selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
This reverts commite46e01eebb
("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link"). The correct fix is to instead fall back to ref-walk if audit is required irrespective of the specific audit data type. This is done in the next commit. Fixes:e46e01eebb
("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link") Reported-by: Will Deacon <will@kernel.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:

committed by
Paul Moore

parent
59438b4647
commit
1a37079c23
@@ -3004,8 +3004,9 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
|
||||
if (IS_ERR(isec))
|
||||
return PTR_ERR(isec);
|
||||
|
||||
return avc_has_perm(&selinux_state,
|
||||
sid, isec->sid, isec->sclass, FILE__READ, &ad);
|
||||
return avc_has_perm_flags(&selinux_state,
|
||||
sid, isec->sid, isec->sclass, FILE__READ, &ad,
|
||||
rcu ? MAY_NOT_BLOCK : 0);
|
||||
}
|
||||
|
||||
static noinline int audit_inode_permission(struct inode *inode,
|
||||
|
Reference in New Issue
Block a user