hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (3423166f..)new (259e5e6c..)

hooks.c (3423166fdbc2444bf3a4a27af1d7508364a17be7)	hooks.c (259e5e6c75a910f3b5e656151dc602f53f9d7548)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 2002 unchanged lines hidden (view full) --- 2011 new_tsec->create_sid = 0; 2012 new_tsec->keycreate_sid = 0; 2013 new_tsec->sockcreate_sid = 0; 2014 2015 if (old_tsec->exec_sid) { 2016 new_tsec->sid = old_tsec->exec_sid; 2017 /* Reset exec SID on execve. */ 2018 new_tsec->exec_sid = 0;	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 2002 unchanged lines hidden (view full) --- 2011 new_tsec->create_sid = 0; 2012 new_tsec->keycreate_sid = 0; 2013 new_tsec->sockcreate_sid = 0; 2014 2015 if (old_tsec->exec_sid) { 2016 new_tsec->sid = old_tsec->exec_sid; 2017 /* Reset exec SID on execve. */ 2018 new_tsec->exec_sid = 0;
	2019 2020 /* 2021 * Minimize confusion: if no_new_privs and a transition is 2022 * explicitly requested, then fail the exec. 2023 */ 2024 if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) 2025 return -EPERM;
2019 } else { 2020 /* Check for a default transition on this program. */ 2021 rc = security_transition_sid(old_tsec->sid, isec->sid, 2022 SECCLASS_PROCESS, NULL, 2023 &new_tsec->sid); 2024 if (rc) 2025 return rc; 2026 } 2027 2028 COMMON_AUDIT_DATA_INIT(&ad, PATH); 2029 ad.selinux_audit_data = &sad; 2030 ad.u.path = bprm->file->f_path; 2031	2026 } else { 2027 /* Check for a default transition on this program. */ 2028 rc = security_transition_sid(old_tsec->sid, isec->sid, 2029 SECCLASS_PROCESS, NULL, 2030 &new_tsec->sid); 2031 if (rc) 2032 return rc; 2033 } 2034 2035 COMMON_AUDIT_DATA_INIT(&ad, PATH); 2036 ad.selinux_audit_data = &sad; 2037 ad.u.path = bprm->file->f_path; 2038
2032 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)	2039 if ((bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) \|\| 2040 (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS))
2033 new_tsec->sid = old_tsec->sid; 2034 2035 if (new_tsec->sid == old_tsec->sid) { 2036 rc = avc_has_perm(old_tsec->sid, isec->sid, 2037 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2038 if (rc) 2039 return rc; 2040 } else { --- 3858 unchanged lines hidden ---	2041 new_tsec->sid = old_tsec->sid; 2042 2043 if (new_tsec->sid == old_tsec->sid) { 2044 rc = avc_has_perm(old_tsec->sid, isec->sid, 2045 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2046 if (rc) 2047 return rc; 2048 } else { --- 3858 unchanged lines hidden ---