Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
92953ff3
Commit
92953ff3
authored
May 26, 2014
by
James Morris
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'next' of
git://git.infradead.org/users/pcmoore/selinux
into next
parents
2fd4e669
47dd0b76
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
20 additions
and
7 deletions
+20
-7
security/selinux/avc.c
security/selinux/avc.c
+6
-1
security/selinux/hooks.c
security/selinux/hooks.c
+7
-4
security/selinux/include/avc.h
security/selinux/include/avc.h
+2
-2
security/selinux/ss/hashtab.c
security/selinux/ss/hashtab.c
+3
-0
security/selinux/ss/mls.c
security/selinux/ss/mls.c
+2
-0
No files found.
security/selinux/avc.c
View file @
92953ff3
...
...
@@ -444,11 +444,15 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
avc_dump_query
(
ab
,
ad
->
selinux_audit_data
->
ssid
,
ad
->
selinux_audit_data
->
tsid
,
ad
->
selinux_audit_data
->
tclass
);
if
(
ad
->
selinux_audit_data
->
denied
)
{
audit_log_format
(
ab
,
" permissive=%u"
,
ad
->
selinux_audit_data
->
result
?
0
:
1
);
}
}
/* This is the slow part of avc audit with big stack footprint */
noinline
int
slow_avc_audit
(
u32
ssid
,
u32
tsid
,
u16
tclass
,
u32
requested
,
u32
audited
,
u32
denied
,
u32
requested
,
u32
audited
,
u32
denied
,
int
result
,
struct
common_audit_data
*
a
,
unsigned
flags
)
{
...
...
@@ -477,6 +481,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
sad
.
tsid
=
tsid
;
sad
.
audited
=
audited
;
sad
.
denied
=
denied
;
sad
.
result
=
result
;
a
->
selinux_audit_data
=
&
sad
;
...
...
security/selinux/hooks.c
View file @
92953ff3
...
...
@@ -2123,11 +2123,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
new_tsec
->
exec_sid
=
0
;
/*
* Minimize confusion: if no_new_privs
and a transition is
* explicitly requested, then fail the exec.
* Minimize confusion: if no_new_privs
or nosuid and a
*
transition is
explicitly requested, then fail the exec.
*/
if
(
bprm
->
unsafe
&
LSM_UNSAFE_NO_NEW_PRIVS
)
return
-
EPERM
;
if
(
bprm
->
file
->
f_path
.
mnt
->
mnt_flags
&
MNT_NOSUID
)
return
-
EACCES
;
}
else
{
/* Check for a default transition on this program. */
rc
=
security_transition_sid
(
old_tsec
->
sid
,
isec
->
sid
,
...
...
@@ -2770,6 +2772,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
static
noinline
int
audit_inode_permission
(
struct
inode
*
inode
,
u32
perms
,
u32
audited
,
u32
denied
,
int
result
,
unsigned
flags
)
{
struct
common_audit_data
ad
;
...
...
@@ -2780,7 +2783,7 @@ static noinline int audit_inode_permission(struct inode *inode,
ad
.
u
.
inode
=
inode
;
rc
=
slow_avc_audit
(
current_sid
(),
isec
->
sid
,
isec
->
sclass
,
perms
,
audited
,
denied
,
&
ad
,
flags
);
audited
,
denied
,
result
,
&
ad
,
flags
);
if
(
rc
)
return
rc
;
return
0
;
...
...
@@ -2822,7 +2825,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
if
(
likely
(
!
audited
))
return
rc
;
rc2
=
audit_inode_permission
(
inode
,
perms
,
audited
,
denied
,
flags
);
rc2
=
audit_inode_permission
(
inode
,
perms
,
audited
,
denied
,
rc
,
flags
);
if
(
rc2
)
return
rc2
;
return
rc
;
...
...
security/selinux/include/avc.h
View file @
92953ff3
...
...
@@ -102,7 +102,7 @@ static inline u32 avc_audit_required(u32 requested,
}
int
slow_avc_audit
(
u32
ssid
,
u32
tsid
,
u16
tclass
,
u32
requested
,
u32
audited
,
u32
denied
,
u32
requested
,
u32
audited
,
u32
denied
,
int
result
,
struct
common_audit_data
*
a
,
unsigned
flags
);
...
...
@@ -137,7 +137,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
if
(
likely
(
!
audited
))
return
0
;
return
slow_avc_audit
(
ssid
,
tsid
,
tclass
,
requested
,
audited
,
denied
,
requested
,
audited
,
denied
,
result
,
a
,
0
);
}
...
...
security/selinux/ss/hashtab.c
View file @
92953ff3
...
...
@@ -6,6 +6,7 @@
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/errno.h>
#include <linux/sched.h>
#include "hashtab.h"
struct
hashtab
*
hashtab_create
(
u32
(
*
hash_value
)(
struct
hashtab
*
h
,
const
void
*
key
),
...
...
@@ -40,6 +41,8 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum)
u32
hvalue
;
struct
hashtab_node
*
prev
,
*
cur
,
*
newnode
;
cond_resched
();
if
(
!
h
||
h
->
nel
==
HASHTAB_MAX_NODES
)
return
-
EINVAL
;
...
...
security/selinux/ss/mls.c
View file @
92953ff3
...
...
@@ -492,6 +492,8 @@ int mls_convert_context(struct policydb *oldp,
rc
=
ebitmap_set_bit
(
&
bitmap
,
catdatum
->
value
-
1
,
1
);
if
(
rc
)
return
rc
;
cond_resched
();
}
ebitmap_destroy
(
&
c
->
range
.
level
[
l
].
cat
);
c
->
range
.
level
[
l
].
cat
=
bitmap
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment