1 files changed, 29 insertions, 7 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 9da6420e2056..1d027e29ce8d 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -471,6 +471,7 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 * @avd: access vector decisions
 * @result: result from avc_has_perm_noaudit
 * @a:  auxiliary audit data
+ * @flags: VFS walk flags
 *
 * Audit the granting or denial of permissions in accordance
 * with the policy.  This function is typically called by
@@ -481,9 +482,10 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 * be performed under a lock, to allow the lock to be released
 * before calling the auditing code.
 */
-void avc_audit(u32 ssid, u32 tsid,
+int avc_audit(u32 ssid, u32 tsid,
               u16 tclass, u32 requested,
-               struct av_decision *avd, int result, struct common_audit_data *a)
+               struct av_decision *avd, int result, struct common_audit_data *a,
+               unsigned flags)
 {
        struct common_audit_data stack_data;
        u32 denied, audited;
@@ -515,11 +517,24 @@ void avc_audit(u32 ssid, u32 tsid,
        else
                audited = requested & avd->auditallow;
        if (!audited)
-                return;
+                return 0;
        if (!a) {
                a = &stack_data;
                COMMON_AUDIT_DATA_INIT(a, NONE);
        }
+        /*
+         * When in a RCU walk do the audit on the RCU retry.  This is because
+         * the collection of the dname in an inode audit message is not RCU
+         * safe.  Note this may drop some audits when the situation changes
+         * during retry. However this is logically just as if the operation
+         * happened a little later.
+         */
+        if ((a->type == LSM_AUDIT_DATA_FS) &&
+            (flags & IPERM_FLAG_RCU))
+                return -ECHILD;
        a->selinux_audit_data.tclass = tclass;
        a->selinux_audit_data.requested = requested;
        a->selinux_audit_data.ssid = ssid;
@@ -529,6 +544,7 @@ void avc_audit(u32 ssid, u32 tsid,
        a->lsm_pre_audit = avc_audit_pre_callback;
        a->lsm_post_audit = avc_audit_post_callback;
        common_lsm_audit(a);
+        return 0;
 }
 /**
@@ -793,6 +809,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 * @tclass: target security class
 * @requested: requested permissions, interpreted based on @tclass
 * @auditdata: auxiliary audit data
+ * @flags: VFS walk flags
 *
 * Check the AVC to determine whether the @requested permissions are granted
 * for the SID pair (@ssid, @tsid), interpreting the permissions
@@ -802,14 +819,19 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 * permissions are granted, -%EACCES if any permissions are denied, or
 * another -errno upon other errors.
 */
-int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
+int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass,
-                 u32 requested, struct common_audit_data *auditdata)
+                       u32 requested, struct common_audit_data *auditdata,
+                       unsigned flags)
 {
        struct av_decision avd;
-        int rc;
+        int rc, rc2;
        rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
-        avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
+        rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata,
+                        flags);
+        if (rc2)
+                return rc2;
        return rc;
 }

diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 9da6420e2056..1d027e29ce8d 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c
@@ -471,6 +471,7 @@ static void avc_audit_post_callback(struct audit_buffer ab, void a)
471	* @avd: access vector decisions	471	* @avd: access vector decisions
472	* @result: result from avc_has_perm_noaudit	472	* @result: result from avc_has_perm_noaudit
473	* @a: auxiliary audit data	473	* @a: auxiliary audit data
		474	* @flags: VFS walk flags
474	*	475	*
475	* Audit the granting or denial of permissions in accordance	476	* Audit the granting or denial of permissions in accordance
476	* with the policy. This function is typically called by	477	* with the policy. This function is typically called by
@@ -481,9 +482,10 @@ static void avc_audit_post_callback(struct audit_buffer ab, void a)
481	* be performed under a lock, to allow the lock to be released	482	* be performed under a lock, to allow the lock to be released
482	* before calling the auditing code.	483	* before calling the auditing code.
483	*/	484	*/
484	void avc_audit(u32 ssid, u32 tsid,	485	int avc_audit(u32 ssid, u32 tsid,
485	u16 tclass, u32 requested,	486	u16 tclass, u32 requested,
486	struct av_decision avd, int result, struct common_audit_data a)	487	struct av_decision avd, int result, struct common_audit_data a,
		488	unsigned flags)
487	{	489	{
488	struct common_audit_data stack_data;	490	struct common_audit_data stack_data;
489	u32 denied, audited;	491	u32 denied, audited;
@@ -515,11 +517,24 @@ void avc_audit(u32 ssid, u32 tsid,
515	else	517	else
516	audited = requested & avd->auditallow;	518	audited = requested & avd->auditallow;
517	if (!audited)	519	if (!audited)
518	return;	520	return 0;
		521
519	if (!a) {	522	if (!a) {
520	a = &stack_data;	523	a = &stack_data;
521	COMMON_AUDIT_DATA_INIT(a, NONE);	524	COMMON_AUDIT_DATA_INIT(a, NONE);
522	}	525	}
		526
		527	/*
		528	* When in a RCU walk do the audit on the RCU retry. This is because
		529	* the collection of the dname in an inode audit message is not RCU
		530	* safe. Note this may drop some audits when the situation changes
		531	* during retry. However this is logically just as if the operation
		532	* happened a little later.
		533	*/
		534	if ((a->type == LSM_AUDIT_DATA_FS) &&
		535	(flags & IPERM_FLAG_RCU))
		536	return -ECHILD;
		537
523	a->selinux_audit_data.tclass = tclass;	538	a->selinux_audit_data.tclass = tclass;
524	a->selinux_audit_data.requested = requested;	539	a->selinux_audit_data.requested = requested;
525	a->selinux_audit_data.ssid = ssid;	540	a->selinux_audit_data.ssid = ssid;
@@ -529,6 +544,7 @@ void avc_audit(u32 ssid, u32 tsid,
529	a->lsm_pre_audit = avc_audit_pre_callback;	544	a->lsm_pre_audit = avc_audit_pre_callback;
530	a->lsm_post_audit = avc_audit_post_callback;	545	a->lsm_post_audit = avc_audit_post_callback;
531	common_lsm_audit(a);	546	common_lsm_audit(a);
		547	return 0;
532	}	548	}
533		549
534	/**	550	/**
@@ -793,6 +809,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
793	* @tclass: target security class	809	* @tclass: target security class
794	* @requested: requested permissions, interpreted based on @tclass	810	* @requested: requested permissions, interpreted based on @tclass
795	* @auditdata: auxiliary audit data	811	* @auditdata: auxiliary audit data
		812	* @flags: VFS walk flags
796	*	813	*
797	* Check the AVC to determine whether the @requested permissions are granted	814	* Check the AVC to determine whether the @requested permissions are granted
798	* for the SID pair (@ssid, @tsid), interpreting the permissions	815	* for the SID pair (@ssid, @tsid), interpreting the permissions
@@ -802,14 +819,19 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
802	* permissions are granted, -%EACCES if any permissions are denied, or	819	* permissions are granted, -%EACCES if any permissions are denied, or
803	* another -errno upon other errors.	820	* another -errno upon other errors.
804	*/	821	*/
805	int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,	822	int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass,
806	u32 requested, struct common_audit_data *auditdata)	823	u32 requested, struct common_audit_data *auditdata,
		824	unsigned flags)
807	{	825	{
808	struct av_decision avd;	826	struct av_decision avd;
809	int rc;	827	int rc, rc2;
810		828
811	rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);	829	rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
812	avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);	830
		831	rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata,
		832	flags);
		833	if (rc2)
		834	return rc2;
813	return rc;	835	return rc;
814	}	836	}
815		837