aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c32
1 files changed, 13 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c09211a4d7da..777ee98273d1 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1539,7 +1539,7 @@ static int cred_has_capability(const struct cred *cred,
1539 1539
1540 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); 1540 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1541 if (audit == SECURITY_CAP_AUDIT) { 1541 if (audit == SECURITY_CAP_AUDIT) {
1542 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0); 1542 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1543 if (rc2) 1543 if (rc2)
1544 return rc2; 1544 return rc2;
1545 } 1545 }
@@ -1562,8 +1562,7 @@ static int task_has_system(struct task_struct *tsk,
1562static int inode_has_perm(const struct cred *cred, 1562static int inode_has_perm(const struct cred *cred,
1563 struct inode *inode, 1563 struct inode *inode,
1564 u32 perms, 1564 u32 perms,
1565 struct common_audit_data *adp, 1565 struct common_audit_data *adp)
1566 unsigned flags)
1567{ 1566{
1568 struct inode_security_struct *isec; 1567 struct inode_security_struct *isec;
1569 u32 sid; 1568 u32 sid;
@@ -1576,7 +1575,7 @@ static int inode_has_perm(const struct cred *cred,
1576 sid = cred_sid(cred); 1575 sid = cred_sid(cred);
1577 isec = inode->i_security; 1576 isec = inode->i_security;
1578 1577
1579 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); 1578 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1580} 1579}
1581 1580
1582/* Same as inode_has_perm, but pass explicit audit data containing 1581/* Same as inode_has_perm, but pass explicit audit data containing
@@ -1591,7 +1590,7 @@ static inline int dentry_has_perm(const struct cred *cred,
1591 1590
1592 ad.type = LSM_AUDIT_DATA_DENTRY; 1591 ad.type = LSM_AUDIT_DATA_DENTRY;
1593 ad.u.dentry = dentry; 1592 ad.u.dentry = dentry;
1594 return inode_has_perm(cred, inode, av, &ad, 0); 1593 return inode_has_perm(cred, inode, av, &ad);
1595} 1594}
1596 1595
1597/* Same as inode_has_perm, but pass explicit audit data containing 1596/* Same as inode_has_perm, but pass explicit audit data containing
@@ -1606,7 +1605,7 @@ static inline int path_has_perm(const struct cred *cred,
1606 1605
1607 ad.type = LSM_AUDIT_DATA_PATH; 1606 ad.type = LSM_AUDIT_DATA_PATH;
1608 ad.u.path = *path; 1607 ad.u.path = *path;
1609 return inode_has_perm(cred, inode, av, &ad, 0); 1608 return inode_has_perm(cred, inode, av, &ad);
1610} 1609}
1611 1610
1612/* Same as path_has_perm, but uses the inode from the file struct. */ 1611/* Same as path_has_perm, but uses the inode from the file struct. */
@@ -1618,7 +1617,7 @@ static inline int file_path_has_perm(const struct cred *cred,
1618 1617
1619 ad.type = LSM_AUDIT_DATA_PATH; 1618 ad.type = LSM_AUDIT_DATA_PATH;
1620 ad.u.path = file->f_path; 1619 ad.u.path = file->f_path;
1621 return inode_has_perm(cred, file_inode(file), av, &ad, 0); 1620 return inode_has_perm(cred, file_inode(file), av, &ad);
1622} 1621}
1623 1622
1624/* Check whether a task can use an open file descriptor to 1623/* Check whether a task can use an open file descriptor to
@@ -1654,7 +1653,7 @@ static int file_has_perm(const struct cred *cred,
1654 /* av is zero if only checking access to the descriptor. */ 1653 /* av is zero if only checking access to the descriptor. */
1655 rc = 0; 1654 rc = 0;
1656 if (av) 1655 if (av)
1657 rc = inode_has_perm(cred, inode, av, &ad, 0); 1656 rc = inode_has_perm(cred, inode, av, &ad);
1658 1657
1659out: 1658out:
1660 return rc; 1659 return rc;
@@ -2624,7 +2623,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2624} 2623}
2625 2624
2626static int selinux_inode_init_security(struct inode *inode, struct inode *dir, 2625static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2627 const struct qstr *qstr, char **name, 2626 const struct qstr *qstr,
2627 const char **name,
2628 void **value, size_t *len) 2628 void **value, size_t *len)
2629{ 2629{
2630 const struct task_security_struct *tsec = current_security(); 2630 const struct task_security_struct *tsec = current_security();
@@ -2632,7 +2632,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2632 struct superblock_security_struct *sbsec; 2632 struct superblock_security_struct *sbsec;
2633 u32 sid, newsid, clen; 2633 u32 sid, newsid, clen;
2634 int rc; 2634 int rc;
2635 char *namep = NULL, *context; 2635 char *context;
2636 2636
2637 dsec = dir->i_security; 2637 dsec = dir->i_security;
2638 sbsec = dir->i_sb->s_security; 2638 sbsec = dir->i_sb->s_security;
@@ -2668,19 +2668,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2668 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT)) 2668 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2669 return -EOPNOTSUPP; 2669 return -EOPNOTSUPP;
2670 2670
2671 if (name) { 2671 if (name)
2672 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); 2672 *name = XATTR_SELINUX_SUFFIX;
2673 if (!namep)
2674 return -ENOMEM;
2675 *name = namep;
2676 }
2677 2673
2678 if (value && len) { 2674 if (value && len) {
2679 rc = security_sid_to_context_force(newsid, &context, &clen); 2675 rc = security_sid_to_context_force(newsid, &context, &clen);
2680 if (rc) { 2676 if (rc)
2681 kfree(namep);
2682 return rc; 2677 return rc;
2683 }
2684 *value = context; 2678 *value = context;
2685 *len = clen; 2679 *len = clen;
2686 } 2680 }