summaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorJens Axboe <jaxboe@fusionio.com>2011-07-01 16:17:13 +0200
committerJens Axboe <jaxboe@fusionio.com>2011-07-01 16:17:13 +0200
commit04bf7869ca0fd12009aee301cac2264a36df4d98 (patch)
tree66cb81ebf8b76560a31433c2c493dc430c914af9 /security/selinux/hooks.c
parentblk-throttle: Make total_nr_queued unsigned (diff)
parentMerge branch 'for-3.0-important' of git://git.drbd.org/linux-2.6-drbd into fo... (diff)
downloadlinux-04bf7869ca0fd12009aee301cac2264a36df4d98.tar.xz
linux-04bf7869ca0fd12009aee301cac2264a36df4d98.zip
Merge branch 'for-linus' into for-3.1/core
Conflicts: block/blk-throttle.c block/cfq-iosched.c Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a0d38459d650..20219ef5439a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1476,7 +1476,6 @@ static int inode_has_perm(const struct cred *cred,
unsigned flags)
{
struct inode_security_struct *isec;
- struct common_audit_data ad;
u32 sid;
validate_creds(cred);
@@ -1487,15 +1486,21 @@ static int inode_has_perm(const struct cred *cred,
sid = cred_sid(cred);
isec = inode->i_security;
- if (!adp) {
- adp = &ad;
- COMMON_AUDIT_DATA_INIT(&ad, INODE);
- ad.u.inode = inode;
- }
-
return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
}
+static int inode_has_perm_noadp(const struct cred *cred,
+ struct inode *inode,
+ u32 perms,
+ unsigned flags)
+{
+ struct common_audit_data ad;
+
+ COMMON_AUDIT_DATA_INIT(&ad, INODE);
+ ad.u.inode = inode;
+ return inode_has_perm(cred, inode, perms, &ad, flags);
+}
+
/* Same as inode_has_perm, but pass explicit audit data containing
the dentry to help the auditing code to more easily generate the
pathname if needed. */
@@ -2122,8 +2127,8 @@ static inline void flush_unauthorized_files(const struct cred *cred,
struct tty_file_private, list);
file = file_priv->file;
inode = file->f_path.dentry->d_inode;
- if (inode_has_perm(cred, inode,
- FILE__READ | FILE__WRITE, NULL, 0)) {
+ if (inode_has_perm_noadp(cred, inode,
+ FILE__READ | FILE__WRITE, 0)) {
drop_tty = 1;
}
}
@@ -3228,7 +3233,7 @@ static int selinux_dentry_open(struct file *file, const struct cred *cred)
* new inode label or new policy.
* This check is not redundant - do not remove.
*/
- return inode_has_perm(cred, inode, open_file_to_av(file), NULL, 0);
+ return inode_has_perm_noadp(cred, inode, open_file_to_av(file), 0);
}
/* task security operations */