| hooks.c (e758936e02700ff88a0b08b722a3847b95283ef2) | hooks.c (452a00d2ee288f2cbc36f676edd06cb14d2878c1) |
|---|---|
| 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 2109 unchanged lines hidden (view full) --- 2118 struct file *file, *devnull = NULL; 2119 struct tty_struct *tty; 2120 struct fdtable *fdt; 2121 long j = -1; 2122 int drop_tty = 0; 2123 2124 mutex_lock(&tty_mutex); 2125 tty = get_current_tty(); | 1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 2109 unchanged lines hidden (view full) --- 2118 struct file *file, *devnull = NULL; 2119 struct tty_struct *tty; 2120 struct fdtable *fdt; 2121 long j = -1; 2122 int drop_tty = 0; 2123 2124 mutex_lock(&tty_mutex); 2125 tty = get_current_tty(); |
| 2126 mutex_unlock(&tty_mutex); |
|
| 2126 if (tty) { 2127 file_list_lock(); 2128 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); 2129 if (file) { 2130 /* Revalidate access to controlling tty. 2131 Use inode_has_perm on the tty inode directly rather 2132 than using file_has_perm, as this particular open 2133 file may belong to another process and we are only 2134 interested in the inode-based check here. */ 2135 struct inode *inode = file->f_path.dentry->d_inode; 2136 if (inode_has_perm(current, inode, 2137 FILE__READ | FILE__WRITE, NULL)) { 2138 drop_tty = 1; 2139 } 2140 } 2141 file_list_unlock(); | 2127 if (tty) { 2128 file_list_lock(); 2129 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); 2130 if (file) { 2131 /* Revalidate access to controlling tty. 2132 Use inode_has_perm on the tty inode directly rather 2133 than using file_has_perm, as this particular open 2134 file may belong to another process and we are only 2135 interested in the inode-based check here. */ 2136 struct inode *inode = file->f_path.dentry->d_inode; 2137 if (inode_has_perm(current, inode, 2138 FILE__READ | FILE__WRITE, NULL)) { 2139 drop_tty = 1; 2140 } 2141 } 2142 file_list_unlock(); |
| 2143 tty_kref_put(tty); |
|
| 2142 } | 2144 } |
| 2143 mutex_unlock(&tty_mutex); | |
| 2144 /* Reset controlling tty. */ 2145 if (drop_tty) 2146 no_tty(); 2147 2148 /* Revalidate access to inherited open files. */ 2149 2150 AVC_AUDIT_DATA_INIT(&ad, FS); 2151 --- 3611 unchanged lines hidden --- | 2145 /* Reset controlling tty. */ 2146 if (drop_tty) 2147 no_tty(); 2148 2149 /* Revalidate access to inherited open files. */ 2150 2151 AVC_AUDIT_DATA_INIT(&ad, FS); 2152 --- 3611 unchanged lines hidden --- |