| hooks.c (1a37079c236d55fb31ebbf4b59945dab8ec8764c) | hooks.c (0188d5c025ca8fe756ba3193bd7d150139af5a88) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * NSA Security-Enhanced Linux (SELinux) security module 4 * 5 * This file contains the SELinux hook function implementations. 6 * 7 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 8 * Chris Vance, <cvance@nai.com> --- 2997 unchanged lines hidden (view full) --- 3006 3007 return avc_has_perm_flags(&selinux_state, 3008 sid, isec->sid, isec->sclass, FILE__READ, &ad, 3009 rcu ? MAY_NOT_BLOCK : 0); 3010} 3011 3012static noinline int audit_inode_permission(struct inode *inode, 3013 u32 perms, u32 audited, u32 denied, | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * NSA Security-Enhanced Linux (SELinux) security module 4 * 5 * This file contains the SELinux hook function implementations. 6 * 7 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 8 * Chris Vance, <cvance@nai.com> --- 2997 unchanged lines hidden (view full) --- 3006 3007 return avc_has_perm_flags(&selinux_state, 3008 sid, isec->sid, isec->sclass, FILE__READ, &ad, 3009 rcu ? MAY_NOT_BLOCK : 0); 3010} 3011 3012static noinline int audit_inode_permission(struct inode *inode, 3013 u32 perms, u32 audited, u32 denied, |
| 3014 int result, 3015 unsigned flags) | 3014 int result) |
| 3016{ 3017 struct common_audit_data ad; 3018 struct inode_security_struct *isec = selinux_inode(inode); 3019 int rc; 3020 3021 ad.type = LSM_AUDIT_DATA_INODE; 3022 ad.u.inode = inode; 3023 3024 rc = slow_avc_audit(&selinux_state, 3025 current_sid(), isec->sid, isec->sclass, perms, | 3015{ 3016 struct common_audit_data ad; 3017 struct inode_security_struct *isec = selinux_inode(inode); 3018 int rc; 3019 3020 ad.type = LSM_AUDIT_DATA_INODE; 3021 ad.u.inode = inode; 3022 3023 rc = slow_avc_audit(&selinux_state, 3024 current_sid(), isec->sid, isec->sclass, perms, |
| 3026 audited, denied, result, &ad, flags); | 3025 audited, denied, result, &ad); |
| 3027 if (rc) 3028 return rc; 3029 return 0; 3030} 3031 3032static int selinux_inode_permission(struct inode *inode, int mask) 3033{ 3034 const struct cred *cred = current_cred(); --- 30 unchanged lines hidden (view full) --- 3065 (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0, 3066 &avd); 3067 audited = avc_audit_required(perms, &avd, rc, 3068 from_access ? FILE__AUDIT_ACCESS : 0, 3069 &denied); 3070 if (likely(!audited)) 3071 return rc; 3072 | 3026 if (rc) 3027 return rc; 3028 return 0; 3029} 3030 3031static int selinux_inode_permission(struct inode *inode, int mask) 3032{ 3033 const struct cred *cred = current_cred(); --- 30 unchanged lines hidden (view full) --- 3064 (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0, 3065 &avd); 3066 audited = avc_audit_required(perms, &avd, rc, 3067 from_access ? FILE__AUDIT_ACCESS : 0, 3068 &denied); 3069 if (likely(!audited)) 3070 return rc; 3071 |
| 3073 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags); | 3072 /* fall back to ref-walk if we have to generate audit */ 3073 if (flags & MAY_NOT_BLOCK) 3074 return -ECHILD; 3075 3076 rc2 = audit_inode_permission(inode, perms, audited, denied, rc); |
| 3074 if (rc2) 3075 return rc2; 3076 return rc; 3077} 3078 3079static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 3080{ 3081 const struct cred *cred = current_cred(); --- 4253 unchanged lines hidden --- | 3077 if (rc2) 3078 return rc2; 3079 return rc; 3080} 3081 3082static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 3083{ 3084 const struct cred *cred = current_cred(); --- 4253 unchanged lines hidden --- |