try to destroy the avc node cache */
        avc_disable();
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-03-02 17:47:24 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-03-02 17:47:24 -0500
commit	832d30ca72c0a59058e66e097f5ea11f99640819 (patch)
tree	ab71581c4ad66b2a151298ed13c0eb2506fc8068 /security/selinux/hooks.c
parent	3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff)
parent	b4ccebdd37ff70d349321a198f416ba737a5e833 (diff)