diff options
-rw-r--r-- | security/selinux/hooks.c | 48 |
1 files changed, 8 insertions, 40 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 91b666aec452..f53000803a5d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -42,9 +42,7 @@ | |||
42 | #include <linux/fdtable.h> | 42 | #include <linux/fdtable.h> |
43 | #include <linux/namei.h> | 43 | #include <linux/namei.h> |
44 | #include <linux/mount.h> | 44 | #include <linux/mount.h> |
45 | #include <linux/ext2_fs.h> | ||
46 | #include <linux/proc_fs.h> | 45 | #include <linux/proc_fs.h> |
47 | #include <linux/kd.h> | ||
48 | #include <linux/netfilter_ipv4.h> | 46 | #include <linux/netfilter_ipv4.h> |
49 | #include <linux/netfilter_ipv6.h> | 47 | #include <linux/netfilter_ipv6.h> |
50 | #include <linux/tty.h> | 48 | #include <linux/tty.h> |
@@ -2903,46 +2901,16 @@ static void selinux_file_free_security(struct file *file) | |||
2903 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, | 2901 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, |
2904 | unsigned long arg) | 2902 | unsigned long arg) |
2905 | { | 2903 | { |
2906 | int error = 0; | 2904 | u32 av = 0; |
2907 | |||
2908 | switch (cmd) { | ||
2909 | case FIONREAD: | ||
2910 | /* fall through */ | ||
2911 | case FIBMAP: | ||
2912 | /* fall through */ | ||
2913 | case FIGETBSZ: | ||
2914 | /* fall through */ | ||
2915 | case EXT2_IOC_GETFLAGS: | ||
2916 | /* fall through */ | ||
2917 | case EXT2_IOC_GETVERSION: | ||
2918 | error = file_has_perm(current, file, FILE__GETATTR); | ||
2919 | break; | ||
2920 | |||
2921 | case EXT2_IOC_SETFLAGS: | ||
2922 | /* fall through */ | ||
2923 | case EXT2_IOC_SETVERSION: | ||
2924 | error = file_has_perm(current, file, FILE__SETATTR); | ||
2925 | break; | ||
2926 | |||
2927 | /* sys_ioctl() checks */ | ||
2928 | case FIONBIO: | ||
2929 | /* fall through */ | ||
2930 | case FIOASYNC: | ||
2931 | error = file_has_perm(current, file, 0); | ||
2932 | break; | ||
2933 | 2905 | ||
2934 | case KDSKBENT: | 2906 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
2935 | case KDSKBSENT: | 2907 | av |= FILE__WRITE; |
2936 | error = task_has_capability(current, CAP_SYS_TTY_CONFIG); | 2908 | if (_IOC_DIR(cmd) & _IOC_READ) |
2937 | break; | 2909 | av |= FILE__READ; |
2910 | if (!av) | ||
2911 | av = FILE__IOCTL; | ||
2938 | 2912 | ||
2939 | /* default case assumes that the command will go | 2913 | return file_has_perm(current, file, av); |
2940 | * to the file's ioctl() function. | ||
2941 | */ | ||
2942 | default: | ||
2943 | error = file_has_perm(current, file, FILE__IOCTL); | ||
2944 | } | ||
2945 | return error; | ||
2946 | } | 2914 | } |
2947 | 2915 | ||
2948 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) | 2916 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) |