hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (a64c54cf..)new (b43e725d..)

hooks.c (a64c54cf0811b8032fdab8c9d52576f0370837fa)	hooks.c (b43e725d8d386bf2092473953b525aaae71b6c28)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 340 unchanged lines hidden (view full) --- 349 if (rc) 350 return rc; 351 352 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, 353 FILESYSTEM__ASSOCIATE, NULL); 354 return rc; 355} 356	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 340 unchanged lines hidden (view full) --- 349 if (rc) 350 return rc; 351 352 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, 353 FILESYSTEM__ASSOCIATE, NULL); 354 return rc; 355} 356
	357static int selinux_is_sblabel_mnt(struct super_block sb) 358{ 359 struct superblock_security_struct sbsec = sb->s_security; 360 361 if (sbsec->behavior == SECURITY_FS_USE_XATTR \|\| 362 sbsec->behavior == SECURITY_FS_USE_TRANS \|\| 363 sbsec->behavior == SECURITY_FS_USE_TASK) 364 return 1; 365 366 /* Special handling for sysfs. Is genfs but also has setxattr handler/ 367 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) 368 return 1; 369 370 / 371 * Special handling for rootfs. Is genfs but supports 372 * setting SELinux context on in-core inodes. 373 */ 374 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0) 375 return 1; 376 377 return 0; 378} 379
357static int sb_finish_set_opts(struct super_block sb) 358{ 359 struct superblock_security_struct sbsec = sb->s_security; 360 struct dentry root = sb->s_root; 361 struct inode root_inode = root->d_inode; 362 int rc = 0; 363 364 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { --- 26 unchanged lines hidden (view full) --- 391 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", 392 sb->s_id, sb->s_type->name); 393 else 394 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", 395 sb->s_id, sb->s_type->name, 396 labeling_behaviors[sbsec->behavior-1]); 397 398 sbsec->flags \|= SE_SBINITIALIZED;	380static int sb_finish_set_opts(struct super_block sb) 381{ 382 struct superblock_security_struct sbsec = sb->s_security; 383 struct dentry root = sb->s_root; 384 struct inode root_inode = root->d_inode; 385 int rc = 0; 386 387 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { --- 26 unchanged lines hidden (view full) --- 414 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", 415 sb->s_id, sb->s_type->name); 416 else 417 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", 418 sb->s_id, sb->s_type->name, 419 labeling_behaviors[sbsec->behavior-1]); 420 421 sbsec->flags \|= SE_SBINITIALIZED;
399 if (sbsec->behavior == SECURITY_FS_USE_XATTR \|\| 400 sbsec->behavior == SECURITY_FS_USE_TRANS \|\| 401 sbsec->behavior == SECURITY_FS_USE_TASK)	422 if (selinux_is_sblabel_mnt(sb))
402 sbsec->flags \|= SBLABEL_MNT; 403	423 sbsec->flags \|= SBLABEL_MNT; 424
404 /* Special handling for sysfs. Is genfs but also has setxattr handler/ 405 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) 406 sbsec->flags \|= SBLABEL_MNT; 407 408 / 409 * Special handling for rootfs. Is genfs but supports 410 * setting SELinux context on in-core inodes. 411 */ 412 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0) 413 sbsec->flags \|= SBLABEL_MNT; 414
415 /* Initialize the root inode. / 416 rc = inode_doinit_with_dentry(root_inode, root); 417 418 / Initialize any other inodes associated with the superblock, e.g. 419 inodes created prior to initial policy load or inodes created 420 during get_sb by a pseudo filesystem that directly 421 populates itself. / 422 spin_lock(&sbsec->isec_lock); --- 5501 unchanged lines hidden* ---	425 /* Initialize the root inode. / 426 rc = inode_doinit_with_dentry(root_inode, root); 427 428 / Initialize any other inodes associated with the superblock, e.g. 429 inodes created prior to initial policy load or inodes created 430 during get_sb by a pseudo filesystem that directly 431 populates itself. / 432 spin_lock(&sbsec->isec_lock); --- 5501 unchanged lines hidden* ---

hooks.c (a64c54cf0811b8032fdab8c9d52576f0370837fa)	hooks.c (b43e725d8d386bf2092473953b525aaae71b6c28)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 340 unchanged lines hidden (view full) --- 349 if (rc) 350 return rc; 351 352 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, 353 FILESYSTEM__ASSOCIATE, NULL); 354 return rc; 355} 356	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 340 unchanged lines hidden (view full) --- 349 if (rc) 350 return rc; 351 352 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, 353 FILESYSTEM__ASSOCIATE, NULL); 354 return rc; 355} 356
	357static int selinux_is_sblabel_mnt(struct super_block sb) 358{ 359 struct superblock_security_struct sbsec = sb->s_security; 360 361 if (sbsec->behavior == SECURITY_FS_USE_XATTR \|\| 362 sbsec->behavior == SECURITY_FS_USE_TRANS \|\| 363 sbsec->behavior == SECURITY_FS_USE_TASK) 364 return 1; 365 366 /* Special handling for sysfs. Is genfs but also has setxattr handler/ 367 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) 368 return 1; 369 370 / 371 * Special handling for rootfs. Is genfs but supports 372 * setting SELinux context on in-core inodes. 373 */ 374 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0) 375 return 1; 376 377 return 0; 378} 379
357static int sb_finish_set_opts(struct super_block sb) 358{ 359 struct superblock_security_struct sbsec = sb->s_security; 360 struct dentry root = sb->s_root; 361 struct inode root_inode = root->d_inode; 362 int rc = 0; 363 364 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { --- 26 unchanged lines hidden (view full) --- 391 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", 392 sb->s_id, sb->s_type->name); 393 else 394 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", 395 sb->s_id, sb->s_type->name, 396 labeling_behaviors[sbsec->behavior-1]); 397 398 sbsec->flags \|= SE_SBINITIALIZED;	380static int sb_finish_set_opts(struct super_block sb) 381{ 382 struct superblock_security_struct sbsec = sb->s_security; 383 struct dentry root = sb->s_root; 384 struct inode root_inode = root->d_inode; 385 int rc = 0; 386 387 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { --- 26 unchanged lines hidden (view full) --- 414 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", 415 sb->s_id, sb->s_type->name); 416 else 417 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", 418 sb->s_id, sb->s_type->name, 419 labeling_behaviors[sbsec->behavior-1]); 420 421 sbsec->flags \|= SE_SBINITIALIZED;
399 if (sbsec->behavior == SECURITY_FS_USE_XATTR \|\| 400 sbsec->behavior == SECURITY_FS_USE_TRANS \|\| 401 sbsec->behavior == SECURITY_FS_USE_TASK)	422 if (selinux_is_sblabel_mnt(sb))
402 sbsec->flags \|= SBLABEL_MNT; 403	423 sbsec->flags \|= SBLABEL_MNT; 424
404 /* Special handling for sysfs. Is genfs but also has setxattr handler/ 405 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) 406 sbsec->flags \|= SBLABEL_MNT; 407 408 / 409 * Special handling for rootfs. Is genfs but supports 410 * setting SELinux context on in-core inodes. 411 */ 412 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0) 413 sbsec->flags \|= SBLABEL_MNT; 414
415 /* Initialize the root inode. / 416 rc = inode_doinit_with_dentry(root_inode, root); 417 418 / Initialize any other inodes associated with the superblock, e.g. 419 inodes created prior to initial policy load or inodes created 420 during get_sb by a pseudo filesystem that directly 421 populates itself. / 422 spin_lock(&sbsec->isec_lock); --- 5501 unchanged lines hidden* ---	425 /* Initialize the root inode. / 426 rc = inode_doinit_with_dentry(root_inode, root); 427 428 / Initialize any other inodes associated with the superblock, e.g. 429 inodes created prior to initial policy load or inodes created 430 during get_sb by a pseudo filesystem that directly 431 populates itself. / 432 spin_lock(&sbsec->isec_lock); --- 5501 unchanged lines hidden* ---