diff options
| author | Thomas Gleixner <tglx@linutronix.de> | 2010-02-17 12:27:37 -0500 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2010-02-17 12:28:05 -0500 |
| commit | b7e56edba4b02f2079042c326a8cd72a44635817 (patch) | |
| tree | b5042002e9747cd8fb1278d61f86d8b92a74c018 /security/selinux/hooks.c | |
| parent | 13ca0fcaa33f6b1984c4111b6ec5df42689fea6f (diff) | |
| parent | b0483e78e5c4c9871fc5541875b3bc006846d46b (diff) | |
Merge branch 'linus' into x86/mm
x86/mm is on 32-rc4 and missing the spinlock namespace changes which
are needed for further commits into this topic.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index bb230d5d7085..9a2ee845e9d4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -91,7 +91,6 @@ | |||
| 91 | 91 | ||
| 92 | #define NUM_SEL_MNT_OPTS 5 | 92 | #define NUM_SEL_MNT_OPTS 5 |
| 93 | 93 | ||
| 94 | extern unsigned int policydb_loaded_version; | ||
| 95 | extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); | 94 | extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); |
| 96 | extern struct security_operations *security_ops; | 95 | extern struct security_operations *security_ops; |
| 97 | 96 | ||
| @@ -2366,7 +2365,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) | |||
| 2366 | initrlim = init_task.signal->rlim + i; | 2365 | initrlim = init_task.signal->rlim + i; |
| 2367 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | 2366 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); |
| 2368 | } | 2367 | } |
| 2369 | update_rlimit_cpu(rlim->rlim_cur); | 2368 | update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur); |
| 2370 | } | 2369 | } |
| 2371 | } | 2370 | } |
| 2372 | 2371 | ||
| @@ -3338,9 +3337,18 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) | |||
| 3338 | return 0; | 3337 | return 0; |
| 3339 | } | 3338 | } |
| 3340 | 3339 | ||
| 3341 | static int selinux_kernel_module_request(void) | 3340 | static int selinux_kernel_module_request(char *kmod_name) |
| 3342 | { | 3341 | { |
| 3343 | return task_has_system(current, SYSTEM__MODULE_REQUEST); | 3342 | u32 sid; |
| 3343 | struct common_audit_data ad; | ||
| 3344 | |||
| 3345 | sid = task_sid(current); | ||
| 3346 | |||
| 3347 | COMMON_AUDIT_DATA_INIT(&ad, KMOD); | ||
| 3348 | ad.u.kmod_name = kmod_name; | ||
| 3349 | |||
| 3350 | return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, | ||
| 3351 | SYSTEM__MODULE_REQUEST, &ad); | ||
| 3344 | } | 3352 | } |
| 3345 | 3353 | ||
| 3346 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) | 3354 | static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) |
| @@ -4085,7 +4093,7 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, | |||
| 4085 | char *addrp; | 4093 | char *addrp; |
| 4086 | 4094 | ||
| 4087 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4095 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4088 | ad.u.net.netif = skb->iif; | 4096 | ad.u.net.netif = skb->skb_iif; |
| 4089 | ad.u.net.family = family; | 4097 | ad.u.net.family = family; |
| 4090 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4098 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
| 4091 | if (err) | 4099 | if (err) |
| @@ -4147,7 +4155,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
| 4147 | return 0; | 4155 | return 0; |
| 4148 | 4156 | ||
| 4149 | COMMON_AUDIT_DATA_INIT(&ad, NET); | 4157 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4150 | ad.u.net.netif = skb->iif; | 4158 | ad.u.net.netif = skb->skb_iif; |
| 4151 | ad.u.net.family = family; | 4159 | ad.u.net.family = family; |
| 4152 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4160 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
| 4153 | if (err) | 4161 | if (err) |
| @@ -4159,7 +4167,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
| 4159 | err = selinux_skb_peerlbl_sid(skb, family, &peer_sid); | 4167 | err = selinux_skb_peerlbl_sid(skb, family, &peer_sid); |
| 4160 | if (err) | 4168 | if (err) |
| 4161 | return err; | 4169 | return err; |
| 4162 | err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family, | 4170 | err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family, |
| 4163 | peer_sid, &ad); | 4171 | peer_sid, &ad); |
| 4164 | if (err) { | 4172 | if (err) { |
| 4165 | selinux_netlbl_err(skb, err, 0); | 4173 | selinux_netlbl_err(skb, err, 0); |
| @@ -4714,10 +4722,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
| 4714 | if (err) | 4722 | if (err) |
| 4715 | return err; | 4723 | return err; |
| 4716 | 4724 | ||
| 4717 | if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) | 4725 | return selinux_nlmsg_perm(sk, skb); |
| 4718 | err = selinux_nlmsg_perm(sk, skb); | ||
| 4719 | |||
| 4720 | return err; | ||
| 4721 | } | 4726 | } |
| 4722 | 4727 | ||
| 4723 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) | 4728 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) |
| @@ -5830,12 +5835,12 @@ int selinux_disable(void) | |||
| 5830 | selinux_disabled = 1; | 5835 | selinux_disabled = 1; |
| 5831 | selinux_enabled = 0; | 5836 | selinux_enabled = 0; |
| 5832 | 5837 | ||
| 5833 | /* Try to destroy the avc node cache */ | ||
| 5834 | avc_disable(); | ||
| 5835 | |||
| 5836 | /* Reset security_ops to the secondary module, dummy or capability. */ | 5838 | /* Reset security_ops to the secondary module, dummy or capability. */ |
| 5837 | security_ops = secondary_ops; | 5839 | security_ops = secondary_ops; |
| 5838 | 5840 | ||
| 5841 | /* Try to destroy the avc node cache */ | ||
| 5842 | avc_disable(); | ||
| 5843 | |||
| 5839 | /* Unregister netfilter hooks. */ | 5844 | /* Unregister netfilter hooks. */ |
| 5840 | selinux_nf_ip_exit(); | 5845 | selinux_nf_ip_exit(); |
| 5841 | 5846 | ||