aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-03-31 16:42:57 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-03-31 16:42:57 -0400
commit8bb1f229527dee95644e0f8496980bb767c6f620 (patch)
tree511551e9772f11f855bd5b759b6d449da47e8820 /security/selinux
parentf22e08a79f3765fecf060b225a46931c94fb0a92 (diff)
parentc0d0259481cc6ec2a38cad810055e455de35c733 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull second try at vfs part d#2 from Al Viro: "Miklos' first series (with do_lookup() rewrite split into edible chunks) + assorted bits and pieces. The 'untangling of do_lookup()' series is is a splitup of what used to be a monolithic patch from Miklos, so this series is basically "how do I convince myself that his patch is correct (or find a hole in it)". No holes found and I like the resulting cleanup, so in it went..." Changes from try 1: Fix a boot problem with selinux, and commit messages prettied up a bit. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits) vfs: fix out-of-date dentry_unhash() comment vfs: split __lookup_hash untangling do_lookup() - take __lookup_hash()-calling case out of line. untangling do_lookup() - switch to calling __lookup_hash() untangling do_lookup() - merge d_alloc_and_lookup() callers untangling do_lookup() - merge failure exits in !dentry case untangling do_lookup() - massage !dentry case towards __lookup_hash() untangling do_lookup() - get rid of need_reval in !dentry case untangling do_lookup() - eliminate a loop. untangling do_lookup() - expand the area under ->i_mutex untangling do_lookup() - isolate !dentry stuff from the rest of it. vfs: move MAY_EXEC check from __lookup_hash() vfs: don't revalidate just looked up dentry vfs: fix d_need_lookup/d_revalidate order in do_lookup ext3: move headers to fs/ext3/ migrate ext2_fs.h guts to fs/ext2/ext2.h new helper: ext2_image_size() get rid of pointless includes of ext2_fs.h ext2: No longer export ext2_fs.h to user space mtdchar: kill persistently held vfsmount ...
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c9
-rw-r--r--security/selinux/selinuxfs.c110
2 files changed, 48 insertions, 71 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 15c6c567468b..28482f9e15b8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -28,7 +28,6 @@
28#include <linux/kernel.h> 28#include <linux/kernel.h>
29#include <linux/tracehook.h> 29#include <linux/tracehook.h>
30#include <linux/errno.h> 30#include <linux/errno.h>
31#include <linux/ext2_fs.h>
32#include <linux/sched.h> 31#include <linux/sched.h>
33#include <linux/security.h> 32#include <linux/security.h>
34#include <linux/xattr.h> 33#include <linux/xattr.h>
@@ -2971,15 +2970,15 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2971 /* fall through */ 2970 /* fall through */
2972 case FIGETBSZ: 2971 case FIGETBSZ:
2973 /* fall through */ 2972 /* fall through */
2974 case EXT2_IOC_GETFLAGS: 2973 case FS_IOC_GETFLAGS:
2975 /* fall through */ 2974 /* fall through */
2976 case EXT2_IOC_GETVERSION: 2975 case FS_IOC_GETVERSION:
2977 error = file_has_perm(cred, file, FILE__GETATTR); 2976 error = file_has_perm(cred, file, FILE__GETATTR);
2978 break; 2977 break;
2979 2978
2980 case EXT2_IOC_SETFLAGS: 2979 case FS_IOC_SETFLAGS:
2981 /* fall through */ 2980 /* fall through */
2982 case EXT2_IOC_SETVERSION: 2981 case FS_IOC_SETVERSION:
2983 error = file_has_perm(cred, file, FILE__SETATTR); 2982 error = file_has_perm(cred, file, FILE__SETATTR);
2984 break; 2983 break;
2985 2984
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 48a7d0014b4f..d7018bfa1f00 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -344,7 +344,7 @@ static int sel_make_classes(void);
344static int sel_make_policycap(void); 344static int sel_make_policycap(void);
345 345
346/* declaration for sel_make_class_dirs */ 346/* declaration for sel_make_class_dirs */
347static int sel_make_dir(struct inode *dir, struct dentry *dentry, 347static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
348 unsigned long *ino); 348 unsigned long *ino);
349 349
350static ssize_t sel_read_mls(struct file *filp, char __user *buf, 350static ssize_t sel_read_mls(struct file *filp, char __user *buf,
@@ -1678,13 +1678,9 @@ static int sel_make_class_dir_entries(char *classname, int index,
1678 inode->i_ino = sel_class_to_ino(index); 1678 inode->i_ino = sel_class_to_ino(index);
1679 d_add(dentry, inode); 1679 d_add(dentry, inode);
1680 1680
1681 dentry = d_alloc_name(dir, "perms"); 1681 dentry = sel_make_dir(dir, "perms", &last_class_ino);
1682 if (!dentry) 1682 if (IS_ERR(dentry))
1683 return -ENOMEM; 1683 return PTR_ERR(dentry);
1684
1685 rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino);
1686 if (rc)
1687 return rc;
1688 1684
1689 rc = sel_make_perm_files(classname, index, dentry); 1685 rc = sel_make_perm_files(classname, index, dentry);
1690 1686
@@ -1733,15 +1729,12 @@ static int sel_make_classes(void)
1733 for (i = 0; i < nclasses; i++) { 1729 for (i = 0; i < nclasses; i++) {
1734 struct dentry *class_name_dir; 1730 struct dentry *class_name_dir;
1735 1731
1736 rc = -ENOMEM; 1732 class_name_dir = sel_make_dir(class_dir, classes[i],
1737 class_name_dir = d_alloc_name(class_dir, classes[i]);
1738 if (!class_name_dir)
1739 goto out;
1740
1741 rc = sel_make_dir(class_dir->d_inode, class_name_dir,
1742 &last_class_ino); 1733 &last_class_ino);
1743 if (rc) 1734 if (IS_ERR(class_name_dir)) {
1735 rc = PTR_ERR(class_name_dir);
1744 goto out; 1736 goto out;
1737 }
1745 1738
1746 /* i+1 since class values are 1-indexed */ 1739 /* i+1 since class values are 1-indexed */
1747 rc = sel_make_class_dir_entries(classes[i], i + 1, 1740 rc = sel_make_class_dir_entries(classes[i], i + 1,
@@ -1787,14 +1780,20 @@ static int sel_make_policycap(void)
1787 return 0; 1780 return 0;
1788} 1781}
1789 1782
1790static int sel_make_dir(struct inode *dir, struct dentry *dentry, 1783static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1791 unsigned long *ino) 1784 unsigned long *ino)
1792{ 1785{
1786 struct dentry *dentry = d_alloc_name(dir, name);
1793 struct inode *inode; 1787 struct inode *inode;
1794 1788
1795 inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1789 if (!dentry)
1796 if (!inode) 1790 return ERR_PTR(-ENOMEM);
1797 return -ENOMEM; 1791
1792 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1793 if (!inode) {
1794 dput(dentry);
1795 return ERR_PTR(-ENOMEM);
1796 }
1798 1797
1799 inode->i_op = &simple_dir_inode_operations; 1798 inode->i_op = &simple_dir_inode_operations;
1800 inode->i_fop = &simple_dir_operations; 1799 inode->i_fop = &simple_dir_operations;
@@ -1803,16 +1802,16 @@ static int sel_make_dir(struct inode *dir, struct dentry *dentry,
1803 inc_nlink(inode); 1802 inc_nlink(inode);
1804 d_add(dentry, inode); 1803 d_add(dentry, inode);
1805 /* bump link count on parent directory, too */ 1804 /* bump link count on parent directory, too */
1806 inc_nlink(dir); 1805 inc_nlink(dir->d_inode);
1807 1806
1808 return 0; 1807 return dentry;
1809} 1808}
1810 1809
1811static int sel_fill_super(struct super_block *sb, void *data, int silent) 1810static int sel_fill_super(struct super_block *sb, void *data, int silent)
1812{ 1811{
1813 int ret; 1812 int ret;
1814 struct dentry *dentry; 1813 struct dentry *dentry;
1815 struct inode *inode, *root_inode; 1814 struct inode *inode;
1816 struct inode_security_struct *isec; 1815 struct inode_security_struct *isec;
1817 1816
1818 static struct tree_descr selinux_files[] = { 1817 static struct tree_descr selinux_files[] = {
@@ -1839,18 +1838,12 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
1839 if (ret) 1838 if (ret)
1840 goto err; 1839 goto err;
1841 1840
1842 root_inode = sb->s_root->d_inode; 1841 bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
1843 1842 if (IS_ERR(bool_dir)) {
1844 ret = -ENOMEM; 1843 ret = PTR_ERR(bool_dir);
1845 dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); 1844 bool_dir = NULL;
1846 if (!dentry)
1847 goto err; 1845 goto err;
1848 1846 }
1849 ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1850 if (ret)
1851 goto err;
1852
1853 bool_dir = dentry;
1854 1847
1855 ret = -ENOMEM; 1848 ret = -ENOMEM;
1856 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 1849 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
@@ -1872,54 +1865,39 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
1872 d_add(dentry, inode); 1865 d_add(dentry, inode);
1873 selinux_null = dentry; 1866 selinux_null = dentry;
1874 1867
1875 ret = -ENOMEM; 1868 dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
1876 dentry = d_alloc_name(sb->s_root, "avc"); 1869 if (IS_ERR(dentry)) {
1877 if (!dentry) 1870 ret = PTR_ERR(dentry);
1878 goto err;
1879
1880 ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1881 if (ret)
1882 goto err; 1871 goto err;
1872 }
1883 1873
1884 ret = sel_make_avc_files(dentry); 1874 ret = sel_make_avc_files(dentry);
1885 if (ret) 1875 if (ret)
1886 goto err; 1876 goto err;
1887 1877
1888 ret = -ENOMEM; 1878 dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
1889 dentry = d_alloc_name(sb->s_root, "initial_contexts"); 1879 if (IS_ERR(dentry)) {
1890 if (!dentry) 1880 ret = PTR_ERR(dentry);
1891 goto err;
1892
1893 ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1894 if (ret)
1895 goto err; 1881 goto err;
1882 }
1896 1883
1897 ret = sel_make_initcon_files(dentry); 1884 ret = sel_make_initcon_files(dentry);
1898 if (ret) 1885 if (ret)
1899 goto err; 1886 goto err;
1900 1887
1901 ret = -ENOMEM; 1888 class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
1902 dentry = d_alloc_name(sb->s_root, "class"); 1889 if (IS_ERR(class_dir)) {
1903 if (!dentry) 1890 ret = PTR_ERR(class_dir);
1904 goto err; 1891 class_dir = NULL;
1905
1906 ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1907 if (ret)
1908 goto err;
1909
1910 class_dir = dentry;
1911
1912 ret = -ENOMEM;
1913 dentry = d_alloc_name(sb->s_root, "policy_capabilities");
1914 if (!dentry)
1915 goto err; 1892 goto err;
1893 }
1916 1894
1917 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1895 policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
1918 if (ret) 1896 if (IS_ERR(policycap_dir)) {
1897 ret = PTR_ERR(policycap_dir);
1898 policycap_dir = NULL;
1919 goto err; 1899 goto err;
1920 1900 }
1921 policycap_dir = dentry;
1922
1923 return 0; 1901 return 0;
1924err: 1902err:
1925 printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", 1903 printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",