diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-13 13:00:44 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-13 13:00:44 -0400 |
| commit | 8d71ff0bef9cf4e70108a9a2762f2361e607abde (patch) | |
| tree | a79487fceb6ec18e956373a3019416a43b269f1d /security/selinux/ss/services.c | |
| parent | 244dc4e54b73567fae7f8fd9ba56584be9375442 (diff) | |
| parent | 92562927826fceb2f8e69c89e28161b8c1e0b125 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (24 commits)
integrity: special fs magic
As pointed out by Jonathan Corbet, the timer must be deleted before
ERROR: code indent should use tabs where possible
The tpm_dev_release function is only called for platform devices, not pnp
Protect tpm_chip_list when transversing it.
Renames num_open to is_open, as only one process can open the file at a time.
Remove the BKL calls from the TPM driver, which were added in the overall
netlabel: Add configuration support for local labeling
cipso: Add support for native local labeling and fixup mapping names
netlabel: Changes to the NetLabel security attributes to allow LSMs to pass full contexts
selinux: Cache NetLabel secattrs in the socket's security struct
selinux: Set socket NetLabel based on connection endpoint
netlabel: Add functionality to set the security attributes of a packet
netlabel: Add network address selectors to the NetLabel/LSM domain mapping
netlabel: Add a generic way to create ordered linked lists of network addrs
netlabel: Replace protocol/NetLabel linking with refrerence counts
smack: Fix missing calls to netlbl_skbuff_err()
selinux: Fix missing calls to netlbl_skbuff_err()
selinux: Fix a problem in security_netlbl_sid_to_secattr()
selinux: Better local/forward check in selinux_ip_postroute()
...
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ab0cc0c7b944..343c8ab14af0 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -2955,7 +2955,7 @@ netlbl_secattr_to_sid_return_cleanup: | |||
| 2955 | */ | 2955 | */ |
| 2956 | int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | 2956 | int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) |
| 2957 | { | 2957 | { |
| 2958 | int rc = -ENOENT; | 2958 | int rc; |
| 2959 | struct context *ctx; | 2959 | struct context *ctx; |
| 2960 | 2960 | ||
| 2961 | if (!ss_initialized) | 2961 | if (!ss_initialized) |
| @@ -2963,11 +2963,18 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | |||
| 2963 | 2963 | ||
| 2964 | read_lock(&policy_rwlock); | 2964 | read_lock(&policy_rwlock); |
| 2965 | ctx = sidtab_search(&sidtab, sid); | 2965 | ctx = sidtab_search(&sidtab, sid); |
| 2966 | if (ctx == NULL) | 2966 | if (ctx == NULL) { |
| 2967 | rc = -ENOENT; | ||
| 2967 | goto netlbl_sid_to_secattr_failure; | 2968 | goto netlbl_sid_to_secattr_failure; |
| 2969 | } | ||
| 2968 | secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], | 2970 | secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], |
| 2969 | GFP_ATOMIC); | 2971 | GFP_ATOMIC); |
| 2970 | secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY; | 2972 | if (secattr->domain == NULL) { |
| 2973 | rc = -ENOMEM; | ||
| 2974 | goto netlbl_sid_to_secattr_failure; | ||
| 2975 | } | ||
| 2976 | secattr->attr.secid = sid; | ||
| 2977 | secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID; | ||
| 2971 | mls_export_netlbl_lvl(ctx, secattr); | 2978 | mls_export_netlbl_lvl(ctx, secattr); |
| 2972 | rc = mls_export_netlbl_cat(ctx, secattr); | 2979 | rc = mls_export_netlbl_cat(ctx, secattr); |
| 2973 | if (rc != 0) | 2980 | if (rc != 0) |