diff options
| author | James Carter <jwcart2@tycho.nsa.gov> | 2007-04-04 16:18:39 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2007-04-26 01:36:09 -0400 |
| commit | 6174eafce3a38114adc6058e2872434c53feae87 (patch) | |
| tree | 8e97a2f10da78d6dc3a628109829c91c67584195 /security | |
| parent | f0ee2e467ffa68c3122128b704c1540ee294b748 (diff) | |
selinux: explicitly number all selinuxfs inodes
Explicitly number all selinuxfs inodes to prevent a conflict between
inodes numbered using last_ino when created with new_inode() and those
labeled explicitly.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@parisplace.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/selinuxfs.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e24235c59ddf..1a786db50bd9 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -100,8 +100,11 @@ enum sel_inos { | |||
| 100 | SEL_MEMBER, /* compute polyinstantiation membership decision */ | 100 | SEL_MEMBER, /* compute polyinstantiation membership decision */ |
| 101 | SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ | 101 | SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ |
| 102 | SEL_COMPAT_NET, /* whether to use old compat network packet controls */ | 102 | SEL_COMPAT_NET, /* whether to use old compat network packet controls */ |
| 103 | SEL_INO_NEXT, /* The next inode number to use */ | ||
| 103 | }; | 104 | }; |
| 104 | 105 | ||
| 106 | static unsigned long sel_last_ino = SEL_INO_NEXT - 1; | ||
| 107 | |||
| 105 | #define SEL_INITCON_INO_OFFSET 0x01000000 | 108 | #define SEL_INITCON_INO_OFFSET 0x01000000 |
| 106 | #define SEL_INO_MASK 0x00ffffff | 109 | #define SEL_INO_MASK 0x00ffffff |
| 107 | 110 | ||
| @@ -1237,6 +1240,7 @@ static int sel_make_avc_files(struct dentry *dir) | |||
| 1237 | goto out; | 1240 | goto out; |
| 1238 | } | 1241 | } |
| 1239 | inode->i_fop = files[i].ops; | 1242 | inode->i_fop = files[i].ops; |
| 1243 | inode->i_ino = ++sel_last_ino; | ||
| 1240 | d_add(dentry, inode); | 1244 | d_add(dentry, inode); |
| 1241 | } | 1245 | } |
| 1242 | out: | 1246 | out: |
| @@ -1304,6 +1308,7 @@ static int sel_make_dir(struct inode *dir, struct dentry *dentry) | |||
| 1304 | } | 1308 | } |
| 1305 | inode->i_op = &simple_dir_inode_operations; | 1309 | inode->i_op = &simple_dir_inode_operations; |
| 1306 | inode->i_fop = &simple_dir_operations; | 1310 | inode->i_fop = &simple_dir_operations; |
| 1311 | inode->i_ino = ++sel_last_ino; | ||
| 1307 | /* directory inodes start off with i_nlink == 2 (for "." entry) */ | 1312 | /* directory inodes start off with i_nlink == 2 (for "." entry) */ |
| 1308 | inc_nlink(inode); | 1313 | inc_nlink(inode); |
| 1309 | d_add(dentry, inode); | 1314 | d_add(dentry, inode); |
| @@ -1366,6 +1371,7 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) | |||
| 1366 | ret = -ENOMEM; | 1371 | ret = -ENOMEM; |
| 1367 | goto err; | 1372 | goto err; |
| 1368 | } | 1373 | } |
| 1374 | inode->i_ino = ++sel_last_ino; | ||
| 1369 | isec = (struct inode_security_struct*)inode->i_security; | 1375 | isec = (struct inode_security_struct*)inode->i_security; |
| 1370 | isec->sid = SECINITSID_DEVNULL; | 1376 | isec->sid = SECINITSID_DEVNULL; |
| 1371 | isec->sclass = SECCLASS_CHR_FILE; | 1377 | isec->sclass = SECCLASS_CHR_FILE; |