aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c49
-rw-r--r--security/selinux/include/objsec.h8
2 files changed, 5 insertions, 52 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5e61635610bb..4ae834d89bce 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -127,7 +127,6 @@ static int task_alloc_security(struct task_struct *task)
127 if (!tsec) 127 if (!tsec)
128 return -ENOMEM; 128 return -ENOMEM;
129 129
130 tsec->magic = SELINUX_MAGIC;
131 tsec->task = task; 130 tsec->task = task;
132 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; 131 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
133 task->security = tsec; 132 task->security = tsec;
@@ -138,10 +137,6 @@ static int task_alloc_security(struct task_struct *task)
138static void task_free_security(struct task_struct *task) 137static void task_free_security(struct task_struct *task)
139{ 138{
140 struct task_security_struct *tsec = task->security; 139 struct task_security_struct *tsec = task->security;
141
142 if (!tsec || tsec->magic != SELINUX_MAGIC)
143 return;
144
145 task->security = NULL; 140 task->security = NULL;
146 kfree(tsec); 141 kfree(tsec);
147} 142}
@@ -157,14 +152,10 @@ static int inode_alloc_security(struct inode *inode)
157 152
158 init_MUTEX(&isec->sem); 153 init_MUTEX(&isec->sem);
159 INIT_LIST_HEAD(&isec->list); 154 INIT_LIST_HEAD(&isec->list);
160 isec->magic = SELINUX_MAGIC;
161 isec->inode = inode; 155 isec->inode = inode;
162 isec->sid = SECINITSID_UNLABELED; 156 isec->sid = SECINITSID_UNLABELED;
163 isec->sclass = SECCLASS_FILE; 157 isec->sclass = SECCLASS_FILE;
164 if (tsec && tsec->magic == SELINUX_MAGIC) 158 isec->task_sid = tsec->sid;
165 isec->task_sid = tsec->sid;
166 else
167 isec->task_sid = SECINITSID_UNLABELED;
168 inode->i_security = isec; 159 inode->i_security = isec;
169 160
170 return 0; 161 return 0;
@@ -175,9 +166,6 @@ static void inode_free_security(struct inode *inode)
175 struct inode_security_struct *isec = inode->i_security; 166 struct inode_security_struct *isec = inode->i_security;
176 struct superblock_security_struct *sbsec = inode->i_sb->s_security; 167 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
177 168
178 if (!isec || isec->magic != SELINUX_MAGIC)
179 return;
180
181 spin_lock(&sbsec->isec_lock); 169 spin_lock(&sbsec->isec_lock);
182 if (!list_empty(&isec->list)) 170 if (!list_empty(&isec->list))
183 list_del_init(&isec->list); 171 list_del_init(&isec->list);
@@ -196,15 +184,9 @@ static int file_alloc_security(struct file *file)
196 if (!fsec) 184 if (!fsec)
197 return -ENOMEM; 185 return -ENOMEM;
198 186
199 fsec->magic = SELINUX_MAGIC;
200 fsec->file = file; 187 fsec->file = file;
201 if (tsec && tsec->magic == SELINUX_MAGIC) { 188 fsec->sid = tsec->sid;
202 fsec->sid = tsec->sid; 189 fsec->fown_sid = tsec->sid;
203 fsec->fown_sid = tsec->sid;
204 } else {
205 fsec->sid = SECINITSID_UNLABELED;
206 fsec->fown_sid = SECINITSID_UNLABELED;
207 }
208 file->f_security = fsec; 190 file->f_security = fsec;
209 191
210 return 0; 192 return 0;
@@ -213,10 +195,6 @@ static int file_alloc_security(struct file *file)
213static void file_free_security(struct file *file) 195static void file_free_security(struct file *file)
214{ 196{
215 struct file_security_struct *fsec = file->f_security; 197 struct file_security_struct *fsec = file->f_security;
216
217 if (!fsec || fsec->magic != SELINUX_MAGIC)
218 return;
219
220 file->f_security = NULL; 198 file->f_security = NULL;
221 kfree(fsec); 199 kfree(fsec);
222} 200}
@@ -233,7 +211,6 @@ static int superblock_alloc_security(struct super_block *sb)
233 INIT_LIST_HEAD(&sbsec->list); 211 INIT_LIST_HEAD(&sbsec->list);
234 INIT_LIST_HEAD(&sbsec->isec_head); 212 INIT_LIST_HEAD(&sbsec->isec_head);
235 spin_lock_init(&sbsec->isec_lock); 213 spin_lock_init(&sbsec->isec_lock);
236 sbsec->magic = SELINUX_MAGIC;
237 sbsec->sb = sb; 214 sbsec->sb = sb;
238 sbsec->sid = SECINITSID_UNLABELED; 215 sbsec->sid = SECINITSID_UNLABELED;
239 sbsec->def_sid = SECINITSID_FILE; 216 sbsec->def_sid = SECINITSID_FILE;
@@ -246,9 +223,6 @@ static void superblock_free_security(struct super_block *sb)
246{ 223{
247 struct superblock_security_struct *sbsec = sb->s_security; 224 struct superblock_security_struct *sbsec = sb->s_security;
248 225
249 if (!sbsec || sbsec->magic != SELINUX_MAGIC)
250 return;
251
252 spin_lock(&sb_security_lock); 226 spin_lock(&sb_security_lock);
253 if (!list_empty(&sbsec->list)) 227 if (!list_empty(&sbsec->list))
254 list_del_init(&sbsec->list); 228 list_del_init(&sbsec->list);
@@ -270,7 +244,6 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
270 if (!ssec) 244 if (!ssec)
271 return -ENOMEM; 245 return -ENOMEM;
272 246
273 ssec->magic = SELINUX_MAGIC;
274 ssec->sk = sk; 247 ssec->sk = sk;
275 ssec->peer_sid = SECINITSID_UNLABELED; 248 ssec->peer_sid = SECINITSID_UNLABELED;
276 sk->sk_security = ssec; 249 sk->sk_security = ssec;
@@ -282,7 +255,7 @@ static void sk_free_security(struct sock *sk)
282{ 255{
283 struct sk_security_struct *ssec = sk->sk_security; 256 struct sk_security_struct *ssec = sk->sk_security;
284 257
285 if (sk->sk_family != PF_UNIX || ssec->magic != SELINUX_MAGIC) 258 if (sk->sk_family != PF_UNIX)
286 return; 259 return;
287 260
288 sk->sk_security = NULL; 261 sk->sk_security = NULL;
@@ -1483,7 +1456,6 @@ static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1483 if (!bsec) 1456 if (!bsec)
1484 return -ENOMEM; 1457 return -ENOMEM;
1485 1458
1486 bsec->magic = SELINUX_MAGIC;
1487 bsec->bprm = bprm; 1459 bsec->bprm = bprm;
1488 bsec->sid = SECINITSID_UNLABELED; 1460 bsec->sid = SECINITSID_UNLABELED;
1489 bsec->set = 0; 1461 bsec->set = 0;
@@ -3634,14 +3606,9 @@ static int ipc_alloc_security(struct task_struct *task,
3634 if (!isec) 3606 if (!isec)
3635 return -ENOMEM; 3607 return -ENOMEM;
3636 3608
3637 isec->magic = SELINUX_MAGIC;
3638 isec->sclass = sclass; 3609 isec->sclass = sclass;
3639 isec->ipc_perm = perm; 3610 isec->ipc_perm = perm;
3640 if (tsec) { 3611 isec->sid = tsec->sid;
3641 isec->sid = tsec->sid;
3642 } else {
3643 isec->sid = SECINITSID_UNLABELED;
3644 }
3645 perm->security = isec; 3612 perm->security = isec;
3646 3613
3647 return 0; 3614 return 0;
@@ -3650,9 +3617,6 @@ static int ipc_alloc_security(struct task_struct *task,
3650static void ipc_free_security(struct kern_ipc_perm *perm) 3617static void ipc_free_security(struct kern_ipc_perm *perm)
3651{ 3618{
3652 struct ipc_security_struct *isec = perm->security; 3619 struct ipc_security_struct *isec = perm->security;
3653 if (!isec || isec->magic != SELINUX_MAGIC)
3654 return;
3655
3656 perm->security = NULL; 3620 perm->security = NULL;
3657 kfree(isec); 3621 kfree(isec);
3658} 3622}
@@ -3665,7 +3629,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
3665 if (!msec) 3629 if (!msec)
3666 return -ENOMEM; 3630 return -ENOMEM;
3667 3631
3668 msec->magic = SELINUX_MAGIC;
3669 msec->msg = msg; 3632 msec->msg = msg;
3670 msec->sid = SECINITSID_UNLABELED; 3633 msec->sid = SECINITSID_UNLABELED;
3671 msg->security = msec; 3634 msg->security = msec;
@@ -3676,8 +3639,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
3676static void msg_msg_free_security(struct msg_msg *msg) 3639static void msg_msg_free_security(struct msg_msg *msg)
3677{ 3640{
3678 struct msg_security_struct *msec = msg->security; 3641 struct msg_security_struct *msec = msg->security;
3679 if (!msec || msec->magic != SELINUX_MAGIC)
3680 return;
3681 3642
3682 msg->security = NULL; 3643 msg->security = NULL;
3683 kfree(msec); 3644 kfree(msec);
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 887937c8134a..54c030778882 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -27,7 +27,6 @@
27#include "avc.h" 27#include "avc.h"
28 28
29struct task_security_struct { 29struct task_security_struct {
30 unsigned long magic; /* magic number for this module */
31 struct task_struct *task; /* back pointer to task object */ 30 struct task_struct *task; /* back pointer to task object */
32 u32 osid; /* SID prior to last execve */ 31 u32 osid; /* SID prior to last execve */
33 u32 sid; /* current SID */ 32 u32 sid; /* current SID */
@@ -37,7 +36,6 @@ struct task_security_struct {
37}; 36};
38 37
39struct inode_security_struct { 38struct inode_security_struct {
40 unsigned long magic; /* magic number for this module */
41 struct inode *inode; /* back pointer to inode object */ 39 struct inode *inode; /* back pointer to inode object */
42 struct list_head list; /* list of inode_security_struct */ 40 struct list_head list; /* list of inode_security_struct */
43 u32 task_sid; /* SID of creating task */ 41 u32 task_sid; /* SID of creating task */
@@ -49,14 +47,12 @@ struct inode_security_struct {
49}; 47};
50 48
51struct file_security_struct { 49struct file_security_struct {
52 unsigned long magic; /* magic number for this module */
53 struct file *file; /* back pointer to file object */ 50 struct file *file; /* back pointer to file object */
54 u32 sid; /* SID of open file description */ 51 u32 sid; /* SID of open file description */
55 u32 fown_sid; /* SID of file owner (for SIGIO) */ 52 u32 fown_sid; /* SID of file owner (for SIGIO) */
56}; 53};
57 54
58struct superblock_security_struct { 55struct superblock_security_struct {
59 unsigned long magic; /* magic number for this module */
60 struct super_block *sb; /* back pointer to sb object */ 56 struct super_block *sb; /* back pointer to sb object */
61 struct list_head list; /* list of superblock_security_struct */ 57 struct list_head list; /* list of superblock_security_struct */
62 u32 sid; /* SID of file system */ 58 u32 sid; /* SID of file system */
@@ -70,20 +66,17 @@ struct superblock_security_struct {
70}; 66};
71 67
72struct msg_security_struct { 68struct msg_security_struct {
73 unsigned long magic; /* magic number for this module */
74 struct msg_msg *msg; /* back pointer */ 69 struct msg_msg *msg; /* back pointer */
75 u32 sid; /* SID of message */ 70 u32 sid; /* SID of message */
76}; 71};
77 72
78struct ipc_security_struct { 73struct ipc_security_struct {
79 unsigned long magic; /* magic number for this module */
80 struct kern_ipc_perm *ipc_perm; /* back pointer */ 74 struct kern_ipc_perm *ipc_perm; /* back pointer */
81 u16 sclass; /* security class of this object */ 75 u16 sclass; /* security class of this object */
82 u32 sid; /* SID of IPC resource */ 76 u32 sid; /* SID of IPC resource */
83}; 77};
84 78
85struct bprm_security_struct { 79struct bprm_security_struct {
86 unsigned long magic; /* magic number for this module */
87 struct linux_binprm *bprm; /* back pointer to bprm object */ 80 struct linux_binprm *bprm; /* back pointer to bprm object */
88 u32 sid; /* SID for transformed process */ 81 u32 sid; /* SID for transformed process */
89 unsigned char set; 82 unsigned char set;
@@ -102,7 +95,6 @@ struct netif_security_struct {
102}; 95};
103 96
104struct sk_security_struct { 97struct sk_security_struct {
105 unsigned long magic; /* magic number for this module */
106 struct sock *sk; /* back pointer to sk object */ 98 struct sock *sk; /* back pointer to sk object */
107 u32 peer_sid; /* SID of peer */ 99 u32 peer_sid; /* SID of peer */
108}; 100};
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-11 12:43:44 -0500