diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index cc6e5a3f10cc..f20cbd681ba6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2150,9 +2150,9 @@ extern struct vfsmount *selinuxfs_mount; | |||
| 2150 | extern struct dentry *selinux_null; | 2150 | extern struct dentry *selinux_null; |
| 2151 | 2151 | ||
| 2152 | /* Derived from fs/exec.c:flush_old_files. */ | 2152 | /* Derived from fs/exec.c:flush_old_files. */ |
| 2153 | static inline void flush_unauthorized_files(struct files_struct *files) | 2153 | static inline void flush_unauthorized_files(const struct cred *cred, |
| 2154 | struct files_struct *files) | ||
| 2154 | { | 2155 | { |
| 2155 | const struct cred *cred = current_cred(); | ||
| 2156 | struct avc_audit_data ad; | 2156 | struct avc_audit_data ad; |
| 2157 | struct file *file, *devnull = NULL; | 2157 | struct file *file, *devnull = NULL; |
| 2158 | struct tty_struct *tty; | 2158 | struct tty_struct *tty; |
| @@ -2222,7 +2222,10 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
| 2222 | if (devnull) { | 2222 | if (devnull) { |
| 2223 | get_file(devnull); | 2223 | get_file(devnull); |
| 2224 | } else { | 2224 | } else { |
| 2225 | devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR); | 2225 | devnull = dentry_open( |
| 2226 | dget(selinux_null), | ||
| 2227 | mntget(selinuxfs_mount), | ||
| 2228 | O_RDWR, cred); | ||
| 2226 | if (IS_ERR(devnull)) { | 2229 | if (IS_ERR(devnull)) { |
| 2227 | devnull = NULL; | 2230 | devnull = NULL; |
| 2228 | put_unused_fd(fd); | 2231 | put_unused_fd(fd); |
| @@ -2302,6 +2305,7 @@ static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | |||
| 2302 | */ | 2305 | */ |
| 2303 | static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | 2306 | static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) |
| 2304 | { | 2307 | { |
| 2308 | const struct cred *cred = current_cred(); | ||
| 2305 | struct task_security_struct *tsec; | 2309 | struct task_security_struct *tsec; |
| 2306 | struct rlimit *rlim, *initrlim; | 2310 | struct rlimit *rlim, *initrlim; |
| 2307 | struct itimerval itimer; | 2311 | struct itimerval itimer; |
| @@ -2321,7 +2325,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | |||
| 2321 | return; | 2325 | return; |
| 2322 | 2326 | ||
| 2323 | /* Close files for which the new task SID is not authorized. */ | 2327 | /* Close files for which the new task SID is not authorized. */ |
| 2324 | flush_unauthorized_files(current->files); | 2328 | flush_unauthorized_files(cred, current->files); |
| 2325 | 2329 | ||
| 2326 | /* Check whether the new SID can inherit signal state | 2330 | /* Check whether the new SID can inherit signal state |
| 2327 | from the old SID. If not, clear itimers to avoid | 2331 | from the old SID. If not, clear itimers to avoid |
| @@ -3202,9 +3206,8 @@ static int selinux_file_receive(struct file *file) | |||
| 3202 | return file_has_perm(cred, file, file_to_av(file)); | 3206 | return file_has_perm(cred, file, file_to_av(file)); |
| 3203 | } | 3207 | } |
| 3204 | 3208 | ||
| 3205 | static int selinux_dentry_open(struct file *file) | 3209 | static int selinux_dentry_open(struct file *file, const struct cred *cred) |
| 3206 | { | 3210 | { |
| 3207 | const struct cred *cred = current_cred(); | ||
| 3208 | struct file_security_struct *fsec; | 3211 | struct file_security_struct *fsec; |
| 3209 | struct inode *inode; | 3212 | struct inode *inode; |
| 3210 | struct inode_security_struct *isec; | 3213 | struct inode_security_struct *isec; |