diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 6 | ||||
| -rw-r--r-- | security/inode.c | 3 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 2 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 26 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 6 |
5 files changed, 19 insertions, 24 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 79713545cd63..69fc9952650f 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -238,7 +238,7 @@ int cap_inode_need_killpriv(struct dentry *dentry) | |||
| 238 | struct inode *inode = dentry->d_inode; | 238 | struct inode *inode = dentry->d_inode; |
| 239 | int error; | 239 | int error; |
| 240 | 240 | ||
| 241 | if (!inode->i_op || !inode->i_op->getxattr) | 241 | if (!inode->i_op->getxattr) |
| 242 | return 0; | 242 | return 0; |
| 243 | 243 | ||
| 244 | error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0); | 244 | error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0); |
| @@ -259,7 +259,7 @@ int cap_inode_killpriv(struct dentry *dentry) | |||
| 259 | { | 259 | { |
| 260 | struct inode *inode = dentry->d_inode; | 260 | struct inode *inode = dentry->d_inode; |
| 261 | 261 | ||
| 262 | if (!inode->i_op || !inode->i_op->removexattr) | 262 | if (!inode->i_op->removexattr) |
| 263 | return 0; | 263 | return 0; |
| 264 | 264 | ||
| 265 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); | 265 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); |
| @@ -317,7 +317,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data | |||
| 317 | 317 | ||
| 318 | memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); | 318 | memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); |
| 319 | 319 | ||
| 320 | if (!inode || !inode->i_op || !inode->i_op->getxattr) | 320 | if (!inode || !inode->i_op->getxattr) |
| 321 | return -ENODATA; | 321 | return -ENODATA; |
| 322 | 322 | ||
| 323 | size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps, | 323 | size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps, |
diff --git a/security/inode.c b/security/inode.c index efea5a605466..007ef252dde7 100644 --- a/security/inode.c +++ b/security/inode.c | |||
| @@ -61,9 +61,6 @@ static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev) | |||
| 61 | 61 | ||
| 62 | if (inode) { | 62 | if (inode) { |
| 63 | inode->i_mode = mode; | 63 | inode->i_mode = mode; |
| 64 | inode->i_uid = 0; | ||
| 65 | inode->i_gid = 0; | ||
| 66 | inode->i_blocks = 0; | ||
| 67 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 64 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
| 68 | switch (mode & S_IFMT) { | 65 | switch (mode & S_IFMT) { |
| 69 | default: | 66 | default: |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e5520996a75b..8f612c8becb5 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -847,8 +847,6 @@ static struct inode *sel_make_inode(struct super_block *sb, int mode) | |||
| 847 | 847 | ||
| 848 | if (ret) { | 848 | if (ret) { |
| 849 | ret->i_mode = mode; | 849 | ret->i_mode = mode; |
| 850 | ret->i_uid = ret->i_gid = 0; | ||
| 851 | ret->i_blocks = 0; | ||
| 852 | ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; | 850 | ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; |
| 853 | } | 851 | } |
| 854 | return ret; | 852 | return ret; |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 343c8ab14af0..c65e4fe4a0f1 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -2602,7 +2602,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
| 2602 | case AUDIT_OBJ_ROLE: | 2602 | case AUDIT_OBJ_ROLE: |
| 2603 | case AUDIT_OBJ_TYPE: | 2603 | case AUDIT_OBJ_TYPE: |
| 2604 | /* only 'equals' and 'not equals' fit user, role, and type */ | 2604 | /* only 'equals' and 'not equals' fit user, role, and type */ |
| 2605 | if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) | 2605 | if (op != Audit_equal && op != Audit_not_equal) |
| 2606 | return -EINVAL; | 2606 | return -EINVAL; |
| 2607 | break; | 2607 | break; |
| 2608 | case AUDIT_SUBJ_SEN: | 2608 | case AUDIT_SUBJ_SEN: |
| @@ -2736,10 +2736,10 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2736 | case AUDIT_SUBJ_USER: | 2736 | case AUDIT_SUBJ_USER: |
| 2737 | case AUDIT_OBJ_USER: | 2737 | case AUDIT_OBJ_USER: |
| 2738 | switch (op) { | 2738 | switch (op) { |
| 2739 | case AUDIT_EQUAL: | 2739 | case Audit_equal: |
| 2740 | match = (ctxt->user == rule->au_ctxt.user); | 2740 | match = (ctxt->user == rule->au_ctxt.user); |
| 2741 | break; | 2741 | break; |
| 2742 | case AUDIT_NOT_EQUAL: | 2742 | case Audit_not_equal: |
| 2743 | match = (ctxt->user != rule->au_ctxt.user); | 2743 | match = (ctxt->user != rule->au_ctxt.user); |
| 2744 | break; | 2744 | break; |
| 2745 | } | 2745 | } |
| @@ -2747,10 +2747,10 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2747 | case AUDIT_SUBJ_ROLE: | 2747 | case AUDIT_SUBJ_ROLE: |
| 2748 | case AUDIT_OBJ_ROLE: | 2748 | case AUDIT_OBJ_ROLE: |
| 2749 | switch (op) { | 2749 | switch (op) { |
| 2750 | case AUDIT_EQUAL: | 2750 | case Audit_equal: |
| 2751 | match = (ctxt->role == rule->au_ctxt.role); | 2751 | match = (ctxt->role == rule->au_ctxt.role); |
| 2752 | break; | 2752 | break; |
| 2753 | case AUDIT_NOT_EQUAL: | 2753 | case Audit_not_equal: |
| 2754 | match = (ctxt->role != rule->au_ctxt.role); | 2754 | match = (ctxt->role != rule->au_ctxt.role); |
| 2755 | break; | 2755 | break; |
| 2756 | } | 2756 | } |
| @@ -2758,10 +2758,10 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2758 | case AUDIT_SUBJ_TYPE: | 2758 | case AUDIT_SUBJ_TYPE: |
| 2759 | case AUDIT_OBJ_TYPE: | 2759 | case AUDIT_OBJ_TYPE: |
| 2760 | switch (op) { | 2760 | switch (op) { |
| 2761 | case AUDIT_EQUAL: | 2761 | case Audit_equal: |
| 2762 | match = (ctxt->type == rule->au_ctxt.type); | 2762 | match = (ctxt->type == rule->au_ctxt.type); |
| 2763 | break; | 2763 | break; |
| 2764 | case AUDIT_NOT_EQUAL: | 2764 | case Audit_not_equal: |
| 2765 | match = (ctxt->type != rule->au_ctxt.type); | 2765 | match = (ctxt->type != rule->au_ctxt.type); |
| 2766 | break; | 2766 | break; |
| 2767 | } | 2767 | } |
| @@ -2774,31 +2774,31 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2774 | field == AUDIT_OBJ_LEV_LOW) ? | 2774 | field == AUDIT_OBJ_LEV_LOW) ? |
| 2775 | &ctxt->range.level[0] : &ctxt->range.level[1]); | 2775 | &ctxt->range.level[0] : &ctxt->range.level[1]); |
| 2776 | switch (op) { | 2776 | switch (op) { |
| 2777 | case AUDIT_EQUAL: | 2777 | case Audit_equal: |
| 2778 | match = mls_level_eq(&rule->au_ctxt.range.level[0], | 2778 | match = mls_level_eq(&rule->au_ctxt.range.level[0], |
| 2779 | level); | 2779 | level); |
| 2780 | break; | 2780 | break; |
| 2781 | case AUDIT_NOT_EQUAL: | 2781 | case Audit_not_equal: |
| 2782 | match = !mls_level_eq(&rule->au_ctxt.range.level[0], | 2782 | match = !mls_level_eq(&rule->au_ctxt.range.level[0], |
| 2783 | level); | 2783 | level); |
| 2784 | break; | 2784 | break; |
| 2785 | case AUDIT_LESS_THAN: | 2785 | case Audit_lt: |
| 2786 | match = (mls_level_dom(&rule->au_ctxt.range.level[0], | 2786 | match = (mls_level_dom(&rule->au_ctxt.range.level[0], |
| 2787 | level) && | 2787 | level) && |
| 2788 | !mls_level_eq(&rule->au_ctxt.range.level[0], | 2788 | !mls_level_eq(&rule->au_ctxt.range.level[0], |
| 2789 | level)); | 2789 | level)); |
| 2790 | break; | 2790 | break; |
| 2791 | case AUDIT_LESS_THAN_OR_EQUAL: | 2791 | case Audit_le: |
| 2792 | match = mls_level_dom(&rule->au_ctxt.range.level[0], | 2792 | match = mls_level_dom(&rule->au_ctxt.range.level[0], |
| 2793 | level); | 2793 | level); |
| 2794 | break; | 2794 | break; |
| 2795 | case AUDIT_GREATER_THAN: | 2795 | case Audit_gt: |
| 2796 | match = (mls_level_dom(level, | 2796 | match = (mls_level_dom(level, |
| 2797 | &rule->au_ctxt.range.level[0]) && | 2797 | &rule->au_ctxt.range.level[0]) && |
| 2798 | !mls_level_eq(level, | 2798 | !mls_level_eq(level, |
| 2799 | &rule->au_ctxt.range.level[0])); | 2799 | &rule->au_ctxt.range.level[0])); |
| 2800 | break; | 2800 | break; |
| 2801 | case AUDIT_GREATER_THAN_OR_EQUAL: | 2801 | case Audit_ge: |
| 2802 | match = mls_level_dom(level, | 2802 | match = mls_level_dom(level, |
| 2803 | &rule->au_ctxt.range.level[0]); | 2803 | &rule->au_ctxt.range.level[0]); |
| 2804 | break; | 2804 | break; |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1b5551dfc1f7..848212fd4845 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -2492,7 +2492,7 @@ static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
| 2492 | if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) | 2492 | if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) |
| 2493 | return -EINVAL; | 2493 | return -EINVAL; |
| 2494 | 2494 | ||
| 2495 | if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) | 2495 | if (op != Audit_equal && op != Audit_not_equal) |
| 2496 | return -EINVAL; | 2496 | return -EINVAL; |
| 2497 | 2497 | ||
| 2498 | *rule = smk_import(rulestr, 0); | 2498 | *rule = smk_import(rulestr, 0); |
| @@ -2556,9 +2556,9 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, | |||
| 2556 | * both pointers will point to the same smack_known | 2556 | * both pointers will point to the same smack_known |
| 2557 | * label. | 2557 | * label. |
| 2558 | */ | 2558 | */ |
| 2559 | if (op == AUDIT_EQUAL) | 2559 | if (op == Audit_equal) |
| 2560 | return (rule == smack); | 2560 | return (rule == smack); |
| 2561 | if (op == AUDIT_NOT_EQUAL) | 2561 | if (op == Audit_not_equal) |
| 2562 | return (rule != smack); | 2562 | return (rule != smack); |
| 2563 | 2563 | ||
| 2564 | return 0; | 2564 | return 0; |