| hooks.c (98e9894650455426f67c2157db4f39bd14fac2f6) | hooks.c (b0c636b99997c8594da6a46e166ce4fcf6956fda) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1601 unchanged lines hidden (view full) --- 1610 av |= DIR__WRITE; 1611 if (mask & MAY_READ) 1612 av |= DIR__READ; 1613 } 1614 1615 return av; 1616} 1617 | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1601 unchanged lines hidden (view full) --- 1610 av |= DIR__WRITE; 1611 if (mask & MAY_READ) 1612 av |= DIR__READ; 1613 } 1614 1615 return av; 1616} 1617 |
| 1618/* 1619 * Convert a file mask to an access vector and include the correct open 1620 * open permission. 1621 */ 1622static inline u32 open_file_mask_to_av(int mode, int mask) 1623{ 1624 u32 av = file_mask_to_av(mode, mask); 1625 1626 if (selinux_policycap_openperm) { 1627 /* 1628 * lnk files and socks do not really have an 'open' 1629 */ 1630 if (S_ISREG(mode)) 1631 av |= FILE__OPEN; 1632 else if (S_ISCHR(mode)) 1633 av |= CHR_FILE__OPEN; 1634 else if (S_ISBLK(mode)) 1635 av |= BLK_FILE__OPEN; 1636 else if (S_ISFIFO(mode)) 1637 av |= FIFO_FILE__OPEN; 1638 else if (S_ISDIR(mode)) 1639 av |= DIR__OPEN; 1640 else 1641 printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av " 1642 "with unknown mode:%x\n", mode); 1643 } 1644 return av; 1645} 1646 |
|
| 1618/* Convert a Linux file to an access vector. */ 1619static inline u32 file_to_av(struct file *file) 1620{ 1621 u32 av = 0; 1622 1623 if (file->f_mode & FMODE_READ) 1624 av |= FILE__READ; 1625 if (file->f_mode & FMODE_WRITE) { --- 901 unchanged lines hidden (view full) --- 2527 return rc; 2528 2529 if (!mask) { 2530 /* No permission to check. Existence test. */ 2531 return 0; 2532 } 2533 2534 return inode_has_perm(current, inode, | 1647/* Convert a Linux file to an access vector. */ 1648static inline u32 file_to_av(struct file *file) 1649{ 1650 u32 av = 0; 1651 1652 if (file->f_mode & FMODE_READ) 1653 av |= FILE__READ; 1654 if (file->f_mode & FMODE_WRITE) { --- 901 unchanged lines hidden (view full) --- 2556 return rc; 2557 2558 if (!mask) { 2559 /* No permission to check. Existence test. */ 2560 return 0; 2561 } 2562 2563 return inode_has_perm(current, inode, |
| 2535 file_mask_to_av(inode->i_mode, mask), NULL); | 2564 open_file_mask_to_av(inode->i_mode, mask), NULL); |
| 2536} 2537 2538static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 2539{ 2540 int rc; 2541 2542 rc = secondary_ops->inode_setattr(dentry, iattr); 2543 if (rc) --- 3085 unchanged lines hidden --- | 2565} 2566 2567static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 2568{ 2569 int rc; 2570 2571 rc = secondary_ops->inode_setattr(dentry, iattr); 2572 if (rc) --- 3085 unchanged lines hidden --- |