diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 21 | 
1 files changed, 11 insertions, 10 deletions
| diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1126c10a5e8..7cd4c3affac 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1090,7 +1090,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc  			return SECCLASS_NETLINK_ROUTE_SOCKET;  		case NETLINK_FIREWALL:  			return SECCLASS_NETLINK_FIREWALL_SOCKET; -		case NETLINK_INET_DIAG: +		case NETLINK_SOCK_DIAG:  			return SECCLASS_NETLINK_TCPDIAG_SOCKET;  		case NETLINK_NFLOG:  			return SECCLASS_NETLINK_NFLOG_SOCKET; @@ -1740,7 +1740,7 @@ static inline u32 file_mask_to_av(int mode, int mask)  {  	u32 av = 0; -	if ((mode & S_IFMT) != S_IFDIR) { +	if (!S_ISDIR(mode)) {  		if (mask & MAY_EXEC)  			av |= FILE__EXECUTE;  		if (mask & MAY_READ) @@ -2507,7 +2507,7 @@ static int selinux_mount(char *dev_name,  	const struct cred *cred = current_cred();  	if (flags & MS_REMOUNT) -		return superblock_has_perm(cred, path->mnt->mnt_sb, +		return superblock_has_perm(cred, path->dentry->d_sb,  					   FILESYSTEM__REMOUNT, NULL);  	else  		return path_has_perm(cred, path, FILE__MOUNTON); @@ -2598,7 +2598,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,  	return 0;  } -static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)  {  	return may_create(dir, dentry, SECCLASS_FILE);  } @@ -2618,7 +2618,7 @@ static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const  	return may_create(dir, dentry, SECCLASS_LNK_FILE);  } -static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)  {  	return may_create(dir, dentry, SECCLASS_DIR);  } @@ -2628,7 +2628,7 @@ static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)  	return may_link(dir, dentry, MAY_RMDIR);  } -static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)  {  	return may_create(dir, dentry, inode_mode_to_security_class(mode));  } @@ -3561,19 +3561,20 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb,  	u8 nexthdr;  	int ret = -EINVAL, offset;  	struct ipv6hdr _ipv6h, *ip6; +	__be16 frag_off;  	offset = skb_network_offset(skb);  	ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);  	if (ip6 == NULL)  		goto out; -	ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); -	ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); +	ad->u.net.v6info.saddr = ip6->saddr; +	ad->u.net.v6info.daddr = ip6->daddr;  	ret = 0;  	nexthdr = ip6->nexthdr;  	offset += sizeof(_ipv6h); -	offset = ipv6_skip_exthdr(skb, offset, &nexthdr); +	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);  	if (offset < 0)  		goto out; @@ -3871,7 +3872,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in  		if (family == PF_INET)  			ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;  		else -			ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); +			ad.u.net.v6info.saddr = addr6->sin6_addr;  		err = avc_has_perm(sksec->sid, sid,  				   sksec->sclass, node_perm, &ad); | 
