diff options
| -rw-r--r-- | include/linux/security.h | 2 | ||||
| -rw-r--r-- | security/capability.c | 4 | ||||
| -rw-r--r-- | security/security.c | 11 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 13 |
4 files changed, 12 insertions, 18 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index a4dc74d86ac6..233d20b52c1b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -95,6 +95,8 @@ struct seq_file; | |||
| 95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
| 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); | 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
| 97 | 97 | ||
| 98 | void reset_security_ops(void); | ||
| 99 | |||
| 98 | #ifdef CONFIG_MMU | 100 | #ifdef CONFIG_MMU |
| 99 | extern unsigned long mmap_min_addr; | 101 | extern unsigned long mmap_min_addr; |
| 100 | extern unsigned long dac_mmap_min_addr; | 102 | extern unsigned long dac_mmap_min_addr; |
diff --git a/security/capability.c b/security/capability.c index 5c700e1a4fd3..4875142b858d 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -906,10 +906,6 @@ static void cap_audit_rule_free(void *lsmrule) | |||
| 906 | } | 906 | } |
| 907 | #endif /* CONFIG_AUDIT */ | 907 | #endif /* CONFIG_AUDIT */ |
| 908 | 908 | ||
| 909 | struct security_operations default_security_ops = { | ||
| 910 | .name = "default", | ||
| 911 | }; | ||
| 912 | |||
| 913 | #define set_to_cap_if_null(ops, function) \ | 909 | #define set_to_cap_if_null(ops, function) \ |
| 914 | do { \ | 910 | do { \ |
| 915 | if (!ops->function) { \ | 911 | if (!ops->function) { \ |
diff --git a/security/security.c b/security/security.c index 971092c06f31..edae56b78771 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -23,10 +23,12 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = | |||
| 23 | CONFIG_DEFAULT_SECURITY; | 23 | CONFIG_DEFAULT_SECURITY; |
| 24 | 24 | ||
| 25 | /* things that live in capability.c */ | 25 | /* things that live in capability.c */ |
| 26 | extern struct security_operations default_security_ops; | ||
| 27 | extern void security_fixup_ops(struct security_operations *ops); | 26 | extern void security_fixup_ops(struct security_operations *ops); |
| 28 | 27 | ||
| 29 | struct security_operations *security_ops; /* Initialized to NULL */ | 28 | static struct security_operations *security_ops; |
| 29 | static struct security_operations default_security_ops = { | ||
| 30 | .name = "default", | ||
| 31 | }; | ||
| 30 | 32 | ||
| 31 | static inline int verify(struct security_operations *ops) | 33 | static inline int verify(struct security_operations *ops) |
| 32 | { | 34 | { |
| @@ -63,6 +65,11 @@ int __init security_init(void) | |||
| 63 | return 0; | 65 | return 0; |
| 64 | } | 66 | } |
| 65 | 67 | ||
| 68 | void reset_security_ops(void) | ||
| 69 | { | ||
| 70 | security_ops = &default_security_ops; | ||
| 71 | } | ||
| 72 | |||
| 66 | /* Save user chosen LSM */ | 73 | /* Save user chosen LSM */ |
| 67 | static int __init choose_lsm(char *str) | 74 | static int __init choose_lsm(char *str) |
| 68 | { | 75 | { |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6b36ce2eef2e..dc7660074b99 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -126,13 +126,6 @@ __setup("selinux=", selinux_enabled_setup); | |||
| 126 | int selinux_enabled = 1; | 126 | int selinux_enabled = 1; |
| 127 | #endif | 127 | #endif |
| 128 | 128 | ||
| 129 | |||
| 130 | /* | ||
| 131 | * Minimal support for a secondary security module, | ||
| 132 | * just to allow the use of the capability module. | ||
| 133 | */ | ||
| 134 | static struct security_operations *secondary_ops; | ||
| 135 | |||
| 136 | /* Lists of inode and superblock security structures initialized | 129 | /* Lists of inode and superblock security structures initialized |
| 137 | before the policy was loaded. */ | 130 | before the policy was loaded. */ |
| 138 | static LIST_HEAD(superblock_security_head); | 131 | static LIST_HEAD(superblock_security_head); |
| @@ -5674,9 +5667,6 @@ static __init int selinux_init(void) | |||
| 5674 | 0, SLAB_PANIC, NULL); | 5667 | 0, SLAB_PANIC, NULL); |
| 5675 | avc_init(); | 5668 | avc_init(); |
| 5676 | 5669 | ||
| 5677 | secondary_ops = security_ops; | ||
| 5678 | if (!secondary_ops) | ||
| 5679 | panic("SELinux: No initial security operations\n"); | ||
| 5680 | if (register_security(&selinux_ops)) | 5670 | if (register_security(&selinux_ops)) |
| 5681 | panic("SELinux: Unable to register with kernel.\n"); | 5671 | panic("SELinux: Unable to register with kernel.\n"); |
| 5682 | 5672 | ||
| @@ -5837,8 +5827,7 @@ int selinux_disable(void) | |||
| 5837 | selinux_disabled = 1; | 5827 | selinux_disabled = 1; |
| 5838 | selinux_enabled = 0; | 5828 | selinux_enabled = 0; |
| 5839 | 5829 | ||
| 5840 | /* Reset security_ops to the secondary module, dummy or capability. */ | 5830 | reset_security_ops(); |
| 5841 | security_ops = secondary_ops; | ||
| 5842 | 5831 | ||
| 5843 | /* Try to destroy the avc node cache */ | 5832 | /* Try to destroy the avc node cache */ |
| 5844 | avc_disable(); | 5833 | avc_disable(); |