diff options
| author | James Bottomley <jejb@mulgrave.il.steeleye.com> | 2006-08-27 22:59:59 -0400 |
|---|---|---|
| committer | James Bottomley <jejb@mulgrave.il.steeleye.com> | 2006-08-27 22:59:59 -0400 |
| commit | 8ce7a9c159c8c4eb480f0a65c6af753dbf9a1a70 (patch) | |
| tree | be59573c0af3617d0cd8a7d61f0ed119e58b1156 /security/selinux | |
| parent | d2afb3ae04e36dbc6e9eb2d8bd54406ff7b6b3bd (diff) | |
| parent | 01da5fd83d6b2c5e36b77539f6cbdd8f49849225 (diff) | |
Merge ../linux-2.6
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 38 | ||||
| -rw-r--r-- | security/selinux/ss/policydb.c | 12 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 4 |
3 files changed, 36 insertions, 18 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a91c961ba38b..5d1b8c733199 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3524,25 +3524,21 @@ out: | |||
| 3524 | return err; | 3524 | return err; |
| 3525 | } | 3525 | } |
| 3526 | 3526 | ||
| 3527 | static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen) | 3527 | static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) |
| 3528 | { | 3528 | { |
| 3529 | u32 peer_secid = SECSID_NULL; | ||
| 3529 | int err = 0; | 3530 | int err = 0; |
| 3530 | u32 peer_sid; | ||
| 3531 | 3531 | ||
| 3532 | if (skb->sk->sk_family == PF_UNIX) | 3532 | if (sock && (sock->sk->sk_family == PF_UNIX)) |
| 3533 | selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket), | 3533 | selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid); |
| 3534 | &peer_sid); | 3534 | else if (skb) |
| 3535 | else | 3535 | peer_secid = selinux_socket_getpeer_dgram(skb); |
| 3536 | peer_sid = selinux_socket_getpeer_dgram(skb); | ||
| 3537 | |||
| 3538 | if (peer_sid == SECSID_NULL) | ||
| 3539 | return -EINVAL; | ||
| 3540 | 3536 | ||
| 3541 | err = security_sid_to_context(peer_sid, secdata, seclen); | 3537 | if (peer_secid == SECSID_NULL) |
| 3542 | if (err) | 3538 | err = -EINVAL; |
| 3543 | return err; | 3539 | *secid = peer_secid; |
| 3544 | 3540 | ||
| 3545 | return 0; | 3541 | return err; |
| 3546 | } | 3542 | } |
| 3547 | 3543 | ||
| 3548 | static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) | 3544 | static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) |
| @@ -4407,6 +4403,17 @@ static int selinux_setprocattr(struct task_struct *p, | |||
| 4407 | return size; | 4403 | return size; |
| 4408 | } | 4404 | } |
| 4409 | 4405 | ||
| 4406 | static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | ||
| 4407 | { | ||
| 4408 | return security_sid_to_context(secid, secdata, seclen); | ||
| 4409 | } | ||
| 4410 | |||
| 4411 | static void selinux_release_secctx(char *secdata, u32 seclen) | ||
| 4412 | { | ||
| 4413 | if (secdata) | ||
| 4414 | kfree(secdata); | ||
| 4415 | } | ||
| 4416 | |||
| 4410 | #ifdef CONFIG_KEYS | 4417 | #ifdef CONFIG_KEYS |
| 4411 | 4418 | ||
| 4412 | static int selinux_key_alloc(struct key *k, struct task_struct *tsk, | 4419 | static int selinux_key_alloc(struct key *k, struct task_struct *tsk, |
| @@ -4587,6 +4594,9 @@ static struct security_operations selinux_ops = { | |||
| 4587 | .getprocattr = selinux_getprocattr, | 4594 | .getprocattr = selinux_getprocattr, |
| 4588 | .setprocattr = selinux_setprocattr, | 4595 | .setprocattr = selinux_setprocattr, |
| 4589 | 4596 | ||
| 4597 | .secid_to_secctx = selinux_secid_to_secctx, | ||
| 4598 | .release_secctx = selinux_release_secctx, | ||
| 4599 | |||
| 4590 | .unix_stream_connect = selinux_socket_unix_stream_connect, | 4600 | .unix_stream_connect = selinux_socket_unix_stream_connect, |
| 4591 | .unix_may_send = selinux_socket_unix_may_send, | 4601 | .unix_may_send = selinux_socket_unix_may_send, |
| 4592 | 4602 | ||
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 0111990ba837..f03960e697ce 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -644,10 +644,18 @@ void policydb_destroy(struct policydb *p) | |||
| 644 | kfree(lra); | 644 | kfree(lra); |
| 645 | 645 | ||
| 646 | for (rt = p->range_tr; rt; rt = rt -> next) { | 646 | for (rt = p->range_tr; rt; rt = rt -> next) { |
| 647 | kfree(lrt); | 647 | if (lrt) { |
| 648 | ebitmap_destroy(&lrt->range.level[0].cat); | ||
| 649 | ebitmap_destroy(&lrt->range.level[1].cat); | ||
| 650 | kfree(lrt); | ||
| 651 | } | ||
| 648 | lrt = rt; | 652 | lrt = rt; |
| 649 | } | 653 | } |
| 650 | kfree(lrt); | 654 | if (lrt) { |
| 655 | ebitmap_destroy(&lrt->range.level[0].cat); | ||
| 656 | ebitmap_destroy(&lrt->range.level[1].cat); | ||
| 657 | kfree(lrt); | ||
| 658 | } | ||
| 651 | 659 | ||
| 652 | if (p->type_attr_map) { | 660 | if (p->type_attr_map) { |
| 653 | for (i = 0; i < p->p_types.nprim; i++) | 661 | for (i = 0; i < p->p_types.nprim; i++) |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index d2e80e62ff0c..85e429884393 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -833,6 +833,8 @@ static int security_compute_sid(u32 ssid, | |||
| 833 | goto out; | 833 | goto out; |
| 834 | } | 834 | } |
| 835 | 835 | ||
| 836 | context_init(&newcontext); | ||
| 837 | |||
| 836 | POLICY_RDLOCK; | 838 | POLICY_RDLOCK; |
| 837 | 839 | ||
| 838 | scontext = sidtab_search(&sidtab, ssid); | 840 | scontext = sidtab_search(&sidtab, ssid); |
| @@ -850,8 +852,6 @@ static int security_compute_sid(u32 ssid, | |||
| 850 | goto out_unlock; | 852 | goto out_unlock; |
| 851 | } | 853 | } |
| 852 | 854 | ||
| 853 | context_init(&newcontext); | ||
| 854 | |||
| 855 | /* Set the user identity. */ | 855 | /* Set the user identity. */ |
| 856 | switch (specified) { | 856 | switch (specified) { |
| 857 | case AVTAB_TRANSITION: | 857 | case AVTAB_TRANSITION: |