diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 142 |
1 files changed, 71 insertions, 71 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5aa45b168122..254b7983657d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1478,14 +1478,14 @@ static int task_has_capability(struct task_struct *tsk, | |||
| 1478 | const struct cred *cred, | 1478 | const struct cred *cred, |
| 1479 | int cap, int audit) | 1479 | int cap, int audit) |
| 1480 | { | 1480 | { |
| 1481 | struct avc_audit_data ad; | 1481 | struct common_audit_data ad; |
| 1482 | struct av_decision avd; | 1482 | struct av_decision avd; |
| 1483 | u16 sclass; | 1483 | u16 sclass; |
| 1484 | u32 sid = cred_sid(cred); | 1484 | u32 sid = cred_sid(cred); |
| 1485 | u32 av = CAP_TO_MASK(cap); | 1485 | u32 av = CAP_TO_MASK(cap); |
| 1486 | int rc; | 1486 | int rc; |
| 1487 | 1487 | ||
| 1488 | AVC_AUDIT_DATA_INIT(&ad, CAP); | 1488 | COMMON_AUDIT_DATA_INIT(&ad, CAP); |
| 1489 | ad.tsk = tsk; | 1489 | ad.tsk = tsk; |
| 1490 | ad.u.cap = cap; | 1490 | ad.u.cap = cap; |
| 1491 | 1491 | ||
| @@ -1524,10 +1524,10 @@ static int task_has_system(struct task_struct *tsk, | |||
| 1524 | static int inode_has_perm(const struct cred *cred, | 1524 | static int inode_has_perm(const struct cred *cred, |
| 1525 | struct inode *inode, | 1525 | struct inode *inode, |
| 1526 | u32 perms, | 1526 | u32 perms, |
| 1527 | struct avc_audit_data *adp) | 1527 | struct common_audit_data *adp) |
| 1528 | { | 1528 | { |
| 1529 | struct inode_security_struct *isec; | 1529 | struct inode_security_struct *isec; |
| 1530 | struct avc_audit_data ad; | 1530 | struct common_audit_data ad; |
| 1531 | u32 sid; | 1531 | u32 sid; |
| 1532 | 1532 | ||
| 1533 | if (unlikely(IS_PRIVATE(inode))) | 1533 | if (unlikely(IS_PRIVATE(inode))) |
| @@ -1538,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred, | |||
| 1538 | 1538 | ||
| 1539 | if (!adp) { | 1539 | if (!adp) { |
| 1540 | adp = &ad; | 1540 | adp = &ad; |
| 1541 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1541 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 1542 | ad.u.fs.inode = inode; | 1542 | ad.u.fs.inode = inode; |
| 1543 | } | 1543 | } |
| 1544 | 1544 | ||
| @@ -1554,9 +1554,9 @@ static inline int dentry_has_perm(const struct cred *cred, | |||
| 1554 | u32 av) | 1554 | u32 av) |
| 1555 | { | 1555 | { |
| 1556 | struct inode *inode = dentry->d_inode; | 1556 | struct inode *inode = dentry->d_inode; |
| 1557 | struct avc_audit_data ad; | 1557 | struct common_audit_data ad; |
| 1558 | 1558 | ||
| 1559 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1559 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 1560 | ad.u.fs.path.mnt = mnt; | 1560 | ad.u.fs.path.mnt = mnt; |
| 1561 | ad.u.fs.path.dentry = dentry; | 1561 | ad.u.fs.path.dentry = dentry; |
| 1562 | return inode_has_perm(cred, inode, av, &ad); | 1562 | return inode_has_perm(cred, inode, av, &ad); |
| @@ -1576,11 +1576,11 @@ static int file_has_perm(const struct cred *cred, | |||
| 1576 | { | 1576 | { |
| 1577 | struct file_security_struct *fsec = file->f_security; | 1577 | struct file_security_struct *fsec = file->f_security; |
| 1578 | struct inode *inode = file->f_path.dentry->d_inode; | 1578 | struct inode *inode = file->f_path.dentry->d_inode; |
| 1579 | struct avc_audit_data ad; | 1579 | struct common_audit_data ad; |
| 1580 | u32 sid = cred_sid(cred); | 1580 | u32 sid = cred_sid(cred); |
| 1581 | int rc; | 1581 | int rc; |
| 1582 | 1582 | ||
| 1583 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1583 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 1584 | ad.u.fs.path = file->f_path; | 1584 | ad.u.fs.path = file->f_path; |
| 1585 | 1585 | ||
| 1586 | if (sid != fsec->sid) { | 1586 | if (sid != fsec->sid) { |
| @@ -1611,7 +1611,7 @@ static int may_create(struct inode *dir, | |||
| 1611 | struct inode_security_struct *dsec; | 1611 | struct inode_security_struct *dsec; |
| 1612 | struct superblock_security_struct *sbsec; | 1612 | struct superblock_security_struct *sbsec; |
| 1613 | u32 sid, newsid; | 1613 | u32 sid, newsid; |
| 1614 | struct avc_audit_data ad; | 1614 | struct common_audit_data ad; |
| 1615 | int rc; | 1615 | int rc; |
| 1616 | 1616 | ||
| 1617 | dsec = dir->i_security; | 1617 | dsec = dir->i_security; |
| @@ -1620,7 +1620,7 @@ static int may_create(struct inode *dir, | |||
| 1620 | sid = tsec->sid; | 1620 | sid = tsec->sid; |
| 1621 | newsid = tsec->create_sid; | 1621 | newsid = tsec->create_sid; |
| 1622 | 1622 | ||
| 1623 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1623 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 1624 | ad.u.fs.path.dentry = dentry; | 1624 | ad.u.fs.path.dentry = dentry; |
| 1625 | 1625 | ||
| 1626 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, | 1626 | rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, |
| @@ -1664,7 +1664,7 @@ static int may_link(struct inode *dir, | |||
| 1664 | 1664 | ||
| 1665 | { | 1665 | { |
| 1666 | struct inode_security_struct *dsec, *isec; | 1666 | struct inode_security_struct *dsec, *isec; |
| 1667 | struct avc_audit_data ad; | 1667 | struct common_audit_data ad; |
| 1668 | u32 sid = current_sid(); | 1668 | u32 sid = current_sid(); |
| 1669 | u32 av; | 1669 | u32 av; |
| 1670 | int rc; | 1670 | int rc; |
| @@ -1672,7 +1672,7 @@ static int may_link(struct inode *dir, | |||
| 1672 | dsec = dir->i_security; | 1672 | dsec = dir->i_security; |
| 1673 | isec = dentry->d_inode->i_security; | 1673 | isec = dentry->d_inode->i_security; |
| 1674 | 1674 | ||
| 1675 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1675 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 1676 | ad.u.fs.path.dentry = dentry; | 1676 | ad.u.fs.path.dentry = dentry; |
| 1677 | 1677 | ||
| 1678 | av = DIR__SEARCH; | 1678 | av = DIR__SEARCH; |
| @@ -1707,7 +1707,7 @@ static inline int may_rename(struct inode *old_dir, | |||
| 1707 | struct dentry *new_dentry) | 1707 | struct dentry *new_dentry) |
| 1708 | { | 1708 | { |
| 1709 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; | 1709 | struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; |
| 1710 | struct avc_audit_data ad; | 1710 | struct common_audit_data ad; |
| 1711 | u32 sid = current_sid(); | 1711 | u32 sid = current_sid(); |
| 1712 | u32 av; | 1712 | u32 av; |
| 1713 | int old_is_dir, new_is_dir; | 1713 | int old_is_dir, new_is_dir; |
| @@ -1718,7 +1718,7 @@ static inline int may_rename(struct inode *old_dir, | |||
| 1718 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); | 1718 | old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); |
| 1719 | new_dsec = new_dir->i_security; | 1719 | new_dsec = new_dir->i_security; |
| 1720 | 1720 | ||
| 1721 | AVC_AUDIT_DATA_INIT(&ad, FS); | 1721 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 1722 | 1722 | ||
| 1723 | ad.u.fs.path.dentry = old_dentry; | 1723 | ad.u.fs.path.dentry = old_dentry; |
| 1724 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, | 1724 | rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, |
| @@ -1760,7 +1760,7 @@ static inline int may_rename(struct inode *old_dir, | |||
| 1760 | static int superblock_has_perm(const struct cred *cred, | 1760 | static int superblock_has_perm(const struct cred *cred, |
| 1761 | struct super_block *sb, | 1761 | struct super_block *sb, |
| 1762 | u32 perms, | 1762 | u32 perms, |
| 1763 | struct avc_audit_data *ad) | 1763 | struct common_audit_data *ad) |
| 1764 | { | 1764 | { |
| 1765 | struct superblock_security_struct *sbsec; | 1765 | struct superblock_security_struct *sbsec; |
| 1766 | u32 sid = cred_sid(cred); | 1766 | u32 sid = cred_sid(cred); |
| @@ -2100,7 +2100,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
| 2100 | const struct task_security_struct *old_tsec; | 2100 | const struct task_security_struct *old_tsec; |
| 2101 | struct task_security_struct *new_tsec; | 2101 | struct task_security_struct *new_tsec; |
| 2102 | struct inode_security_struct *isec; | 2102 | struct inode_security_struct *isec; |
| 2103 | struct avc_audit_data ad; | 2103 | struct common_audit_data ad; |
| 2104 | struct inode *inode = bprm->file->f_path.dentry->d_inode; | 2104 | struct inode *inode = bprm->file->f_path.dentry->d_inode; |
| 2105 | int rc; | 2105 | int rc; |
| 2106 | 2106 | ||
| @@ -2138,7 +2138,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
| 2138 | return rc; | 2138 | return rc; |
| 2139 | } | 2139 | } |
| 2140 | 2140 | ||
| 2141 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2141 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 2142 | ad.u.fs.path = bprm->file->f_path; | 2142 | ad.u.fs.path = bprm->file->f_path; |
| 2143 | 2143 | ||
| 2144 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) | 2144 | if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) |
| @@ -2231,7 +2231,7 @@ extern struct dentry *selinux_null; | |||
| 2231 | static inline void flush_unauthorized_files(const struct cred *cred, | 2231 | static inline void flush_unauthorized_files(const struct cred *cred, |
| 2232 | struct files_struct *files) | 2232 | struct files_struct *files) |
| 2233 | { | 2233 | { |
| 2234 | struct avc_audit_data ad; | 2234 | struct common_audit_data ad; |
| 2235 | struct file *file, *devnull = NULL; | 2235 | struct file *file, *devnull = NULL; |
| 2236 | struct tty_struct *tty; | 2236 | struct tty_struct *tty; |
| 2237 | struct fdtable *fdt; | 2237 | struct fdtable *fdt; |
| @@ -2265,7 +2265,7 @@ static inline void flush_unauthorized_files(const struct cred *cred, | |||
| 2265 | 2265 | ||
| 2266 | /* Revalidate access to inherited open files. */ | 2266 | /* Revalidate access to inherited open files. */ |
| 2267 | 2267 | ||
| 2268 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2268 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 2269 | 2269 | ||
| 2270 | spin_lock(&files->file_lock); | 2270 | spin_lock(&files->file_lock); |
| 2271 | for (;;) { | 2271 | for (;;) { |
| @@ -2514,7 +2514,7 @@ out: | |||
| 2514 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | 2514 | static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) |
| 2515 | { | 2515 | { |
| 2516 | const struct cred *cred = current_cred(); | 2516 | const struct cred *cred = current_cred(); |
| 2517 | struct avc_audit_data ad; | 2517 | struct common_audit_data ad; |
| 2518 | int rc; | 2518 | int rc; |
| 2519 | 2519 | ||
| 2520 | rc = superblock_doinit(sb, data); | 2520 | rc = superblock_doinit(sb, data); |
| @@ -2525,7 +2525,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | |||
| 2525 | if (flags & MS_KERNMOUNT) | 2525 | if (flags & MS_KERNMOUNT) |
| 2526 | return 0; | 2526 | return 0; |
| 2527 | 2527 | ||
| 2528 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2528 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 2529 | ad.u.fs.path.dentry = sb->s_root; | 2529 | ad.u.fs.path.dentry = sb->s_root; |
| 2530 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); | 2530 | return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); |
| 2531 | } | 2531 | } |
| @@ -2533,9 +2533,9 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) | |||
| 2533 | static int selinux_sb_statfs(struct dentry *dentry) | 2533 | static int selinux_sb_statfs(struct dentry *dentry) |
| 2534 | { | 2534 | { |
| 2535 | const struct cred *cred = current_cred(); | 2535 | const struct cred *cred = current_cred(); |
| 2536 | struct avc_audit_data ad; | 2536 | struct common_audit_data ad; |
| 2537 | 2537 | ||
| 2538 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2538 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 2539 | ad.u.fs.path.dentry = dentry->d_sb->s_root; | 2539 | ad.u.fs.path.dentry = dentry->d_sb->s_root; |
| 2540 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); | 2540 | return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); |
| 2541 | } | 2541 | } |
| @@ -2755,7 +2755,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
| 2755 | struct inode *inode = dentry->d_inode; | 2755 | struct inode *inode = dentry->d_inode; |
| 2756 | struct inode_security_struct *isec = inode->i_security; | 2756 | struct inode_security_struct *isec = inode->i_security; |
| 2757 | struct superblock_security_struct *sbsec; | 2757 | struct superblock_security_struct *sbsec; |
| 2758 | struct avc_audit_data ad; | 2758 | struct common_audit_data ad; |
| 2759 | u32 newsid, sid = current_sid(); | 2759 | u32 newsid, sid = current_sid(); |
| 2760 | int rc = 0; | 2760 | int rc = 0; |
| 2761 | 2761 | ||
| @@ -2769,7 +2769,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
| 2769 | if (!is_owner_or_cap(inode)) | 2769 | if (!is_owner_or_cap(inode)) |
| 2770 | return -EPERM; | 2770 | return -EPERM; |
| 2771 | 2771 | ||
| 2772 | AVC_AUDIT_DATA_INIT(&ad, FS); | 2772 | COMMON_AUDIT_DATA_INIT(&ad, FS); |
| 2773 | ad.u.fs.path.dentry = dentry; | 2773 | ad.u.fs.path.dentry = dentry; |
| 2774 | 2774 | ||
| 2775 | rc = avc_has_perm(sid, isec->sid, isec->sclass, | 2775 | rc = avc_has_perm(sid, isec->sid, isec->sclass, |
| @@ -3418,7 +3418,7 @@ static void selinux_task_to_inode(struct task_struct *p, | |||
| 3418 | 3418 | ||
| 3419 | /* Returns error only if unable to parse addresses */ | 3419 | /* Returns error only if unable to parse addresses */ |
| 3420 | static int selinux_parse_skb_ipv4(struct sk_buff *skb, | 3420 | static int selinux_parse_skb_ipv4(struct sk_buff *skb, |
| 3421 | struct avc_audit_data *ad, u8 *proto) | 3421 | struct common_audit_data *ad, u8 *proto) |
| 3422 | { | 3422 | { |
| 3423 | int offset, ihlen, ret = -EINVAL; | 3423 | int offset, ihlen, ret = -EINVAL; |
| 3424 | struct iphdr _iph, *ih; | 3424 | struct iphdr _iph, *ih; |
| @@ -3499,7 +3499,7 @@ out: | |||
| 3499 | 3499 | ||
| 3500 | /* Returns error only if unable to parse addresses */ | 3500 | /* Returns error only if unable to parse addresses */ |
| 3501 | static int selinux_parse_skb_ipv6(struct sk_buff *skb, | 3501 | static int selinux_parse_skb_ipv6(struct sk_buff *skb, |
| 3502 | struct avc_audit_data *ad, u8 *proto) | 3502 | struct common_audit_data *ad, u8 *proto) |
| 3503 | { | 3503 | { |
| 3504 | u8 nexthdr; | 3504 | u8 nexthdr; |
| 3505 | int ret = -EINVAL, offset; | 3505 | int ret = -EINVAL, offset; |
| @@ -3570,7 +3570,7 @@ out: | |||
| 3570 | 3570 | ||
| 3571 | #endif /* IPV6 */ | 3571 | #endif /* IPV6 */ |
| 3572 | 3572 | ||
| 3573 | static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, | 3573 | static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, |
| 3574 | char **_addrp, int src, u8 *proto) | 3574 | char **_addrp, int src, u8 *proto) |
| 3575 | { | 3575 | { |
| 3576 | char *addrp; | 3576 | char *addrp; |
| @@ -3652,7 +3652,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, | |||
| 3652 | u32 perms) | 3652 | u32 perms) |
| 3653 | { | 3653 | { |
| 3654 | struct inode_security_struct *isec; | 3654 | struct inode_security_struct *isec; |
| 3655 | struct avc_audit_data ad; | 3655 | struct common_audit_data ad; |
| 3656 | u32 sid; | 3656 | u32 sid; |
| 3657 | int err = 0; | 3657 | int err = 0; |
| 3658 | 3658 | ||
| @@ -3662,7 +3662,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, | |||
| 3662 | goto out; | 3662 | goto out; |
| 3663 | sid = task_sid(task); | 3663 | sid = task_sid(task); |
| 3664 | 3664 | ||
| 3665 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3665 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 3666 | ad.u.net.sk = sock->sk; | 3666 | ad.u.net.sk = sock->sk; |
| 3667 | err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); | 3667 | err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
| 3668 | 3668 | ||
| @@ -3749,7 +3749,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 3749 | if (family == PF_INET || family == PF_INET6) { | 3749 | if (family == PF_INET || family == PF_INET6) { |
| 3750 | char *addrp; | 3750 | char *addrp; |
| 3751 | struct inode_security_struct *isec; | 3751 | struct inode_security_struct *isec; |
| 3752 | struct avc_audit_data ad; | 3752 | struct common_audit_data ad; |
| 3753 | struct sockaddr_in *addr4 = NULL; | 3753 | struct sockaddr_in *addr4 = NULL; |
| 3754 | struct sockaddr_in6 *addr6 = NULL; | 3754 | struct sockaddr_in6 *addr6 = NULL; |
| 3755 | unsigned short snum; | 3755 | unsigned short snum; |
| @@ -3778,7 +3778,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 3778 | snum, &sid); | 3778 | snum, &sid); |
| 3779 | if (err) | 3779 | if (err) |
| 3780 | goto out; | 3780 | goto out; |
| 3781 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3781 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 3782 | ad.u.net.sport = htons(snum); | 3782 | ad.u.net.sport = htons(snum); |
| 3783 | ad.u.net.family = family; | 3783 | ad.u.net.family = family; |
| 3784 | err = avc_has_perm(isec->sid, sid, | 3784 | err = avc_has_perm(isec->sid, sid, |
| @@ -3811,7 +3811,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 3811 | if (err) | 3811 | if (err) |
| 3812 | goto out; | 3812 | goto out; |
| 3813 | 3813 | ||
| 3814 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3814 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 3815 | ad.u.net.sport = htons(snum); | 3815 | ad.u.net.sport = htons(snum); |
| 3816 | ad.u.net.family = family; | 3816 | ad.u.net.family = family; |
| 3817 | 3817 | ||
| @@ -3845,7 +3845,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, | |||
| 3845 | isec = SOCK_INODE(sock)->i_security; | 3845 | isec = SOCK_INODE(sock)->i_security; |
| 3846 | if (isec->sclass == SECCLASS_TCP_SOCKET || | 3846 | if (isec->sclass == SECCLASS_TCP_SOCKET || |
| 3847 | isec->sclass == SECCLASS_DCCP_SOCKET) { | 3847 | isec->sclass == SECCLASS_DCCP_SOCKET) { |
| 3848 | struct avc_audit_data ad; | 3848 | struct common_audit_data ad; |
| 3849 | struct sockaddr_in *addr4 = NULL; | 3849 | struct sockaddr_in *addr4 = NULL; |
| 3850 | struct sockaddr_in6 *addr6 = NULL; | 3850 | struct sockaddr_in6 *addr6 = NULL; |
| 3851 | unsigned short snum; | 3851 | unsigned short snum; |
| @@ -3870,7 +3870,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, | |||
| 3870 | perm = (isec->sclass == SECCLASS_TCP_SOCKET) ? | 3870 | perm = (isec->sclass == SECCLASS_TCP_SOCKET) ? |
| 3871 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; | 3871 | TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; |
| 3872 | 3872 | ||
| 3873 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3873 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 3874 | ad.u.net.dport = htons(snum); | 3874 | ad.u.net.dport = htons(snum); |
| 3875 | ad.u.net.family = sk->sk_family; | 3875 | ad.u.net.family = sk->sk_family; |
| 3876 | err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad); | 3876 | err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad); |
| @@ -3960,13 +3960,13 @@ static int selinux_socket_unix_stream_connect(struct socket *sock, | |||
| 3960 | struct sk_security_struct *ssec; | 3960 | struct sk_security_struct *ssec; |
| 3961 | struct inode_security_struct *isec; | 3961 | struct inode_security_struct *isec; |
| 3962 | struct inode_security_struct *other_isec; | 3962 | struct inode_security_struct *other_isec; |
| 3963 | struct avc_audit_data ad; | 3963 | struct common_audit_data ad; |
| 3964 | int err; | 3964 | int err; |
| 3965 | 3965 | ||
| 3966 | isec = SOCK_INODE(sock)->i_security; | 3966 | isec = SOCK_INODE(sock)->i_security; |
| 3967 | other_isec = SOCK_INODE(other)->i_security; | 3967 | other_isec = SOCK_INODE(other)->i_security; |
| 3968 | 3968 | ||
| 3969 | AVC_AUDIT_DATA_INIT(&ad, NET); | 3969 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 3970 | ad.u.net.sk = other->sk; | 3970 | ad.u.net.sk = other->sk; |
| 3971 | 3971 | ||
| 3972 | err = avc_has_perm(isec->sid, other_isec->sid, | 3972 | err = avc_has_perm(isec->sid, other_isec->sid, |
| @@ -3992,13 +3992,13 @@ static int selinux_socket_unix_may_send(struct socket *sock, | |||
| 3992 | { | 3992 | { |
| 3993 | struct inode_security_struct *isec; | 3993 | struct inode_security_struct *isec; |
| 3994 | struct inode_security_struct *other_isec; | 3994 | struct inode_security_struct *other_isec; |
| 3995 | struct avc_audit_data ad; | 3995 | struct common_audit_data ad; |
| 3996 | int err; | 3996 | int err; |
| 3997 | 3997 | ||
| 3998 | isec = SOCK_INODE(sock)->i_security; | 3998 | isec = SOCK_INODE(sock)->i_security; |
| 3999 | other_isec = SOCK_INODE(other)->i_security; | 3999 | other_isec = SOCK_INODE(other)->i_security; |
| 4000 | 4000 | ||
| 4001 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4001 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4002 | ad.u.net.sk = other->sk; | 4002 | ad.u.net.sk = other->sk; |
| 4003 | 4003 | ||
| 4004 | err = avc_has_perm(isec->sid, other_isec->sid, | 4004 | err = avc_has_perm(isec->sid, other_isec->sid, |
| @@ -4011,7 +4011,7 @@ static int selinux_socket_unix_may_send(struct socket *sock, | |||
| 4011 | 4011 | ||
| 4012 | static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, | 4012 | static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, |
| 4013 | u32 peer_sid, | 4013 | u32 peer_sid, |
| 4014 | struct avc_audit_data *ad) | 4014 | struct common_audit_data *ad) |
| 4015 | { | 4015 | { |
| 4016 | int err; | 4016 | int err; |
| 4017 | u32 if_sid; | 4017 | u32 if_sid; |
| @@ -4039,10 +4039,10 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, | |||
| 4039 | struct sk_security_struct *sksec = sk->sk_security; | 4039 | struct sk_security_struct *sksec = sk->sk_security; |
| 4040 | u32 peer_sid; | 4040 | u32 peer_sid; |
| 4041 | u32 sk_sid = sksec->sid; | 4041 | u32 sk_sid = sksec->sid; |
| 4042 | struct avc_audit_data ad; | 4042 | struct common_audit_data ad; |
| 4043 | char *addrp; | 4043 | char *addrp; |
| 4044 | 4044 | ||
| 4045 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4045 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4046 | ad.u.net.netif = skb->iif; | 4046 | ad.u.net.netif = skb->iif; |
| 4047 | ad.u.net.family = family; | 4047 | ad.u.net.family = family; |
| 4048 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4048 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
| @@ -4080,7 +4080,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
| 4080 | struct sk_security_struct *sksec = sk->sk_security; | 4080 | struct sk_security_struct *sksec = sk->sk_security; |
| 4081 | u16 family = sk->sk_family; | 4081 | u16 family = sk->sk_family; |
| 4082 | u32 sk_sid = sksec->sid; | 4082 | u32 sk_sid = sksec->sid; |
| 4083 | struct avc_audit_data ad; | 4083 | struct common_audit_data ad; |
| 4084 | char *addrp; | 4084 | char *addrp; |
| 4085 | u8 secmark_active; | 4085 | u8 secmark_active; |
| 4086 | u8 peerlbl_active; | 4086 | u8 peerlbl_active; |
| @@ -4104,7 +4104,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
| 4104 | if (!secmark_active && !peerlbl_active) | 4104 | if (!secmark_active && !peerlbl_active) |
| 4105 | return 0; | 4105 | return 0; |
| 4106 | 4106 | ||
| 4107 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4107 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4108 | ad.u.net.netif = skb->iif; | 4108 | ad.u.net.netif = skb->iif; |
| 4109 | ad.u.net.family = family; | 4109 | ad.u.net.family = family; |
| 4110 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); | 4110 | err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); |
| @@ -4362,7 +4362,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, | |||
| 4362 | int err; | 4362 | int err; |
| 4363 | char *addrp; | 4363 | char *addrp; |
| 4364 | u32 peer_sid; | 4364 | u32 peer_sid; |
| 4365 | struct avc_audit_data ad; | 4365 | struct common_audit_data ad; |
| 4366 | u8 secmark_active; | 4366 | u8 secmark_active; |
| 4367 | u8 netlbl_active; | 4367 | u8 netlbl_active; |
| 4368 | u8 peerlbl_active; | 4368 | u8 peerlbl_active; |
| @@ -4379,7 +4379,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, | |||
| 4379 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) | 4379 | if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) |
| 4380 | return NF_DROP; | 4380 | return NF_DROP; |
| 4381 | 4381 | ||
| 4382 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4382 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4383 | ad.u.net.netif = ifindex; | 4383 | ad.u.net.netif = ifindex; |
| 4384 | ad.u.net.family = family; | 4384 | ad.u.net.family = family; |
| 4385 | if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) | 4385 | if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) |
| @@ -4467,7 +4467,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, | |||
| 4467 | { | 4467 | { |
| 4468 | struct sock *sk = skb->sk; | 4468 | struct sock *sk = skb->sk; |
| 4469 | struct sk_security_struct *sksec; | 4469 | struct sk_security_struct *sksec; |
| 4470 | struct avc_audit_data ad; | 4470 | struct common_audit_data ad; |
| 4471 | char *addrp; | 4471 | char *addrp; |
| 4472 | u8 proto; | 4472 | u8 proto; |
| 4473 | 4473 | ||
| @@ -4475,7 +4475,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, | |||
| 4475 | return NF_ACCEPT; | 4475 | return NF_ACCEPT; |
| 4476 | sksec = sk->sk_security; | 4476 | sksec = sk->sk_security; |
| 4477 | 4477 | ||
| 4478 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4478 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4479 | ad.u.net.netif = ifindex; | 4479 | ad.u.net.netif = ifindex; |
| 4480 | ad.u.net.family = family; | 4480 | ad.u.net.family = family; |
| 4481 | if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) | 4481 | if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) |
| @@ -4499,7 +4499,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
| 4499 | u32 secmark_perm; | 4499 | u32 secmark_perm; |
| 4500 | u32 peer_sid; | 4500 | u32 peer_sid; |
| 4501 | struct sock *sk; | 4501 | struct sock *sk; |
| 4502 | struct avc_audit_data ad; | 4502 | struct common_audit_data ad; |
| 4503 | char *addrp; | 4503 | char *addrp; |
| 4504 | u8 secmark_active; | 4504 | u8 secmark_active; |
| 4505 | u8 peerlbl_active; | 4505 | u8 peerlbl_active; |
| @@ -4558,7 +4558,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
| 4558 | secmark_perm = PACKET__SEND; | 4558 | secmark_perm = PACKET__SEND; |
| 4559 | } | 4559 | } |
| 4560 | 4560 | ||
| 4561 | AVC_AUDIT_DATA_INIT(&ad, NET); | 4561 | COMMON_AUDIT_DATA_INIT(&ad, NET); |
| 4562 | ad.u.net.netif = ifindex; | 4562 | ad.u.net.netif = ifindex; |
| 4563 | ad.u.net.family = family; | 4563 | ad.u.net.family = family; |
| 4564 | if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) | 4564 | if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) |
| @@ -4628,13 +4628,13 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
| 4628 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) | 4628 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) |
| 4629 | { | 4629 | { |
| 4630 | int err; | 4630 | int err; |
| 4631 | struct avc_audit_data ad; | 4631 | struct common_audit_data ad; |
| 4632 | 4632 | ||
| 4633 | err = cap_netlink_recv(skb, capability); | 4633 | err = cap_netlink_recv(skb, capability); |
| 4634 | if (err) | 4634 | if (err) |
| 4635 | return err; | 4635 | return err; |
| 4636 | 4636 | ||
| 4637 | AVC_AUDIT_DATA_INIT(&ad, CAP); | 4637 | COMMON_AUDIT_DATA_INIT(&ad, CAP); |
| 4638 | ad.u.cap = capability; | 4638 | ad.u.cap = capability; |
| 4639 | 4639 | ||
| 4640 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, | 4640 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, |
| @@ -4693,12 +4693,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | |||
| 4693 | u32 perms) | 4693 | u32 perms) |
| 4694 | { | 4694 | { |
| 4695 | struct ipc_security_struct *isec; | 4695 | struct ipc_security_struct *isec; |
| 4696 | struct avc_audit_data ad; | 4696 | struct common_audit_data ad; |
| 4697 | u32 sid = current_sid(); | 4697 | u32 sid = current_sid(); |
| 4698 | 4698 | ||
| 4699 | isec = ipc_perms->security; | 4699 | isec = ipc_perms->security; |
| 4700 | 4700 | ||
| 4701 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4701 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4702 | ad.u.ipc_id = ipc_perms->key; | 4702 | ad.u.ipc_id = ipc_perms->key; |
| 4703 | 4703 | ||
| 4704 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); | 4704 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); |
| @@ -4718,7 +4718,7 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg) | |||
| 4718 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | 4718 | static int selinux_msg_queue_alloc_security(struct msg_queue *msq) |
| 4719 | { | 4719 | { |
| 4720 | struct ipc_security_struct *isec; | 4720 | struct ipc_security_struct *isec; |
| 4721 | struct avc_audit_data ad; | 4721 | struct common_audit_data ad; |
| 4722 | u32 sid = current_sid(); | 4722 | u32 sid = current_sid(); |
| 4723 | int rc; | 4723 | int rc; |
| 4724 | 4724 | ||
| @@ -4728,7 +4728,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq) | |||
| 4728 | 4728 | ||
| 4729 | isec = msq->q_perm.security; | 4729 | isec = msq->q_perm.security; |
| 4730 | 4730 | ||
| 4731 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4731 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4732 | ad.u.ipc_id = msq->q_perm.key; | 4732 | ad.u.ipc_id = msq->q_perm.key; |
| 4733 | 4733 | ||
| 4734 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 4734 | rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
| @@ -4748,12 +4748,12 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq) | |||
| 4748 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) | 4748 | static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) |
| 4749 | { | 4749 | { |
| 4750 | struct ipc_security_struct *isec; | 4750 | struct ipc_security_struct *isec; |
| 4751 | struct avc_audit_data ad; | 4751 | struct common_audit_data ad; |
| 4752 | u32 sid = current_sid(); | 4752 | u32 sid = current_sid(); |
| 4753 | 4753 | ||
| 4754 | isec = msq->q_perm.security; | 4754 | isec = msq->q_perm.security; |
| 4755 | 4755 | ||
| 4756 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4756 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4757 | ad.u.ipc_id = msq->q_perm.key; | 4757 | ad.u.ipc_id = msq->q_perm.key; |
| 4758 | 4758 | ||
| 4759 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, | 4759 | return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, |
| @@ -4792,7 +4792,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
| 4792 | { | 4792 | { |
| 4793 | struct ipc_security_struct *isec; | 4793 | struct ipc_security_struct *isec; |
| 4794 | struct msg_security_struct *msec; | 4794 | struct msg_security_struct *msec; |
| 4795 | struct avc_audit_data ad; | 4795 | struct common_audit_data ad; |
| 4796 | u32 sid = current_sid(); | 4796 | u32 sid = current_sid(); |
| 4797 | int rc; | 4797 | int rc; |
| 4798 | 4798 | ||
| @@ -4813,7 +4813,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | |||
| 4813 | return rc; | 4813 | return rc; |
| 4814 | } | 4814 | } |
| 4815 | 4815 | ||
| 4816 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4816 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4817 | ad.u.ipc_id = msq->q_perm.key; | 4817 | ad.u.ipc_id = msq->q_perm.key; |
| 4818 | 4818 | ||
| 4819 | /* Can this process write to the queue? */ | 4819 | /* Can this process write to the queue? */ |
| @@ -4837,14 +4837,14 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
| 4837 | { | 4837 | { |
| 4838 | struct ipc_security_struct *isec; | 4838 | struct ipc_security_struct *isec; |
| 4839 | struct msg_security_struct *msec; | 4839 | struct msg_security_struct *msec; |
| 4840 | struct avc_audit_data ad; | 4840 | struct common_audit_data ad; |
| 4841 | u32 sid = task_sid(target); | 4841 | u32 sid = task_sid(target); |
| 4842 | int rc; | 4842 | int rc; |
| 4843 | 4843 | ||
| 4844 | isec = msq->q_perm.security; | 4844 | isec = msq->q_perm.security; |
| 4845 | msec = msg->security; | 4845 | msec = msg->security; |
| 4846 | 4846 | ||
| 4847 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4847 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4848 | ad.u.ipc_id = msq->q_perm.key; | 4848 | ad.u.ipc_id = msq->q_perm.key; |
| 4849 | 4849 | ||
| 4850 | rc = avc_has_perm(sid, isec->sid, | 4850 | rc = avc_has_perm(sid, isec->sid, |
| @@ -4859,7 +4859,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | |||
| 4859 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) | 4859 | static int selinux_shm_alloc_security(struct shmid_kernel *shp) |
| 4860 | { | 4860 | { |
| 4861 | struct ipc_security_struct *isec; | 4861 | struct ipc_security_struct *isec; |
| 4862 | struct avc_audit_data ad; | 4862 | struct common_audit_data ad; |
| 4863 | u32 sid = current_sid(); | 4863 | u32 sid = current_sid(); |
| 4864 | int rc; | 4864 | int rc; |
| 4865 | 4865 | ||
| @@ -4869,7 +4869,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp) | |||
| 4869 | 4869 | ||
| 4870 | isec = shp->shm_perm.security; | 4870 | isec = shp->shm_perm.security; |
| 4871 | 4871 | ||
| 4872 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4872 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4873 | ad.u.ipc_id = shp->shm_perm.key; | 4873 | ad.u.ipc_id = shp->shm_perm.key; |
| 4874 | 4874 | ||
| 4875 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, | 4875 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
| @@ -4889,12 +4889,12 @@ static void selinux_shm_free_security(struct shmid_kernel *shp) | |||
| 4889 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) | 4889 | static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) |
| 4890 | { | 4890 | { |
| 4891 | struct ipc_security_struct *isec; | 4891 | struct ipc_security_struct *isec; |
| 4892 | struct avc_audit_data ad; | 4892 | struct common_audit_data ad; |
| 4893 | u32 sid = current_sid(); | 4893 | u32 sid = current_sid(); |
| 4894 | 4894 | ||
| 4895 | isec = shp->shm_perm.security; | 4895 | isec = shp->shm_perm.security; |
| 4896 | 4896 | ||
| 4897 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4897 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4898 | ad.u.ipc_id = shp->shm_perm.key; | 4898 | ad.u.ipc_id = shp->shm_perm.key; |
| 4899 | 4899 | ||
| 4900 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, | 4900 | return avc_has_perm(sid, isec->sid, SECCLASS_SHM, |
| @@ -4951,7 +4951,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp, | |||
| 4951 | static int selinux_sem_alloc_security(struct sem_array *sma) | 4951 | static int selinux_sem_alloc_security(struct sem_array *sma) |
| 4952 | { | 4952 | { |
| 4953 | struct ipc_security_struct *isec; | 4953 | struct ipc_security_struct *isec; |
| 4954 | struct avc_audit_data ad; | 4954 | struct common_audit_data ad; |
| 4955 | u32 sid = current_sid(); | 4955 | u32 sid = current_sid(); |
| 4956 | int rc; | 4956 | int rc; |
| 4957 | 4957 | ||
| @@ -4961,7 +4961,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma) | |||
| 4961 | 4961 | ||
| 4962 | isec = sma->sem_perm.security; | 4962 | isec = sma->sem_perm.security; |
| 4963 | 4963 | ||
| 4964 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4964 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4965 | ad.u.ipc_id = sma->sem_perm.key; | 4965 | ad.u.ipc_id = sma->sem_perm.key; |
| 4966 | 4966 | ||
| 4967 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, | 4967 | rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, |
| @@ -4981,12 +4981,12 @@ static void selinux_sem_free_security(struct sem_array *sma) | |||
| 4981 | static int selinux_sem_associate(struct sem_array *sma, int semflg) | 4981 | static int selinux_sem_associate(struct sem_array *sma, int semflg) |
| 4982 | { | 4982 | { |
| 4983 | struct ipc_security_struct *isec; | 4983 | struct ipc_security_struct *isec; |
| 4984 | struct avc_audit_data ad; | 4984 | struct common_audit_data ad; |
| 4985 | u32 sid = current_sid(); | 4985 | u32 sid = current_sid(); |
| 4986 | 4986 | ||
| 4987 | isec = sma->sem_perm.security; | 4987 | isec = sma->sem_perm.security; |
| 4988 | 4988 | ||
| 4989 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 4989 | COMMON_AUDIT_DATA_INIT(&ad, IPC); |
| 4990 | ad.u.ipc_id = sma->sem_perm.key; | 4990 | ad.u.ipc_id = sma->sem_perm.key; |
| 4991 | 4991 | ||
| 4992 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, | 4992 | return avc_has_perm(sid, isec->sid, SECCLASS_SEM, |