aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c47
1 files changed, 15 insertions, 32 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6c77f63c759..00b50113642 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2126,8 +2126,6 @@ static inline void flush_unauthorized_files(const struct cred *cred,
spin_lock(&files->file_lock);
for (;;) {
unsigned long set, i;
- int fd;
-
j++;
i = j * BITS_PER_LONG;
fdt = files_fdtable(files);
@@ -2138,38 +2136,23 @@ static inline void flush_unauthorized_files(const struct cred *cred,
continue;
spin_unlock(&files->file_lock);
for ( ; set ; i++, set >>= 1) {
- if (set & 1) {
- file = fget(i);
- if (!file)
- continue;
- if (file_has_perm(cred,
- file,
- file_to_av(file))) {
- sys_close(i);
- fd = get_unused_fd();
- if (fd != i) {
- if (fd >= 0)
- put_unused_fd(fd);
- fput(file);
- continue;
- }
- if (devnull) {
- get_file(devnull);
- } else {
- devnull = dentry_open(
- &selinux_null,
- O_RDWR, cred);
- if (IS_ERR(devnull)) {
- devnull = NULL;
- put_unused_fd(fd);
- fput(file);
- continue;
- }
- }
- fd_install(fd, devnull);
+ if (!(set & 1))
+ continue;
+ file = fget(i);
+ if (!file)
+ continue;
+ if (file_has_perm(cred, file, file_to_av(file))) {
+ if (devnull) {
+ get_file(devnull);
+ } else {
+ devnull = dentry_open(&selinux_null,
+ O_RDWR, cred);
+ if (IS_ERR(devnull))
+ devnull = NULL;
}
- fput(file);
+ replace_fd(i, devnull, 0);
}
+ fput(file);
}
spin_lock(&files->file_lock);