hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (f2d40cd9..)new (34b4e4aa..)

hooks.c (f2d40cd92c5604a868b22c44a7858206ae4fcf35)	hooks.c (34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1570 unchanged lines hidden (view full) --- 1579 * 1580 * Note that secondary_ops->capable and task_has_perm_noaudit return 0 1581 * if the capability is granted, but __vm_enough_memory requires 1 if 1582 * the capability is granted. 1583 * 1584 * Do not audit the selinux permission check, as this is applied to all 1585 * processes that allocate mappings. 1586 */	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 1570 unchanged lines hidden (view full) --- 1579 * 1580 * Note that secondary_ops->capable and task_has_perm_noaudit return 0 1581 * if the capability is granted, but __vm_enough_memory requires 1 if 1582 * the capability is granted. 1583 * 1584 * Do not audit the selinux permission check, as this is applied to all 1585 * processes that allocate mappings. 1586 */
1587static int selinux_vm_enough_memory(long pages)	1587static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1588{ 1589 int rc, cap_sys_admin = 0; 1590 struct task_security_struct *tsec = current->security; 1591 1592 rc = secondary_ops->capable(current, CAP_SYS_ADMIN); 1593 if (rc == 0) 1594 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, 1595 SECCLASS_CAPABILITY, 1596 CAP_TO_MASK(CAP_SYS_ADMIN), 1597 0, 1598 NULL); 1599 1600 if (rc == 0) 1601 cap_sys_admin = 1; 1602	1588{ 1589 int rc, cap_sys_admin = 0; 1590 struct task_security_struct *tsec = current->security; 1591 1592 rc = secondary_ops->capable(current, CAP_SYS_ADMIN); 1593 if (rc == 0) 1594 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, 1595 SECCLASS_CAPABILITY, 1596 CAP_TO_MASK(CAP_SYS_ADMIN), 1597 0, 1598 NULL); 1599 1600 if (rc == 0) 1601 cap_sys_admin = 1; 1602
1603 return __vm_enough_memory(pages, cap_sys_admin);	1603 return __vm_enough_memory(mm, pages, cap_sys_admin);
1604} 1605 1606/* binprm security operations / 1607 1608static int selinux_bprm_alloc_security(struct linux_binprm bprm) 1609{ 1610 struct bprm_security_struct bsec; 1611 --- 3468 unchanged lines hidden* ---	1604} 1605 1606/* binprm security operations / 1607 1608static int selinux_bprm_alloc_security(struct linux_binprm bprm) 1609{ 1610 struct bprm_security_struct bsec; 1611 --- 3468 unchanged lines hidden* ---