| hooks.c (d8c6e8543294428426578d74dc7aaf121e762d58) | hooks.c (3ec30113264a7bcd389f51d1738e42da0f41bb5a) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3830 unchanged lines hidden (view full) --- 3839static void selinux_cred_transfer(struct cred *new, const struct cred *old) 3840{ 3841 const struct task_security_struct *old_tsec = old->security; 3842 struct task_security_struct *tsec = new->security; 3843 3844 *tsec = *old_tsec; 3845} 3846 | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 3830 unchanged lines hidden (view full) --- 3839static void selinux_cred_transfer(struct cred *new, const struct cred *old) 3840{ 3841 const struct task_security_struct *old_tsec = old->security; 3842 struct task_security_struct *tsec = new->security; 3843 3844 *tsec = *old_tsec; 3845} 3846 |
| 3847static void selinux_cred_getsecid(const struct cred *c, u32 *secid) 3848{ 3849 *secid = cred_sid(c); 3850} 3851 |
|
| 3847/* 3848 * set the security data for a kernel service 3849 * - all the creation contexts are set to unlabelled 3850 */ 3851static int selinux_kernel_act_as(struct cred *new, u32 secid) 3852{ 3853 struct task_security_struct *tsec = new->security; 3854 u32 sid = current_sid(); --- 176 unchanged lines hidden (view full) --- 4031 4032static int selinux_task_movememory(struct task_struct *p) 4033{ 4034 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS, 4035 PROCESS__SETSCHED, NULL); 4036} 4037 4038static int selinux_task_kill(struct task_struct *p, struct siginfo *info, | 3852/* 3853 * set the security data for a kernel service 3854 * - all the creation contexts are set to unlabelled 3855 */ 3856static int selinux_kernel_act_as(struct cred *new, u32 secid) 3857{ 3858 struct task_security_struct *tsec = new->security; 3859 u32 sid = current_sid(); --- 176 unchanged lines hidden (view full) --- 4036 4037static int selinux_task_movememory(struct task_struct *p) 4038{ 4039 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS, 4040 PROCESS__SETSCHED, NULL); 4041} 4042 4043static int selinux_task_kill(struct task_struct *p, struct siginfo *info, |
| 4039 int sig, u32 secid) | 4044 int sig, const struct cred *cred) |
| 4040{ | 4045{ |
| 4046 u32 secid; |
|
| 4041 u32 perm; 4042 4043 if (!sig) 4044 perm = PROCESS__SIGNULL; /* null signal; existence test */ 4045 else 4046 perm = signal_to_av(sig); | 4047 u32 perm; 4048 4049 if (!sig) 4050 perm = PROCESS__SIGNULL; /* null signal; existence test */ 4051 else 4052 perm = signal_to_av(sig); |
| 4047 if (!secid) | 4053 if (!cred) |
| 4048 secid = current_sid(); | 4054 secid = current_sid(); |
| 4055 else 4056 secid = cred_sid(cred); |
|
| 4049 return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL); 4050} 4051 4052static void selinux_task_to_inode(struct task_struct *p, 4053 struct inode *inode) 4054{ 4055 struct inode_security_struct *isec = inode->i_security; 4056 u32 sid = task_sid(p); --- 1470 unchanged lines hidden (view full) --- 5527} 5528 5529static void selinux_msg_msg_free_security(struct msg_msg *msg) 5530{ 5531 msg_msg_free_security(msg); 5532} 5533 5534/* message queue security operations */ | 4057 return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL); 4058} 4059 4060static void selinux_task_to_inode(struct task_struct *p, 4061 struct inode *inode) 4062{ 4063 struct inode_security_struct *isec = inode->i_security; 4064 u32 sid = task_sid(p); --- 1470 unchanged lines hidden (view full) --- 5535} 5536 5537static void selinux_msg_msg_free_security(struct msg_msg *msg) 5538{ 5539 msg_msg_free_security(msg); 5540} 5541 5542/* message queue security operations */ |
| 5535static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) | 5543static int selinux_msg_queue_alloc_security(struct msg_queue *msq) |
| 5536{ 5537 struct ipc_security_struct *isec; 5538 struct common_audit_data ad; 5539 u32 sid = current_sid(); 5540 int rc; 5541 | 5544{ 5545 struct ipc_security_struct *isec; 5546 struct common_audit_data ad; 5547 u32 sid = current_sid(); 5548 int rc; 5549 |
| 5542 rc = ipc_alloc_security(msq, SECCLASS_MSGQ); | 5550 rc = ipc_alloc_security(&msq->q_perm, SECCLASS_MSGQ); |
| 5543 if (rc) 5544 return rc; 5545 | 5551 if (rc) 5552 return rc; 5553 |
| 5546 isec = msq->security; | 5554 isec = msq->q_perm.security; |
| 5547 5548 ad.type = LSM_AUDIT_DATA_IPC; | 5555 5556 ad.type = LSM_AUDIT_DATA_IPC; |
| 5549 ad.u.ipc_id = msq->key; | 5557 ad.u.ipc_id = msq->q_perm.key; |
| 5550 5551 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 5552 MSGQ__CREATE, &ad); 5553 if (rc) { | 5558 5559 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 5560 MSGQ__CREATE, &ad); 5561 if (rc) { |
| 5554 ipc_free_security(msq); | 5562 ipc_free_security(&msq->q_perm); |
| 5555 return rc; 5556 } 5557 return 0; 5558} 5559 | 5563 return rc; 5564 } 5565 return 0; 5566} 5567 |
| 5560static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq) | 5568static void selinux_msg_queue_free_security(struct msg_queue *msq) |
| 5561{ | 5569{ |
| 5562 ipc_free_security(msq); | 5570 ipc_free_security(&msq->q_perm); |
| 5563} 5564 | 5571} 5572 |
| 5565static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) | 5573static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) |
| 5566{ 5567 struct ipc_security_struct *isec; 5568 struct common_audit_data ad; 5569 u32 sid = current_sid(); 5570 | 5574{ 5575 struct ipc_security_struct *isec; 5576 struct common_audit_data ad; 5577 u32 sid = current_sid(); 5578 |
| 5571 isec = msq->security; | 5579 isec = msq->q_perm.security; |
| 5572 5573 ad.type = LSM_AUDIT_DATA_IPC; | 5580 5581 ad.type = LSM_AUDIT_DATA_IPC; |
| 5574 ad.u.ipc_id = msq->key; | 5582 ad.u.ipc_id = msq->q_perm.key; |
| 5575 5576 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 5577 MSGQ__ASSOCIATE, &ad); 5578} 5579 | 5583 5584 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 5585 MSGQ__ASSOCIATE, &ad); 5586} 5587 |
| 5580static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) | 5588static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) |
| 5581{ 5582 int err; 5583 int perms; 5584 5585 switch (cmd) { 5586 case IPC_INFO: 5587 case MSG_INFO: 5588 /* No specific object, just general system-wide information. */ --- 8 unchanged lines hidden (view full) --- 5597 break; 5598 case IPC_RMID: 5599 perms = MSGQ__DESTROY; 5600 break; 5601 default: 5602 return 0; 5603 } 5604 | 5589{ 5590 int err; 5591 int perms; 5592 5593 switch (cmd) { 5594 case IPC_INFO: 5595 case MSG_INFO: 5596 /* No specific object, just general system-wide information. */ --- 8 unchanged lines hidden (view full) --- 5605 break; 5606 case IPC_RMID: 5607 perms = MSGQ__DESTROY; 5608 break; 5609 default: 5610 return 0; 5611 } 5612 |
| 5605 err = ipc_has_perm(msq, perms); | 5613 err = ipc_has_perm(&msq->q_perm, perms); |
| 5606 return err; 5607} 5608 | 5614 return err; 5615} 5616 |
| 5609static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg) | 5617static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) |
| 5610{ 5611 struct ipc_security_struct *isec; 5612 struct msg_security_struct *msec; 5613 struct common_audit_data ad; 5614 u32 sid = current_sid(); 5615 int rc; 5616 | 5618{ 5619 struct ipc_security_struct *isec; 5620 struct msg_security_struct *msec; 5621 struct common_audit_data ad; 5622 u32 sid = current_sid(); 5623 int rc; 5624 |
| 5617 isec = msq->security; | 5625 isec = msq->q_perm.security; |
| 5618 msec = msg->security; 5619 5620 /* 5621 * First time through, need to assign label to the message 5622 */ 5623 if (msec->sid == SECINITSID_UNLABELED) { 5624 /* 5625 * Compute new sid based on current process and 5626 * message queue this message will be stored in 5627 */ 5628 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, 5629 NULL, &msec->sid); 5630 if (rc) 5631 return rc; 5632 } 5633 5634 ad.type = LSM_AUDIT_DATA_IPC; | 5626 msec = msg->security; 5627 5628 /* 5629 * First time through, need to assign label to the message 5630 */ 5631 if (msec->sid == SECINITSID_UNLABELED) { 5632 /* 5633 * Compute new sid based on current process and 5634 * message queue this message will be stored in 5635 */ 5636 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, 5637 NULL, &msec->sid); 5638 if (rc) 5639 return rc; 5640 } 5641 5642 ad.type = LSM_AUDIT_DATA_IPC; |
| 5635 ad.u.ipc_id = msq->key; | 5643 ad.u.ipc_id = msq->q_perm.key; |
| 5636 5637 /* Can this process write to the queue? */ 5638 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 5639 MSGQ__WRITE, &ad); 5640 if (!rc) 5641 /* Can this process send the message */ 5642 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, 5643 MSG__SEND, &ad); 5644 if (!rc) 5645 /* Can the message be put in the queue? */ 5646 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, 5647 MSGQ__ENQUEUE, &ad); 5648 5649 return rc; 5650} 5651 | 5644 5645 /* Can this process write to the queue? */ 5646 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 5647 MSGQ__WRITE, &ad); 5648 if (!rc) 5649 /* Can this process send the message */ 5650 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, 5651 MSG__SEND, &ad); 5652 if (!rc) 5653 /* Can the message be put in the queue? */ 5654 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, 5655 MSGQ__ENQUEUE, &ad); 5656 5657 return rc; 5658} 5659 |
| 5652static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, | 5660static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, |
| 5653 struct task_struct *target, 5654 long type, int mode) 5655{ 5656 struct ipc_security_struct *isec; 5657 struct msg_security_struct *msec; 5658 struct common_audit_data ad; 5659 u32 sid = task_sid(target); 5660 int rc; 5661 | 5661 struct task_struct *target, 5662 long type, int mode) 5663{ 5664 struct ipc_security_struct *isec; 5665 struct msg_security_struct *msec; 5666 struct common_audit_data ad; 5667 u32 sid = task_sid(target); 5668 int rc; 5669 |
| 5662 isec = msq->security; | 5670 isec = msq->q_perm.security; |
| 5663 msec = msg->security; 5664 5665 ad.type = LSM_AUDIT_DATA_IPC; | 5671 msec = msg->security; 5672 5673 ad.type = LSM_AUDIT_DATA_IPC; |
| 5666 ad.u.ipc_id = msq->key; | 5674 ad.u.ipc_id = msq->q_perm.key; |
| 5667 5668 rc = avc_has_perm(sid, isec->sid, 5669 SECCLASS_MSGQ, MSGQ__READ, &ad); 5670 if (!rc) 5671 rc = avc_has_perm(sid, msec->sid, 5672 SECCLASS_MSG, MSG__RECEIVE, &ad); 5673 return rc; 5674} 5675 5676/* Shared Memory security operations */ | 5675 5676 rc = avc_has_perm(sid, isec->sid, 5677 SECCLASS_MSGQ, MSGQ__READ, &ad); 5678 if (!rc) 5679 rc = avc_has_perm(sid, msec->sid, 5680 SECCLASS_MSG, MSG__RECEIVE, &ad); 5681 return rc; 5682} 5683 5684/* Shared Memory security operations */ |
| 5677static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) | 5685static int selinux_shm_alloc_security(struct shmid_kernel *shp) |
| 5678{ 5679 struct ipc_security_struct *isec; 5680 struct common_audit_data ad; 5681 u32 sid = current_sid(); 5682 int rc; 5683 | 5686{ 5687 struct ipc_security_struct *isec; 5688 struct common_audit_data ad; 5689 u32 sid = current_sid(); 5690 int rc; 5691 |
| 5684 rc = ipc_alloc_security(shp, SECCLASS_SHM); | 5692 rc = ipc_alloc_security(&shp->shm_perm, SECCLASS_SHM); |
| 5685 if (rc) 5686 return rc; 5687 | 5693 if (rc) 5694 return rc; 5695 |
| 5688 isec = shp->security; | 5696 isec = shp->shm_perm.security; |
| 5689 5690 ad.type = LSM_AUDIT_DATA_IPC; | 5697 5698 ad.type = LSM_AUDIT_DATA_IPC; |
| 5691 ad.u.ipc_id = shp->key; | 5699 ad.u.ipc_id = shp->shm_perm.key; |
| 5692 5693 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5694 SHM__CREATE, &ad); 5695 if (rc) { | 5700 5701 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5702 SHM__CREATE, &ad); 5703 if (rc) { |
| 5696 ipc_free_security(shp); | 5704 ipc_free_security(&shp->shm_perm); |
| 5697 return rc; 5698 } 5699 return 0; 5700} 5701 | 5705 return rc; 5706 } 5707 return 0; 5708} 5709 |
| 5702static void selinux_shm_free_security(struct kern_ipc_perm *shp) | 5710static void selinux_shm_free_security(struct shmid_kernel *shp) |
| 5703{ | 5711{ |
| 5704 ipc_free_security(shp); | 5712 ipc_free_security(&shp->shm_perm); |
| 5705} 5706 | 5713} 5714 |
| 5707static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) | 5715static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) |
| 5708{ 5709 struct ipc_security_struct *isec; 5710 struct common_audit_data ad; 5711 u32 sid = current_sid(); 5712 | 5716{ 5717 struct ipc_security_struct *isec; 5718 struct common_audit_data ad; 5719 u32 sid = current_sid(); 5720 |
| 5713 isec = shp->security; | 5721 isec = shp->shm_perm.security; |
| 5714 5715 ad.type = LSM_AUDIT_DATA_IPC; | 5722 5723 ad.type = LSM_AUDIT_DATA_IPC; |
| 5716 ad.u.ipc_id = shp->key; | 5724 ad.u.ipc_id = shp->shm_perm.key; |
| 5717 5718 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5719 SHM__ASSOCIATE, &ad); 5720} 5721 5722/* Note, at this point, shp is locked down */ | 5725 5726 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5727 SHM__ASSOCIATE, &ad); 5728} 5729 5730/* Note, at this point, shp is locked down */ |
| 5723static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd) | 5731static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) |
| 5724{ 5725 int perms; 5726 int err; 5727 5728 switch (cmd) { 5729 case IPC_INFO: 5730 case SHM_INFO: 5731 /* No specific object, just general system-wide information. */ --- 12 unchanged lines hidden (view full) --- 5744 break; 5745 case IPC_RMID: 5746 perms = SHM__DESTROY; 5747 break; 5748 default: 5749 return 0; 5750 } 5751 | 5732{ 5733 int perms; 5734 int err; 5735 5736 switch (cmd) { 5737 case IPC_INFO: 5738 case SHM_INFO: 5739 /* No specific object, just general system-wide information. */ --- 12 unchanged lines hidden (view full) --- 5752 break; 5753 case IPC_RMID: 5754 perms = SHM__DESTROY; 5755 break; 5756 default: 5757 return 0; 5758 } 5759 |
| 5752 err = ipc_has_perm(shp, perms); | 5760 err = ipc_has_perm(&shp->shm_perm, perms); |
| 5753 return err; 5754} 5755 | 5761 return err; 5762} 5763 |
| 5756static int selinux_shm_shmat(struct kern_ipc_perm *shp, | 5764static int selinux_shm_shmat(struct shmid_kernel *shp, |
| 5757 char __user *shmaddr, int shmflg) 5758{ 5759 u32 perms; 5760 5761 if (shmflg & SHM_RDONLY) 5762 perms = SHM__READ; 5763 else 5764 perms = SHM__READ | SHM__WRITE; 5765 | 5765 char __user *shmaddr, int shmflg) 5766{ 5767 u32 perms; 5768 5769 if (shmflg & SHM_RDONLY) 5770 perms = SHM__READ; 5771 else 5772 perms = SHM__READ | SHM__WRITE; 5773 |
| 5766 return ipc_has_perm(shp, perms); | 5774 return ipc_has_perm(&shp->shm_perm, perms); |
| 5767} 5768 5769/* Semaphore security operations */ | 5775} 5776 5777/* Semaphore security operations */ |
| 5770static int selinux_sem_alloc_security(struct kern_ipc_perm *sma) | 5778static int selinux_sem_alloc_security(struct sem_array *sma) |
| 5771{ 5772 struct ipc_security_struct *isec; 5773 struct common_audit_data ad; 5774 u32 sid = current_sid(); 5775 int rc; 5776 | 5779{ 5780 struct ipc_security_struct *isec; 5781 struct common_audit_data ad; 5782 u32 sid = current_sid(); 5783 int rc; 5784 |
| 5777 rc = ipc_alloc_security(sma, SECCLASS_SEM); | 5785 rc = ipc_alloc_security(&sma->sem_perm, SECCLASS_SEM); |
| 5778 if (rc) 5779 return rc; 5780 | 5786 if (rc) 5787 return rc; 5788 |
| 5781 isec = sma->security; | 5789 isec = sma->sem_perm.security; |
| 5782 5783 ad.type = LSM_AUDIT_DATA_IPC; | 5790 5791 ad.type = LSM_AUDIT_DATA_IPC; |
| 5784 ad.u.ipc_id = sma->key; | 5792 ad.u.ipc_id = sma->sem_perm.key; |
| 5785 5786 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5787 SEM__CREATE, &ad); 5788 if (rc) { | 5793 5794 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5795 SEM__CREATE, &ad); 5796 if (rc) { |
| 5789 ipc_free_security(sma); | 5797 ipc_free_security(&sma->sem_perm); |
| 5790 return rc; 5791 } 5792 return 0; 5793} 5794 | 5798 return rc; 5799 } 5800 return 0; 5801} 5802 |
| 5795static void selinux_sem_free_security(struct kern_ipc_perm *sma) | 5803static void selinux_sem_free_security(struct sem_array *sma) |
| 5796{ | 5804{ |
| 5797 ipc_free_security(sma); | 5805 ipc_free_security(&sma->sem_perm); |
| 5798} 5799 | 5806} 5807 |
| 5800static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) | 5808static int selinux_sem_associate(struct sem_array *sma, int semflg) |
| 5801{ 5802 struct ipc_security_struct *isec; 5803 struct common_audit_data ad; 5804 u32 sid = current_sid(); 5805 | 5809{ 5810 struct ipc_security_struct *isec; 5811 struct common_audit_data ad; 5812 u32 sid = current_sid(); 5813 |
| 5806 isec = sma->security; | 5814 isec = sma->sem_perm.security; |
| 5807 5808 ad.type = LSM_AUDIT_DATA_IPC; | 5815 5816 ad.type = LSM_AUDIT_DATA_IPC; |
| 5809 ad.u.ipc_id = sma->key; | 5817 ad.u.ipc_id = sma->sem_perm.key; |
| 5810 5811 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5812 SEM__ASSOCIATE, &ad); 5813} 5814 5815/* Note, at this point, sma is locked down */ | 5818 5819 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5820 SEM__ASSOCIATE, &ad); 5821} 5822 5823/* Note, at this point, sma is locked down */ |
| 5816static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd) | 5824static int selinux_sem_semctl(struct sem_array *sma, int cmd) |
| 5817{ 5818 int err; 5819 u32 perms; 5820 5821 switch (cmd) { 5822 case IPC_INFO: 5823 case SEM_INFO: 5824 /* No specific object, just general system-wide information. */ --- 21 unchanged lines hidden (view full) --- 5846 case IPC_STAT: 5847 case SEM_STAT: 5848 perms = SEM__GETATTR | SEM__ASSOCIATE; 5849 break; 5850 default: 5851 return 0; 5852 } 5853 | 5825{ 5826 int err; 5827 u32 perms; 5828 5829 switch (cmd) { 5830 case IPC_INFO: 5831 case SEM_INFO: 5832 /* No specific object, just general system-wide information. */ --- 21 unchanged lines hidden (view full) --- 5854 case IPC_STAT: 5855 case SEM_STAT: 5856 perms = SEM__GETATTR | SEM__ASSOCIATE; 5857 break; 5858 default: 5859 return 0; 5860 } 5861 |
| 5854 err = ipc_has_perm(sma, perms); | 5862 err = ipc_has_perm(&sma->sem_perm, perms); |
| 5855 return err; 5856} 5857 | 5863 return err; 5864} 5865 |
| 5858static int selinux_sem_semop(struct kern_ipc_perm *sma, | 5866static int selinux_sem_semop(struct sem_array *sma, |
| 5859 struct sembuf *sops, unsigned nsops, int alter) 5860{ 5861 u32 perms; 5862 5863 if (alter) 5864 perms = SEM__READ | SEM__WRITE; 5865 else 5866 perms = SEM__READ; 5867 | 5867 struct sembuf *sops, unsigned nsops, int alter) 5868{ 5869 u32 perms; 5870 5871 if (alter) 5872 perms = SEM__READ | SEM__WRITE; 5873 else 5874 perms = SEM__READ; 5875 |
| 5868 return ipc_has_perm(sma, perms); | 5876 return ipc_has_perm(&sma->sem_perm, perms); |
| 5869} 5870 5871static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 5872{ 5873 u32 av = 0; 5874 5875 av = 0; 5876 if (flag & S_IRUGO) --- 597 unchanged lines hidden (view full) --- 6474 6475 LSM_HOOK_INIT(file_open, selinux_file_open), 6476 6477 LSM_HOOK_INIT(task_alloc, selinux_task_alloc), 6478 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank), 6479 LSM_HOOK_INIT(cred_free, selinux_cred_free), 6480 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), 6481 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), | 5877} 5878 5879static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 5880{ 5881 u32 av = 0; 5882 5883 av = 0; 5884 if (flag & S_IRUGO) --- 597 unchanged lines hidden (view full) --- 6482 6483 LSM_HOOK_INIT(file_open, selinux_file_open), 6484 6485 LSM_HOOK_INIT(task_alloc, selinux_task_alloc), 6486 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank), 6487 LSM_HOOK_INIT(cred_free, selinux_cred_free), 6488 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), 6489 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), |
| 6490 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), |
|
| 6482 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), 6483 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), 6484 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), 6485 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file), 6486 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid), 6487 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid), 6488 LSM_HOOK_INIT(task_getsid, selinux_task_getsid), 6489 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid), --- 326 unchanged lines hidden --- | 6491 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), 6492 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), 6493 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), 6494 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file), 6495 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid), 6496 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid), 6497 LSM_HOOK_INIT(task_getsid, selinux_task_getsid), 6498 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid), --- 326 unchanged lines hidden --- |