diff options
| author | Paul Moore <pmoore@redhat.com> | 2013-11-08 13:56:38 -0500 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2013-11-08 13:56:38 -0500 |
| commit | 94851b18d4eb94f8bbf0d9176f7429bd8e371f62 (patch) | |
| tree | c3c743ac6323e1caf9e987d6946cc4b2333a8256 /security/selinux/hooks.c | |
| parent | 42d64e1add3a1ce8a787116036163b8724362145 (diff) | |
| parent | 5e01dc7b26d9f24f39abace5da98ccbd6a5ceb52 (diff) | |
Merge tag 'v3.12'
Linux 3.12
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 32 |
1 files changed, 13 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c09211a4d7da..777ee98273d1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1539,7 +1539,7 @@ static int cred_has_capability(const struct cred *cred, | |||
| 1539 | 1539 | ||
| 1540 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); | 1540 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); |
| 1541 | if (audit == SECURITY_CAP_AUDIT) { | 1541 | if (audit == SECURITY_CAP_AUDIT) { |
| 1542 | int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0); | 1542 | int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); |
| 1543 | if (rc2) | 1543 | if (rc2) |
| 1544 | return rc2; | 1544 | return rc2; |
| 1545 | } | 1545 | } |
| @@ -1562,8 +1562,7 @@ static int task_has_system(struct task_struct *tsk, | |||
| 1562 | static int inode_has_perm(const struct cred *cred, | 1562 | static int inode_has_perm(const struct cred *cred, |
| 1563 | struct inode *inode, | 1563 | struct inode *inode, |
| 1564 | u32 perms, | 1564 | u32 perms, |
| 1565 | struct common_audit_data *adp, | 1565 | struct common_audit_data *adp) |
| 1566 | unsigned flags) | ||
| 1567 | { | 1566 | { |
| 1568 | struct inode_security_struct *isec; | 1567 | struct inode_security_struct *isec; |
| 1569 | u32 sid; | 1568 | u32 sid; |
| @@ -1576,7 +1575,7 @@ static int inode_has_perm(const struct cred *cred, | |||
| 1576 | sid = cred_sid(cred); | 1575 | sid = cred_sid(cred); |
| 1577 | isec = inode->i_security; | 1576 | isec = inode->i_security; |
| 1578 | 1577 | ||
| 1579 | return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); | 1578 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); |
| 1580 | } | 1579 | } |
| 1581 | 1580 | ||
| 1582 | /* Same as inode_has_perm, but pass explicit audit data containing | 1581 | /* Same as inode_has_perm, but pass explicit audit data containing |
| @@ -1591,7 +1590,7 @@ static inline int dentry_has_perm(const struct cred *cred, | |||
| 1591 | 1590 | ||
| 1592 | ad.type = LSM_AUDIT_DATA_DENTRY; | 1591 | ad.type = LSM_AUDIT_DATA_DENTRY; |
| 1593 | ad.u.dentry = dentry; | 1592 | ad.u.dentry = dentry; |
| 1594 | return inode_has_perm(cred, inode, av, &ad, 0); | 1593 | return inode_has_perm(cred, inode, av, &ad); |
| 1595 | } | 1594 | } |
| 1596 | 1595 | ||
| 1597 | /* Same as inode_has_perm, but pass explicit audit data containing | 1596 | /* Same as inode_has_perm, but pass explicit audit data containing |
| @@ -1606,7 +1605,7 @@ static inline int path_has_perm(const struct cred *cred, | |||
| 1606 | 1605 | ||
| 1607 | ad.type = LSM_AUDIT_DATA_PATH; | 1606 | ad.type = LSM_AUDIT_DATA_PATH; |
| 1608 | ad.u.path = *path; | 1607 | ad.u.path = *path; |
| 1609 | return inode_has_perm(cred, inode, av, &ad, 0); | 1608 | return inode_has_perm(cred, inode, av, &ad); |
| 1610 | } | 1609 | } |
| 1611 | 1610 | ||
| 1612 | /* Same as path_has_perm, but uses the inode from the file struct. */ | 1611 | /* Same as path_has_perm, but uses the inode from the file struct. */ |
| @@ -1618,7 +1617,7 @@ static inline int file_path_has_perm(const struct cred *cred, | |||
| 1618 | 1617 | ||
| 1619 | ad.type = LSM_AUDIT_DATA_PATH; | 1618 | ad.type = LSM_AUDIT_DATA_PATH; |
| 1620 | ad.u.path = file->f_path; | 1619 | ad.u.path = file->f_path; |
| 1621 | return inode_has_perm(cred, file_inode(file), av, &ad, 0); | 1620 | return inode_has_perm(cred, file_inode(file), av, &ad); |
| 1622 | } | 1621 | } |
| 1623 | 1622 | ||
| 1624 | /* Check whether a task can use an open file descriptor to | 1623 | /* Check whether a task can use an open file descriptor to |
| @@ -1654,7 +1653,7 @@ static int file_has_perm(const struct cred *cred, | |||
| 1654 | /* av is zero if only checking access to the descriptor. */ | 1653 | /* av is zero if only checking access to the descriptor. */ |
| 1655 | rc = 0; | 1654 | rc = 0; |
| 1656 | if (av) | 1655 | if (av) |
| 1657 | rc = inode_has_perm(cred, inode, av, &ad, 0); | 1656 | rc = inode_has_perm(cred, inode, av, &ad); |
| 1658 | 1657 | ||
| 1659 | out: | 1658 | out: |
| 1660 | return rc; | 1659 | return rc; |
| @@ -2624,7 +2623,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, | |||
| 2624 | } | 2623 | } |
| 2625 | 2624 | ||
| 2626 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | 2625 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, |
| 2627 | const struct qstr *qstr, char **name, | 2626 | const struct qstr *qstr, |
| 2627 | const char **name, | ||
| 2628 | void **value, size_t *len) | 2628 | void **value, size_t *len) |
| 2629 | { | 2629 | { |
| 2630 | const struct task_security_struct *tsec = current_security(); | 2630 | const struct task_security_struct *tsec = current_security(); |
| @@ -2632,7 +2632,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
| 2632 | struct superblock_security_struct *sbsec; | 2632 | struct superblock_security_struct *sbsec; |
| 2633 | u32 sid, newsid, clen; | 2633 | u32 sid, newsid, clen; |
| 2634 | int rc; | 2634 | int rc; |
| 2635 | char *namep = NULL, *context; | 2635 | char *context; |
| 2636 | 2636 | ||
| 2637 | dsec = dir->i_security; | 2637 | dsec = dir->i_security; |
| 2638 | sbsec = dir->i_sb->s_security; | 2638 | sbsec = dir->i_sb->s_security; |
| @@ -2668,19 +2668,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
| 2668 | if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT)) | 2668 | if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT)) |
| 2669 | return -EOPNOTSUPP; | 2669 | return -EOPNOTSUPP; |
| 2670 | 2670 | ||
| 2671 | if (name) { | 2671 | if (name) |
| 2672 | namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); | 2672 | *name = XATTR_SELINUX_SUFFIX; |
| 2673 | if (!namep) | ||
| 2674 | return -ENOMEM; | ||
| 2675 | *name = namep; | ||
| 2676 | } | ||
| 2677 | 2673 | ||
| 2678 | if (value && len) { | 2674 | if (value && len) { |
| 2679 | rc = security_sid_to_context_force(newsid, &context, &clen); | 2675 | rc = security_sid_to_context_force(newsid, &context, &clen); |
| 2680 | if (rc) { | 2676 | if (rc) |
| 2681 | kfree(namep); | ||
| 2682 | return rc; | 2677 | return rc; |
| 2683 | } | ||
| 2684 | *value = context; | 2678 | *value = context; |
| 2685 | *len = clen; | 2679 | *len = clen; |
| 2686 | } | 2680 | } |