Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
c9e54010
Commit
c9e54010
authored
Nov 26, 2002
by
Linus Torvalds
Browse files
Options
Browse Files
Download
Plain Diff
Merge
bk://lsm.bkbits.net/linus-2.5
into home.transmeta.com:/home/torvalds/v2.5/linux
parents
9f42837b
6e9acb58
Changes
41
Hide whitespace changes
Inline
Side-by-side
Showing
41 changed files
with
166 additions
and
84 deletions
+166
-84
arch/arm/kernel/ptrace.c
arch/arm/kernel/ptrace.c
+2
-1
arch/i386/kernel/ptrace.c
arch/i386/kernel/ptrace.c
+2
-1
arch/ia64/kernel/ptrace.c
arch/ia64/kernel/ptrace.c
+2
-1
arch/ppc/kernel/ptrace.c
arch/ppc/kernel/ptrace.c
+2
-1
arch/ppc64/kernel/ptrace.c
arch/ppc64/kernel/ptrace.c
+2
-1
arch/ppc64/kernel/ptrace32.c
arch/ppc64/kernel/ptrace32.c
+2
-1
arch/ppc64/kernel/sys_ppc32.c
arch/ppc64/kernel/sys_ppc32.c
+2
-1
arch/s390/kernel/ptrace.c
arch/s390/kernel/ptrace.c
+2
-1
arch/s390x/kernel/ptrace.c
arch/s390x/kernel/ptrace.c
+2
-1
arch/sparc/kernel/ptrace.c
arch/sparc/kernel/ptrace.c
+2
-1
arch/sparc64/kernel/ptrace.c
arch/sparc64/kernel/ptrace.c
+2
-1
arch/sparc64/kernel/sys_sparc32.c
arch/sparc64/kernel/sys_sparc32.c
+2
-1
arch/um/kernel/ptrace.c
arch/um/kernel/ptrace.c
+2
-1
arch/x86_64/kernel/ptrace.c
arch/x86_64/kernel/ptrace.c
+2
-1
fs/attr.c
fs/attr.c
+2
-1
fs/dquot.c
fs/dquot.c
+2
-1
fs/exec.c
fs/exec.c
+6
-3
fs/fcntl.c
fs/fcntl.c
+6
-3
fs/hugetlbfs/inode.c
fs/hugetlbfs/inode.c
+2
-2
fs/ioctl.c
fs/ioctl.c
+2
-1
fs/locks.c
fs/locks.c
+8
-4
fs/namei.c
fs/namei.c
+22
-11
fs/namespace.c
fs/namespace.c
+8
-4
fs/open.c
fs/open.c
+2
-1
fs/read_write.c
fs/read_write.c
+4
-2
fs/readdir.c
fs/readdir.c
+2
-1
fs/stat.c
fs/stat.c
+4
-2
fs/xattr.c
fs/xattr.c
+8
-4
ipc/msg.c
ipc/msg.c
+2
-1
ipc/sem.c
ipc/sem.c
+2
-1
ipc/shm.c
ipc/shm.c
+2
-1
kernel/acct.c
kernel/acct.c
+2
-1
kernel/fork.c
kernel/fork.c
+2
-1
kernel/ptrace.c
kernel/ptrace.c
+2
-1
kernel/sched.c
kernel/sched.c
+10
-5
kernel/signal.c
kernel/signal.c
+2
-1
kernel/sys.c
kernel/sys.c
+28
-14
kernel/uid16.c
kernel/uid16.c
+2
-1
mm/mmap.c
mm/mmap.c
+2
-1
mm/mprotect.c
mm/mprotect.c
+2
-1
net/core/scm.c
net/core/scm.c
+2
-1
No files found.
arch/arm/kernel/ptrace.c
View file @
c9e54010
...
@@ -711,7 +711,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
...
@@ -711,7 +711,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
/* are we already being traced? */
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
arch/i386/kernel/ptrace.c
View file @
c9e54010
...
@@ -160,7 +160,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
...
@@ -160,7 +160,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
/* are we already being traced? */
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
arch/ia64/kernel/ptrace.c
View file @
c9e54010
...
@@ -1101,7 +1101,8 @@ sys_ptrace (long request, pid_t pid, unsigned long addr, unsigned long data,
...
@@ -1101,7 +1101,8 @@ sys_ptrace (long request, pid_t pid, unsigned long addr, unsigned long data,
/* are we already being traced? */
/* are we already being traced? */
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
ret
=
0
;
ret
=
0
;
...
...
arch/ppc/kernel/ptrace.c
View file @
c9e54010
...
@@ -166,7 +166,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
...
@@ -166,7 +166,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
/* are we already being traced? */
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
arch/ppc64/kernel/ptrace.c
View file @
c9e54010
...
@@ -59,7 +59,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
...
@@ -59,7 +59,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
/* are we already being traced? */
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
arch/ppc64/kernel/ptrace32.c
View file @
c9e54010
...
@@ -48,7 +48,8 @@ int sys32_ptrace(long request, long pid, unsigned long addr, unsigned long data)
...
@@ -48,7 +48,8 @@ int sys32_ptrace(long request, long pid, unsigned long addr, unsigned long data)
/* are we already being traced? */
/* are we already being traced? */
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
arch/ppc64/kernel/sys_ppc32.c
View file @
c9e54010
...
@@ -3521,7 +3521,8 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs *
...
@@ -3521,7 +3521,8 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs *
if
((
retval
=
bprm
.
envc
)
<
0
)
if
((
retval
=
bprm
.
envc
)
<
0
)
goto
out_mm
;
goto
out_mm
;
if
((
retval
=
security_bprm_alloc
(
&
bprm
)))
retval
=
security_bprm_alloc
(
&
bprm
);
if
(
retval
)
goto
out
;
goto
out
;
retval
=
prepare_binprm
(
&
bprm
);
retval
=
prepare_binprm
(
&
bprm
);
...
...
arch/s390/kernel/ptrace.c
View file @
c9e54010
...
@@ -323,7 +323,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
...
@@ -323,7 +323,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
ret
=
-
EPERM
;
ret
=
-
EPERM
;
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
arch/s390x/kernel/ptrace.c
View file @
c9e54010
...
@@ -563,7 +563,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
...
@@ -563,7 +563,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
ret
=
-
EPERM
;
ret
=
-
EPERM
;
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
arch/sparc/kernel/ptrace.c
View file @
c9e54010
...
@@ -291,7 +291,8 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
...
@@ -291,7 +291,8 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
pt_error_return
(
regs
,
EPERM
);
pt_error_return
(
regs
,
EPERM
);
goto
out
;
goto
out
;
}
}
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
{
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
{
pt_error_return
(
regs
,
-
ret
);
pt_error_return
(
regs
,
-
ret
);
goto
out
;
goto
out
;
}
}
...
...
arch/sparc64/kernel/ptrace.c
View file @
c9e54010
...
@@ -140,7 +140,8 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
...
@@ -140,7 +140,8 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
pt_error_return
(
regs
,
EPERM
);
pt_error_return
(
regs
,
EPERM
);
goto
out
;
goto
out
;
}
}
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
{
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
{
pt_error_return
(
regs
,
-
ret
);
pt_error_return
(
regs
,
-
ret
);
goto
out
;
goto
out
;
}
}
...
...
arch/sparc64/kernel/sys_sparc32.c
View file @
c9e54010
...
@@ -3026,7 +3026,8 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs)
...
@@ -3026,7 +3026,8 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs)
if
((
retval
=
bprm
.
envc
)
<
0
)
if
((
retval
=
bprm
.
envc
)
<
0
)
goto
out_mm
;
goto
out_mm
;
if
((
retval
=
security_bprm_alloc
(
&
bprm
)))
retval
=
security_bprm_alloc
(
&
bprm
);
if
(
retval
)
goto
out
;
goto
out
;
retval
=
prepare_binprm
(
&
bprm
);
retval
=
prepare_binprm
(
&
bprm
);
...
...
arch/um/kernel/ptrace.c
View file @
c9e54010
...
@@ -33,7 +33,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
...
@@ -33,7 +33,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
...
...
arch/x86_64/kernel/ptrace.c
View file @
c9e54010
...
@@ -178,7 +178,8 @@ asmlinkage long sys_ptrace(long request, long pid, long addr, long data)
...
@@ -178,7 +178,8 @@ asmlinkage long sys_ptrace(long request, long pid, long addr, long data)
/* are we already being traced? */
/* are we already being traced? */
if
(
current
->
ptrace
&
PT_PTRACED
)
if
(
current
->
ptrace
&
PT_PTRACED
)
goto
out
;
goto
out
;
if
((
ret
=
security_ptrace
(
current
->
parent
,
current
)))
ret
=
security_ptrace
(
current
->
parent
,
current
);
if
(
ret
)
goto
out
;
goto
out
;
/* set the ptrace bit in the process flags. */
/* set the ptrace bit in the process flags. */
current
->
ptrace
|=
PT_PTRACED
;
current
->
ptrace
|=
PT_PTRACED
;
...
...
fs/attr.c
View file @
c9e54010
...
@@ -157,7 +157,8 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
...
@@ -157,7 +157,8 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
return
0
;
return
0
;
if
(
inode
->
i_op
&&
inode
->
i_op
->
setattr
)
{
if
(
inode
->
i_op
&&
inode
->
i_op
->
setattr
)
{
if
(
!
(
error
=
security_inode_setattr
(
dentry
,
attr
)))
error
=
security_inode_setattr
(
dentry
,
attr
);
if
(
!
error
)
error
=
inode
->
i_op
->
setattr
(
dentry
,
attr
);
error
=
inode
->
i_op
->
setattr
(
dentry
,
attr
);
}
else
{
}
else
{
error
=
inode_change_ok
(
inode
,
attr
);
error
=
inode_change_ok
(
inode
,
attr
);
...
...
fs/dquot.c
View file @
c9e54010
...
@@ -1307,7 +1307,8 @@ int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path)
...
@@ -1307,7 +1307,8 @@ int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path)
error
=
-
EIO
;
error
=
-
EIO
;
if
(
!
f
->
f_op
||
!
f
->
f_op
->
read
||
!
f
->
f_op
->
write
)
if
(
!
f
->
f_op
||
!
f
->
f_op
->
read
||
!
f
->
f_op
->
write
)
goto
out_f
;
goto
out_f
;
if
((
error
=
security_quota_on
(
f
)))
error
=
security_quota_on
(
f
);
if
(
error
)
goto
out_f
;
goto
out_f
;
inode
=
f
->
f_dentry
->
d_inode
;
inode
=
f
->
f_dentry
->
d_inode
;
error
=
-
EACCES
;
error
=
-
EACCES
;
...
...
fs/exec.c
View file @
c9e54010
...
@@ -841,7 +841,8 @@ int prepare_binprm(struct linux_binprm *bprm)
...
@@ -841,7 +841,8 @@ int prepare_binprm(struct linux_binprm *bprm)
}
}
/* fill in binprm security blob */
/* fill in binprm security blob */
if
((
retval
=
security_bprm_set
(
bprm
)))
retval
=
security_bprm_set
(
bprm
);
if
(
retval
)
return
retval
;
return
retval
;
memset
(
bprm
->
buf
,
0
,
BINPRM_BUF_SIZE
);
memset
(
bprm
->
buf
,
0
,
BINPRM_BUF_SIZE
);
...
@@ -958,7 +959,8 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
...
@@ -958,7 +959,8 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
}
}
}
}
#endif
#endif
if
((
retval
=
security_bprm_check
(
bprm
)))
retval
=
security_bprm_check
(
bprm
);
if
(
retval
)
return
retval
;
return
retval
;
/* kernel module loader fixup */
/* kernel module loader fixup */
...
@@ -1054,7 +1056,8 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs
...
@@ -1054,7 +1056,8 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs
if
((
retval
=
bprm
.
envc
)
<
0
)
if
((
retval
=
bprm
.
envc
)
<
0
)
goto
out_mm
;
goto
out_mm
;
if
((
retval
=
security_bprm_alloc
(
&
bprm
)))
retval
=
security_bprm_alloc
(
&
bprm
);
if
(
retval
)
goto
out
;
goto
out
;
retval
=
prepare_binprm
(
&
bprm
);
retval
=
prepare_binprm
(
&
bprm
);
...
...
fs/fcntl.c
View file @
c9e54010
...
@@ -274,7 +274,8 @@ int f_setown(struct file *filp, unsigned long arg, int force)
...
@@ -274,7 +274,8 @@ int f_setown(struct file *filp, unsigned long arg, int force)
{
{
int
err
;
int
err
;
if
((
err
=
security_file_set_fowner
(
filp
)))
err
=
security_file_set_fowner
(
filp
);
if
(
err
)
return
err
;
return
err
;
f_modown
(
filp
,
arg
,
current
->
uid
,
current
->
euid
,
force
);
f_modown
(
filp
,
arg
,
current
->
uid
,
current
->
euid
,
force
);
...
@@ -367,7 +368,8 @@ asmlinkage long sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
...
@@ -367,7 +368,8 @@ asmlinkage long sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
if
(
!
filp
)
if
(
!
filp
)
goto
out
;
goto
out
;
if
((
err
=
security_file_fcntl
(
filp
,
cmd
,
arg
)))
{
err
=
security_file_fcntl
(
filp
,
cmd
,
arg
);
if
(
err
)
{
fput
(
filp
);
fput
(
filp
);
return
err
;
return
err
;
}
}
...
@@ -390,7 +392,8 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg
...
@@ -390,7 +392,8 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg
if
(
!
filp
)
if
(
!
filp
)
goto
out
;
goto
out
;
if
((
err
=
security_file_fcntl
(
filp
,
cmd
,
arg
)))
{
err
=
security_file_fcntl
(
filp
,
cmd
,
arg
);
if
(
err
)
{
fput
(
filp
);
fput
(
filp
);
return
err
;
return
err
;
}
}
...
...
fs/hugetlbfs/inode.c
View file @
c9e54010
...
@@ -209,7 +209,7 @@ static void hugetlbfs_delete_inode(struct inode *inode)
...
@@ -209,7 +209,7 @@ static void hugetlbfs_delete_inode(struct inode *inode)
if
(
inode
->
i_data
.
nrpages
)
if
(
inode
->
i_data
.
nrpages
)
truncate_hugepages
(
&
inode
->
i_data
,
0
);
truncate_hugepages
(
&
inode
->
i_data
,
0
);
security_
ops
->
inode_delete
(
inode
);
security_inode_delete
(
inode
);
clear_inode
(
inode
);
clear_inode
(
inode
);
destroy_inode
(
inode
);
destroy_inode
(
inode
);
...
@@ -333,7 +333,7 @@ static int hugetlbfs_setattr(struct dentry *dentry, struct iattr *attr)
...
@@ -333,7 +333,7 @@ static int hugetlbfs_setattr(struct dentry *dentry, struct iattr *attr)
if
(
error
)
if
(
error
)
goto
out
;
goto
out
;
error
=
security_
ops
->
inode_setattr
(
dentry
,
attr
);
error
=
security_inode_setattr
(
dentry
,
attr
);
if
(
error
)
if
(
error
)
goto
out
;
goto
out
;
...
...
fs/ioctl.c
View file @
c9e54010
...
@@ -59,7 +59,8 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
...
@@ -59,7 +59,8 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
goto
out
;
goto
out
;
error
=
0
;
error
=
0
;
if
((
error
=
security_file_ioctl
(
filp
,
cmd
,
arg
)))
{
error
=
security_file_ioctl
(
filp
,
cmd
,
arg
);
if
(
error
)
{
fput
(
filp
);
fput
(
filp
);
goto
out
;
goto
out
;
}
}
...
...
fs/locks.c
View file @
c9e54010
...
@@ -1185,7 +1185,8 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
...
@@ -1185,7 +1185,8 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
return
-
EACCES
;
return
-
EACCES
;
if
(
!
S_ISREG
(
inode
->
i_mode
))
if
(
!
S_ISREG
(
inode
->
i_mode
))
return
-
EINVAL
;
return
-
EINVAL
;
if
((
error
=
security_file_lock
(
filp
,
arg
)))
error
=
security_file_lock
(
filp
,
arg
);
if
(
error
)
return
error
;
return
error
;
lock_kernel
();
lock_kernel
();
...
@@ -1298,7 +1299,8 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd)
...
@@ -1298,7 +1299,8 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd)
if
(
error
)
if
(
error
)
goto
out_putf
;
goto
out_putf
;
if
((
error
=
security_file_lock
(
filp
,
cmd
)))
error
=
security_file_lock
(
filp
,
cmd
);
if
(
error
)
goto
out_free
;
goto
out_free
;
for
(;;)
{
for
(;;)
{
...
@@ -1449,7 +1451,8 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
...
@@ -1449,7 +1451,8 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
goto
out
;
goto
out
;
}
}
if
((
error
=
security_file_lock
(
filp
,
file_lock
->
fl_type
)))
error
=
security_file_lock
(
filp
,
file_lock
->
fl_type
);
if
(
error
)
goto
out
;
goto
out
;
if
(
filp
->
f_op
&&
filp
->
f_op
->
lock
!=
NULL
)
{
if
(
filp
->
f_op
&&
filp
->
f_op
->
lock
!=
NULL
)
{
...
@@ -1588,7 +1591,8 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
...
@@ -1588,7 +1591,8 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
goto
out
;
goto
out
;
}
}
if
((
error
=
security_file_lock
(
filp
,
file_lock
->
fl_type
)))
error
=
security_file_lock
(
filp
,
file_lock
->
fl_type
);
if
(
error
)
goto
out
;
goto
out
;
if
(
filp
->
f_op
&&
filp
->
f_op
->
lock
!=
NULL
)
{
if
(
filp
->
f_op
&&
filp
->
f_op
->
lock
!=
NULL
)
{
...
...
fs/namei.c
View file @
c9e54010
...
@@ -413,7 +413,8 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
...
@@ -413,7 +413,8 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
current
->
state
=
TASK_RUNNING
;
current
->
state
=
TASK_RUNNING
;
schedule
();
schedule
();
}
}
if
((
err
=
security_inode_follow_link
(
dentry
,
nd
)))
err
=
security_inode_follow_link
(
dentry
,
nd
);
if
(
err
)
goto
loop
;
goto
loop
;
current
->
link_count
++
;
current
->
link_count
++
;
current
->
total_link_count
++
;
current
->
total_link_count
++
;
...
@@ -1124,7 +1125,8 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode)
...
@@ -1124,7 +1125,8 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode)
return
-
EACCES
;
/* shouldn't it be ENOSYS? */
return
-
EACCES
;
/* shouldn't it be ENOSYS? */
mode
&=
S_IALLUGO
;
mode
&=
S_IALLUGO
;
mode
|=
S_IFREG
;
mode
|=
S_IFREG
;
if
((
error
=
security_inode_create
(
dir
,
dentry
,
mode
)))
error
=
security_inode_create
(
dir
,
dentry
,
mode
);
if
(
error
)
return
error
;
return
error
;
DQUOT_INIT
(
dir
);
DQUOT_INIT
(
dir
);
error
=
dir
->
i_op
->
create
(
dir
,
dentry
,
mode
);
error
=
dir
->
i_op
->
create
(
dir
,
dentry
,
mode
);
...
@@ -1343,7 +1345,8 @@ int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
...
@@ -1343,7 +1345,8 @@ int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
* stored in nd->last.name and we will have to putname() it when we
* stored in nd->last.name and we will have to putname() it when we
* are done. Procfs-like symlinks just set LAST_BIND.
* are done. Procfs-like symlinks just set LAST_BIND.
*/
*/
if
((
error
=
security_inode_follow_link
(
dentry
,
nd
)))
error
=
security_inode_follow_link
(
dentry
,
nd
);
if
(
error
)
goto
exit_dput
;
goto
exit_dput
;
UPDATE_ATIME
(
dentry
->
d_inode
);
UPDATE_ATIME
(
dentry
->
d_inode
);
error
=
dentry
->
d_inode
->
i_op
->
follow_link
(
dentry
,
nd
);
error
=
dentry
->
d_inode
->
i_op
->
follow_link
(
dentry
,
nd
);
...
@@ -1408,7 +1411,8 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
...
@@ -1408,7 +1411,8 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
if
(
!
dir
->
i_op
||
!
dir
->
i_op
->
mknod
)
if
(
!
dir
->
i_op
||
!
dir
->
i_op
->
mknod
)
return
-
EPERM
;
return
-
EPERM
;
if
((
error
=
security_inode_mknod
(
dir
,
dentry
,
mode
,
dev
)))
error
=
security_inode_mknod
(
dir
,
dentry
,
mode
,
dev
);
if
(
error
)
return
error
;
return
error
;
DQUOT_INIT
(
dir
);
DQUOT_INIT
(
dir
);
...
@@ -1476,7 +1480,8 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
...
@@ -1476,7 +1480,8 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
return
-
EPERM
;
return
-
EPERM
;
mode
&=
(
S_IRWXUGO
|
S_ISVTX
);
mode
&=
(
S_IRWXUGO
|
S_ISVTX
);
if
((
error
=
security_inode_mkdir
(
dir
,
dentry
,
mode
)))
error
=
security_inode_mkdir
(
dir
,
dentry
,
mode
);
if
(
error
)
return
error
;
return
error
;
DQUOT_INIT
(
dir
);
DQUOT_INIT
(
dir
);
...
@@ -1568,7 +1573,8 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry)
...
@@ -1568,7 +1573,8 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry)
if
(
d_mountpoint
(
dentry
))
if
(
d_mountpoint
(
dentry
))
error
=
-
EBUSY
;
error
=
-
EBUSY
;
else
{
else
{
if
(
!
(
error
=
security_inode_rmdir
(
dir
,
dentry
)))
{
error
=
security_inode_rmdir
(
dir
,
dentry
);
if
(
!
error
)
{
error
=
dir
->
i_op
->
rmdir
(
dir
,
dentry
);
error
=
dir
->
i_op
->
rmdir
(
dir
,
dentry
);
if
(
!
error
)
if
(
!
error
)
dentry
->
d_inode
->
i_flags
|=
S_DEAD
;
dentry
->
d_inode
->
i_flags
|=
S_DEAD
;
...
@@ -1641,7 +1647,8 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry)
...
@@ -1641,7 +1647,8 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry)
if
(
d_mountpoint
(
dentry
))
if
(
d_mountpoint
(
dentry
))
error
=
-
EBUSY
;
error
=
-
EBUSY
;
else
{
else
{
if
(
!
(
error
=
security_inode_unlink
(
dir
,
dentry
)))
error
=
security_inode_unlink
(
dir
,
dentry
);
if
(
error
)
error
=
dir
->
i_op
->
unlink
(
dir
,
dentry
);
error
=
dir
->
i_op
->
unlink
(
dir
,
dentry
);
}
}
up
(
&
dentry
->
d_inode
->
i_sem
);
up
(
&
dentry
->
d_inode
->
i_sem
);
...
@@ -1704,7 +1711,8 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
...
@@ -1704,7 +1711,8 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
if
(
!
dir
->
i_op
||
!
dir
->
i_op
->
symlink
)
if
(
!
dir
->
i_op
||
!
dir
->
i_op
->
symlink
)
return
-
EPERM
;
return
-
EPERM
;
if
((
error
=
security_inode_symlink
(
dir
,
dentry
,
oldname
)))
error
=
security_inode_symlink
(
dir
,
dentry
,
oldname
);
if
(
error
)
return
error
;
return
error
;
DQUOT_INIT
(
dir
);
DQUOT_INIT
(
dir
);
...
@@ -1774,7 +1782,8 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
...
@@ -1774,7 +1782,8 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
if
(
S_ISDIR
(
old_dentry
->
d_inode
->
i_mode
))
if
(
S_ISDIR
(
old_dentry
->
d_inode
->
i_mode
))
return
-
EPERM
;
return
-
EPERM
;
if
((
error
=
security_inode_link
(
old_dentry
,
dir
,
new_dentry
)))
error
=
security_inode_link
(
old_dentry
,
dir
,
new_dentry
);
if
(
error
)
return
error
;
return
error
;
down
(
&
old_dentry
->
d_inode
->
i_sem
);
down
(
&
old_dentry
->
d_inode
->
i_sem
);
...
@@ -1882,7 +1891,8 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
...
@@ -1882,7 +1891,8 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
return
error
;
return
error
;
}
}
if
((
error
=
security_inode_rename
(
old_dir
,
old_dentry
,
new_dir
,
new_dentry
)))
error
=
security_inode_rename
(
old_dir
,
old_dentry
,
new_dir
,
new_dentry
);
if
(
error
)
return
error
;
return
error
;
target
=
new_dentry
->
d_inode
;
target
=
new_dentry
->
d_inode
;
...
@@ -1916,7 +1926,8 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
...
@@ -1916,7 +1926,8 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
struct
inode
*
target
;
struct
inode
*
target
;
int
error
;
int
error
;
if
((
error
=
security_inode_rename
(
old_dir
,
old_dentry
,
new_dir
,
new_dentry
)))
error
=
security_inode_rename
(
old_dir
,
old_dentry
,
new_dir
,
new_dentry
);
if
(
error
)
return
error
;
return
error
;
dget
(
new_dentry
);
dget
(
new_dentry
);
...
...
fs/namespace.c
View file @
c9e54010
...
@@ -289,7 +289,8 @@ static int do_umount(struct vfsmount *mnt, int flags)
...
@@ -289,7 +289,8 @@ static int do_umount(struct vfsmount *mnt, int flags)
struct
super_block
*
sb
=
mnt
->
mnt_sb
;
struct
super_block
*
sb
=
mnt
->
mnt_sb
;
int
retval
=
0
;
int
retval
=
0
;
if
((
retval
=
security_sb_umount
(
mnt
,
flags
)))
retval
=
security_sb_umount
(
mnt
,
flags
);
if
(
retval
)
return
retval
;
return
retval
;
/*
/*
...
@@ -470,7 +471,8 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
...
@@ -470,7 +471,8 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
if
(
IS_DEADDIR
(
nd
->
dentry
->
d_inode
))
if
(
IS_DEADDIR
(
nd
->
dentry
->
d_inode
))
goto
out_unlock
;
goto
out_unlock
;
if
((
err
=
security_sb_check_sb
(
mnt
,
nd
)))
err
=
security_sb_check_sb
(
mnt
,
nd
);
if
(
err
)
goto
out_unlock
;
goto
out_unlock
;
spin_lock
(
&
dcache_lock
);
spin_lock
(
&
dcache_lock
);
...
@@ -740,7 +742,8 @@ long do_mount(char * dev_name, char * dir_name, char *type_page,
...
@@ -740,7 +742,8 @@ long do_mount(char * dev_name, char * dir_name, char *type_page,
if
(
retval
)
if
(
retval
)
return
retval
;
return
retval
;
if
((
retval
=
security_sb_mount
(
dev_name
,
&
nd
,
type_page
,
flags
,
data_page
)))
retval
=
security_sb_mount
(
dev_name
,
&
nd
,
type_page
,
flags
,
data_page
);
if
(
retval
)
goto
dput_out
;
goto
dput_out
;
if
(
flags
&
MS_REMOUNT
)
if
(
flags
&
MS_REMOUNT
)
...
@@ -985,7 +988,8 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old)
...
@@ -985,7 +988,8 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old)
if
(
error
)
if
(
error
)
goto
out1
;
goto
out1
;
if
((
error
=
security_sb_pivotroot
(
&
old_nd
,
&
new_nd
)))
{
error
=
security_sb_pivotroot
(
&
old_nd
,
&
new_nd
);
if
(
error
)
{
path_release
(
&
old_nd
);
path_release
(
&
old_nd
);
goto
out1
;
goto
out1
;
}
}
...
...
fs/open.c
View file @
c9e54010
...
@@ -31,7 +31,8 @@ int vfs_statfs(struct super_block *sb, struct statfs *buf)
...
@@ -31,7 +31,8 @@ int vfs_statfs(struct super_block *sb, struct statfs *buf)
retval
=
-
ENOSYS
;
retval
=
-
ENOSYS
;
if
(
sb
->
s_op
&&
sb
->
s_op
->
statfs
)
{
if
(
sb
->
s_op
&&
sb
->
s_op
->
statfs
)
{
memset
(
buf
,
0
,
sizeof
(
struct
statfs
));
memset
(
buf
,
0
,
sizeof
(
struct
statfs
));
if
((
retval
=
security_sb_statfs
(
sb
)))
retval
=
security_sb_statfs
(
sb
);
if
(
retval
)
return
retval
;
return
retval
;
retval
=
sb
->
s_op
->
statfs
(
sb
,
buf
);
retval
=
sb
->
s_op
->
statfs
(
sb
,
buf
);
}
}
...
...
fs/read_write.c
View file @
c9e54010
...
@@ -193,7 +193,8 @@ ssize_t vfs_read(struct file *file, char *buf, size_t count, loff_t *pos)
...
@@ -193,7 +193,8 @@ ssize_t vfs_read(struct file *file, char *buf, size_t count, loff_t *pos)
ret
=
locks_verify_area
(
FLOCK_VERIFY_READ
,
inode
,
file
,
*
pos
,
count
);
ret
=
locks_verify_area
(
FLOCK_VERIFY_READ
,
inode
,
file
,
*
pos
,
count
);
if
(
!
ret
)
{
if
(
!
ret
)
{
if
(
!
(
ret
=
security_file_permission
(
file
,
MAY_READ
)))
{
ret
=
security_file_permission
(
file
,
MAY_READ
);
if
(
!
ret
)
{
if
(
file
->
f_op
->
read
)
if
(
file
->
f_op
->
read
)
ret
=
file
->
f_op
->
read
(
file
,
buf
,
count
,
pos
);
ret
=
file
->
f_op
->
read
(
file
,
buf
,
count
,
pos
);
else
else
...
@@ -232,7 +233,8 @@ ssize_t vfs_write(struct file *file, const char *buf, size_t count, loff_t *pos)
...
@@ -232,7 +233,8 @@ ssize_t vfs_write(struct file *file, const char *buf, size_t count, loff_t *pos)
ret
=
locks_verify_area
(
FLOCK_VERIFY_WRITE
,
inode
,
file
,
*
pos
,
count
);
ret
=
locks_verify_area
(
FLOCK_VERIFY_WRITE
,
inode
,
file
,
*
pos
,
count
);
if
(
!
ret
)
{
if
(
!
ret
)
{
if
(
!
(
ret
=
security_file_permission
(
file
,
MAY_WRITE
)))
{
ret
=
security_file_permission
(
file
,
MAY_WRITE
);
if
(
!
ret
)
{
if
(
file
->
f_op
->
write
)
if
(
file
->
f_op
->
write
)
ret
=
file
->
f_op
->
write
(
file
,
buf
,
count
,
pos
);
ret
=
file
->
f_op
->
write
(
file
,
buf
,
count
,
pos
);
else
else
...
...
fs/readdir.c
View file @
c9e54010
...
@@ -22,7 +22,8 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf)
...
@@ -22,7 +22,8 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf)
if
(
!
file
->
f_op
||
!
file
->
f_op
->
readdir
)
if
(
!
file
->
f_op
||
!
file
->
f_op
->
readdir
)
goto
out
;
goto
out
;
if
((
res
=
security_file_permission
(
file
,
MAY_READ
)))
res
=
security_file_permission
(
file
,
MAY_READ
);
if
(
res
)
goto
out
;
goto
out
;
down
(
&
inode
->
i_sem
);
down
(
&
inode
->
i_sem
);
...
...
fs/stat.c
View file @
c9e54010
...
@@ -38,7 +38,8 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
...
@@ -38,7 +38,8 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
struct
inode
*
inode
=
dentry
->
d_inode
;
struct
inode
*
inode
=
dentry
->
d_inode
;
int
retval
;
int
retval
;
if
((
retval
=
security_inode_getattr
(
mnt
,
dentry
)))
retval
=
security_inode_getattr
(
mnt
,
dentry
);
if
(
retval
)
return
retval
;
return
retval
;
if
(
inode
->
i_op
->
getattr
)
if
(
inode
->
i_op
->
getattr
)
...
@@ -241,7 +242,8 @@ asmlinkage long sys_readlink(const char * path, char * buf, int bufsiz)
...
@@ -241,7 +242,8 @@ asmlinkage long sys_readlink(const char * path, char * buf, int bufsiz)
error
=
-
EINVAL
;
error
=
-
EINVAL
;
if
(
inode
->
i_op
&&
inode
->
i_op
->
readlink
)
{
if
(
inode
->
i_op
&&
inode
->
i_op
->
readlink
)
{
if
(
!
(
error
=
security_inode_readlink
(
nd
.
dentry
)))
{
error
=
security_inode_readlink
(
nd
.
dentry
);
if
(
!
error
)
{
UPDATE_ATIME
(
inode
);
UPDATE_ATIME
(
inode
);
error
=
inode
->
i_op
->
readlink
(
nd
.
dentry
,
buf
,
bufsiz
);
error
=
inode
->
i_op
->
readlink
(
nd
.
dentry
,
buf
,
bufsiz
);
}
}
...
...
fs/xattr.c
View file @
c9e54010
...
@@ -86,7 +86,8 @@ setxattr(struct dentry *d, char *name, void *value, size_t size, int flags)
...
@@ -86,7 +86,8 @@ setxattr(struct dentry *d, char *name, void *value, size_t size, int flags)
error
=
-
EOPNOTSUPP
;
error
=
-
EOPNOTSUPP
;
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
setxattr
)
{
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
setxattr
)
{
if
((
error
=
security_inode_setxattr
(
d
,
kname
,
kvalue
,
size
,
flags
)))
error
=
security_inode_setxattr
(
d
,
kname
,
kvalue
,
size
,
flags
);
if
(
error
)
goto
out
;
goto
out
;
down
(
&
d
->
d_inode
->
i_sem
);
down
(
&
d
->
d_inode
->
i_sem
);
error
=
d
->
d_inode
->
i_op
->
setxattr
(
d
,
kname
,
kvalue
,
size
,
flags
);
error
=
d
->
d_inode
->
i_op
->
setxattr
(
d
,
kname
,
kvalue
,
size
,
flags
);
...
@@ -162,7 +163,8 @@ getxattr(struct dentry *d, char *name, void *value, size_t size)
...
@@ -162,7 +163,8 @@ getxattr(struct dentry *d, char *name, void *value, size_t size)
error
=
-
EOPNOTSUPP
;
error
=
-
EOPNOTSUPP
;
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
getxattr
)
{
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
getxattr
)
{
if
((
error
=
security_inode_getxattr
(
d
,
kname
)))
error
=
security_inode_getxattr
(
d
,
kname
);
if
(
error
)
goto
out
;
goto
out
;
down
(
&
d
->
d_inode
->
i_sem
);
down
(
&
d
->
d_inode
->
i_sem
);
error
=
d
->
d_inode
->
i_op
->
getxattr
(
d
,
kname
,
kvalue
,
size
);
error
=
d
->
d_inode
->
i_op
->
getxattr
(
d
,
kname
,
kvalue
,
size
);
...
@@ -234,7 +236,8 @@ listxattr(struct dentry *d, char *list, size_t size)
...
@@ -234,7 +236,8 @@ listxattr(struct dentry *d, char *list, size_t size)
error
=
-
EOPNOTSUPP
;
error
=
-
EOPNOTSUPP
;
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
listxattr
)
{
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
listxattr
)
{
if
((
error
=
security_inode_listxattr
(
d
)))
error
=
security_inode_listxattr
(
d
);
if
(
error
)
goto
out
;
goto
out
;
down
(
&
d
->
d_inode
->
i_sem
);
down
(
&
d
->
d_inode
->
i_sem
);
error
=
d
->
d_inode
->
i_op
->
listxattr
(
d
,
klist
,
size
);
error
=
d
->
d_inode
->
i_op
->
listxattr
(
d
,
klist
,
size
);
...
@@ -308,7 +311,8 @@ removexattr(struct dentry *d, char *name)
...
@@ -308,7 +311,8 @@ removexattr(struct dentry *d, char *name)
error
=
-
EOPNOTSUPP
;
error
=
-
EOPNOTSUPP
;
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
removexattr
)
{
if
(
d
->
d_inode
->
i_op
&&
d
->
d_inode
->
i_op
->
removexattr
)
{
if
((
error
=
security_inode_removexattr
(
d
,
kname
)))
error
=
security_inode_removexattr
(
d
,
kname
);
if
(
error
)
goto
out
;
goto
out
;
down
(
&
d
->
d_inode
->
i_sem
);
down
(
&
d
->
d_inode
->
i_sem
);
error
=
d
->
d_inode
->
i_op
->
removexattr
(
d
,
kname
);
error
=
d
->
d_inode
->
i_op
->
removexattr
(
d
,
kname
);
...
...
ipc/msg.c
View file @
c9e54010
...
@@ -101,7 +101,8 @@ static int newque (key_t key, int msgflg)
...
@@ -101,7 +101,8 @@ static int newque (key_t key, int msgflg)
msq
->
q_perm
.
key
=
key
;
msq
->
q_perm
.
key
=
key
;
msq
->
q_perm
.
security
=
NULL
;
msq
->
q_perm
.
security
=
NULL
;
if
((
retval
=
security_msg_queue_alloc
(
msq
)))
{
retval
=
security_msg_queue_alloc
(
msq
);
if
(
retval
)
{
ipc_rcu_free
(
msq
,
sizeof
(
*
msq
));
ipc_rcu_free
(
msq
,
sizeof
(
*
msq
));
return
retval
;
return
retval
;
}
}
...
...
ipc/sem.c
View file @
c9e54010
...
@@ -136,7 +136,8 @@ static int newary (key_t key, int nsems, int semflg)
...
@@ -136,7 +136,8 @@ static int newary (key_t key, int nsems, int semflg)
sma
->
sem_perm
.
key
=
key
;
sma
->
sem_perm
.
key
=
key
;
sma
->
sem_perm
.
security
=
NULL
;
sma
->
sem_perm
.
security
=
NULL
;
if
((
retval
=
security_sem_alloc
(
sma
)))
{
retval
=
security_sem_alloc
(
sma
);
if
(
retval
)
{
ipc_rcu_free
(
sma
,
size
);
ipc_rcu_free
(
sma
,
size
);
return
retval
;
return
retval
;
}
}
...
...
ipc/shm.c
View file @
c9e54010
...
@@ -188,7 +188,8 @@ static int newseg (key_t key, int shmflg, size_t size)
...
@@ -188,7 +188,8 @@ static int newseg (key_t key, int shmflg, size_t size)
shp
->
shm_flags
=
(
shmflg
&
S_IRWXUGO
);
shp
->
shm_flags
=
(
shmflg
&
S_IRWXUGO
);
shp
->
shm_perm
.
security
=
NULL
;
shp
->
shm_perm
.
security
=
NULL
;
if
((
error
=
security_shm_alloc
(
shp
)))
{
error
=
security_shm_alloc
(
shp
);
if
(
error
)
{
ipc_rcu_free
(
shp
,
sizeof
(
*
shp
));
ipc_rcu_free
(
shp
,
sizeof
(
*
shp
));
return
error
;
return
error
;
}
}
...
...
kernel/acct.c
View file @
c9e54010
...
@@ -223,7 +223,8 @@ asmlinkage long sys_acct(const char *name)
...
@@ -223,7 +223,8 @@ asmlinkage long sys_acct(const char *name)
}
}
}
}
if
((
error
=
security_acct
(
file
)))
error
=
security_acct
(
file
);
if
(
error
)
return
error
;
return
error
;
spin_lock
(
&
acct_globals
.
lock
);
spin_lock
(
&
acct_globals
.
lock
);
...
...
kernel/fork.c
View file @
c9e54010
...
@@ -717,7 +717,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
...
@@ -717,7 +717,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
if
((
clone_flags
&
CLONE_DETACHED
)
&&
!
(
clone_flags
&
CLONE_THREAD
))
if
((
clone_flags
&
CLONE_DETACHED
)
&&
!
(
clone_flags
&
CLONE_THREAD
))
return
ERR_PTR
(
-
EINVAL
);
return
ERR_PTR
(
-
EINVAL
);
if
((
retval
=
security_task_create
(
clone_flags
)))
retval
=
security_task_create
(
clone_flags
);
if
(
retval
)
goto
fork_out
;
goto
fork_out
;
retval
=
-
ENOMEM
;
retval
=
-
ENOMEM
;
...
...
kernel/ptrace.c
View file @
c9e54010
...
@@ -101,7 +101,8 @@ int ptrace_attach(struct task_struct *task)
...
@@ -101,7 +101,8 @@ int ptrace_attach(struct task_struct *task)
/* the same process cannot be attached many times */
/* the same process cannot be attached many times */
if
(
task
->
ptrace
&
PT_PTRACED
)
if
(
task
->
ptrace
&
PT_PTRACED
)
goto
bad
;
goto
bad
;
if
((
retval
=
security_ptrace
(
current
,
task
)))
retval
=
security_ptrace
(
current
,
task
);
if
(
retval
)
goto
bad
;
goto
bad
;
/* Go */
/* Go */
...
...
kernel/sched.c
View file @
c9e54010
...
@@ -1348,7 +1348,8 @@ asmlinkage long sys_nice(int increment)
...
@@ -1348,7 +1348,8 @@ asmlinkage long sys_nice(int increment)
if
(
nice
>
19
)
if
(
nice
>
19
)
nice
=
19
;
nice
=
19
;
if
((
retval
=
security_task_setnice
(
current
,
nice
)))
retval
=
security_task_setnice
(
current
,
nice
);
if
(
retval
)
return
retval
;
return
retval
;
set_user_nice
(
current
,
nice
);
set_user_nice
(
current
,
nice
);
...
@@ -1469,7 +1470,8 @@ static int setscheduler(pid_t pid, int policy, struct sched_param *param)
...
@@ -1469,7 +1470,8 @@ static int setscheduler(pid_t pid, int policy, struct sched_param *param)
!
capable
(
CAP_SYS_NICE
))
!
capable
(
CAP_SYS_NICE
))
goto
out_unlock
;
goto
out_unlock
;
if
((
retval
=
security_task_setscheduler
(
p
,
policy
,
&
lp
)))
retval
=
security_task_setscheduler
(
p
,
policy
,
&
lp
);
if
(
retval
)
goto
out_unlock
;
goto
out_unlock
;
array
=
p
->
array
;
array
=
p
->
array
;
...
@@ -1532,7 +1534,8 @@ asmlinkage long sys_sched_getscheduler(pid_t pid)
...
@@ -1532,7 +1534,8 @@ asmlinkage long sys_sched_getscheduler(pid_t pid)
read_lock
(
&
tasklist_lock
);
read_lock
(
&
tasklist_lock
);
p
=
find_process_by_pid
(
pid
);
p
=
find_process_by_pid
(
pid
);
if
(
p
)
{
if
(
p
)
{
if
(
!
(
retval
=
security_task_getscheduler
(
p
)))
retval
=
security_task_getscheduler
(
p
);
if
(
!
retval
)
retval
=
p
->
policy
;
retval
=
p
->
policy
;
}
}
read_unlock
(
&
tasklist_lock
);
read_unlock
(
&
tasklist_lock
);
...
@@ -1561,7 +1564,8 @@ asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param *param)
...
@@ -1561,7 +1564,8 @@ asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param *param)
if
(
!
p
)
if
(
!
p
)
goto
out_unlock
;
goto
out_unlock
;
if
((
retval
=
security_task_getscheduler
(
p
)))
retval
=
security_task_getscheduler
(
p
);
if
(
retval
)
goto
out_unlock
;
goto
out_unlock
;
lp
.
sched_priority
=
p
->
rt_priority
;
lp
.
sched_priority
=
p
->
rt_priority
;
...
@@ -1820,7 +1824,8 @@ asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec *interval)
...
@@ -1820,7 +1824,8 @@ asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec *interval)
if
(
!
p
)
if
(
!
p
)
goto
out_unlock
;
goto
out_unlock
;
if
((
retval
=
security_task_getscheduler
(
p
)))
retval
=
security_task_getscheduler
(
p
);
if
(
retval
)
goto
out_unlock
;
goto
out_unlock
;
jiffies_to_timespec
(
p
->
policy
&
SCHED_FIFO
?
jiffies_to_timespec
(
p
->
policy
&
SCHED_FIFO
?
...
...
kernel/signal.c
View file @
c9e54010
...
@@ -739,7 +739,8 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t, int
...
@@ -739,7 +739,8 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t, int
ret
=
-
EPERM
;
ret
=
-
EPERM
;
if
(
bad_signal
(
sig
,
info
,
t
))
if
(
bad_signal
(
sig
,
info
,
t
))
goto
out
;
goto
out
;
if
((
ret
=
security_task_kill
(
t
,
info
,
sig
)))
ret
=
security_task_kill
(
t
,
info
,
sig
);
if
(
ret
)
goto
out
;
goto
out
;
/* The null signal is a permissions and process existence probe.
/* The null signal is a permissions and process existence probe.
...
...
kernel/sys.c
View file @
c9e54010
...
@@ -485,7 +485,8 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
...
@@ -485,7 +485,8 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
int
new_egid
=
old_egid
;
int
new_egid
=
old_egid
;
int
retval
;
int
retval
;
if
((
retval
=
security_task_setgid
(
rgid
,
egid
,
(
gid_t
)
-
1
,
LSM_SETID_RE
)))
retval
=
security_task_setgid
(
rgid
,
egid
,
(
gid_t
)
-
1
,
LSM_SETID_RE
);
if
(
retval
)
return
retval
;
return
retval
;
if
(
rgid
!=
(
gid_t
)
-
1
)
{
if
(
rgid
!=
(
gid_t
)
-
1
)
{
...
@@ -530,7 +531,8 @@ asmlinkage long sys_setgid(gid_t gid)
...
@@ -530,7 +531,8 @@ asmlinkage long sys_setgid(gid_t gid)
int
old_egid
=
current
->
egid
;
int
old_egid
=
current
->
egid
;
int
retval
;
int
retval
;
if
((
retval
=
security_task_setgid
(
gid
,
(
gid_t
)
-
1
,
(
gid_t
)
-
1
,
LSM_SETID_ID
)))
retval
=
security_task_setgid
(
gid
,
(
gid_t
)
-
1
,
(
gid_t
)
-
1
,
LSM_SETID_ID
);
if
(
retval
)
return
retval
;
return
retval
;
if
(
capable
(
CAP_SETGID
))
if
(
capable
(
CAP_SETGID
))
...
@@ -603,7 +605,8 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
...
@@ -603,7 +605,8 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
int
old_ruid
,
old_euid
,
old_suid
,
new_ruid
,
new_euid
;
int
old_ruid
,
old_euid
,
old_suid
,
new_ruid
,
new_euid
;
int
retval
;
int
retval
;
if
((
retval
=
security_task_setuid
(
ruid
,
euid
,
(
uid_t
)
-
1
,
LSM_SETID_RE
)))
retval
=
security_task_setuid
(
ruid
,
euid
,
(
uid_t
)
-
1
,
LSM_SETID_RE
);
if
(
retval
)
return
retval
;
return
retval
;
new_ruid
=
old_ruid
=
current
->
uid
;
new_ruid
=
old_ruid
=
current
->
uid
;
...
@@ -663,7 +666,8 @@ asmlinkage long sys_setuid(uid_t uid)
...
@@ -663,7 +666,8 @@ asmlinkage long sys_setuid(uid_t uid)
int
old_ruid
,
old_suid
,
new_ruid
,
new_suid
;
int
old_ruid
,
old_suid
,
new_ruid
,
new_suid
;
int
retval
;
int
retval
;
if
((
retval
=
security_task_setuid
(
uid
,
(
uid_t
)
-
1
,
(
uid_t
)
-
1
,
LSM_SETID_ID
)))
retval
=
security_task_setuid
(
uid
,
(
uid_t
)
-
1
,
(
uid_t
)
-
1
,
LSM_SETID_ID
);
if
(
retval
)
return
retval
;
return
retval
;
old_ruid
=
new_ruid
=
current
->
uid
;
old_ruid
=
new_ruid
=
current
->
uid
;
...
@@ -700,7 +704,8 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
...
@@ -700,7 +704,8 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
int
old_suid
=
current
->
suid
;
int
old_suid
=
current
->
suid
;
int
retval
;
int
retval
;
if
((
retval
=
security_task_setuid
(
ruid
,
euid
,
suid
,
LSM_SETID_RES
)))
retval
=
security_task_setuid
(
ruid
,
euid
,
suid
,
LSM_SETID_RES
);
if
(
retval
)
return
retval
;
return
retval
;
if
(
!
capable
(
CAP_SETUID
))
{
if
(
!
capable
(
CAP_SETUID
))
{
...
@@ -751,7 +756,8 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
...
@@ -751,7 +756,8 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
{
{
int
retval
;
int
retval
;
if
((
retval
=
security_task_setgid
(
rgid
,
egid
,
sgid
,
LSM_SETID_RES
)))
retval
=
security_task_setgid
(
rgid
,
egid
,
sgid
,
LSM_SETID_RES
);
if
(
retval
)
return
retval
;
return
retval
;
if
(
!
capable
(
CAP_SETGID
))
{
if
(
!
capable
(
CAP_SETGID
))
{
...
@@ -804,7 +810,8 @@ asmlinkage long sys_setfsuid(uid_t uid)
...
@@ -804,7 +810,8 @@ asmlinkage long sys_setfsuid(uid_t uid)
int
old_fsuid
;
int
old_fsuid
;
int
retval
;
int
retval
;
if
((
retval
=
security_task_setuid
(
uid
,
(
uid_t
)
-
1
,
(
uid_t
)
-
1
,
LSM_SETID_FS
)))
retval
=
security_task_setuid
(
uid
,
(
uid_t
)
-
1
,
(
uid_t
)
-
1
,
LSM_SETID_FS
);
if
(
retval
)
return
retval
;
return
retval
;
old_fsuid
=
current
->
fsuid
;
old_fsuid
=
current
->
fsuid
;
...
@@ -820,7 +827,8 @@ asmlinkage long sys_setfsuid(uid_t uid)
...
@@ -820,7 +827,8 @@ asmlinkage long sys_setfsuid(uid_t uid)
current
->
fsuid
=
uid
;
current
->
fsuid
=
uid
;
}
}
if
((
retval
=
security_task_post_setuid
(
old_fsuid
,
(
uid_t
)
-
1
,
(
uid_t
)
-
1
,
LSM_SETID_FS
)))
retval
=
security_task_post_setuid
(
old_fsuid
,
(
uid_t
)
-
1
,
(
uid_t
)
-
1
,
LSM_SETID_FS
);
if
(
retval
)
return
retval
;
return
retval
;
return
old_fsuid
;
return
old_fsuid
;
...
@@ -834,7 +842,8 @@ asmlinkage long sys_setfsgid(gid_t gid)
...
@@ -834,7 +842,8 @@ asmlinkage long sys_setfsgid(gid_t gid)
int
old_fsgid
;
int
old_fsgid
;
int
retval
;
int
retval
;
if
((
retval
=
security_task_setgid
(
gid
,
(
gid_t
)
-
1
,
(
gid_t
)
-
1
,
LSM_SETID_FS
)))
retval
=
security_task_setgid
(
gid
,
(
gid_t
)
-
1
,
(
gid_t
)
-
1
,
LSM_SETID_FS
);
if
(
retval
)
return
retval
;
return
retval
;
old_fsgid
=
current
->
fsgid
;
old_fsgid
=
current
->
fsgid
;
...
@@ -959,7 +968,8 @@ asmlinkage long sys_getpgid(pid_t pid)
...
@@ -959,7 +968,8 @@ asmlinkage long sys_getpgid(pid_t pid)
retval
=
-
ESRCH
;
retval
=
-
ESRCH
;
if
(
p
)
{
if
(
p
)
{
if
(
!
(
retval
=
security_task_getpgid
(
p
)))
retval
=
security_task_getpgid
(
p
);
if
(
!
retval
)
retval
=
p
->
pgrp
;
retval
=
p
->
pgrp
;
}
}
read_unlock
(
&
tasklist_lock
);
read_unlock
(
&
tasklist_lock
);
...
@@ -986,7 +996,8 @@ asmlinkage long sys_getsid(pid_t pid)
...
@@ -986,7 +996,8 @@ asmlinkage long sys_getsid(pid_t pid)
retval
=
-
ESRCH
;
retval
=
-
ESRCH
;
if
(
p
)
{
if
(
p
)
{
if
(
!
(
retval
=
security_task_getsid
(
p
)))
retval
=
security_task_getsid
(
p
);
if
(
!
retval
)
retval
=
p
->
session
;
retval
=
p
->
session
;
}
}
read_unlock
(
&
tasklist_lock
);
read_unlock
(
&
tasklist_lock
);
...
@@ -1067,7 +1078,8 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist)
...
@@ -1067,7 +1078,8 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist)
return
-
EINVAL
;
return
-
EINVAL
;
if
(
copy_from_user
(
groups
,
grouplist
,
gidsetsize
*
sizeof
(
gid_t
)))
if
(
copy_from_user
(
groups
,
grouplist
,
gidsetsize
*
sizeof
(
gid_t
)))
return
-
EFAULT
;
return
-
EFAULT
;
if
((
retval
=
security_task_setgroups
(
gidsetsize
,
groups
)))
retval
=
security_task_setgroups
(
gidsetsize
,
groups
);
if
(
retval
)
return
retval
;
return
retval
;
memcpy
(
current
->
groups
,
groups
,
gidsetsize
*
sizeof
(
gid_t
));
memcpy
(
current
->
groups
,
groups
,
gidsetsize
*
sizeof
(
gid_t
));
current
->
ngroups
=
gidsetsize
;
current
->
ngroups
=
gidsetsize
;
...
@@ -1230,7 +1242,8 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim)
...
@@ -1230,7 +1242,8 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim)
return
-
EPERM
;
return
-
EPERM
;
}
}
if
((
retval
=
security_task_setrlimit
(
resource
,
&
new_rlim
)))
retval
=
security_task_setrlimit
(
resource
,
&
new_rlim
);
if
(
retval
)
return
retval
;
return
retval
;
*
old_rlim
=
new_rlim
;
*
old_rlim
=
new_rlim
;
...
@@ -1304,7 +1317,8 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
...
@@ -1304,7 +1317,8 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
int
error
=
0
;
int
error
=
0
;
int
sig
;
int
sig
;
if
((
error
=
security_task_prctl
(
option
,
arg2
,
arg3
,
arg4
,
arg5
)))
error
=
security_task_prctl
(
option
,
arg2
,
arg3
,
arg4
,
arg5
);
if
(
error
)
return
error
;
return
error
;
switch
(
option
)
{
switch
(
option
)
{
...
...
kernel/uid16.c
View file @
c9e54010
...
@@ -140,7 +140,8 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist)
...
@@ -140,7 +140,8 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist)
return
-
EFAULT
;
return
-
EFAULT
;
for
(
i
=
0
;
i
<
gidsetsize
;
i
++
)
for
(
i
=
0
;
i
<
gidsetsize
;
i
++
)
new_groups
[
i
]
=
(
gid_t
)
groups
[
i
];
new_groups
[
i
]
=
(
gid_t
)
groups
[
i
];
if
((
i
=
security_task_setgroups
(
gidsetsize
,
new_groups
)))
i
=
security_task_setgroups
(
gidsetsize
,
new_groups
);
if
(
i
)
return
i
;
return
i
;
memcpy
(
current
->
groups
,
new_groups
,
gidsetsize
*
sizeof
(
gid_t
));
memcpy
(
current
->
groups
,
new_groups
,
gidsetsize
*
sizeof
(
gid_t
));
current
->
ngroups
=
gidsetsize
;
current
->
ngroups
=
gidsetsize
;
...
...
mm/mmap.c
View file @
c9e54010
...
@@ -504,7 +504,8 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
...
@@ -504,7 +504,8 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
}
}
}
}
if
((
error
=
security_file_mmap
(
file
,
prot
,
flags
)))
error
=
security_file_mmap
(
file
,
prot
,
flags
);
if
(
error
)
return
error
;
return
error
;
/* Clear old maps */
/* Clear old maps */
...
...
mm/mprotect.c
View file @
c9e54010
...
@@ -263,7 +263,8 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
...
@@ -263,7 +263,8 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
goto
out
;
goto
out
;
}
}
if
((
error
=
security_file_mprotect
(
vma
,
prot
)))
error
=
security_file_mprotect
(
vma
,
prot
);
if
(
error
)
goto
out
;
goto
out
;
if
(
vma
->
vm_end
>
end
)
{
if
(
vma
->
vm_end
>
end
)
{
...
...
net/core/scm.c
View file @
c9e54010
...
@@ -217,7 +217,8 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
...
@@ -217,7 +217,8 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
for
(
i
=
0
,
cmfptr
=
(
int
*
)
CMSG_DATA
(
cm
);
i
<
fdmax
;
i
++
,
cmfptr
++
)
for
(
i
=
0
,
cmfptr
=
(
int
*
)
CMSG_DATA
(
cm
);
i
<
fdmax
;
i
++
,
cmfptr
++
)
{
{
int
new_fd
;
int
new_fd
;
if
((
err
=
security_file_receive
(
fp
[
i
])))
err
=
security_file_receive
(
fp
[
i
]);
if
(
err
)
break
;
break
;
err
=
get_unused_fd
();
err
=
get_unused_fd
();
if
(
err
<
0
)
if
(
err
<
0
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment