diff options
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 9 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 110 |
2 files changed, 48 insertions, 71 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 15c6c567468b..28482f9e15b8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -28,7 +28,6 @@ | |||
28 | #include <linux/kernel.h> | 28 | #include <linux/kernel.h> |
29 | #include <linux/tracehook.h> | 29 | #include <linux/tracehook.h> |
30 | #include <linux/errno.h> | 30 | #include <linux/errno.h> |
31 | #include <linux/ext2_fs.h> | ||
32 | #include <linux/sched.h> | 31 | #include <linux/sched.h> |
33 | #include <linux/security.h> | 32 | #include <linux/security.h> |
34 | #include <linux/xattr.h> | 33 | #include <linux/xattr.h> |
@@ -2971,15 +2970,15 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, | |||
2971 | /* fall through */ | 2970 | /* fall through */ |
2972 | case FIGETBSZ: | 2971 | case FIGETBSZ: |
2973 | /* fall through */ | 2972 | /* fall through */ |
2974 | case EXT2_IOC_GETFLAGS: | 2973 | case FS_IOC_GETFLAGS: |
2975 | /* fall through */ | 2974 | /* fall through */ |
2976 | case EXT2_IOC_GETVERSION: | 2975 | case FS_IOC_GETVERSION: |
2977 | error = file_has_perm(cred, file, FILE__GETATTR); | 2976 | error = file_has_perm(cred, file, FILE__GETATTR); |
2978 | break; | 2977 | break; |
2979 | 2978 | ||
2980 | case EXT2_IOC_SETFLAGS: | 2979 | case FS_IOC_SETFLAGS: |
2981 | /* fall through */ | 2980 | /* fall through */ |
2982 | case EXT2_IOC_SETVERSION: | 2981 | case FS_IOC_SETVERSION: |
2983 | error = file_has_perm(cred, file, FILE__SETATTR); | 2982 | error = file_has_perm(cred, file, FILE__SETATTR); |
2984 | break; | 2983 | break; |
2985 | 2984 | ||
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 48a7d0014b4f..d7018bfa1f00 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -344,7 +344,7 @@ static int sel_make_classes(void); | |||
344 | static int sel_make_policycap(void); | 344 | static int sel_make_policycap(void); |
345 | 345 | ||
346 | /* declaration for sel_make_class_dirs */ | 346 | /* declaration for sel_make_class_dirs */ |
347 | static int sel_make_dir(struct inode *dir, struct dentry *dentry, | 347 | static struct dentry *sel_make_dir(struct dentry *dir, const char *name, |
348 | unsigned long *ino); | 348 | unsigned long *ino); |
349 | 349 | ||
350 | static ssize_t sel_read_mls(struct file *filp, char __user *buf, | 350 | static ssize_t sel_read_mls(struct file *filp, char __user *buf, |
@@ -1678,13 +1678,9 @@ static int sel_make_class_dir_entries(char *classname, int index, | |||
1678 | inode->i_ino = sel_class_to_ino(index); | 1678 | inode->i_ino = sel_class_to_ino(index); |
1679 | d_add(dentry, inode); | 1679 | d_add(dentry, inode); |
1680 | 1680 | ||
1681 | dentry = d_alloc_name(dir, "perms"); | 1681 | dentry = sel_make_dir(dir, "perms", &last_class_ino); |
1682 | if (!dentry) | 1682 | if (IS_ERR(dentry)) |
1683 | return -ENOMEM; | 1683 | return PTR_ERR(dentry); |
1684 | |||
1685 | rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino); | ||
1686 | if (rc) | ||
1687 | return rc; | ||
1688 | 1684 | ||
1689 | rc = sel_make_perm_files(classname, index, dentry); | 1685 | rc = sel_make_perm_files(classname, index, dentry); |
1690 | 1686 | ||
@@ -1733,15 +1729,12 @@ static int sel_make_classes(void) | |||
1733 | for (i = 0; i < nclasses; i++) { | 1729 | for (i = 0; i < nclasses; i++) { |
1734 | struct dentry *class_name_dir; | 1730 | struct dentry *class_name_dir; |
1735 | 1731 | ||
1736 | rc = -ENOMEM; | 1732 | class_name_dir = sel_make_dir(class_dir, classes[i], |
1737 | class_name_dir = d_alloc_name(class_dir, classes[i]); | ||
1738 | if (!class_name_dir) | ||
1739 | goto out; | ||
1740 | |||
1741 | rc = sel_make_dir(class_dir->d_inode, class_name_dir, | ||
1742 | &last_class_ino); | 1733 | &last_class_ino); |
1743 | if (rc) | 1734 | if (IS_ERR(class_name_dir)) { |
1735 | rc = PTR_ERR(class_name_dir); | ||
1744 | goto out; | 1736 | goto out; |
1737 | } | ||
1745 | 1738 | ||
1746 | /* i+1 since class values are 1-indexed */ | 1739 | /* i+1 since class values are 1-indexed */ |
1747 | rc = sel_make_class_dir_entries(classes[i], i + 1, | 1740 | rc = sel_make_class_dir_entries(classes[i], i + 1, |
@@ -1787,14 +1780,20 @@ static int sel_make_policycap(void) | |||
1787 | return 0; | 1780 | return 0; |
1788 | } | 1781 | } |
1789 | 1782 | ||
1790 | static int sel_make_dir(struct inode *dir, struct dentry *dentry, | 1783 | static struct dentry *sel_make_dir(struct dentry *dir, const char *name, |
1791 | unsigned long *ino) | 1784 | unsigned long *ino) |
1792 | { | 1785 | { |
1786 | struct dentry *dentry = d_alloc_name(dir, name); | ||
1793 | struct inode *inode; | 1787 | struct inode *inode; |
1794 | 1788 | ||
1795 | inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO); | 1789 | if (!dentry) |
1796 | if (!inode) | 1790 | return ERR_PTR(-ENOMEM); |
1797 | return -ENOMEM; | 1791 | |
1792 | inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); | ||
1793 | if (!inode) { | ||
1794 | dput(dentry); | ||
1795 | return ERR_PTR(-ENOMEM); | ||
1796 | } | ||
1798 | 1797 | ||
1799 | inode->i_op = &simple_dir_inode_operations; | 1798 | inode->i_op = &simple_dir_inode_operations; |
1800 | inode->i_fop = &simple_dir_operations; | 1799 | inode->i_fop = &simple_dir_operations; |
@@ -1803,16 +1802,16 @@ static int sel_make_dir(struct inode *dir, struct dentry *dentry, | |||
1803 | inc_nlink(inode); | 1802 | inc_nlink(inode); |
1804 | d_add(dentry, inode); | 1803 | d_add(dentry, inode); |
1805 | /* bump link count on parent directory, too */ | 1804 | /* bump link count on parent directory, too */ |
1806 | inc_nlink(dir); | 1805 | inc_nlink(dir->d_inode); |
1807 | 1806 | ||
1808 | return 0; | 1807 | return dentry; |
1809 | } | 1808 | } |
1810 | 1809 | ||
1811 | static int sel_fill_super(struct super_block *sb, void *data, int silent) | 1810 | static int sel_fill_super(struct super_block *sb, void *data, int silent) |
1812 | { | 1811 | { |
1813 | int ret; | 1812 | int ret; |
1814 | struct dentry *dentry; | 1813 | struct dentry *dentry; |
1815 | struct inode *inode, *root_inode; | 1814 | struct inode *inode; |
1816 | struct inode_security_struct *isec; | 1815 | struct inode_security_struct *isec; |
1817 | 1816 | ||
1818 | static struct tree_descr selinux_files[] = { | 1817 | static struct tree_descr selinux_files[] = { |
@@ -1839,18 +1838,12 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) | |||
1839 | if (ret) | 1838 | if (ret) |
1840 | goto err; | 1839 | goto err; |
1841 | 1840 | ||
1842 | root_inode = sb->s_root->d_inode; | 1841 | bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino); |
1843 | 1842 | if (IS_ERR(bool_dir)) { | |
1844 | ret = -ENOMEM; | 1843 | ret = PTR_ERR(bool_dir); |
1845 | dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); | 1844 | bool_dir = NULL; |
1846 | if (!dentry) | ||
1847 | goto err; | 1845 | goto err; |
1848 | 1846 | } | |
1849 | ret = sel_make_dir(root_inode, dentry, &sel_last_ino); | ||
1850 | if (ret) | ||
1851 | goto err; | ||
1852 | |||
1853 | bool_dir = dentry; | ||
1854 | 1847 | ||
1855 | ret = -ENOMEM; | 1848 | ret = -ENOMEM; |
1856 | dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); | 1849 | dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); |
@@ -1872,54 +1865,39 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) | |||
1872 | d_add(dentry, inode); | 1865 | d_add(dentry, inode); |
1873 | selinux_null = dentry; | 1866 | selinux_null = dentry; |
1874 | 1867 | ||
1875 | ret = -ENOMEM; | 1868 | dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino); |
1876 | dentry = d_alloc_name(sb->s_root, "avc"); | 1869 | if (IS_ERR(dentry)) { |
1877 | if (!dentry) | 1870 | ret = PTR_ERR(dentry); |
1878 | goto err; | ||
1879 | |||
1880 | ret = sel_make_dir(root_inode, dentry, &sel_last_ino); | ||
1881 | if (ret) | ||
1882 | goto err; | 1871 | goto err; |
1872 | } | ||
1883 | 1873 | ||
1884 | ret = sel_make_avc_files(dentry); | 1874 | ret = sel_make_avc_files(dentry); |
1885 | if (ret) | 1875 | if (ret) |
1886 | goto err; | 1876 | goto err; |
1887 | 1877 | ||
1888 | ret = -ENOMEM; | 1878 | dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino); |
1889 | dentry = d_alloc_name(sb->s_root, "initial_contexts"); | 1879 | if (IS_ERR(dentry)) { |
1890 | if (!dentry) | 1880 | ret = PTR_ERR(dentry); |
1891 | goto err; | ||
1892 | |||
1893 | ret = sel_make_dir(root_inode, dentry, &sel_last_ino); | ||
1894 | if (ret) | ||
1895 | goto err; | 1881 | goto err; |
1882 | } | ||
1896 | 1883 | ||
1897 | ret = sel_make_initcon_files(dentry); | 1884 | ret = sel_make_initcon_files(dentry); |
1898 | if (ret) | 1885 | if (ret) |
1899 | goto err; | 1886 | goto err; |
1900 | 1887 | ||
1901 | ret = -ENOMEM; | 1888 | class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino); |
1902 | dentry = d_alloc_name(sb->s_root, "class"); | 1889 | if (IS_ERR(class_dir)) { |
1903 | if (!dentry) | 1890 | ret = PTR_ERR(class_dir); |
1904 | goto err; | 1891 | class_dir = NULL; |
1905 | |||
1906 | ret = sel_make_dir(root_inode, dentry, &sel_last_ino); | ||
1907 | if (ret) | ||
1908 | goto err; | ||
1909 | |||
1910 | class_dir = dentry; | ||
1911 | |||
1912 | ret = -ENOMEM; | ||
1913 | dentry = d_alloc_name(sb->s_root, "policy_capabilities"); | ||
1914 | if (!dentry) | ||
1915 | goto err; | 1892 | goto err; |
1893 | } | ||
1916 | 1894 | ||
1917 | ret = sel_make_dir(root_inode, dentry, &sel_last_ino); | 1895 | policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino); |
1918 | if (ret) | 1896 | if (IS_ERR(policycap_dir)) { |
1897 | ret = PTR_ERR(policycap_dir); | ||
1898 | policycap_dir = NULL; | ||
1919 | goto err; | 1899 | goto err; |
1920 | 1900 | } | |
1921 | policycap_dir = dentry; | ||
1922 | |||
1923 | return 0; | 1901 | return 0; |
1924 | err: | 1902 | err: |
1925 | printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", | 1903 | printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", |