aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c22
1 files changed, 9 insertions, 13 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5f21a514f581..f71de5a64d0c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -75,6 +75,7 @@
75#include <linux/string.h> 75#include <linux/string.h>
76#include <linux/selinux.h> 76#include <linux/selinux.h>
77#include <linux/mutex.h> 77#include <linux/mutex.h>
78#include <linux/posix-timers.h>
78 79
79#include "avc.h" 80#include "avc.h"
80#include "objsec.h" 81#include "objsec.h"
@@ -325,7 +326,7 @@ enum {
325 Opt_rootcontext = 4, 326 Opt_rootcontext = 4,
326}; 327};
327 328
328static match_table_t tokens = { 329static const match_table_t tokens = {
329 {Opt_context, CONTEXT_STR "%s"}, 330 {Opt_context, CONTEXT_STR "%s"},
330 {Opt_fscontext, FSCONTEXT_STR "%s"}, 331 {Opt_fscontext, FSCONTEXT_STR "%s"},
331 {Opt_defcontext, DEFCONTEXT_STR "%s"}, 332 {Opt_defcontext, DEFCONTEXT_STR "%s"},
@@ -2123,26 +2124,27 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2123 long j = -1; 2124 long j = -1;
2124 int drop_tty = 0; 2125 int drop_tty = 0;
2125 2126
2126 mutex_lock(&tty_mutex);
2127 tty = get_current_tty(); 2127 tty = get_current_tty();
2128 if (tty) { 2128 if (tty) {
2129 file_list_lock(); 2129 file_list_lock();
2130 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); 2130 if (!list_empty(&tty->tty_files)) {
2131 if (file) { 2131 struct inode *inode;
2132
2132 /* Revalidate access to controlling tty. 2133 /* Revalidate access to controlling tty.
2133 Use inode_has_perm on the tty inode directly rather 2134 Use inode_has_perm on the tty inode directly rather
2134 than using file_has_perm, as this particular open 2135 than using file_has_perm, as this particular open
2135 file may belong to another process and we are only 2136 file may belong to another process and we are only
2136 interested in the inode-based check here. */ 2137 interested in the inode-based check here. */
2137 struct inode *inode = file->f_path.dentry->d_inode; 2138 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
2139 inode = file->f_path.dentry->d_inode;
2138 if (inode_has_perm(current, inode, 2140 if (inode_has_perm(current, inode,
2139 FILE__READ | FILE__WRITE, NULL)) { 2141 FILE__READ | FILE__WRITE, NULL)) {
2140 drop_tty = 1; 2142 drop_tty = 1;
2141 } 2143 }
2142 } 2144 }
2143 file_list_unlock(); 2145 file_list_unlock();
2146 tty_kref_put(tty);
2144 } 2147 }
2145 mutex_unlock(&tty_mutex);
2146 /* Reset controlling tty. */ 2148 /* Reset controlling tty. */
2147 if (drop_tty) 2149 if (drop_tty)
2148 no_tty(); 2150 no_tty();
@@ -2326,13 +2328,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
2326 initrlim = init_task.signal->rlim+i; 2328 initrlim = init_task.signal->rlim+i;
2327 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); 2329 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2328 } 2330 }
2329 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { 2331 update_rlimit_cpu(rlim->rlim_cur);
2330 /*
2331 * This will cause RLIMIT_CPU calculations
2332 * to be refigured.
2333 */
2334 current->it_prof_expires = jiffies_to_cputime(1);
2335 }
2336 } 2332 }
2337 2333
2338 /* Wake up the parent if it is waiting so that it can 2334 /* Wake up the parent if it is waiting so that it can