aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/security.h8
-rw-r--r--kernel/auditsc.c21
-rw-r--r--security/dummy.c8
-rw-r--r--security/selinux/hooks.c2
4 files changed, 24 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index ec0bbbc3ffc2..2a502250eb5c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1173,8 +1173,8 @@ struct security_operations {
1173 int (*inode_getxattr) (struct dentry *dentry, char *name); 1173 int (*inode_getxattr) (struct dentry *dentry, char *name);
1174 int (*inode_listxattr) (struct dentry *dentry); 1174 int (*inode_listxattr) (struct dentry *dentry);
1175 int (*inode_removexattr) (struct dentry *dentry, char *name); 1175 int (*inode_removexattr) (struct dentry *dentry, char *name);
1176 char *(*inode_xattr_getsuffix) (void); 1176 const char *(*inode_xattr_getsuffix) (void);
1177 int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); 1177 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1178 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1178 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1179 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); 1179 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
1180 1180
@@ -1686,7 +1686,7 @@ static inline const char *security_inode_xattr_getsuffix(void)
1686 return security_ops->inode_xattr_getsuffix(); 1686 return security_ops->inode_xattr_getsuffix();
1687} 1687}
1688 1688
1689static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 1689static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
1690{ 1690{
1691 if (unlikely (IS_PRIVATE (inode))) 1691 if (unlikely (IS_PRIVATE (inode)))
1692 return 0; 1692 return 0;
@@ -2338,7 +2338,7 @@ static inline const char *security_inode_xattr_getsuffix (void)
2338 return NULL ; 2338 return NULL ;
2339} 2339}
2340 2340
2341static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 2341static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2342{ 2342{
2343 return -EOPNOTSUPP; 2343 return -EOPNOTSUPP;
2344} 2344}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4e2256ec7cf3..4ef14515da35 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -892,21 +892,20 @@ static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask)
892 } 892 }
893 893
894 ctx = kmalloc(len, gfp_mask); 894 ctx = kmalloc(len, gfp_mask);
895 if (!ctx) { 895 if (!ctx)
896 goto error_path; 896 goto error_path;
897 return;
898 }
899 897
900 len = security_getprocattr(current, "current", ctx, len); 898 len = security_getprocattr(current, "current", ctx, len);
901 if (len < 0 ) 899 if (len < 0 )
902 goto error_path; 900 goto error_path;
903 901
904 audit_log_format(ab, " subj=%s", ctx); 902 audit_log_format(ab, " subj=%s", ctx);
903 return;
905 904
906error_path: 905error_path:
907 if (ctx) 906 if (ctx)
908 kfree(ctx); 907 kfree(ctx);
909 audit_panic("security_getprocattr error in audit_log_task_context"); 908 audit_panic("error in audit_log_task_context");
910 return; 909 return;
911} 910}
912 911
@@ -1304,13 +1303,16 @@ void audit_putname(const char *name)
1304void audit_inode_context(int idx, const struct inode *inode) 1303void audit_inode_context(int idx, const struct inode *inode)
1305{ 1304{
1306 struct audit_context *context = current->audit_context; 1305 struct audit_context *context = current->audit_context;
1306 const char *suffix = security_inode_xattr_getsuffix();
1307 char *ctx = NULL; 1307 char *ctx = NULL;
1308 int len = 0; 1308 int len = 0;
1309 1309
1310 if (!security_inode_xattr_getsuffix()) 1310 if (!suffix)
1311 return; 1311 goto ret;
1312 1312
1313 len = security_inode_getsecurity(inode, (char *)security_inode_xattr_getsuffix(), NULL, 0, 0); 1313 len = security_inode_getsecurity(inode, suffix, NULL, 0, 0);
1314 if (len == -EOPNOTSUPP)
1315 goto ret;
1314 if (len < 0) 1316 if (len < 0)
1315 goto error_path; 1317 goto error_path;
1316 1318
@@ -1318,18 +1320,19 @@ void audit_inode_context(int idx, const struct inode *inode)
1318 if (!ctx) 1320 if (!ctx)
1319 goto error_path; 1321 goto error_path;
1320 1322
1321 len = security_inode_getsecurity(inode, (char *)security_inode_xattr_getsuffix(), ctx, len, 0); 1323 len = security_inode_getsecurity(inode, suffix, ctx, len, 0);
1322 if (len < 0) 1324 if (len < 0)
1323 goto error_path; 1325 goto error_path;
1324 1326
1325 kfree(context->names[idx].ctx); 1327 kfree(context->names[idx].ctx);
1326 context->names[idx].ctx = ctx; 1328 context->names[idx].ctx = ctx;
1327 return; 1329 goto ret;
1328 1330
1329error_path: 1331error_path:
1330 if (ctx) 1332 if (ctx)
1331 kfree(ctx); 1333 kfree(ctx);
1332 audit_panic("error in audit_inode_context"); 1334 audit_panic("error in audit_inode_context");
1335ret:
1333 return; 1336 return;
1334} 1337}
1335 1338
diff --git a/security/dummy.c b/security/dummy.c
index 6febe7d39fa0..0a553d39729f 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -378,7 +378,7 @@ static int dummy_inode_removexattr (struct dentry *dentry, char *name)
378 return 0; 378 return 0;
379} 379}
380 380
381static int dummy_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 381static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
382{ 382{
383 return -EOPNOTSUPP; 383 return -EOPNOTSUPP;
384} 384}
@@ -393,6 +393,11 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu
393 return 0; 393 return 0;
394} 394}
395 395
396static const char *dummy_inode_xattr_getsuffix(void)
397{
398 return NULL;
399}
400
396static int dummy_file_permission (struct file *file, int mask) 401static int dummy_file_permission (struct file *file, int mask)
397{ 402{
398 return 0; 403 return 0;
@@ -930,6 +935,7 @@ void security_fixup_ops (struct security_operations *ops)
930 set_to_dummy_if_null(ops, inode_getxattr); 935 set_to_dummy_if_null(ops, inode_getxattr);
931 set_to_dummy_if_null(ops, inode_listxattr); 936 set_to_dummy_if_null(ops, inode_listxattr);
932 set_to_dummy_if_null(ops, inode_removexattr); 937 set_to_dummy_if_null(ops, inode_removexattr);
938 set_to_dummy_if_null(ops, inode_xattr_getsuffix);
933 set_to_dummy_if_null(ops, inode_getsecurity); 939 set_to_dummy_if_null(ops, inode_getsecurity);
934 set_to_dummy_if_null(ops, inode_setsecurity); 940 set_to_dummy_if_null(ops, inode_setsecurity);
935 set_to_dummy_if_null(ops, inode_listsecurity); 941 set_to_dummy_if_null(ops, inode_listsecurity);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9c08a19cc81b..81b726b1a419 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2247,7 +2247,7 @@ static const char *selinux_inode_xattr_getsuffix(void)
2247 * 2247 *
2248 * Permission check is handled by selinux_inode_getxattr hook. 2248 * Permission check is handled by selinux_inode_getxattr hook.
2249 */ 2249 */
2250static int selinux_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 2250static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2251{ 2251{
2252 struct inode_security_struct *isec = inode->i_security; 2252 struct inode_security_struct *isec = inode->i_security;
2253 2253