diff options
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0d378141c95a..aae1e794fe48 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -3667,7 +3667,7 @@ static void msg_msg_free_security(struct msg_msg *msg) | |||
3667 | } | 3667 | } |
3668 | 3668 | ||
3669 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | 3669 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, |
3670 | u16 sclass, u32 perms) | 3670 | u32 perms) |
3671 | { | 3671 | { |
3672 | struct task_security_struct *tsec; | 3672 | struct task_security_struct *tsec; |
3673 | struct ipc_security_struct *isec; | 3673 | struct ipc_security_struct *isec; |
@@ -3679,7 +3679,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | |||
3679 | AVC_AUDIT_DATA_INIT(&ad, IPC); | 3679 | AVC_AUDIT_DATA_INIT(&ad, IPC); |
3680 | ad.u.ipc_id = ipc_perms->key; | 3680 | ad.u.ipc_id = ipc_perms->key; |
3681 | 3681 | ||
3682 | return avc_has_perm(tsec->sid, isec->sid, sclass, perms, &ad); | 3682 | return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); |
3683 | } | 3683 | } |
3684 | 3684 | ||
3685 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) | 3685 | static int selinux_msg_msg_alloc_security(struct msg_msg *msg) |
@@ -3764,7 +3764,7 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
3764 | return 0; | 3764 | return 0; |
3765 | } | 3765 | } |
3766 | 3766 | ||
3767 | err = ipc_has_perm(&msq->q_perm, SECCLASS_MSGQ, perms); | 3767 | err = ipc_has_perm(&msq->q_perm, perms); |
3768 | return err; | 3768 | return err; |
3769 | } | 3769 | } |
3770 | 3770 | ||
@@ -3916,7 +3916,7 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) | |||
3916 | return 0; | 3916 | return 0; |
3917 | } | 3917 | } |
3918 | 3918 | ||
3919 | err = ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms); | 3919 | err = ipc_has_perm(&shp->shm_perm, perms); |
3920 | return err; | 3920 | return err; |
3921 | } | 3921 | } |
3922 | 3922 | ||
@@ -3935,7 +3935,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp, | |||
3935 | else | 3935 | else |
3936 | perms = SHM__READ | SHM__WRITE; | 3936 | perms = SHM__READ | SHM__WRITE; |
3937 | 3937 | ||
3938 | return ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms); | 3938 | return ipc_has_perm(&shp->shm_perm, perms); |
3939 | } | 3939 | } |
3940 | 3940 | ||
3941 | /* Semaphore security operations */ | 3941 | /* Semaphore security operations */ |
@@ -4024,7 +4024,7 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd) | |||
4024 | return 0; | 4024 | return 0; |
4025 | } | 4025 | } |
4026 | 4026 | ||
4027 | err = ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms); | 4027 | err = ipc_has_perm(&sma->sem_perm, perms); |
4028 | return err; | 4028 | return err; |
4029 | } | 4029 | } |
4030 | 4030 | ||
@@ -4038,18 +4038,13 @@ static int selinux_sem_semop(struct sem_array *sma, | |||
4038 | else | 4038 | else |
4039 | perms = SEM__READ; | 4039 | perms = SEM__READ; |
4040 | 4040 | ||
4041 | return ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms); | 4041 | return ipc_has_perm(&sma->sem_perm, perms); |
4042 | } | 4042 | } |
4043 | 4043 | ||
4044 | static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | 4044 | static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) |
4045 | { | 4045 | { |
4046 | struct ipc_security_struct *isec = ipcp->security; | ||
4047 | u16 sclass = SECCLASS_IPC; | ||
4048 | u32 av = 0; | 4046 | u32 av = 0; |
4049 | 4047 | ||
4050 | if (isec && isec->magic == SELINUX_MAGIC) | ||
4051 | sclass = isec->sclass; | ||
4052 | |||
4053 | av = 0; | 4048 | av = 0; |
4054 | if (flag & S_IRUGO) | 4049 | if (flag & S_IRUGO) |
4055 | av |= IPC__UNIX_READ; | 4050 | av |= IPC__UNIX_READ; |
@@ -4059,7 +4054,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | |||
4059 | if (av == 0) | 4054 | if (av == 0) |
4060 | return 0; | 4055 | return 0; |
4061 | 4056 | ||
4062 | return ipc_has_perm(ipcp, sclass, av); | 4057 | return ipc_has_perm(ipcp, av); |
4063 | } | 4058 | } |
4064 | 4059 | ||
4065 | /* module stacking operations */ | 4060 | /* module stacking operations */ |