diff options
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 5 | ||||
| -rw-r--r-- | security/selinux/include/classmap.h | 2 | ||||
| -rw-r--r-- | security/selinux/include/objsec.h | 5 | ||||
| -rw-r--r-- | security/selinux/include/security.h | 1 |
4 files changed, 8 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3bc8c5e92c98..534019901c0b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1252,6 +1252,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc return SECCLASS_KEY_SOCKET; case PF_APPLETALK: return SECCLASS_APPLETALK_SOCKET; + case PF_CAN: + return SECCLASS_CAN_SOCKET; } return SECCLASS_SOCKET; @@ -1836,8 +1838,7 @@ static int may_link(struct inode *dir, return 0; } - rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); - return rc; + return avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); } static inline int may_rename(struct inode *old_dir, diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 31dc821a6be0..8a764f40730b 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -157,5 +157,7 @@ struct security_class_mapping secclass_map[] = { { COMMON_SOCK_PERMS, "attach_queue", NULL } }, { "binder", { "impersonate", "call", "set_context_mgr", "transfer", NULL } }, + { "can_socket", + { COMMON_SOCK_PERMS, NULL } }, { NULL } }; diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 81fa718d5cb3..f6027d67a0e6 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -25,8 +25,7 @@ #include <linux/in.h> #include <linux/spinlock.h> #include <net/net_namespace.h> -#include "flask.h" -#include "avc.h" +#include "security.h" struct task_security_struct { u32 osid; /* SID prior to last execve */ @@ -47,6 +46,8 @@ struct inode_security_struct { u32 sid; /* SID of this object */ u16 sclass; /* security class of this object */ unsigned char initialized; /* initialization flag */ + u32 tag; /* Per-File-Encryption tag */ + void *pfk_data; /* Per-File-Key data from ecryptfs */ struct mutex lock; }; diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index dff1d1a1367a..b45a3a72c161 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -12,7 +12,6 @@ #include <linux/dcache.h> #include <linux/magic.h> #include <linux/types.h> -#include "flask.h" #define SECSID_NULL 0x00000000 /* unspecified SID */ #define SECSID_WILD 0xffffffff /* wildcard SID */ |