diff options
-rw-r--r-- | include/linux/security.h | 8 | ||||
-rw-r--r-- | kernel/auditsc.c | 21 | ||||
-rw-r--r-- | security/dummy.c | 8 | ||||
-rw-r--r-- | security/selinux/hooks.c | 2 |
4 files changed, 24 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index ec0bbbc3ffc2..2a502250eb5c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1173,8 +1173,8 @@ struct security_operations { | |||
1173 | int (*inode_getxattr) (struct dentry *dentry, char *name); | 1173 | int (*inode_getxattr) (struct dentry *dentry, char *name); |
1174 | int (*inode_listxattr) (struct dentry *dentry); | 1174 | int (*inode_listxattr) (struct dentry *dentry); |
1175 | int (*inode_removexattr) (struct dentry *dentry, char *name); | 1175 | int (*inode_removexattr) (struct dentry *dentry, char *name); |
1176 | char *(*inode_xattr_getsuffix) (void); | 1176 | const char *(*inode_xattr_getsuffix) (void); |
1177 | int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); | 1177 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); |
1178 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1178 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
1179 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); | 1179 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); |
1180 | 1180 | ||
@@ -1686,7 +1686,7 @@ static inline const char *security_inode_xattr_getsuffix(void) | |||
1686 | return security_ops->inode_xattr_getsuffix(); | 1686 | return security_ops->inode_xattr_getsuffix(); |
1687 | } | 1687 | } |
1688 | 1688 | ||
1689 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 1689 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
1690 | { | 1690 | { |
1691 | if (unlikely (IS_PRIVATE (inode))) | 1691 | if (unlikely (IS_PRIVATE (inode))) |
1692 | return 0; | 1692 | return 0; |
@@ -2338,7 +2338,7 @@ static inline const char *security_inode_xattr_getsuffix (void) | |||
2338 | return NULL ; | 2338 | return NULL ; |
2339 | } | 2339 | } |
2340 | 2340 | ||
2341 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 2341 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
2342 | { | 2342 | { |
2343 | return -EOPNOTSUPP; | 2343 | return -EOPNOTSUPP; |
2344 | } | 2344 | } |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4e2256ec7cf3..4ef14515da35 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -892,21 +892,20 @@ static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask) | |||
892 | } | 892 | } |
893 | 893 | ||
894 | ctx = kmalloc(len, gfp_mask); | 894 | ctx = kmalloc(len, gfp_mask); |
895 | if (!ctx) { | 895 | if (!ctx) |
896 | goto error_path; | 896 | goto error_path; |
897 | return; | ||
898 | } | ||
899 | 897 | ||
900 | len = security_getprocattr(current, "current", ctx, len); | 898 | len = security_getprocattr(current, "current", ctx, len); |
901 | if (len < 0 ) | 899 | if (len < 0 ) |
902 | goto error_path; | 900 | goto error_path; |
903 | 901 | ||
904 | audit_log_format(ab, " subj=%s", ctx); | 902 | audit_log_format(ab, " subj=%s", ctx); |
903 | return; | ||
905 | 904 | ||
906 | error_path: | 905 | error_path: |
907 | if (ctx) | 906 | if (ctx) |
908 | kfree(ctx); | 907 | kfree(ctx); |
909 | audit_panic("security_getprocattr error in audit_log_task_context"); | 908 | audit_panic("error in audit_log_task_context"); |
910 | return; | 909 | return; |
911 | } | 910 | } |
912 | 911 | ||
@@ -1304,13 +1303,16 @@ void audit_putname(const char *name) | |||
1304 | void audit_inode_context(int idx, const struct inode *inode) | 1303 | void audit_inode_context(int idx, const struct inode *inode) |
1305 | { | 1304 | { |
1306 | struct audit_context *context = current->audit_context; | 1305 | struct audit_context *context = current->audit_context; |
1306 | const char *suffix = security_inode_xattr_getsuffix(); | ||
1307 | char *ctx = NULL; | 1307 | char *ctx = NULL; |
1308 | int len = 0; | 1308 | int len = 0; |
1309 | 1309 | ||
1310 | if (!security_inode_xattr_getsuffix()) | 1310 | if (!suffix) |
1311 | return; | 1311 | goto ret; |
1312 | 1312 | ||
1313 | len = security_inode_getsecurity(inode, (char *)security_inode_xattr_getsuffix(), NULL, 0, 0); | 1313 | len = security_inode_getsecurity(inode, suffix, NULL, 0, 0); |
1314 | if (len == -EOPNOTSUPP) | ||
1315 | goto ret; | ||
1314 | if (len < 0) | 1316 | if (len < 0) |
1315 | goto error_path; | 1317 | goto error_path; |
1316 | 1318 | ||
@@ -1318,18 +1320,19 @@ void audit_inode_context(int idx, const struct inode *inode) | |||
1318 | if (!ctx) | 1320 | if (!ctx) |
1319 | goto error_path; | 1321 | goto error_path; |
1320 | 1322 | ||
1321 | len = security_inode_getsecurity(inode, (char *)security_inode_xattr_getsuffix(), ctx, len, 0); | 1323 | len = security_inode_getsecurity(inode, suffix, ctx, len, 0); |
1322 | if (len < 0) | 1324 | if (len < 0) |
1323 | goto error_path; | 1325 | goto error_path; |
1324 | 1326 | ||
1325 | kfree(context->names[idx].ctx); | 1327 | kfree(context->names[idx].ctx); |
1326 | context->names[idx].ctx = ctx; | 1328 | context->names[idx].ctx = ctx; |
1327 | return; | 1329 | goto ret; |
1328 | 1330 | ||
1329 | error_path: | 1331 | error_path: |
1330 | if (ctx) | 1332 | if (ctx) |
1331 | kfree(ctx); | 1333 | kfree(ctx); |
1332 | audit_panic("error in audit_inode_context"); | 1334 | audit_panic("error in audit_inode_context"); |
1335 | ret: | ||
1333 | return; | 1336 | return; |
1334 | } | 1337 | } |
1335 | 1338 | ||
diff --git a/security/dummy.c b/security/dummy.c index 6febe7d39fa0..0a553d39729f 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -378,7 +378,7 @@ static int dummy_inode_removexattr (struct dentry *dentry, char *name) | |||
378 | return 0; | 378 | return 0; |
379 | } | 379 | } |
380 | 380 | ||
381 | static int dummy_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 381 | static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
382 | { | 382 | { |
383 | return -EOPNOTSUPP; | 383 | return -EOPNOTSUPP; |
384 | } | 384 | } |
@@ -393,6 +393,11 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu | |||
393 | return 0; | 393 | return 0; |
394 | } | 394 | } |
395 | 395 | ||
396 | static const char *dummy_inode_xattr_getsuffix(void) | ||
397 | { | ||
398 | return NULL; | ||
399 | } | ||
400 | |||
396 | static int dummy_file_permission (struct file *file, int mask) | 401 | static int dummy_file_permission (struct file *file, int mask) |
397 | { | 402 | { |
398 | return 0; | 403 | return 0; |
@@ -930,6 +935,7 @@ void security_fixup_ops (struct security_operations *ops) | |||
930 | set_to_dummy_if_null(ops, inode_getxattr); | 935 | set_to_dummy_if_null(ops, inode_getxattr); |
931 | set_to_dummy_if_null(ops, inode_listxattr); | 936 | set_to_dummy_if_null(ops, inode_listxattr); |
932 | set_to_dummy_if_null(ops, inode_removexattr); | 937 | set_to_dummy_if_null(ops, inode_removexattr); |
938 | set_to_dummy_if_null(ops, inode_xattr_getsuffix); | ||
933 | set_to_dummy_if_null(ops, inode_getsecurity); | 939 | set_to_dummy_if_null(ops, inode_getsecurity); |
934 | set_to_dummy_if_null(ops, inode_setsecurity); | 940 | set_to_dummy_if_null(ops, inode_setsecurity); |
935 | set_to_dummy_if_null(ops, inode_listsecurity); | 941 | set_to_dummy_if_null(ops, inode_listsecurity); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9c08a19cc81b..81b726b1a419 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2247,7 +2247,7 @@ static const char *selinux_inode_xattr_getsuffix(void) | |||
2247 | * | 2247 | * |
2248 | * Permission check is handled by selinux_inode_getxattr hook. | 2248 | * Permission check is handled by selinux_inode_getxattr hook. |
2249 | */ | 2249 | */ |
2250 | static int selinux_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 2250 | static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
2251 | { | 2251 | { |
2252 | struct inode_security_struct *isec = inode->i_security; | 2252 | struct inode_security_struct *isec = inode->i_security; |
2253 | 2253 | ||