diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-04-04 08:46:05 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-07 18:30:14 -0400 |
commit | 869ab5147e1eead890245cfd4f652ba282b6ac26 (patch) | |
tree | 8334fe84734e14e247fb7b4ef78f9a43891249f0 /security/selinux/ss | |
parent | ff09e2afe742f3ff52a0c9a660e8a3fe30cf587c (diff) |
SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs code
More cases where SELinux must not re-enter the fs code. Called from the
d_instantiate security hook.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/services.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f37418601215..3f2bad28ee7b 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -680,7 +680,8 @@ out: | |||
680 | 680 | ||
681 | } | 681 | } |
682 | 682 | ||
683 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) | 683 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, |
684 | u32 *sid, u32 def_sid, gfp_t gfp_flags) | ||
684 | { | 685 | { |
685 | char *scontext2; | 686 | char *scontext2; |
686 | struct context context; | 687 | struct context context; |
@@ -709,7 +710,7 @@ static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *s | |||
709 | null suffix to the copy to avoid problems with the existing | 710 | null suffix to the copy to avoid problems with the existing |
710 | attr package, which doesn't view the null terminator as part | 711 | attr package, which doesn't view the null terminator as part |
711 | of the attribute value. */ | 712 | of the attribute value. */ |
712 | scontext2 = kmalloc(scontext_len+1,GFP_KERNEL); | 713 | scontext2 = kmalloc(scontext_len+1, gfp_flags); |
713 | if (!scontext2) { | 714 | if (!scontext2) { |
714 | rc = -ENOMEM; | 715 | rc = -ENOMEM; |
715 | goto out; | 716 | goto out; |
@@ -809,7 +810,7 @@ out: | |||
809 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | 810 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) |
810 | { | 811 | { |
811 | return security_context_to_sid_core(scontext, scontext_len, | 812 | return security_context_to_sid_core(scontext, scontext_len, |
812 | sid, SECSID_NULL); | 813 | sid, SECSID_NULL, GFP_KERNEL); |
813 | } | 814 | } |
814 | 815 | ||
815 | /** | 816 | /** |
@@ -829,10 +830,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | |||
829 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | 830 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient |
830 | * memory is available, or 0 on success. | 831 | * memory is available, or 0 on success. |
831 | */ | 832 | */ |
832 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) | 833 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, |
834 | u32 def_sid, gfp_t gfp_flags) | ||
833 | { | 835 | { |
834 | return security_context_to_sid_core(scontext, scontext_len, | 836 | return security_context_to_sid_core(scontext, scontext_len, |
835 | sid, def_sid); | 837 | sid, def_sid, gfp_flags); |
836 | } | 838 | } |
837 | 839 | ||
838 | static int compute_sid_handle_invalid_context( | 840 | static int compute_sid_handle_invalid_context( |