diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 16:36:55 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 16:36:55 -0400 |
| commit | 847106ff628805e1a0aa91e7f53381f3fdfcd839 (patch) | |
| tree | 457c8d6a5ff20f4d0f28634a196f92273298e49e /security/selinux/ss/mls.c | |
| parent | c142bda458a9c81097238800e1bd8eeeea09913d (diff) | |
| parent | 6f0f0fd496333777d53daff21a4e3b28c4d03a6d (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (25 commits)
security: remove register_security hook
security: remove dummy module fix
security: remove dummy module
security: remove unused sb_get_mnt_opts hook
LSM/SELinux: show LSM mount options in /proc/mounts
SELinux: allow fstype unknown to policy to use xattrs if present
security: fix return of void-valued expressions
SELinux: use do_each_thread as a proper do/while block
SELinux: remove unused and shadowed addrlen variable
SELinux: more user friendly unknown handling printk
selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine)
SELinux: drop load_mutex in security_load_policy
SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av
SELinux: open code sidtab lock
SELinux: open code load_mutex
SELinux: open code policy_rwlock
selinux: fix endianness bug in network node address handling
selinux: simplify ioctl checking
SELinux: enable processes with mac_admin to get the raw inode contexts
Security: split proc ptrace checking into read vs. attach
...
Diffstat (limited to 'security/selinux/ss/mls.c')
| -rw-r--r-- | security/selinux/ss/mls.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 8b1706b7b3cc..77d745da48bb 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
| @@ -239,7 +239,8 @@ int mls_context_isvalid(struct policydb *p, struct context *c) | |||
| 239 | * Policy read-lock must be held for sidtab lookup. | 239 | * Policy read-lock must be held for sidtab lookup. |
| 240 | * | 240 | * |
| 241 | */ | 241 | */ |
| 242 | int mls_context_to_sid(char oldc, | 242 | int mls_context_to_sid(struct policydb *pol, |
| 243 | char oldc, | ||
| 243 | char **scontext, | 244 | char **scontext, |
| 244 | struct context *context, | 245 | struct context *context, |
| 245 | struct sidtab *s, | 246 | struct sidtab *s, |
| @@ -286,7 +287,7 @@ int mls_context_to_sid(char oldc, | |||
| 286 | *p++ = 0; | 287 | *p++ = 0; |
| 287 | 288 | ||
| 288 | for (l = 0; l < 2; l++) { | 289 | for (l = 0; l < 2; l++) { |
| 289 | levdatum = hashtab_search(policydb.p_levels.table, scontextp); | 290 | levdatum = hashtab_search(pol->p_levels.table, scontextp); |
| 290 | if (!levdatum) { | 291 | if (!levdatum) { |
| 291 | rc = -EINVAL; | 292 | rc = -EINVAL; |
| 292 | goto out; | 293 | goto out; |
| @@ -311,7 +312,7 @@ int mls_context_to_sid(char oldc, | |||
| 311 | *rngptr++ = 0; | 312 | *rngptr++ = 0; |
| 312 | } | 313 | } |
| 313 | 314 | ||
| 314 | catdatum = hashtab_search(policydb.p_cats.table, | 315 | catdatum = hashtab_search(pol->p_cats.table, |
| 315 | scontextp); | 316 | scontextp); |
| 316 | if (!catdatum) { | 317 | if (!catdatum) { |
| 317 | rc = -EINVAL; | 318 | rc = -EINVAL; |
| @@ -327,7 +328,7 @@ int mls_context_to_sid(char oldc, | |||
| 327 | if (rngptr) { | 328 | if (rngptr) { |
| 328 | int i; | 329 | int i; |
| 329 | 330 | ||
| 330 | rngdatum = hashtab_search(policydb.p_cats.table, rngptr); | 331 | rngdatum = hashtab_search(pol->p_cats.table, rngptr); |
| 331 | if (!rngdatum) { | 332 | if (!rngdatum) { |
| 332 | rc = -EINVAL; | 333 | rc = -EINVAL; |
| 333 | goto out; | 334 | goto out; |
| @@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) | |||
| 395 | if (!tmpstr) { | 396 | if (!tmpstr) { |
| 396 | rc = -ENOMEM; | 397 | rc = -ENOMEM; |
| 397 | } else { | 398 | } else { |
| 398 | rc = mls_context_to_sid(':', &tmpstr, context, | 399 | rc = mls_context_to_sid(&policydb, ':', &tmpstr, context, |
| 399 | NULL, SECSID_NULL); | 400 | NULL, SECSID_NULL); |
| 400 | kfree(freestr); | 401 | kfree(freestr); |
| 401 | } | 402 | } |
| @@ -436,13 +437,13 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, | |||
| 436 | struct mls_level *usercon_clr = &(usercon->range.level[1]); | 437 | struct mls_level *usercon_clr = &(usercon->range.level[1]); |
| 437 | 438 | ||
| 438 | /* Honor the user's default level if we can */ | 439 | /* Honor the user's default level if we can */ |
| 439 | if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) { | 440 | if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) |
| 440 | *usercon_sen = *user_def; | 441 | *usercon_sen = *user_def; |
| 441 | } else if (mls_level_between(fromcon_sen, user_def, user_clr)) { | 442 | else if (mls_level_between(fromcon_sen, user_def, user_clr)) |
| 442 | *usercon_sen = *fromcon_sen; | 443 | *usercon_sen = *fromcon_sen; |
| 443 | } else if (mls_level_between(fromcon_clr, user_low, user_def)) { | 444 | else if (mls_level_between(fromcon_clr, user_low, user_def)) |
| 444 | *usercon_sen = *user_low; | 445 | *usercon_sen = *user_low; |
| 445 | } else | 446 | else |
| 446 | return -EINVAL; | 447 | return -EINVAL; |
| 447 | 448 | ||
| 448 | /* Lower the clearance of available contexts | 449 | /* Lower the clearance of available contexts |