diff options
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 32 |
1 files changed, 13 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c09211a4d7da..777ee98273d1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1539,7 +1539,7 @@ static int cred_has_capability(const struct cred *cred, | |||
1539 | 1539 | ||
1540 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); | 1540 | rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); |
1541 | if (audit == SECURITY_CAP_AUDIT) { | 1541 | if (audit == SECURITY_CAP_AUDIT) { |
1542 | int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0); | 1542 | int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); |
1543 | if (rc2) | 1543 | if (rc2) |
1544 | return rc2; | 1544 | return rc2; |
1545 | } | 1545 | } |
@@ -1562,8 +1562,7 @@ static int task_has_system(struct task_struct *tsk, | |||
1562 | static int inode_has_perm(const struct cred *cred, | 1562 | static int inode_has_perm(const struct cred *cred, |
1563 | struct inode *inode, | 1563 | struct inode *inode, |
1564 | u32 perms, | 1564 | u32 perms, |
1565 | struct common_audit_data *adp, | 1565 | struct common_audit_data *adp) |
1566 | unsigned flags) | ||
1567 | { | 1566 | { |
1568 | struct inode_security_struct *isec; | 1567 | struct inode_security_struct *isec; |
1569 | u32 sid; | 1568 | u32 sid; |
@@ -1576,7 +1575,7 @@ static int inode_has_perm(const struct cred *cred, | |||
1576 | sid = cred_sid(cred); | 1575 | sid = cred_sid(cred); |
1577 | isec = inode->i_security; | 1576 | isec = inode->i_security; |
1578 | 1577 | ||
1579 | return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); | 1578 | return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); |
1580 | } | 1579 | } |
1581 | 1580 | ||
1582 | /* Same as inode_has_perm, but pass explicit audit data containing | 1581 | /* Same as inode_has_perm, but pass explicit audit data containing |
@@ -1591,7 +1590,7 @@ static inline int dentry_has_perm(const struct cred *cred, | |||
1591 | 1590 | ||
1592 | ad.type = LSM_AUDIT_DATA_DENTRY; | 1591 | ad.type = LSM_AUDIT_DATA_DENTRY; |
1593 | ad.u.dentry = dentry; | 1592 | ad.u.dentry = dentry; |
1594 | return inode_has_perm(cred, inode, av, &ad, 0); | 1593 | return inode_has_perm(cred, inode, av, &ad); |
1595 | } | 1594 | } |
1596 | 1595 | ||
1597 | /* Same as inode_has_perm, but pass explicit audit data containing | 1596 | /* Same as inode_has_perm, but pass explicit audit data containing |
@@ -1606,7 +1605,7 @@ static inline int path_has_perm(const struct cred *cred, | |||
1606 | 1605 | ||
1607 | ad.type = LSM_AUDIT_DATA_PATH; | 1606 | ad.type = LSM_AUDIT_DATA_PATH; |
1608 | ad.u.path = *path; | 1607 | ad.u.path = *path; |
1609 | return inode_has_perm(cred, inode, av, &ad, 0); | 1608 | return inode_has_perm(cred, inode, av, &ad); |
1610 | } | 1609 | } |
1611 | 1610 | ||
1612 | /* Same as path_has_perm, but uses the inode from the file struct. */ | 1611 | /* Same as path_has_perm, but uses the inode from the file struct. */ |
@@ -1618,7 +1617,7 @@ static inline int file_path_has_perm(const struct cred *cred, | |||
1618 | 1617 | ||
1619 | ad.type = LSM_AUDIT_DATA_PATH; | 1618 | ad.type = LSM_AUDIT_DATA_PATH; |
1620 | ad.u.path = file->f_path; | 1619 | ad.u.path = file->f_path; |
1621 | return inode_has_perm(cred, file_inode(file), av, &ad, 0); | 1620 | return inode_has_perm(cred, file_inode(file), av, &ad); |
1622 | } | 1621 | } |
1623 | 1622 | ||
1624 | /* Check whether a task can use an open file descriptor to | 1623 | /* Check whether a task can use an open file descriptor to |
@@ -1654,7 +1653,7 @@ static int file_has_perm(const struct cred *cred, | |||
1654 | /* av is zero if only checking access to the descriptor. */ | 1653 | /* av is zero if only checking access to the descriptor. */ |
1655 | rc = 0; | 1654 | rc = 0; |
1656 | if (av) | 1655 | if (av) |
1657 | rc = inode_has_perm(cred, inode, av, &ad, 0); | 1656 | rc = inode_has_perm(cred, inode, av, &ad); |
1658 | 1657 | ||
1659 | out: | 1658 | out: |
1660 | return rc; | 1659 | return rc; |
@@ -2624,7 +2623,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, | |||
2624 | } | 2623 | } |
2625 | 2624 | ||
2626 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | 2625 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, |
2627 | const struct qstr *qstr, char **name, | 2626 | const struct qstr *qstr, |
2627 | const char **name, | ||
2628 | void **value, size_t *len) | 2628 | void **value, size_t *len) |
2629 | { | 2629 | { |
2630 | const struct task_security_struct *tsec = current_security(); | 2630 | const struct task_security_struct *tsec = current_security(); |
@@ -2632,7 +2632,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2632 | struct superblock_security_struct *sbsec; | 2632 | struct superblock_security_struct *sbsec; |
2633 | u32 sid, newsid, clen; | 2633 | u32 sid, newsid, clen; |
2634 | int rc; | 2634 | int rc; |
2635 | char *namep = NULL, *context; | 2635 | char *context; |
2636 | 2636 | ||
2637 | dsec = dir->i_security; | 2637 | dsec = dir->i_security; |
2638 | sbsec = dir->i_sb->s_security; | 2638 | sbsec = dir->i_sb->s_security; |
@@ -2668,19 +2668,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2668 | if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT)) | 2668 | if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT)) |
2669 | return -EOPNOTSUPP; | 2669 | return -EOPNOTSUPP; |
2670 | 2670 | ||
2671 | if (name) { | 2671 | if (name) |
2672 | namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); | 2672 | *name = XATTR_SELINUX_SUFFIX; |
2673 | if (!namep) | ||
2674 | return -ENOMEM; | ||
2675 | *name = namep; | ||
2676 | } | ||
2677 | 2673 | ||
2678 | if (value && len) { | 2674 | if (value && len) { |
2679 | rc = security_sid_to_context_force(newsid, &context, &clen); | 2675 | rc = security_sid_to_context_force(newsid, &context, &clen); |
2680 | if (rc) { | 2676 | if (rc) |
2681 | kfree(namep); | ||
2682 | return rc; | 2677 | return rc; |
2683 | } | ||
2684 | *value = context; | 2678 | *value = context; |
2685 | *len = clen; | 2679 | *len = clen; |
2686 | } | 2680 | } |