aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c28
1 files changed, 12 insertions, 16 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ffeefa3c2c77..75c2e99bfb81 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1356,8 +1356,8 @@ static inline int dentry_has_perm(struct task_struct *tsk,
1356 struct inode *inode = dentry->d_inode; 1356 struct inode *inode = dentry->d_inode;
1357 struct avc_audit_data ad; 1357 struct avc_audit_data ad;
1358 AVC_AUDIT_DATA_INIT(&ad,FS); 1358 AVC_AUDIT_DATA_INIT(&ad,FS);
1359 ad.u.fs.mnt = mnt; 1359 ad.u.fs.path.mnt = mnt;
1360 ad.u.fs.dentry = dentry; 1360 ad.u.fs.path.dentry = dentry;
1361 return inode_has_perm(tsk, inode, av, &ad); 1361 return inode_has_perm(tsk, inode, av, &ad);
1362} 1362}
1363 1363
@@ -1375,15 +1375,12 @@ static int file_has_perm(struct task_struct *tsk,
1375{ 1375{
1376 struct task_security_struct *tsec = tsk->security; 1376 struct task_security_struct *tsec = tsk->security;
1377 struct file_security_struct *fsec = file->f_security; 1377 struct file_security_struct *fsec = file->f_security;
1378 struct vfsmount *mnt = file->f_path.mnt; 1378 struct inode *inode = file->f_path.dentry->d_inode;
1379 struct dentry *dentry = file->f_path.dentry;
1380 struct inode *inode = dentry->d_inode;
1381 struct avc_audit_data ad; 1379 struct avc_audit_data ad;
1382 int rc; 1380 int rc;
1383 1381
1384 AVC_AUDIT_DATA_INIT(&ad, FS); 1382 AVC_AUDIT_DATA_INIT(&ad, FS);
1385 ad.u.fs.mnt = mnt; 1383 ad.u.fs.path = file->f_path;
1386 ad.u.fs.dentry = dentry;
1387 1384
1388 if (tsec->sid != fsec->sid) { 1385 if (tsec->sid != fsec->sid) {
1389 rc = avc_has_perm(tsec->sid, fsec->sid, 1386 rc = avc_has_perm(tsec->sid, fsec->sid,
@@ -1418,7 +1415,7 @@ static int may_create(struct inode *dir,
1418 sbsec = dir->i_sb->s_security; 1415 sbsec = dir->i_sb->s_security;
1419 1416
1420 AVC_AUDIT_DATA_INIT(&ad, FS); 1417 AVC_AUDIT_DATA_INIT(&ad, FS);
1421 ad.u.fs.dentry = dentry; 1418 ad.u.fs.path.dentry = dentry;
1422 1419
1423 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, 1420 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1424 DIR__ADD_NAME | DIR__SEARCH, 1421 DIR__ADD_NAME | DIR__SEARCH,
@@ -1476,7 +1473,7 @@ static int may_link(struct inode *dir,
1476 isec = dentry->d_inode->i_security; 1473 isec = dentry->d_inode->i_security;
1477 1474
1478 AVC_AUDIT_DATA_INIT(&ad, FS); 1475 AVC_AUDIT_DATA_INIT(&ad, FS);
1479 ad.u.fs.dentry = dentry; 1476 ad.u.fs.path.dentry = dentry;
1480 1477
1481 av = DIR__SEARCH; 1478 av = DIR__SEARCH;
1482 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); 1479 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
@@ -1523,7 +1520,7 @@ static inline int may_rename(struct inode *old_dir,
1523 1520
1524 AVC_AUDIT_DATA_INIT(&ad, FS); 1521 AVC_AUDIT_DATA_INIT(&ad, FS);
1525 1522
1526 ad.u.fs.dentry = old_dentry; 1523 ad.u.fs.path.dentry = old_dentry;
1527 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, 1524 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1528 DIR__REMOVE_NAME | DIR__SEARCH, &ad); 1525 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1529 if (rc) 1526 if (rc)
@@ -1539,7 +1536,7 @@ static inline int may_rename(struct inode *old_dir,
1539 return rc; 1536 return rc;
1540 } 1537 }
1541 1538
1542 ad.u.fs.dentry = new_dentry; 1539 ad.u.fs.path.dentry = new_dentry;
1543 av = DIR__ADD_NAME | DIR__SEARCH; 1540 av = DIR__ADD_NAME | DIR__SEARCH;
1544 if (new_dentry->d_inode) 1541 if (new_dentry->d_inode)
1545 av |= DIR__REMOVE_NAME; 1542 av |= DIR__REMOVE_NAME;
@@ -1918,8 +1915,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
1918 } 1915 }
1919 1916
1920 AVC_AUDIT_DATA_INIT(&ad, FS); 1917 AVC_AUDIT_DATA_INIT(&ad, FS);
1921 ad.u.fs.mnt = bprm->file->f_path.mnt; 1918 ad.u.fs.path = bprm->file->f_path;
1922 ad.u.fs.dentry = bprm->file->f_path.dentry;
1923 1919
1924 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 1920 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
1925 newsid = tsec->sid; 1921 newsid = tsec->sid;
@@ -2315,7 +2311,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2315 return rc; 2311 return rc;
2316 2312
2317 AVC_AUDIT_DATA_INIT(&ad,FS); 2313 AVC_AUDIT_DATA_INIT(&ad,FS);
2318 ad.u.fs.dentry = sb->s_root; 2314 ad.u.fs.path.dentry = sb->s_root;
2319 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); 2315 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2320} 2316}
2321 2317
@@ -2324,7 +2320,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
2324 struct avc_audit_data ad; 2320 struct avc_audit_data ad;
2325 2321
2326 AVC_AUDIT_DATA_INIT(&ad,FS); 2322 AVC_AUDIT_DATA_INIT(&ad,FS);
2327 ad.u.fs.dentry = dentry->d_sb->s_root; 2323 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2328 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2324 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2329} 2325}
2330 2326
@@ -2587,7 +2583,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
2587 return -EPERM; 2583 return -EPERM;
2588 2584
2589 AVC_AUDIT_DATA_INIT(&ad,FS); 2585 AVC_AUDIT_DATA_INIT(&ad,FS);
2590 ad.u.fs.dentry = dentry; 2586 ad.u.fs.path.dentry = dentry;
2591 2587
2592 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, 2588 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2593 FILE__RELABELFROM, &ad); 2589 FILE__RELABELFROM, &ad);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-14 18:00:09 -0500