aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c19
1 files changed, 8 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b61b9554bc27..90b4cdc0c948 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(char *str)
101 return 1; 101 return 1;
102} 102}
103__setup("selinux=", selinux_enabled_setup); 103__setup("selinux=", selinux_enabled_setup);
104#else
105int selinux_enabled = 1;
104#endif 106#endif
105 107
106/* Original (dummy) security module. */ 108/* Original (dummy) security module. */
@@ -3229,7 +3231,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3229 goto out; 3231 goto out;
3230 3232
3231 /* Handle mapped IPv4 packets arriving via IPv6 sockets */ 3233 /* Handle mapped IPv4 packets arriving via IPv6 sockets */
3232 if (family == PF_INET6 && skb->protocol == ntohs(ETH_P_IP)) 3234 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3233 family = PF_INET; 3235 family = PF_INET;
3234 3236
3235 read_lock_bh(&sk->sk_callback_lock); 3237 read_lock_bh(&sk->sk_callback_lock);
@@ -4052,13 +4054,6 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4052 return ipc_has_perm(ipcp, av); 4054 return ipc_has_perm(ipcp, av);
4053} 4055}
4054 4056
4055static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
4056{
4057 struct ipc_security_struct *isec = ipcp->security;
4058
4059 return selinux_getsecurity(isec->sid, buffer, size);
4060}
4061
4062/* module stacking operations */ 4057/* module stacking operations */
4063static int selinux_register_security (const char *name, struct security_operations *ops) 4058static int selinux_register_security (const char *name, struct security_operations *ops)
4064{ 4059{
@@ -4321,7 +4316,6 @@ static struct security_operations selinux_ops = {
4321 .task_to_inode = selinux_task_to_inode, 4316 .task_to_inode = selinux_task_to_inode,
4322 4317
4323 .ipc_permission = selinux_ipc_permission, 4318 .ipc_permission = selinux_ipc_permission,
4324 .ipc_getsecurity = selinux_ipc_getsecurity,
4325 4319
4326 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 4320 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4327 .msg_msg_free_security = selinux_msg_msg_free_security, 4321 .msg_msg_free_security = selinux_msg_msg_free_security,
@@ -4428,6 +4422,7 @@ void selinux_complete_init(void)
4428 4422
4429 /* Set up any superblocks initialized prior to the policy load. */ 4423 /* Set up any superblocks initialized prior to the policy load. */
4430 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n"); 4424 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");
4425 spin_lock(&sb_lock);
4431 spin_lock(&sb_security_lock); 4426 spin_lock(&sb_security_lock);
4432next_sb: 4427next_sb:
4433 if (!list_empty(&superblock_security_head)) { 4428 if (!list_empty(&superblock_security_head)) {
@@ -4436,19 +4431,20 @@ next_sb:
4436 struct superblock_security_struct, 4431 struct superblock_security_struct,
4437 list); 4432 list);
4438 struct super_block *sb = sbsec->sb; 4433 struct super_block *sb = sbsec->sb;
4439 spin_lock(&sb_lock);
4440 sb->s_count++; 4434 sb->s_count++;
4441 spin_unlock(&sb_lock);
4442 spin_unlock(&sb_security_lock); 4435 spin_unlock(&sb_security_lock);
4436 spin_unlock(&sb_lock);
4443 down_read(&sb->s_umount); 4437 down_read(&sb->s_umount);
4444 if (sb->s_root) 4438 if (sb->s_root)
4445 superblock_doinit(sb, NULL); 4439 superblock_doinit(sb, NULL);
4446 drop_super(sb); 4440 drop_super(sb);
4441 spin_lock(&sb_lock);
4447 spin_lock(&sb_security_lock); 4442 spin_lock(&sb_security_lock);
4448 list_del_init(&sbsec->list); 4443 list_del_init(&sbsec->list);
4449 goto next_sb; 4444 goto next_sb;
4450 } 4445 }
4451 spin_unlock(&sb_security_lock); 4446 spin_unlock(&sb_security_lock);
4447 spin_unlock(&sb_lock);
4452} 4448}
4453 4449
4454/* SELinux requires early initialization in order to label 4450/* SELinux requires early initialization in order to label
@@ -4543,6 +4539,7 @@ int selinux_disable(void)
4543 printk(KERN_INFO "SELinux: Disabled at runtime.\n"); 4539 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
4544 4540
4545 selinux_disabled = 1; 4541 selinux_disabled = 1;
4542 selinux_enabled = 0;
4546 4543
4547 /* Reset security_ops to the secondary module, dummy or capability. */ 4544 /* Reset security_ops to the secondary module, dummy or capability. */
4548 security_ops = secondary_ops; 4545 security_ops = secondary_ops;