hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (37babe4e..)new (b197367e..)

hooks.c (37babe4ec610ff288a60aa79619b3d2f00bcfd89)	hooks.c (b197367ed1ba81b0d26f7e7f76f61731ac6e5842)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 259 unchanged lines hidden (view full) --- 268 * @opt_dentry is NULL and no dentry for this inode can be 269 * found; in that case, continue using the old label. 270 */ 271 inode_doinit_with_dentry(inode, opt_dentry); 272 } 273 return 0; 274} 275	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 259 unchanged lines hidden (view full) --- 268 * @opt_dentry is NULL and no dentry for this inode can be 269 * found; in that case, continue using the old label. 270 */ 271 inode_doinit_with_dentry(inode, opt_dentry); 272 } 273 return 0; 274} 275
276static void inode_security_revalidate(struct inode *inode) 277{ 278 __inode_security_revalidate(inode, NULL, true); 279} 280
281static struct inode_security_struct inode_security_novalidate(struct inode inode) 282{ 283 return inode->i_security; 284} 285 286static struct inode_security_struct inode_security_rcu(struct inode inode, bool rcu) 287{ 288 int error; --- 2983 unchanged lines hidden (view full) --- 3272 return file_has_perm(cred, file, 3273 file_mask_to_av(inode->i_mode, mask)); 3274} 3275 3276static int selinux_file_permission(struct file file, int mask) 3277{ 3278 struct inode inode = file_inode(file); 3279 struct file_security_struct *fsec = file->f_security;	276static struct inode_security_struct inode_security_novalidate(struct inode inode) 277{ 278 return inode->i_security; 279} 280 281static struct inode_security_struct inode_security_rcu(struct inode inode, bool rcu) 282{ 283 int error; --- 2983 unchanged lines hidden (view full) --- 3267 return file_has_perm(cred, file, 3268 file_mask_to_av(inode->i_mode, mask)); 3269} 3270 3271static int selinux_file_permission(struct file file, int mask) 3272{ 3273 struct inode inode = file_inode(file); 3274 struct file_security_struct *fsec = file->f_security;
3280 struct inode_security_struct *isec = inode_security(inode);	3275 struct inode_security_struct *isec;
3281 u32 sid = current_sid(); 3282 3283 if (!mask) 3284 /* No permission to check. Existence test. */ 3285 return 0; 3286	3276 u32 sid = current_sid(); 3277 3278 if (!mask) 3279 /* No permission to check. Existence test. */ 3280 return 0; 3281
	3282 isec = inode_security(inode);
3287 if (sid == fsec->sid && fsec->isid == isec->sid && 3288 fsec->pseqno == avc_policy_seqno()) 3289 /* No change since file_open check. */ 3290 return 0; 3291	3283 if (sid == fsec->sid && fsec->isid == isec->sid && 3284 fsec->pseqno == avc_policy_seqno()) 3285 /* No change since file_open check. */ 3286 return 0; 3287
3292 inode_security_revalidate(inode);
3293 return selinux_revalidate_file_permission(file, mask); 3294} 3295 3296static int selinux_file_alloc_security(struct file file) 3297{ 3298 return file_alloc_security(file); 3299} 3300 --- 289 unchanged lines hidden* (view full) --- 3590 /* 3591 * Since the inode label or policy seqno may have changed 3592 * between the selinux_inode_permission check and the saving 3593 * of state above, recheck that access is still permitted. 3594 * Otherwise, access might never be revalidated against the 3595 * new inode label or new policy. 3596 * This check is not redundant - do not remove. 3597 */	3288 return selinux_revalidate_file_permission(file, mask); 3289} 3290 3291static int selinux_file_alloc_security(struct file file) 3292{ 3293 return file_alloc_security(file); 3294} 3295 --- 289 unchanged lines hidden* (view full) --- 3585 /* 3586 * Since the inode label or policy seqno may have changed 3587 * between the selinux_inode_permission check and the saving 3588 * of state above, recheck that access is still permitted. 3589 * Otherwise, access might never be revalidated against the 3590 * new inode label or new policy. 3591 * This check is not redundant - do not remove. 3592 */
3598 inode_security_revalidate(file_inode(file));
3599 return file_path_has_perm(cred, file, open_file_to_av(file)); 3600} 3601 3602/* task security operations / 3603 3604static int selinux_task_create(unsigned long clone_flags) 3605{ 3606 return current_has_perm(current, PROCESS__FORK); --- 2711 unchanged lines hidden* ---	3593 return file_path_has_perm(cred, file, open_file_to_av(file)); 3594} 3595 3596/* task security operations / 3597 3598static int selinux_task_create(unsigned long clone_flags) 3599{ 3600 return current_has_perm(current, PROCESS__FORK); --- 2711 unchanged lines hidden* ---