diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/device_cgroup.c | 18 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 6 |
2 files changed, 12 insertions, 12 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 7bd296cca041..46f23971f7e4 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c | |||
@@ -508,12 +508,11 @@ int devcgroup_inode_permission(struct inode *inode, int mask) | |||
508 | return 0; | 508 | return 0; |
509 | if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode)) | 509 | if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode)) |
510 | return 0; | 510 | return 0; |
511 | dev_cgroup = css_to_devcgroup(task_subsys_state(current, | ||
512 | devices_subsys_id)); | ||
513 | if (!dev_cgroup) | ||
514 | return 0; | ||
515 | 511 | ||
516 | rcu_read_lock(); | 512 | rcu_read_lock(); |
513 | |||
514 | dev_cgroup = task_devcgroup(current); | ||
515 | |||
517 | list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) { | 516 | list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) { |
518 | if (wh->type & DEV_ALL) | 517 | if (wh->type & DEV_ALL) |
519 | goto acc_check; | 518 | goto acc_check; |
@@ -533,6 +532,7 @@ acc_check: | |||
533 | rcu_read_unlock(); | 532 | rcu_read_unlock(); |
534 | return 0; | 533 | return 0; |
535 | } | 534 | } |
535 | |||
536 | rcu_read_unlock(); | 536 | rcu_read_unlock(); |
537 | 537 | ||
538 | return -EPERM; | 538 | return -EPERM; |
@@ -543,12 +543,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev) | |||
543 | struct dev_cgroup *dev_cgroup; | 543 | struct dev_cgroup *dev_cgroup; |
544 | struct dev_whitelist_item *wh; | 544 | struct dev_whitelist_item *wh; |
545 | 545 | ||
546 | dev_cgroup = css_to_devcgroup(task_subsys_state(current, | ||
547 | devices_subsys_id)); | ||
548 | if (!dev_cgroup) | ||
549 | return 0; | ||
550 | |||
551 | rcu_read_lock(); | 546 | rcu_read_lock(); |
547 | |||
548 | dev_cgroup = task_devcgroup(current); | ||
549 | |||
552 | list_for_each_entry(wh, &dev_cgroup->whitelist, list) { | 550 | list_for_each_entry(wh, &dev_cgroup->whitelist, list) { |
553 | if (wh->type & DEV_ALL) | 551 | if (wh->type & DEV_ALL) |
554 | goto acc_check; | 552 | goto acc_check; |
@@ -566,6 +564,8 @@ acc_check: | |||
566 | rcu_read_unlock(); | 564 | rcu_read_unlock(); |
567 | return 0; | 565 | return 0; |
568 | } | 566 | } |
567 | |||
569 | rcu_read_unlock(); | 568 | rcu_read_unlock(); |
569 | |||
570 | return -EPERM; | 570 | return -EPERM; |
571 | } | 571 | } |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4f233d9960e7..876b815c1ba4 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -981,11 +981,12 @@ static int string_to_context_struct(struct policydb *pol, | |||
981 | /* Check the validity of the new context. */ | 981 | /* Check the validity of the new context. */ |
982 | if (!policydb_context_isvalid(pol, ctx)) { | 982 | if (!policydb_context_isvalid(pol, ctx)) { |
983 | rc = -EINVAL; | 983 | rc = -EINVAL; |
984 | context_destroy(ctx); | ||
985 | goto out; | 984 | goto out; |
986 | } | 985 | } |
987 | rc = 0; | 986 | rc = 0; |
988 | out: | 987 | out: |
988 | if (rc) | ||
989 | context_destroy(ctx); | ||
989 | return rc; | 990 | return rc; |
990 | } | 991 | } |
991 | 992 | ||
@@ -1038,8 +1039,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
1038 | } else if (rc) | 1039 | } else if (rc) |
1039 | goto out; | 1040 | goto out; |
1040 | rc = sidtab_context_to_sid(&sidtab, &context, sid); | 1041 | rc = sidtab_context_to_sid(&sidtab, &context, sid); |
1041 | if (rc) | 1042 | context_destroy(&context); |
1042 | context_destroy(&context); | ||
1043 | out: | 1043 | out: |
1044 | read_unlock(&policy_rwlock); | 1044 | read_unlock(&policy_rwlock); |
1045 | kfree(scontext2); | 1045 | kfree(scontext2); |