aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorMark Salyzyn <salyzyn@android.com>2015-02-04 11:34:30 -0500
committerPaul Moore <pmoore@redhat.com>2015-02-04 11:34:30 -0500
commitd5f3a5f6e7e7822df5680d4fe39bf0b6979a1535 (patch)
tree8fd129856aed1a5a579f9a7a8aaa7a24476f8c40 /security/selinux
parent2088d60e3b2f53d0c9590a0202eeff85b288b1eb (diff)
selinux: add security in-core xattr support for pstore and debugfs
- add "pstore" and "debugfs" to list of in-core exceptions - change fstype checks to boolean equation - change from strncmp to strcmp for checking Signed-off-by: Mark Salyzyn <salyzyn@android.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: tweaked the subject line prefix to "selinux"] Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c25
1 files changed, 8 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c253caa90bb4..87a915656eab 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -401,23 +401,14 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
401{ 401{
402 struct superblock_security_struct *sbsec = sb->s_security; 402 struct superblock_security_struct *sbsec = sb->s_security;
403 403
404 if (sbsec->behavior == SECURITY_FS_USE_XATTR || 404 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
405 sbsec->behavior == SECURITY_FS_USE_TRANS || 405 sbsec->behavior == SECURITY_FS_USE_TRANS ||
406 sbsec->behavior == SECURITY_FS_USE_TASK) 406 sbsec->behavior == SECURITY_FS_USE_TASK ||
407 return 1; 407 /* Special handling. Genfs but also in-core setxattr handler */
408 408 !strcmp(sb->s_type->name, "sysfs") ||
409 /* Special handling for sysfs. Is genfs but also has setxattr handler*/ 409 !strcmp(sb->s_type->name, "pstore") ||
410 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) 410 !strcmp(sb->s_type->name, "debugfs") ||
411 return 1; 411 !strcmp(sb->s_type->name, "rootfs");
412
413 /*
414 * Special handling for rootfs. Is genfs but supports
415 * setting SELinux context on in-core inodes.
416 */
417 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
418 return 1;
419
420 return 0;
421} 412}
422 413
423static int sb_finish_set_opts(struct super_block *sb) 414static int sb_finish_set_opts(struct super_block *sb)