diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/compat.c | 1 | ||||
-rw-r--r-- | security/keys/user_defined.c | 1 | ||||
-rw-r--r-- | security/security.c | 1 | ||||
-rw-r--r-- | security/selinux/hooks.c | 48 | ||||
-rw-r--r-- | security/selinux/ss/sidtab.c | 1 |
5 files changed, 46 insertions, 6 deletions
diff --git a/security/keys/compat.c b/security/keys/compat.c index bcdb28533733..e10ec995f275 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c | |||
@@ -9,7 +9,6 @@ | |||
9 | * 2 of the License, or (at your option) any later version. | 9 | * 2 of the License, or (at your option) any later version. |
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include <linux/sched.h> | ||
13 | #include <linux/syscalls.h> | 12 | #include <linux/syscalls.h> |
14 | #include <linux/keyctl.h> | 13 | #include <linux/keyctl.h> |
15 | #include <linux/compat.h> | 14 | #include <linux/compat.h> |
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 5bbfdebb7acf..7c687d568221 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c | |||
@@ -11,7 +11,6 @@ | |||
11 | 11 | ||
12 | #include <linux/module.h> | 12 | #include <linux/module.h> |
13 | #include <linux/init.h> | 13 | #include <linux/init.h> |
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | 14 | #include <linux/slab.h> |
16 | #include <linux/seq_file.h> | 15 | #include <linux/seq_file.h> |
17 | #include <linux/err.h> | 16 | #include <linux/err.h> |
diff --git a/security/security.c b/security/security.c index ee4e0701b6e0..fc8601b2b7ac 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -15,7 +15,6 @@ | |||
15 | #include <linux/module.h> | 15 | #include <linux/module.h> |
16 | #include <linux/init.h> | 16 | #include <linux/init.h> |
17 | #include <linux/kernel.h> | 17 | #include <linux/kernel.h> |
18 | #include <linux/sched.h> | ||
19 | #include <linux/security.h> | 18 | #include <linux/security.h> |
20 | 19 | ||
21 | #define SECURITY_FRAMEWORK_VERSION "1.0.0" | 20 | #define SECURITY_FRAMEWORK_VERSION "1.0.0" |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 35eb8de892fc..b1ac22d23195 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1077,6 +1077,9 @@ static int inode_has_perm(struct task_struct *tsk, | |||
1077 | struct inode_security_struct *isec; | 1077 | struct inode_security_struct *isec; |
1078 | struct avc_audit_data ad; | 1078 | struct avc_audit_data ad; |
1079 | 1079 | ||
1080 | if (unlikely (IS_PRIVATE (inode))) | ||
1081 | return 0; | ||
1082 | |||
1080 | tsec = tsk->security; | 1083 | tsec = tsk->security; |
1081 | isec = inode->i_security; | 1084 | isec = inode->i_security; |
1082 | 1085 | ||
@@ -1423,6 +1426,47 @@ static int selinux_capable(struct task_struct *tsk, int cap) | |||
1423 | return task_has_capability(tsk,cap); | 1426 | return task_has_capability(tsk,cap); |
1424 | } | 1427 | } |
1425 | 1428 | ||
1429 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | ||
1430 | { | ||
1431 | int buflen, rc; | ||
1432 | char *buffer, *path, *end; | ||
1433 | |||
1434 | rc = -ENOMEM; | ||
1435 | buffer = (char*)__get_free_page(GFP_KERNEL); | ||
1436 | if (!buffer) | ||
1437 | goto out; | ||
1438 | |||
1439 | buflen = PAGE_SIZE; | ||
1440 | end = buffer+buflen; | ||
1441 | *--end = '\0'; | ||
1442 | buflen--; | ||
1443 | path = end-1; | ||
1444 | *path = '/'; | ||
1445 | while (table) { | ||
1446 | const char *name = table->procname; | ||
1447 | size_t namelen = strlen(name); | ||
1448 | buflen -= namelen + 1; | ||
1449 | if (buflen < 0) | ||
1450 | goto out_free; | ||
1451 | end -= namelen; | ||
1452 | memcpy(end, name, namelen); | ||
1453 | *--end = '/'; | ||
1454 | path = end; | ||
1455 | table = table->parent; | ||
1456 | } | ||
1457 | buflen -= 4; | ||
1458 | if (buflen < 0) | ||
1459 | goto out_free; | ||
1460 | end -= 4; | ||
1461 | memcpy(end, "/sys", 4); | ||
1462 | path = end; | ||
1463 | rc = security_genfs_sid("proc", path, tclass, sid); | ||
1464 | out_free: | ||
1465 | free_page((unsigned long)buffer); | ||
1466 | out: | ||
1467 | return rc; | ||
1468 | } | ||
1469 | |||
1426 | static int selinux_sysctl(ctl_table *table, int op) | 1470 | static int selinux_sysctl(ctl_table *table, int op) |
1427 | { | 1471 | { |
1428 | int error = 0; | 1472 | int error = 0; |
@@ -1437,8 +1481,8 @@ static int selinux_sysctl(ctl_table *table, int op) | |||
1437 | 1481 | ||
1438 | tsec = current->security; | 1482 | tsec = current->security; |
1439 | 1483 | ||
1440 | rc = selinux_proc_get_sid(table->de, (op == 001) ? | 1484 | rc = selinux_sysctl_get_sid(table, (op == 0001) ? |
1441 | SECCLASS_DIR : SECCLASS_FILE, &tsid); | 1485 | SECCLASS_DIR : SECCLASS_FILE, &tsid); |
1442 | if (rc) { | 1486 | if (rc) { |
1443 | /* Default to the well-defined sysctl SID. */ | 1487 | /* Default to the well-defined sysctl SID. */ |
1444 | tsid = SECINITSID_SYSCTL; | 1488 | tsid = SECINITSID_SYSCTL; |
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index 871c33bd0741..d78f9ff30da9 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c | |||
@@ -7,7 +7,6 @@ | |||
7 | #include <linux/slab.h> | 7 | #include <linux/slab.h> |
8 | #include <linux/spinlock.h> | 8 | #include <linux/spinlock.h> |
9 | #include <linux/errno.h> | 9 | #include <linux/errno.h> |
10 | #include <linux/sched.h> | ||
11 | #include "flask.h" | 10 | #include "flask.h" |
12 | #include "security.h" | 11 | #include "security.h" |
13 | #include "sidtab.h" | 12 | #include "sidtab.h" |