diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-16 19:29:25 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-16 19:29:25 -0400 |
| commit | 7a6362800cb7d1d618a697a650c7aaed3eb39320 (patch) | |
| tree | 087f9bc6c13ef1fad4b392c5cf9325cd28fa8523 /security/selinux | |
| parent | 6445ced8670f37cfc2c5e24a9de9b413dbfc788d (diff) | |
| parent | ceda86a108671294052cbf51660097b6534672f5 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1480 commits)
bonding: enable netpoll without checking link status
xfrm: Refcount destination entry on xfrm_lookup
net: introduce rx_handler results and logic around that
bonding: get rid of IFF_SLAVE_INACTIVE netdev->priv_flag
bonding: wrap slave state work
net: get rid of multiple bond-related netdevice->priv_flags
bonding: register slave pointer for rx_handler
be2net: Bump up the version number
be2net: Copyright notice change. Update to Emulex instead of ServerEngines
e1000e: fix kconfig for crc32 dependency
netfilter ebtables: fix xt_AUDIT to work with ebtables
xen network backend driver
bonding: Improve syslog message at device creation time
bonding: Call netif_carrier_off after register_netdevice
bonding: Incorrect TX queue offset
net_sched: fix ip_tos2prio
xfrm: fix __xfrm_route_forward()
be2net: Fix UDP packet detected status in RX compl
Phonet: fix aligned-mode pipe socket buffer header reserve
netxen: support for GbE port settings
...
Fix up conflicts in drivers/staging/brcm80211/brcmsmac/wl_mac80211.c
with the staging updates.
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 8 | ||||
| -rw-r--r-- | security/selinux/include/xfrm.h | 2 | ||||
| -rw-r--r-- | security/selinux/xfrm.c | 6 |
3 files changed, 9 insertions, 7 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d52a92507412..6475e1f0223e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -4346,7 +4346,7 @@ static void selinux_secmark_refcount_dec(void) | |||
| 4346 | static void selinux_req_classify_flow(const struct request_sock *req, | 4346 | static void selinux_req_classify_flow(const struct request_sock *req, |
| 4347 | struct flowi *fl) | 4347 | struct flowi *fl) |
| 4348 | { | 4348 | { |
| 4349 | fl->secid = req->secid; | 4349 | fl->flowi_secid = req->secid; |
| 4350 | } | 4350 | } |
| 4351 | 4351 | ||
| 4352 | static int selinux_tun_dev_create(void) | 4352 | static int selinux_tun_dev_create(void) |
| @@ -4695,6 +4695,7 @@ static int selinux_netlink_recv(struct sk_buff *skb, int capability) | |||
| 4695 | { | 4695 | { |
| 4696 | int err; | 4696 | int err; |
| 4697 | struct common_audit_data ad; | 4697 | struct common_audit_data ad; |
| 4698 | u32 sid; | ||
| 4698 | 4699 | ||
| 4699 | err = cap_netlink_recv(skb, capability); | 4700 | err = cap_netlink_recv(skb, capability); |
| 4700 | if (err) | 4701 | if (err) |
| @@ -4703,8 +4704,9 @@ static int selinux_netlink_recv(struct sk_buff *skb, int capability) | |||
| 4703 | COMMON_AUDIT_DATA_INIT(&ad, CAP); | 4704 | COMMON_AUDIT_DATA_INIT(&ad, CAP); |
| 4704 | ad.u.cap = capability; | 4705 | ad.u.cap = capability; |
| 4705 | 4706 | ||
| 4706 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, | 4707 | security_task_getsecid(current, &sid); |
| 4707 | SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); | 4708 | return avc_has_perm(sid, sid, SECCLASS_CAPABILITY, |
| 4709 | CAP_TO_MASK(capability), &ad); | ||
| 4708 | } | 4710 | } |
| 4709 | 4711 | ||
| 4710 | static int ipc_alloc_security(struct task_struct *task, | 4712 | static int ipc_alloc_security(struct task_struct *task, |
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 13128f9a3e5a..b43813c9e049 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h | |||
| @@ -19,7 +19,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x); | |||
| 19 | int selinux_xfrm_state_delete(struct xfrm_state *x); | 19 | int selinux_xfrm_state_delete(struct xfrm_state *x); |
| 20 | int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); | 20 | int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); |
| 21 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, | 21 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, |
| 22 | struct xfrm_policy *xp, struct flowi *fl); | 22 | struct xfrm_policy *xp, const struct flowi *fl); |
| 23 | 23 | ||
| 24 | /* | 24 | /* |
| 25 | * Extract the security blob from the sock (it's actually on the socket) | 25 | * Extract the security blob from the sock (it's actually on the socket) |
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 728c57e3d65d..68178b76a2b3 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -112,7 +112,7 @@ int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) | |||
| 112 | */ | 112 | */ |
| 113 | 113 | ||
| 114 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, | 114 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, |
| 115 | struct flowi *fl) | 115 | const struct flowi *fl) |
| 116 | { | 116 | { |
| 117 | u32 state_sid; | 117 | u32 state_sid; |
| 118 | int rc; | 118 | int rc; |
| @@ -135,10 +135,10 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy * | |||
| 135 | 135 | ||
| 136 | state_sid = x->security->ctx_sid; | 136 | state_sid = x->security->ctx_sid; |
| 137 | 137 | ||
| 138 | if (fl->secid != state_sid) | 138 | if (fl->flowi_secid != state_sid) |
| 139 | return 0; | 139 | return 0; |
| 140 | 140 | ||
| 141 | rc = avc_has_perm(fl->secid, state_sid, SECCLASS_ASSOCIATION, | 141 | rc = avc_has_perm(fl->flowi_secid, state_sid, SECCLASS_ASSOCIATION, |
| 142 | ASSOCIATION__SENDTO, | 142 | ASSOCIATION__SENDTO, |
| 143 | NULL)? 0:1; | 143 | NULL)? 0:1; |
| 144 | 144 | ||