diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b29059ecc045..78c3f98fcdcf 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2569,12 +2569,16 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared | |||
| 2569 | } | 2569 | } |
| 2570 | 2570 | ||
| 2571 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 2571 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, |
| 2572 | unsigned long prot, unsigned long flags) | 2572 | unsigned long prot, unsigned long flags, |
| 2573 | unsigned long addr, unsigned long addr_only) | ||
| 2573 | { | 2574 | { |
| 2574 | int rc; | 2575 | int rc = 0; |
| 2576 | u32 sid = ((struct task_security_struct*)(current->security))->sid; | ||
| 2575 | 2577 | ||
| 2576 | rc = secondary_ops->file_mmap(file, reqprot, prot, flags); | 2578 | if (addr < mmap_min_addr) |
| 2577 | if (rc) | 2579 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, |
| 2580 | MEMPROTECT__MMAP_ZERO, NULL); | ||
| 2581 | if (rc || addr_only) | ||
| 2578 | return rc; | 2582 | return rc; |
| 2579 | 2583 | ||
| 2580 | if (selinux_checkreqprot) | 2584 | if (selinux_checkreqprot) |