Merge tag 'v3.12'
Linux 3.12 Conflicts: fs/exec.c
This commit is contained in:
Eric Paris
@@ -746,7 +746,6 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
|
||||
* @tclass: target security class
|
||||
* @requested: requested permissions, interpreted based on @tclass
|
||||
* @auditdata: auxiliary audit data
|
||||
* @flags: VFS walk flags
|
||||
*
|
||||
* Check the AVC to determine whether the @requested permissions are granted
|
||||
* for the SID pair (@ssid, @tsid), interpreting the permissions
|
||||
@@ -756,17 +755,15 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
|
||||
* permissions are granted, -%EACCES if any permissions are denied, or
|
||||
* another -errno upon other errors.
|
||||
*/
|
||||
int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass,
|
||||
u32 requested, struct common_audit_data *auditdata,
|
||||
unsigned flags)
|
||||
int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
|
||||
u32 requested, struct common_audit_data *auditdata)
|
||||
{
|
||||
struct av_decision avd;
|
||||
int rc, rc2;
|
||||
|
||||
rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
|
||||
|
||||
rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata,
|
||||
flags);
|
||||
rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
|
||||
if (rc2)
|
||||
return rc2;
|
||||
return rc;
|
||||
|
||||
@@ -1502,7 +1502,7 @@ static int cred_has_capability(const struct cred *cred,
|
||||
|
||||
rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
|
||||
if (audit == SECURITY_CAP_AUDIT) {
|
||||
int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
|
||||
int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
|
||||
if (rc2)
|
||||
return rc2;
|
||||
}
|
||||
@@ -1525,8 +1525,7 @@ static int task_has_system(struct task_struct *tsk,
|
||||
static int inode_has_perm(const struct cred *cred,
|
||||
struct inode *inode,
|
||||
u32 perms,
|
||||
struct common_audit_data *adp,
|
||||
unsigned flags)
|
||||
struct common_audit_data *adp)
|
||||
{
|
||||
struct inode_security_struct *isec;
|
||||
u32 sid;
|
||||
@@ -1539,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred,
|
||||
sid = cred_sid(cred);
|
||||
isec = inode->i_security;
|
||||
|
||||
return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
|
||||
return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
|
||||
}
|
||||
|
||||
/* Same as inode_has_perm, but pass explicit audit data containing
|
||||
@@ -1554,7 +1553,7 @@ static inline int dentry_has_perm(const struct cred *cred,
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_DENTRY;
|
||||
ad.u.dentry = dentry;
|
||||
return inode_has_perm(cred, inode, av, &ad, 0);
|
||||
return inode_has_perm(cred, inode, av, &ad);
|
||||
}
|
||||
|
||||
/* Same as inode_has_perm, but pass explicit audit data containing
|
||||
@@ -1569,7 +1568,7 @@ static inline int path_has_perm(const struct cred *cred,
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_PATH;
|
||||
ad.u.path = *path;
|
||||
return inode_has_perm(cred, inode, av, &ad, 0);
|
||||
return inode_has_perm(cred, inode, av, &ad);
|
||||
}
|
||||
|
||||
/* Same as path_has_perm, but uses the inode from the file struct. */
|
||||
@@ -1581,7 +1580,7 @@ static inline int file_path_has_perm(const struct cred *cred,
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_PATH;
|
||||
ad.u.path = file->f_path;
|
||||
return inode_has_perm(cred, file_inode(file), av, &ad, 0);
|
||||
return inode_has_perm(cred, file_inode(file), av, &ad);
|
||||
}
|
||||
|
||||
/* Check whether a task can use an open file descriptor to
|
||||
@@ -1617,7 +1616,7 @@ static int file_has_perm(const struct cred *cred,
|
||||
/* av is zero if only checking access to the descriptor. */
|
||||
rc = 0;
|
||||
if (av)
|
||||
rc = inode_has_perm(cred, inode, av, &ad, 0);
|
||||
rc = inode_has_perm(cred, inode, av, &ad);
|
||||
|
||||
out:
|
||||
return rc;
|
||||
@@ -2587,7 +2586,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
|
||||
}
|
||||
|
||||
static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
const struct qstr *qstr, char **name,
|
||||
const struct qstr *qstr,
|
||||
const char **name,
|
||||
void **value, size_t *len)
|
||||
{
|
||||
const struct task_security_struct *tsec = current_security();
|
||||
@@ -2595,7 +2595,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
struct superblock_security_struct *sbsec;
|
||||
u32 sid, newsid, clen;
|
||||
int rc;
|
||||
char *namep = NULL, *context;
|
||||
char *context;
|
||||
|
||||
dsec = dir->i_security;
|
||||
sbsec = dir->i_sb->s_security;
|
||||
@@ -2631,19 +2631,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (name) {
|
||||
namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
|
||||
if (!namep)
|
||||
return -ENOMEM;
|
||||
*name = namep;
|
||||
}
|
||||
if (name)
|
||||
*name = XATTR_SELINUX_SUFFIX;
|
||||
|
||||
if (value && len) {
|
||||
rc = security_sid_to_context_force(newsid, &context, &clen);
|
||||
if (rc) {
|
||||
kfree(namep);
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
*value = context;
|
||||
*len = clen;
|
||||
}
|
||||
|
||||
@@ -130,7 +130,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
|
||||
u16 tclass, u32 requested,
|
||||
struct av_decision *avd,
|
||||
int result,
|
||||
struct common_audit_data *a, unsigned flags)
|
||||
struct common_audit_data *a)
|
||||
{
|
||||
u32 audited, denied;
|
||||
audited = avc_audit_required(requested, avd, result, 0, &denied);
|
||||
@@ -138,7 +138,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
|
||||
return 0;
|
||||
return slow_avc_audit(ssid, tsid, tclass,
|
||||
requested, audited, denied,
|
||||
a, flags);
|
||||
a, 0);
|
||||
}
|
||||
|
||||
#define AVC_STRICT 1 /* Ignore permissive mode. */
|
||||
@@ -147,17 +147,9 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
|
||||
unsigned flags,
|
||||
struct av_decision *avd);
|
||||
|
||||
int avc_has_perm_flags(u32 ssid, u32 tsid,
|
||||
u16 tclass, u32 requested,
|
||||
struct common_audit_data *auditdata,
|
||||
unsigned);
|
||||
|
||||
static inline int avc_has_perm(u32 ssid, u32 tsid,
|
||||
u16 tclass, u32 requested,
|
||||
struct common_audit_data *auditdata)
|
||||
{
|
||||
return avc_has_perm_flags(ssid, tsid, tclass, requested, auditdata, 0);
|
||||
}
|
||||
int avc_has_perm(u32 ssid, u32 tsid,
|
||||
u16 tclass, u32 requested,
|
||||
struct common_audit_data *auditdata);
|
||||
|
||||
u32 avc_policy_seqno(void);
|
||||
|
||||
|
||||
@@ -50,8 +50,13 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
|
||||
|
||||
static inline void selinux_xfrm_notify_policyload(void)
|
||||
{
|
||||
struct net *net;
|
||||
|
||||
atomic_inc(&flow_cache_genid);
|
||||
rt_genid_bump(&init_net);
|
||||
rtnl_lock();
|
||||
for_each_net(net)
|
||||
rt_genid_bump_all(net);
|
||||
rtnl_unlock();
|
||||
}
|
||||
#else
|
||||
static inline int selinux_xfrm_enabled(void)
|
||||
|
||||
Reference in New Issue
Block a user