aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c26
1 files changed, 12 insertions, 14 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ef26e9611ffb..7171a957b933 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -51,6 +51,7 @@
51#include <linux/tty.h> 51#include <linux/tty.h>
52#include <net/icmp.h> 52#include <net/icmp.h>
53#include <net/ip.h> /* for local_port_range[] */ 53#include <net/ip.h> /* for local_port_range[] */
54#include <net/sock.h>
54#include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ 55#include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
55#include <net/net_namespace.h> 56#include <net/net_namespace.h>
56#include <net/netlabel.h> 57#include <net/netlabel.h>
@@ -1528,7 +1529,7 @@ static int file_has_perm(const struct cred *cred,
1528 u32 av) 1529 u32 av)
1529{ 1530{
1530 struct file_security_struct *fsec = file->f_security; 1531 struct file_security_struct *fsec = file->f_security;
1531 struct inode *inode = file->f_path.dentry->d_inode; 1532 struct inode *inode = file_inode(file);
1532 struct common_audit_data ad; 1533 struct common_audit_data ad;
1533 u32 sid = cred_sid(cred); 1534 u32 sid = cred_sid(cred);
1534 int rc; 1535 int rc;
@@ -1957,7 +1958,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1957 struct task_security_struct *new_tsec; 1958 struct task_security_struct *new_tsec;
1958 struct inode_security_struct *isec; 1959 struct inode_security_struct *isec;
1959 struct common_audit_data ad; 1960 struct common_audit_data ad;
1960 struct inode *inode = bprm->file->f_path.dentry->d_inode; 1961 struct inode *inode = file_inode(bprm->file);
1961 int rc; 1962 int rc;
1962 1963
1963 rc = cap_bprm_set_creds(bprm); 1964 rc = cap_bprm_set_creds(bprm);
@@ -2929,7 +2930,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2929static int selinux_revalidate_file_permission(struct file *file, int mask) 2930static int selinux_revalidate_file_permission(struct file *file, int mask)
2930{ 2931{
2931 const struct cred *cred = current_cred(); 2932 const struct cred *cred = current_cred();
2932 struct inode *inode = file->f_path.dentry->d_inode; 2933 struct inode *inode = file_inode(file);
2933 2934
2934 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ 2935 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2935 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2936 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
@@ -2941,7 +2942,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2941 2942
2942static int selinux_file_permission(struct file *file, int mask) 2943static int selinux_file_permission(struct file *file, int mask)
2943{ 2944{
2944 struct inode *inode = file->f_path.dentry->d_inode; 2945 struct inode *inode = file_inode(file);
2945 struct file_security_struct *fsec = file->f_security; 2946 struct file_security_struct *fsec = file->f_security;
2946 struct inode_security_struct *isec = inode->i_security; 2947 struct inode_security_struct *isec = inode->i_security;
2947 u32 sid = current_sid(); 2948 u32 sid = current_sid();
@@ -3135,11 +3136,6 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3135 3136
3136 switch (cmd) { 3137 switch (cmd) {
3137 case F_SETFL: 3138 case F_SETFL:
3138 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3139 err = -EINVAL;
3140 break;
3141 }
3142
3143 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { 3139 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3144 err = file_has_perm(cred, file, FILE__WRITE); 3140 err = file_has_perm(cred, file, FILE__WRITE);
3145 break; 3141 break;
@@ -3162,10 +3158,6 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3162 case F_SETLK64: 3158 case F_SETLK64:
3163 case F_SETLKW64: 3159 case F_SETLKW64:
3164#endif 3160#endif
3165 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3166 err = -EINVAL;
3167 break;
3168 }
3169 err = file_has_perm(cred, file, FILE__LOCK); 3161 err = file_has_perm(cred, file, FILE__LOCK);
3170 break; 3162 break;
3171 } 3163 }
@@ -3218,7 +3210,7 @@ static int selinux_file_open(struct file *file, const struct cred *cred)
3218 struct inode_security_struct *isec; 3210 struct inode_security_struct *isec;
3219 3211
3220 fsec = file->f_security; 3212 fsec = file->f_security;
3221 isec = file->f_path.dentry->d_inode->i_security; 3213 isec = file_inode(file)->i_security;
3222 /* 3214 /*
3223 * Save inode label and policy sequence number 3215 * Save inode label and policy sequence number
3224 * at open-time so that selinux_file_permission 3216 * at open-time so that selinux_file_permission
@@ -4372,6 +4364,11 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4372 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); 4364 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4373} 4365}
4374 4366
4367static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk)
4368{
4369 skb_set_owner_w(skb, sk);
4370}
4371
4375static int selinux_secmark_relabel_packet(u32 sid) 4372static int selinux_secmark_relabel_packet(u32 sid)
4376{ 4373{
4377 const struct task_security_struct *__tsec; 4374 const struct task_security_struct *__tsec;
@@ -5673,6 +5670,7 @@ static struct security_operations selinux_ops = {
5673 .tun_dev_attach_queue = selinux_tun_dev_attach_queue, 5670 .tun_dev_attach_queue = selinux_tun_dev_attach_queue,
5674 .tun_dev_attach = selinux_tun_dev_attach, 5671 .tun_dev_attach = selinux_tun_dev_attach,
5675 .tun_dev_open = selinux_tun_dev_open, 5672 .tun_dev_open = selinux_tun_dev_open,
5673 .skb_owned_by = selinux_skb_owned_by,
5676 5674
5677#ifdef CONFIG_SECURITY_NETWORK_XFRM 5675#ifdef CONFIG_SECURITY_NETWORK_XFRM
5678 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, 5676 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-02 23:24:18 -0400