diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 43 |
1 files changed, 15 insertions, 28 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index be6de0b8734f..e5ed07510309 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -136,32 +136,6 @@ static DEFINE_SPINLOCK(sb_security_lock); | |||
| 136 | 136 | ||
| 137 | static struct kmem_cache *sel_inode_cache; | 137 | static struct kmem_cache *sel_inode_cache; |
| 138 | 138 | ||
| 139 | /* Return security context for a given sid or just the context | ||
| 140 | length if the buffer is null or length is 0 */ | ||
| 141 | static int selinux_getsecurity(u32 sid, void *buffer, size_t size) | ||
| 142 | { | ||
| 143 | char *context; | ||
| 144 | unsigned len; | ||
| 145 | int rc; | ||
| 146 | |||
| 147 | rc = security_sid_to_context(sid, &context, &len); | ||
| 148 | if (rc) | ||
| 149 | return rc; | ||
| 150 | |||
| 151 | if (!buffer || !size) | ||
| 152 | goto getsecurity_exit; | ||
| 153 | |||
| 154 | if (size < len) { | ||
| 155 | len = -ERANGE; | ||
| 156 | goto getsecurity_exit; | ||
| 157 | } | ||
| 158 | memcpy(buffer, context, len); | ||
| 159 | |||
| 160 | getsecurity_exit: | ||
| 161 | kfree(context); | ||
| 162 | return len; | ||
| 163 | } | ||
| 164 | |||
| 165 | /** | 139 | /** |
| 166 | * selinux_secmark_enabled - Check to see if SECMARK is currently enabled | 140 | * selinux_secmark_enabled - Check to see if SECMARK is currently enabled |
| 167 | * | 141 | * |
| @@ -2675,14 +2649,27 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name) | |||
| 2675 | * | 2649 | * |
| 2676 | * Permission check is handled by selinux_inode_getxattr hook. | 2650 | * Permission check is handled by selinux_inode_getxattr hook. |
| 2677 | */ | 2651 | */ |
| 2678 | static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) | 2652 | static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) |
| 2679 | { | 2653 | { |
| 2654 | u32 size; | ||
| 2655 | int error; | ||
| 2656 | char *context = NULL; | ||
| 2680 | struct inode_security_struct *isec = inode->i_security; | 2657 | struct inode_security_struct *isec = inode->i_security; |
| 2681 | 2658 | ||
| 2682 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2659 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
| 2683 | return -EOPNOTSUPP; | 2660 | return -EOPNOTSUPP; |
| 2684 | 2661 | ||
| 2685 | return selinux_getsecurity(isec->sid, buffer, size); | 2662 | error = security_sid_to_context(isec->sid, &context, &size); |
| 2663 | if (error) | ||
| 2664 | return error; | ||
| 2665 | error = size; | ||
| 2666 | if (alloc) { | ||
| 2667 | *buffer = context; | ||
| 2668 | goto out_nofree; | ||
| 2669 | } | ||
| 2670 | kfree(context); | ||
| 2671 | out_nofree: | ||
| 2672 | return error; | ||
| 2686 | } | 2673 | } |
| 2687 | 2674 | ||
| 2688 | static int selinux_inode_setsecurity(struct inode *inode, const char *name, | 2675 | static int selinux_inode_setsecurity(struct inode *inode, const char *name, |