Merge tag 'v3.12'
Linux 3.12
This commit is contained in:
Paul Moore
@@ -1539,7 +1539,7 @@ static int cred_has_capability(const struct cred *cred,
|
||||
|
||||
rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
|
||||
if (audit == SECURITY_CAP_AUDIT) {
|
||||
int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
|
||||
int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
|
||||
if (rc2)
|
||||
return rc2;
|
||||
}
|
||||
@@ -1562,8 +1562,7 @@ static int task_has_system(struct task_struct *tsk,
|
||||
static int inode_has_perm(const struct cred *cred,
|
||||
struct inode *inode,
|
||||
u32 perms,
|
||||
struct common_audit_data *adp,
|
||||
unsigned flags)
|
||||
struct common_audit_data *adp)
|
||||
{
|
||||
struct inode_security_struct *isec;
|
||||
u32 sid;
|
||||
@@ -1576,7 +1575,7 @@ static int inode_has_perm(const struct cred *cred,
|
||||
sid = cred_sid(cred);
|
||||
isec = inode->i_security;
|
||||
|
||||
return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
|
||||
return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
|
||||
}
|
||||
|
||||
/* Same as inode_has_perm, but pass explicit audit data containing
|
||||
@@ -1591,7 +1590,7 @@ static inline int dentry_has_perm(const struct cred *cred,
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_DENTRY;
|
||||
ad.u.dentry = dentry;
|
||||
return inode_has_perm(cred, inode, av, &ad, 0);
|
||||
return inode_has_perm(cred, inode, av, &ad);
|
||||
}
|
||||
|
||||
/* Same as inode_has_perm, but pass explicit audit data containing
|
||||
@@ -1606,7 +1605,7 @@ static inline int path_has_perm(const struct cred *cred,
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_PATH;
|
||||
ad.u.path = *path;
|
||||
return inode_has_perm(cred, inode, av, &ad, 0);
|
||||
return inode_has_perm(cred, inode, av, &ad);
|
||||
}
|
||||
|
||||
/* Same as path_has_perm, but uses the inode from the file struct. */
|
||||
@@ -1618,7 +1617,7 @@ static inline int file_path_has_perm(const struct cred *cred,
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_PATH;
|
||||
ad.u.path = file->f_path;
|
||||
return inode_has_perm(cred, file_inode(file), av, &ad, 0);
|
||||
return inode_has_perm(cred, file_inode(file), av, &ad);
|
||||
}
|
||||
|
||||
/* Check whether a task can use an open file descriptor to
|
||||
@@ -1654,7 +1653,7 @@ static int file_has_perm(const struct cred *cred,
|
||||
/* av is zero if only checking access to the descriptor. */
|
||||
rc = 0;
|
||||
if (av)
|
||||
rc = inode_has_perm(cred, inode, av, &ad, 0);
|
||||
rc = inode_has_perm(cred, inode, av, &ad);
|
||||
|
||||
out:
|
||||
return rc;
|
||||
@@ -2624,7 +2623,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
|
||||
}
|
||||
|
||||
static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
const struct qstr *qstr, char **name,
|
||||
const struct qstr *qstr,
|
||||
const char **name,
|
||||
void **value, size_t *len)
|
||||
{
|
||||
const struct task_security_struct *tsec = current_security();
|
||||
@@ -2632,7 +2632,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
struct superblock_security_struct *sbsec;
|
||||
u32 sid, newsid, clen;
|
||||
int rc;
|
||||
char *namep = NULL, *context;
|
||||
char *context;
|
||||
|
||||
dsec = dir->i_security;
|
||||
sbsec = dir->i_sb->s_security;
|
||||
@@ -2668,19 +2668,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (name) {
|
||||
namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
|
||||
if (!namep)
|
||||
return -ENOMEM;
|
||||
*name = namep;
|
||||
}
|
||||
if (name)
|
||||
*name = XATTR_SELINUX_SUFFIX;
|
||||
|
||||
if (value && len) {
|
||||
rc = security_sid_to_context_force(newsid, &context, &clen);
|
||||
if (rc) {
|
||||
kfree(namep);
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
*value = context;
|
||||
*len = clen;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user