diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7d1d0fc287ba..b3d591ec452a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1811,7 +1811,6 @@ static int selinux_determine_inode_label(struct inode *dir, u32 *_new_isid) { const struct superblock_security_struct *sbsec = dir->i_sb->s_security; - const struct inode_security_struct *dsec = inode_security(dir); const struct task_security_struct *tsec = current_security(); if ((sbsec->flags & SE_SBINITIALIZED) && @@ -1821,6 +1820,7 @@ static int selinux_determine_inode_label(struct inode *dir, tsec->create_sid) { *_new_isid = tsec->create_sid; } else { + const struct inode_security_struct *dsec = inode_security(dir); return security_transition_sid(tsec->sid, dsec->sid, tclass, name, _new_isid); } @@ -2100,7 +2100,7 @@ static int selinux_binder_transfer_file(const struct cred *from, u32 sid = cred_sid(to); struct file_security_struct *fsec = file->f_security; struct dentry *dentry = file->f_path.dentry; - struct inode_security_struct *isec = backing_inode_security(dentry); + struct inode_security_struct *isec; struct common_audit_data ad; int rc; @@ -2125,6 +2125,7 @@ static int selinux_binder_transfer_file(const struct cred *from, if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; + isec = backing_inode_security(dentry); return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), &ad); } @@ -3079,7 +3080,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct inode *inode = d_backing_inode(dentry); - struct inode_security_struct *isec = backing_inode_security(dentry); + struct inode_security_struct *isec; struct superblock_security_struct *sbsec; struct common_audit_data ad; u32 newsid, sid = current_sid(); @@ -3098,6 +3099,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; + isec = backing_inode_security(dentry); rc = avc_has_perm(sid, isec->sid, isec->sclass, FILE__RELABELFROM, &ad); if (rc) @@ -3156,7 +3158,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, int flags) { struct inode *inode = d_backing_inode(dentry); - struct inode_security_struct *isec = backing_inode_security(dentry); + struct inode_security_struct *isec; u32 newsid; int rc; @@ -3173,6 +3175,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, return; } + isec = backing_inode_security(dentry); isec->sclass = inode_mode_to_security_class(inode->i_mode); isec->sid = newsid; isec->initialized = LABEL_INITIALIZED; @@ -3214,7 +3217,7 @@ static int selinux_inode_getsecurity(struct inode *inode, const char *name, void u32 size; int error; char *context = NULL; - struct inode_security_struct *isec = inode_security(inode); + struct inode_security_struct *isec; if (strcmp(name, XATTR_SELINUX_SUFFIX)) return -EOPNOTSUPP; @@ -3233,6 +3236,7 @@ static int selinux_inode_getsecurity(struct inode *inode, const char *name, void if (!error) error = cred_has_capability(current_cred(), CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); + isec = inode_security(inode); if (!error) error = security_sid_to_context_force(isec->sid, &context, &size); @@ -3342,7 +3346,7 @@ static int ioctl_has_perm(const struct cred *cred, struct file *file, struct common_audit_data ad; struct file_security_struct *fsec = file->f_security; struct inode *inode = file_inode(file); - struct inode_security_struct *isec = inode_security(inode); + struct inode_security_struct *isec; struct lsm_ioctlop_audit ioctl; u32 ssid = cred_sid(cred); int rc; @@ -3366,6 +3370,7 @@ static int ioctl_has_perm(const struct cred *cred, struct file *file, if (unlikely(IS_PRIVATE(inode))) return 0; + isec = inode_security(inode); rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, requested, driver, xperm, &ad); out: @@ -3768,19 +3773,19 @@ static int selinux_kernel_module_from_file(struct file *file) SYSTEM__MODULE_LOAD, NULL); /* finit_module */ + ad.type = LSM_AUDIT_DATA_PATH; ad.u.path = file->f_path; - inode = file_inode(file); - isec = inode->i_security; fsec = file->f_security; - if (sid != fsec->sid) { rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); if (rc) return rc; } + inode = file_inode(file); + isec = inode->i_security; return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM, SYSTEM__MODULE_LOAD, &ad); } |