aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/keys/compat.c1
-rw-r--r--security/keys/user_defined.c1
-rw-r--r--security/security.c1
-rw-r--r--security/selinux/hooks.c48
-rw-r--r--security/selinux/ss/sidtab.c1
5 files changed, 46 insertions, 6 deletions
diff --git a/security/keys/compat.c b/security/keys/compat.c
index bcdb28533733..e10ec995f275 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -9,7 +9,6 @@
9 * 2 of the License, or (at your option) any later version. 9 * 2 of the License, or (at your option) any later version.
10 */ 10 */
11 11
12#include <linux/sched.h>
13#include <linux/syscalls.h> 12#include <linux/syscalls.h>
14#include <linux/keyctl.h> 13#include <linux/keyctl.h>
15#include <linux/compat.h> 14#include <linux/compat.h>
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 5bbfdebb7acf..7c687d568221 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -11,7 +11,6 @@
11 11
12#include <linux/module.h> 12#include <linux/module.h>
13#include <linux/init.h> 13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h> 14#include <linux/slab.h>
16#include <linux/seq_file.h> 15#include <linux/seq_file.h>
17#include <linux/err.h> 16#include <linux/err.h>
diff --git a/security/security.c b/security/security.c
index ee4e0701b6e0..fc8601b2b7ac 100644
--- a/security/security.c
+++ b/security/security.c
@@ -15,7 +15,6 @@
15#include <linux/module.h> 15#include <linux/module.h>
16#include <linux/init.h> 16#include <linux/init.h>
17#include <linux/kernel.h> 17#include <linux/kernel.h>
18#include <linux/sched.h>
19#include <linux/security.h> 18#include <linux/security.h>
20 19
21#define SECURITY_FRAMEWORK_VERSION "1.0.0" 20#define SECURITY_FRAMEWORK_VERSION "1.0.0"
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 35eb8de892fc..b1ac22d23195 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1077,6 +1077,9 @@ static int inode_has_perm(struct task_struct *tsk,
1077 struct inode_security_struct *isec; 1077 struct inode_security_struct *isec;
1078 struct avc_audit_data ad; 1078 struct avc_audit_data ad;
1079 1079
1080 if (unlikely (IS_PRIVATE (inode)))
1081 return 0;
1082
1080 tsec = tsk->security; 1083 tsec = tsk->security;
1081 isec = inode->i_security; 1084 isec = inode->i_security;
1082 1085
@@ -1423,6 +1426,47 @@ static int selinux_capable(struct task_struct *tsk, int cap)
1423 return task_has_capability(tsk,cap); 1426 return task_has_capability(tsk,cap);
1424} 1427}
1425 1428
1429static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1430{
1431 int buflen, rc;
1432 char *buffer, *path, *end;
1433
1434 rc = -ENOMEM;
1435 buffer = (char*)__get_free_page(GFP_KERNEL);
1436 if (!buffer)
1437 goto out;
1438
1439 buflen = PAGE_SIZE;
1440 end = buffer+buflen;
1441 *--end = '\0';
1442 buflen--;
1443 path = end-1;
1444 *path = '/';
1445 while (table) {
1446 const char *name = table->procname;
1447 size_t namelen = strlen(name);
1448 buflen -= namelen + 1;
1449 if (buflen < 0)
1450 goto out_free;
1451 end -= namelen;
1452 memcpy(end, name, namelen);
1453 *--end = '/';
1454 path = end;
1455 table = table->parent;
1456 }
1457 buflen -= 4;
1458 if (buflen < 0)
1459 goto out_free;
1460 end -= 4;
1461 memcpy(end, "/sys", 4);
1462 path = end;
1463 rc = security_genfs_sid("proc", path, tclass, sid);
1464out_free:
1465 free_page((unsigned long)buffer);
1466out:
1467 return rc;
1468}
1469
1426static int selinux_sysctl(ctl_table *table, int op) 1470static int selinux_sysctl(ctl_table *table, int op)
1427{ 1471{
1428 int error = 0; 1472 int error = 0;
@@ -1437,8 +1481,8 @@ static int selinux_sysctl(ctl_table *table, int op)
1437 1481
1438 tsec = current->security; 1482 tsec = current->security;
1439 1483
1440 rc = selinux_proc_get_sid(table->de, (op == 001) ? 1484 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1441 SECCLASS_DIR : SECCLASS_FILE, &tsid); 1485 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1442 if (rc) { 1486 if (rc) {
1443 /* Default to the well-defined sysctl SID. */ 1487 /* Default to the well-defined sysctl SID. */
1444 tsid = SECINITSID_SYSCTL; 1488 tsid = SECINITSID_SYSCTL;
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index 871c33bd0741..d78f9ff30da9 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -7,7 +7,6 @@
7#include <linux/slab.h> 7#include <linux/slab.h>
8#include <linux/spinlock.h> 8#include <linux/spinlock.h>
9#include <linux/errno.h> 9#include <linux/errno.h>
10#include <linux/sched.h>
11#include "flask.h" 10#include "flask.h"
12#include "security.h" 11#include "security.h"
13#include "sidtab.h" 12#include "sidtab.h"