aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2008-04-04 08:46:05 -0400
committerJames Morris <jmorris@namei.org>2008-04-07 18:30:14 -0400
commit869ab5147e1eead890245cfd4f652ba282b6ac26 (patch)
tree8334fe84734e14e247fb7b4ef78f9a43891249f0 /security/selinux/ss
parentff09e2afe742f3ff52a0c9a660e8a3fe30cf587c (diff)
SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs code
More cases where SELinux must not re-enter the fs code. Called from the d_instantiate security hook. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r--security/selinux/ss/services.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f37418601215..3f2bad28ee7b 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -680,7 +680,8 @@ out:
680 680
681} 681}
682 682
683static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) 683static int security_context_to_sid_core(char *scontext, u32 scontext_len,
684 u32 *sid, u32 def_sid, gfp_t gfp_flags)
684{ 685{
685 char *scontext2; 686 char *scontext2;
686 struct context context; 687 struct context context;
@@ -709,7 +710,7 @@ static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *s
709 null suffix to the copy to avoid problems with the existing 710 null suffix to the copy to avoid problems with the existing
710 attr package, which doesn't view the null terminator as part 711 attr package, which doesn't view the null terminator as part
711 of the attribute value. */ 712 of the attribute value. */
712 scontext2 = kmalloc(scontext_len+1,GFP_KERNEL); 713 scontext2 = kmalloc(scontext_len+1, gfp_flags);
713 if (!scontext2) { 714 if (!scontext2) {
714 rc = -ENOMEM; 715 rc = -ENOMEM;
715 goto out; 716 goto out;
@@ -809,7 +810,7 @@ out:
809int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) 810int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
810{ 811{
811 return security_context_to_sid_core(scontext, scontext_len, 812 return security_context_to_sid_core(scontext, scontext_len,
812 sid, SECSID_NULL); 813 sid, SECSID_NULL, GFP_KERNEL);
813} 814}
814 815
815/** 816/**
@@ -829,10 +830,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
829 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient 830 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
830 * memory is available, or 0 on success. 831 * memory is available, or 0 on success.
831 */ 832 */
832int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) 833int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid,
834 u32 def_sid, gfp_t gfp_flags)
833{ 835{
834 return security_context_to_sid_core(scontext, scontext_len, 836 return security_context_to_sid_core(scontext, scontext_len,
835 sid, def_sid); 837 sid, def_sid, gfp_flags);
836} 838}
837 839
838static int compute_sid_handle_invalid_context( 840static int compute_sid_handle_invalid_context(