diff options
| author | Raghuram Subramani <raghus2247@gmail.com> | 2024-10-17 17:33:46 +0530 |
|---|---|---|
| committer | Raghuram Subramani <raghus2247@gmail.com> | 2024-10-17 17:33:46 +0530 |
| commit | 321337c9e82f016a0cd64f81573c18b5731ffa8d (patch) | |
| tree | e9874bb042e851fec1e19bb8dfca694ef885456a /security | |
| parent | cc57cb4ee3b7918b74d30604735d353b9a5fa23b (diff) | |
Merge remote-tracking branch 'msm8998/lineage-20' into lineage-20
Change-Id: I126075a330f305c85f8fe1b8c9d408f368be95d1
Diffstat (limited to 'security')
| -rw-r--r-- | security/pfe/pfk.c | 10 | ||||
| -rw-r--r-- | security/security.c | 17 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 4 | ||||
| -rw-r--r-- | security/selinux/include/xfrm.h | 2 | ||||
| -rw-r--r-- | security/selinux/xfrm.c | 8 |
5 files changed, 22 insertions, 19 deletions
diff --git a/security/pfe/pfk.c b/security/pfe/pfk.c index 2e5aa2fb6688..c49b30e66f46 100644 --- a/security/pfe/pfk.c +++ b/security/pfe/pfk.c @@ -198,6 +198,8 @@ static inline bool pfk_is_ready(void) */ static struct inode *pfk_bio_get_inode(const struct bio *bio) { + struct inode *inode; + if (!bio) return NULL; if (!bio_has_data((struct bio *)bio)) @@ -207,11 +209,9 @@ static struct inode *pfk_bio_get_inode(const struct bio *bio) if (!bio->bi_io_vec->bv_page) return NULL; - if (PageAnon(bio->bi_io_vec->bv_page)) { - struct inode *inode; - - /* Using direct-io (O_DIRECT) without page cache */ - inode = dio_bio_get_inode((struct bio *)bio); + /* Using direct-io (O_DIRECT) without page cache */ + inode = dio_bio_get_inode((struct bio *)bio); + if (inode) { pr_debug("inode on direct-io, inode = 0x%p.\n", inode); return inode; diff --git a/security/security.c b/security/security.c index 6546dffd1112..9c59f6f83e66 100644 --- a/security/security.c +++ b/security/security.c @@ -1320,15 +1320,16 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk) } EXPORT_SYMBOL(security_sk_clone); -void security_sk_classify_flow(struct sock *sk, struct flowi *fl) +void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic) { - call_void_hook(sk_getsecid, sk, &fl->flowi_secid); + call_void_hook(sk_getsecid, sk, &flic->flowic_secid); } EXPORT_SYMBOL(security_sk_classify_flow); -void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) +void security_req_classify_flow(const struct request_sock *req, + struct flowi_common *flic) { - call_void_hook(req_classify_flow, req, fl); + call_void_hook(req_classify_flow, req, flic); } EXPORT_SYMBOL(security_req_classify_flow); @@ -1471,7 +1472,7 @@ int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) int security_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, - const struct flowi *fl) + const struct flowi_common *flic) { struct security_hook_list *hp; int rc = 1; @@ -1487,7 +1488,7 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x, */ list_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match, list) { - rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl); + rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic); break; } return rc; @@ -1498,9 +1499,9 @@ int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) return call_int_hook(xfrm_decode_session, 0, skb, secid, 1); } -void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) +void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic) { - int rc = call_int_hook(xfrm_decode_session, 0, skb, &fl->flowi_secid, + int rc = call_int_hook(xfrm_decode_session, 0, skb, &flic->flowic_secid, 0); BUG_ON(rc); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3d24f86b423f..3bac79428c9b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4835,9 +4835,9 @@ static void selinux_secmark_refcount_dec(void) } static void selinux_req_classify_flow(const struct request_sock *req, - struct flowi *fl) + struct flowi_common *flic) { - fl->flowi_secid = req->secid; + flic->flowic_secid = req->secid; } static int selinux_tun_dev_alloc_security(void **security) diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 1450f85b946d..0f929b420059 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h @@ -25,7 +25,7 @@ int selinux_xfrm_state_delete(struct xfrm_state *x); int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, - const struct flowi *fl); + const struct flowi_common *flic); #ifdef CONFIG_SECURITY_NETWORK_XFRM extern atomic_t selinux_xfrm_refcount; diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 56e354fcdfc6..fda680555451 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -174,9 +174,10 @@ int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) */ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, - const struct flowi *fl) + const struct flowi_common *flic) { u32 state_sid; + u32 flic_sid; if (!xp->security) if (x->security) @@ -195,14 +196,15 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, return 0; state_sid = x->security->ctx_sid; + flic_sid = flic->flowic_secid; - if (fl->flowi_secid != state_sid) + if (flic_sid != state_sid) return 0; /* We don't need a separate SA Vs. policy polmatch check since the SA * is now of the same label as the flow and a flow Vs. policy polmatch * check had already happened in selinux_xfrm_policy_lookup() above. */ - return (avc_has_perm(fl->flowi_secid, state_sid, + return (avc_has_perm(flic_sid, state_sid, SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, NULL) ? 0 : 1); } |