From 5ad4e53bd5406ee214ddc5a41f03f779b8b2d526 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 29 Mar 2009 19:50:06 -0400 Subject: Get rid of indirect include of fs_struct.h Don't pull it in sched.h; very few files actually need it and those can include directly. sched.h itself only needs forward declaration of struct fs_struct; Signed-off-by: Al Viro --- security/tomoyo/realpath.c | 1 + 1 file changed, 1 insertion(+) (limited to 'security') diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index d47f16b844b..3bbe01a7a4b 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "common.h" #include "realpath.h" -- cgit v1.2.3-18-g5258 From b4046f00ee7c1e5615261b496cf7309683275b29 Mon Sep 17 00:00:00 2001 From: Li Zefan Date: Thu, 2 Apr 2009 16:57:32 -0700 Subject: devcgroup: avoid using cgroup_lock There is nothing special that has to be protected by cgroup_lock, so introduce devcgroup_mtuex for it's own use. Signed-off-by: Li Zefan Cc: Paul Menage Acked-by: Serge Hallyn Cc: Balbir Singh Cc: KAMEZAWA Hiroyuki Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/device_cgroup.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'security') diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 3aacd0fe717..5fda7df1972 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -11,6 +11,7 @@ #include #include #include +#include #define ACC_MKNOD 1 #define ACC_READ 2 @@ -21,9 +22,11 @@ #define DEV_CHAR 2 #define DEV_ALL 4 /* this represents all devices */ +static DEFINE_MUTEX(devcgroup_mutex); + /* * whitelist locking rules: - * hold cgroup_lock() for update/read. + * hold devcgroup_mutex for update/read. * hold rcu_read_lock() for read. */ @@ -67,7 +70,7 @@ static int devcgroup_can_attach(struct cgroup_subsys *ss, } /* - * called under cgroup_lock() + * called under devcgroup_mutex */ static int dev_whitelist_copy(struct list_head *dest, struct list_head *orig) { @@ -92,7 +95,7 @@ free_and_exit: /* Stupid prototype - don't bother combining existing entries */ /* - * called under cgroup_lock() + * called under devcgroup_mutex */ static int dev_whitelist_add(struct dev_cgroup *dev_cgroup, struct dev_whitelist_item *wh) @@ -130,7 +133,7 @@ static void whitelist_item_free(struct rcu_head *rcu) } /* - * called under cgroup_lock() + * called under devcgroup_mutex */ static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup, struct dev_whitelist_item *wh) @@ -185,8 +188,10 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup_subsys *ss, list_add(&wh->list, &dev_cgroup->whitelist); } else { parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup); + mutex_lock(&devcgroup_mutex); ret = dev_whitelist_copy(&dev_cgroup->whitelist, &parent_dev_cgroup->whitelist); + mutex_unlock(&devcgroup_mutex); if (ret) { kfree(dev_cgroup); return ERR_PTR(ret); @@ -273,7 +278,7 @@ static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft, * does the access granted to dev_cgroup c contain the access * requested in whitelist item refwh. * return 1 if yes, 0 if no. - * call with c->lock held + * call with devcgroup_mutex held */ static int may_access_whitelist(struct dev_cgroup *c, struct dev_whitelist_item *refwh) @@ -426,11 +431,11 @@ static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft, const char *buffer) { int retval; - if (!cgroup_lock_live_group(cgrp)) - return -ENODEV; + + mutex_lock(&devcgroup_mutex); retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp), cft->private, buffer); - cgroup_unlock(); + mutex_unlock(&devcgroup_mutex); return retval; } -- cgit v1.2.3-18-g5258 From 800a964787faef3509d194fa33268628c3d1daa9 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 3 Apr 2009 16:42:40 +0100 Subject: CacheFiles: Export things for CacheFiles Export a number of functions for CacheFiles's use. Signed-off-by: David Howells Acked-by: Steve Dickson Acked-by: Trond Myklebust Acked-by: Rik van Riel Acked-by: Al Viro Tested-by: Daire Byrne --- security/security.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'security') diff --git a/security/security.c b/security/security.c index 206e53844d2..5284255c5cd 100644 --- a/security/security.c +++ b/security/security.c @@ -445,6 +445,7 @@ int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) return 0; return security_ops->inode_create(dir, dentry, mode); } +EXPORT_SYMBOL_GPL(security_inode_create); int security_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) @@ -475,6 +476,7 @@ int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) return 0; return security_ops->inode_mkdir(dir, dentry, mode); } +EXPORT_SYMBOL_GPL(security_inode_mkdir); int security_inode_rmdir(struct inode *dir, struct dentry *dentry) { -- cgit v1.2.3-18-g5258 From a0558fc3491c0494feb8472cf6c0119e43fd9484 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Mon, 6 Apr 2009 20:49:14 +0900 Subject: tomoyo: remove "undelete domain" command. Since TOMOYO's policy management tools does not use the "undelete domain" command, we decided to remove that command. Signed-off-by: Kentaro Takeda Signed-off-by: Tetsuo Handa Signed-off-by: Toshiharu Harada Signed-off-by: James Morris --- security/tomoyo/common.c | 7 +--- security/tomoyo/common.h | 8 +---- security/tomoyo/domain.c | 90 ++---------------------------------------------- 3 files changed, 5 insertions(+), 100 deletions(-) (limited to 'security') diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 92cea656ad2..a0affd9cfca 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) struct tomoyo_domain_info *domain = head->write_var1; bool is_delete = false; bool is_select = false; - bool is_undelete = false; unsigned int profile; if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) is_delete = true; else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) is_select = true; - else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE)) - is_undelete = true; if (is_select && tomoyo_is_select_one(head, data)) return 0; /* Don't allow updating policies by non manager programs. */ @@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) down_read(&tomoyo_domain_list_lock); domain = tomoyo_find_domain(data); up_read(&tomoyo_domain_list_lock); - } else if (is_undelete) - domain = tomoyo_undelete_domain(data); - else + } else domain = tomoyo_find_or_assign_new_domain(data, 0); head->write_var1 = domain; return 0; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 26a76d67aa1..e77e6a6de0f 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -88,10 +88,7 @@ struct tomoyo_domain_info { /* Name of this domain. Never NULL. */ const struct tomoyo_path_info *domainname; u8 profile; /* Profile number to use. */ - u8 is_deleted; /* Delete flag. - 0 = active. - 1 = deleted but undeletable. - 255 = deleted and no longer undeletable. */ + bool is_deleted; /* Delete flag. */ bool quota_warned; /* Quota warnning flag. */ /* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */ u8 flags; @@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record { #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " #define TOMOYO_KEYWORD_SELECT "select " -#define TOMOYO_KEYWORD_UNDELETE "undelete " #define TOMOYO_KEYWORD_USE_PROFILE "use_profile " #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" /* A domain definition starts with . */ @@ -267,8 +263,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * domainname, const u8 profile); -/* Undelete a domain. */ -struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname); /* Check mode for specified functionality. */ unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, const u8 index); diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 093a756030b..2f2b449ffd2 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete) return tomoyo_update_alias_entry(data, cp, is_delete); } -/* Domain create/delete/undelete handler. */ - -/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */ +/* Domain create/delete handler. */ /** * tomoyo_delete_domain - Delete a domain. @@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname) tomoyo_fill_path_info(&name); /***** EXCLUSIVE SECTION START *****/ down_write(&tomoyo_domain_list_lock); -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE - printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname); - list_for_each_entry(domain, &tomoyo_domain_list, list) { - if (tomoyo_pathcmp(domain->domainname, &name)) - continue; - printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted); - } -#endif /* Is there an active domain? */ list_for_each_entry(domain, &tomoyo_domain_list, list) { - struct tomoyo_domain_info *domain2; /* Never delete tomoyo_kernel_domain */ if (domain == &tomoyo_kernel_domain) continue; if (domain->is_deleted || tomoyo_pathcmp(domain->domainname, &name)) continue; - /* Mark already deleted domains as non undeletable. */ - list_for_each_entry(domain2, &tomoyo_domain_list, list) { - if (!domain2->is_deleted || - tomoyo_pathcmp(domain2->domainname, &name)) - continue; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE - if (domain2->is_deleted != 255) - printk(KERN_DEBUG - "Marked %p as non undeletable\n", - domain2); -#endif - domain2->is_deleted = 255; - } - /* Delete and mark active domain as undeletable. */ - domain->is_deleted = 1; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE - printk(KERN_DEBUG "Marked %p as undeletable\n", domain); -#endif + domain->is_deleted = true; break; } up_write(&tomoyo_domain_list_lock); @@ -613,58 +585,6 @@ int tomoyo_delete_domain(char *domainname) return 0; } -/** - * tomoyo_undelete_domain - Undelete a domain. - * - * @domainname: The name of domain. - * - * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise. - */ -struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname) -{ - struct tomoyo_domain_info *domain; - struct tomoyo_domain_info *candidate_domain = NULL; - struct tomoyo_path_info name; - - name.name = domainname; - tomoyo_fill_path_info(&name); - /***** EXCLUSIVE SECTION START *****/ - down_write(&tomoyo_domain_list_lock); -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE - printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname); - list_for_each_entry(domain, &tomoyo_domain_list, list) { - if (tomoyo_pathcmp(domain->domainname, &name)) - continue; - printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted); - } -#endif - list_for_each_entry(domain, &tomoyo_domain_list, list) { - if (tomoyo_pathcmp(&name, domain->domainname)) - continue; - if (!domain->is_deleted) { - /* This domain is active. I can't undelete. */ - candidate_domain = NULL; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE - printk(KERN_DEBUG "%p is active. I can't undelete.\n", - domain); -#endif - break; - } - /* Is this domain undeletable? */ - if (domain->is_deleted == 1) - candidate_domain = domain; - } - if (candidate_domain) { - candidate_domain->is_deleted = 0; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE - printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain); -#endif - } - up_write(&tomoyo_domain_list_lock); - /***** EXCLUSIVE SECTION END *****/ - return candidate_domain; -} - /** * tomoyo_find_or_assign_new_domain - Create a domain. * @@ -711,10 +631,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * /***** CRITICAL SECTION END *****/ if (flag) continue; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE - printk(KERN_DEBUG "Reusing %p %s\n", domain, - domain->domainname->name); -#endif list_for_each_entry(ptr, &domain->acl_info_list, list) { ptr->type |= TOMOYO_ACL_DELETED; } @@ -722,7 +638,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * domain->profile = profile; domain->quota_warned = false; mb(); /* Avoid out-of-order execution. */ - domain->is_deleted = 0; + domain->is_deleted = false; goto out; } /* No memory reusable. Create using new memory. */ -- cgit v1.2.3-18-g5258 From 5bf37ec3e0f5eb79f23e024a7fbc8f3557c087f0 Mon Sep 17 00:00:00 2001 From: "Serge E. Hallyn" Date: Wed, 8 Apr 2009 16:55:58 -0500 Subject: cap_prctl: don't set error to 0 at 'no_change' One-liner: capsh --print is broken without this patch. In certain cases, cap_prctl returns error > 0 for success. However, the 'no_change' label was always setting error to 0. As a result, for example, 'prctl(CAP_BSET_READ, N)' would always return 0. It should return 1 if a process has N in its bounding set (as by default it does). I'm keeping the no_change label even though it's now functionally the same as 'error'. Signed-off-by: Serge Hallyn Acked-by: David Howells Signed-off-by: James Morris --- security/commoncap.c | 1 - 1 file changed, 1 deletion(-) (limited to 'security') diff --git a/security/commoncap.c b/security/commoncap.c index 7cd61a5f520..beac0258c2a 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -916,7 +916,6 @@ changed: return commit_creds(new); no_change: - error = 0; error: abort_creds(new); return error; -- cgit v1.2.3-18-g5258 From 34574dd10b6d0697b86703388d6d6af9cbf4bb48 Mon Sep 17 00:00:00 2001 From: David Howells Date: Thu, 9 Apr 2009 17:14:05 +0100 Subject: keys: Handle there being no fallback destination keyring for request_key() When request_key() is called, without there being any standard process keyrings on which to fall back if a destination keyring is not specified, an oops is liable to occur when construct_alloc_key() calls down_write() on dest_keyring's semaphore. Due to function inlining this may be seen as an oops in down_write() as called from request_key_and_link(). This situation crops up during boot, where request_key() is called from within the kernel (such as in CIFS mounts) where nobody is actually logged in, and so PAM has not had a chance to create a session keyring and user keyrings to act as the fallback. To fix this, make construct_alloc_key() not attempt to cache a key if there is no fallback key if no destination keyring is given specifically. Signed-off-by: David Howells Tested-by: Jeff Layton Signed-off-by: Linus Torvalds --- security/keys/request_key.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 22a31582bfa..03fe63ed55b 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -311,7 +311,8 @@ static int construct_alloc_key(struct key_type *type, set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); - down_write(&dest_keyring->sem); + if (dest_keyring) + down_write(&dest_keyring->sem); /* attach the key to the destination keyring under lock, but we do need * to do another check just in case someone beat us to it whilst we @@ -322,10 +323,12 @@ static int construct_alloc_key(struct key_type *type, if (!IS_ERR(key_ref)) goto key_already_present; - __key_link(dest_keyring, key); + if (dest_keyring) + __key_link(dest_keyring, key); mutex_unlock(&key_construction_mutex); - up_write(&dest_keyring->sem); + if (dest_keyring) + up_write(&dest_keyring->sem); mutex_unlock(&user->cons_lock); *_key = key; kleave(" = 0 [%d]", key_serial(key)); -- cgit v1.2.3-18-g5258 From 39826a1e17c1957bd7b5cd7815b83940e5e3a230 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Wed, 8 Apr 2009 22:31:28 +0900 Subject: tomoyo: version bump to 2.2.0. Signed-off-by: Kentaro Takeda Signed-off-by: Tetsuo Handa Signed-off-by: Toshiharu Harada Signed-off-by: James Morris --- security/tomoyo/common.c | 6 +++--- security/tomoyo/common.h | 2 +- security/tomoyo/domain.c | 2 +- security/tomoyo/file.c | 2 +- security/tomoyo/realpath.c | 2 +- security/tomoyo/realpath.h | 2 +- security/tomoyo/tomoyo.c | 2 +- security/tomoyo/tomoyo.h | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) (limited to 'security') diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index a0affd9cfca..d4d41b3efc7 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ @@ -1773,7 +1773,7 @@ void tomoyo_load_policy(const char *filename) envp[2] = NULL; call_usermodehelper(argv[0], argv, envp, 1); - printk(KERN_INFO "TOMOYO: 2.2.0-pre 2009/02/01\n"); + printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n"); printk(KERN_INFO "Mandatory Access Control activated.\n"); tomoyo_policy_loaded = true; { /* Check all profiles currently assigned to domains are defined. */ @@ -1800,7 +1800,7 @@ void tomoyo_load_policy(const char *filename) static int tomoyo_read_version(struct tomoyo_io_buffer *head) { if (!head->read_eof) { - tomoyo_io_printf(head, "2.2.0-pre"); + tomoyo_io_printf(head, "2.2.0"); head->read_eof = true; } return 0; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index e77e6a6de0f..678f4ff16aa 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 2f2b449ffd2..2d6748741a2 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 65f50c1c5ee..2316da8ec5b 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 3bbe01a7a4b..bf8e2b45168 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h index 7ec9fc9cbc0..78217a37960 100644 --- a/security/tomoyo/realpath.h +++ b/security/tomoyo/realpath.h @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3eeeae12c4d..5b481912752 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index a0c8f6e0bea..41c6ebafb9c 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h @@ -5,7 +5,7 @@ * * Copyright (C) 2005-2009 NTT DATA CORPORATION * - * Version: 2.2.0-pre 2009/02/01 + * Version: 2.2.0 2009/04/01 * */ -- cgit v1.2.3-18-g5258 From defc433ba3bc587826bb467ce0e63452deafa65d Mon Sep 17 00:00:00 2001 From: Etienne Basset Date: Thu, 16 Apr 2009 23:58:42 +0200 Subject: Smack: check for SMACK xattr validity in smack_inode_setxattr the following patch moves checks for SMACK xattr validity from smack_inode_post_setxattr (which cannot return an error to the user) to smack_inode_setxattr (which can return an error). Signed-off-by: Etienne Basset Acked-by: Casey Schaufler Signed-off-by: James Morris --- security/smack/smack_lsm.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 921514902ec..98b3195347a 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { if (!capable(CAP_MAC_ADMIN)) rc = -EPERM; - /* a label cannot be void and cannot begin with '-' */ - if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) + /* + * check label validity here so import wont fail on + * post_setxattr + */ + if (size == 0 || size >= SMK_LABELLEN || + smk_import(value, size) == NULL) rc = -EINVAL; } else rc = cap_inode_setxattr(dentry, name, value, size, flags); @@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, if (strcmp(name, XATTR_NAME_SMACK)) return; - if (size >= SMK_LABELLEN) - return; - isp = dentry->d_inode->i_security; /* -- cgit v1.2.3-18-g5258 From 65c90bca0dba56f60dc4ce2a529140c3cc440f22 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 4 May 2009 15:43:18 -0400 Subject: selinux: Fix send_sigiotask hook The CRED patch incorrectly converted the SELinux send_sigiotask hook to use the current task SID rather than the target task SID in its permission check, yielding the wrong permission check. This fixes the hook function. Detected by the ltp selinux testsuite and confirmed to correct the test failure. Signed-off-by: Stephen Smalley Signed-off-by: James Morris --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ba808ef6bab..2fcad7c33ea 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3153,7 +3153,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { struct file *file; - u32 sid = current_sid(); + u32 sid = task_sid(tsk); u32 perm; struct file_security_struct *fsec; -- cgit v1.2.3-18-g5258