aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2009-06-22 14:54:53 -0400
committerJames Morris <jmorris@namei.org>2009-06-22 18:19:58 -0400
commit20dda18be9035c487c2e9534e4d18d2a1e1deade (patch)
tree5d50d2727e1495ccd8fa2a2340332f25c290670c /security
parent56f8c9bc410deb55f21698e6a0d59f559ae1d794 (diff)
selinux: restore optimization to selinux_file_permission
Restore the optimization to skip revalidation in selinux_file_permission if nothing has changed since the dentry_open checks, accidentally removed by 389fb800. Also remove redundant test from selinux_revalidate_file_permission. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: Paul Moore <paul.moore@hp.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 15c2a08a66f1..d6f64783acd1 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2938,11 +2938,6 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2938 const struct cred *cred = current_cred(); 2938 const struct cred *cred = current_cred();
2939 struct inode *inode = file->f_path.dentry->d_inode; 2939 struct inode *inode = file->f_path.dentry->d_inode;
2940 2940
2941 if (!mask) {
2942 /* No permission to check. Existence test. */
2943 return 0;
2944 }
2945
2946 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ 2941 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2947 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2942 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2948 mask |= MAY_APPEND; 2943 mask |= MAY_APPEND;
@@ -2953,10 +2948,20 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2953 2948
2954static int selinux_file_permission(struct file *file, int mask) 2949static int selinux_file_permission(struct file *file, int mask)
2955{ 2950{
2951 struct inode *inode = file->f_path.dentry->d_inode;
2952 struct file_security_struct *fsec = file->f_security;
2953 struct inode_security_struct *isec = inode->i_security;
2954 u32 sid = current_sid();
2955
2956 if (!mask) 2956 if (!mask)
2957 /* No permission to check. Existence test. */ 2957 /* No permission to check. Existence test. */
2958 return 0; 2958 return 0;
2959 2959
2960 if (sid == fsec->sid && fsec->isid == isec->sid &&
2961 fsec->pseqno == avc_policy_seqno())
2962 /* No change since dentry_open check. */
2963 return 0;
2964
2960 return selinux_revalidate_file_permission(file, mask); 2965 return selinux_revalidate_file_permission(file, mask);
2961} 2966}
2962 2967