aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c111
-rw-r--r--security/selinux/include/objsec.h1
2 files changed, 0 insertions, 112 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 265f33d3af9b..c9c20828be79 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1265,91 +1265,6 @@ static int inode_security_set_sid(struct inode *inode, u32 sid)
1265 return 0; 1265 return 0;
1266} 1266}
1267 1267
1268/* Set the security attributes on a newly created file. */
1269static int post_create(struct inode *dir,
1270 struct dentry *dentry)
1271{
1272
1273 struct task_security_struct *tsec;
1274 struct inode *inode;
1275 struct inode_security_struct *dsec;
1276 struct superblock_security_struct *sbsec;
1277 struct inode_security_struct *isec;
1278 u32 newsid;
1279 char *context;
1280 unsigned int len;
1281 int rc;
1282
1283 tsec = current->security;
1284 dsec = dir->i_security;
1285 sbsec = dir->i_sb->s_security;
1286
1287 inode = dentry->d_inode;
1288 if (!inode) {
1289 /* Some file system types (e.g. NFS) may not instantiate
1290 a dentry for all create operations (e.g. symlink),
1291 so we have to check to see if the inode is non-NULL. */
1292 printk(KERN_WARNING "post_create: no inode, dir (dev=%s, "
1293 "ino=%ld)\n", dir->i_sb->s_id, dir->i_ino);
1294 return 0;
1295 }
1296
1297 isec = inode->i_security;
1298
1299 if (isec->security_attr_init)
1300 return 0;
1301
1302 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1303 newsid = tsec->create_sid;
1304 } else {
1305 rc = security_transition_sid(tsec->sid, dsec->sid,
1306 inode_mode_to_security_class(inode->i_mode),
1307 &newsid);
1308 if (rc) {
1309 printk(KERN_WARNING "post_create: "
1310 "security_transition_sid failed, rc=%d (dev=%s "
1311 "ino=%ld)\n",
1312 -rc, inode->i_sb->s_id, inode->i_ino);
1313 return rc;
1314 }
1315 }
1316
1317 rc = inode_security_set_sid(inode, newsid);
1318 if (rc) {
1319 printk(KERN_WARNING "post_create: inode_security_set_sid "
1320 "failed, rc=%d (dev=%s ino=%ld)\n",
1321 -rc, inode->i_sb->s_id, inode->i_ino);
1322 return rc;
1323 }
1324
1325 if (sbsec->behavior == SECURITY_FS_USE_XATTR &&
1326 inode->i_op->setxattr) {
1327 /* Use extended attributes. */
1328 rc = security_sid_to_context(newsid, &context, &len);
1329 if (rc) {
1330 printk(KERN_WARNING "post_create: sid_to_context "
1331 "failed, rc=%d (dev=%s ino=%ld)\n",
1332 -rc, inode->i_sb->s_id, inode->i_ino);
1333 return rc;
1334 }
1335 down(&inode->i_sem);
1336 rc = inode->i_op->setxattr(dentry,
1337 XATTR_NAME_SELINUX,
1338 context, len, 0);
1339 up(&inode->i_sem);
1340 kfree(context);
1341 if (rc < 0) {
1342 printk(KERN_WARNING "post_create: setxattr failed, "
1343 "rc=%d (dev=%s ino=%ld)\n",
1344 -rc, inode->i_sb->s_id, inode->i_ino);
1345 return rc;
1346 }
1347 }
1348
1349 return 0;
1350}
1351
1352
1353/* Hook functions begin here. */ 1268/* Hook functions begin here. */
1354 1269
1355static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) 1270static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
@@ -2076,8 +1991,6 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2076 *len = clen; 1991 *len = clen;
2077 } 1992 }
2078 1993
2079 isec->security_attr_init = 1;
2080
2081 return 0; 1994 return 0;
2082} 1995}
2083 1996
@@ -2086,11 +1999,6 @@ static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int ma
2086 return may_create(dir, dentry, SECCLASS_FILE); 1999 return may_create(dir, dentry, SECCLASS_FILE);
2087} 2000}
2088 2001
2089static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask)
2090{
2091 post_create(dir, dentry);
2092}
2093
2094static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) 2002static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2095{ 2003{
2096 int rc; 2004 int rc;
@@ -2121,21 +2029,11 @@ static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const
2121 return may_create(dir, dentry, SECCLASS_LNK_FILE); 2029 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2122} 2030}
2123 2031
2124static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2125{
2126 post_create(dir, dentry);
2127}
2128
2129static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) 2032static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2130{ 2033{
2131 return may_create(dir, dentry, SECCLASS_DIR); 2034 return may_create(dir, dentry, SECCLASS_DIR);
2132} 2035}
2133 2036
2134static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2135{
2136 post_create(dir, dentry);
2137}
2138
2139static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) 2037static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2140{ 2038{
2141 return may_link(dir, dentry, MAY_RMDIR); 2039 return may_link(dir, dentry, MAY_RMDIR);
@@ -2152,11 +2050,6 @@ static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mod
2152 return may_create(dir, dentry, inode_mode_to_security_class(mode)); 2050 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2153} 2051}
2154 2052
2155static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2156{
2157 post_create(dir, dentry);
2158}
2159
2160static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, 2053static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2161 struct inode *new_inode, struct dentry *new_dentry) 2054 struct inode *new_inode, struct dentry *new_dentry)
2162{ 2055{
@@ -4363,17 +4256,13 @@ static struct security_operations selinux_ops = {
4363 .inode_free_security = selinux_inode_free_security, 4256 .inode_free_security = selinux_inode_free_security,
4364 .inode_init_security = selinux_inode_init_security, 4257 .inode_init_security = selinux_inode_init_security,
4365 .inode_create = selinux_inode_create, 4258 .inode_create = selinux_inode_create,
4366 .inode_post_create = selinux_inode_post_create,
4367 .inode_link = selinux_inode_link, 4259 .inode_link = selinux_inode_link,
4368 .inode_post_link = selinux_inode_post_link, 4260 .inode_post_link = selinux_inode_post_link,
4369 .inode_unlink = selinux_inode_unlink, 4261 .inode_unlink = selinux_inode_unlink,
4370 .inode_symlink = selinux_inode_symlink, 4262 .inode_symlink = selinux_inode_symlink,
4371 .inode_post_symlink = selinux_inode_post_symlink,
4372 .inode_mkdir = selinux_inode_mkdir, 4263 .inode_mkdir = selinux_inode_mkdir,
4373 .inode_post_mkdir = selinux_inode_post_mkdir,
4374 .inode_rmdir = selinux_inode_rmdir, 4264 .inode_rmdir = selinux_inode_rmdir,
4375 .inode_mknod = selinux_inode_mknod, 4265 .inode_mknod = selinux_inode_mknod,
4376 .inode_post_mknod = selinux_inode_post_mknod,
4377 .inode_rename = selinux_inode_rename, 4266 .inode_rename = selinux_inode_rename,
4378 .inode_post_rename = selinux_inode_post_rename, 4267 .inode_post_rename = selinux_inode_post_rename,
4379 .inode_readlink = selinux_inode_readlink, 4268 .inode_readlink = selinux_inode_readlink,
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index c515bc0b58a1..887937c8134a 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -46,7 +46,6 @@ struct inode_security_struct {
46 unsigned char initialized; /* initialization flag */ 46 unsigned char initialized; /* initialization flag */
47 struct semaphore sem; 47 struct semaphore sem;
48 unsigned char inherit; /* inherit SID from parent entry */ 48 unsigned char inherit; /* inherit SID from parent entry */
49 unsigned char security_attr_init; /* security attributes init flag */
50}; 49};
51 50
52struct file_security_struct { 51struct file_security_struct {