diff options
| author | Tejun Heo <tj@kernel.org> | 2014-03-07 10:23:57 -0500 |
|---|---|---|
| committer | Tejun Heo <tj@kernel.org> | 2014-03-07 10:23:57 -0500 |
| commit | 5078585a18c8cb7d1b6b7744fce842dadb3b7c72 (patch) | |
| tree | 0c3d8a25acd4b34f0d460bd9ef6173f72ec2ade2 /security/selinux | |
| parent | 7104ce9b349e0b0c9a71ee25efeb007057029677 (diff) | |
| parent | c3bebc71c4bcdafa24b506adf0c1de3c1f77e2e0 (diff) | |
Merge branch 'master' into wq/for-3.15
Pull 3.14-rc5 into wq/for-3.15 to receive nvme updates which the
scheduled PREPARE_DELAYED_WORK() updates depend on.
Signed-off-by: Tejun Heo <tj@kernel.org>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/nlmsgtab.c | 2 | ||||
| -rw-r--r-- | security/selinux/ss/policydb.c | 8 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 4 |
3 files changed, 10 insertions, 4 deletions
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 332ac8a80cf5..2df7b900e259 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
| @@ -17,6 +17,7 @@ | |||
| 17 | #include <linux/inet_diag.h> | 17 | #include <linux/inet_diag.h> |
| 18 | #include <linux/xfrm.h> | 18 | #include <linux/xfrm.h> |
| 19 | #include <linux/audit.h> | 19 | #include <linux/audit.h> |
| 20 | #include <linux/sock_diag.h> | ||
| 20 | 21 | ||
| 21 | #include "flask.h" | 22 | #include "flask.h" |
| 22 | #include "av_permissions.h" | 23 | #include "av_permissions.h" |
| @@ -78,6 +79,7 @@ static struct nlmsg_perm nlmsg_tcpdiag_perms[] = | |||
| 78 | { | 79 | { |
| 79 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | 80 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, |
| 80 | { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | 81 | { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, |
| 82 | { SOCK_DIAG_BY_FAMILY, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | ||
| 81 | }; | 83 | }; |
| 82 | 84 | ||
| 83 | static struct nlmsg_perm nlmsg_xfrm_perms[] = | 85 | static struct nlmsg_perm nlmsg_xfrm_perms[] = |
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index c0f498842129..9c5cdc2caaef 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -3338,10 +3338,10 @@ static int filename_write_helper(void *key, void *data, void *ptr) | |||
| 3338 | if (rc) | 3338 | if (rc) |
| 3339 | return rc; | 3339 | return rc; |
| 3340 | 3340 | ||
| 3341 | buf[0] = ft->stype; | 3341 | buf[0] = cpu_to_le32(ft->stype); |
| 3342 | buf[1] = ft->ttype; | 3342 | buf[1] = cpu_to_le32(ft->ttype); |
| 3343 | buf[2] = ft->tclass; | 3343 | buf[2] = cpu_to_le32(ft->tclass); |
| 3344 | buf[3] = otype->otype; | 3344 | buf[3] = cpu_to_le32(otype->otype); |
| 3345 | 3345 | ||
| 3346 | rc = put_entry(buf, sizeof(u32), 4, fp); | 3346 | rc = put_entry(buf, sizeof(u32), 4, fp); |
| 3347 | if (rc) | 3347 | if (rc) |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index c93c21127f0c..5d0144ee8ed6 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
| 1232 | struct context context; | 1232 | struct context context; |
| 1233 | int rc = 0; | 1233 | int rc = 0; |
| 1234 | 1234 | ||
| 1235 | /* An empty security context is never valid. */ | ||
| 1236 | if (!scontext_len) | ||
| 1237 | return -EINVAL; | ||
| 1238 | |||
| 1235 | if (!ss_initialized) { | 1239 | if (!ss_initialized) { |
| 1236 | int i; | 1240 | int i; |
| 1237 | 1241 | ||