From e74f71eb78a4a8b9eaf1bc65f20f761648e85f76 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 20 Jun 2011 19:38:15 -0400 Subject: ->permission() sanitizing: don't pass flags to ->inode_permission() pass that via mask instead. Signed-off-by: Al Viro --- security/selinux/hooks.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'security/selinux') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 20219ef5439a..47a059fff344 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2659,12 +2659,13 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na return dentry_has_perm(cred, dentry, FILE__READ); } -static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags) +static int selinux_inode_permission(struct inode *inode, int mask) { const struct cred *cred = current_cred(); struct common_audit_data ad; u32 perms; bool from_access; + unsigned __flags = mask & MAY_NOT_BLOCK ? IPERM_FLAG_RCU : 0; from_access = mask & MAY_ACCESS; mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); @@ -2681,7 +2682,7 @@ static int selinux_inode_permission(struct inode *inode, int mask, unsigned flag perms = file_mask_to_av(inode->i_mode, mask); - return inode_has_perm(cred, inode, perms, &ad, flags); + return inode_has_perm(cred, inode, perms, &ad, __flags); } static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) -- cgit v1.2.3 From cf1dd1dae851ce5765cda5de16aa965eef7c2dbf Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 20 Jun 2011 19:44:08 -0400 Subject: selinux: don't transliterate MAY_NOT_BLOCK to IPERM_FLAG_RCU Signed-off-by: Al Viro --- security/selinux/avc.c | 2 +- security/selinux/hooks.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security/selinux') diff --git a/security/selinux/avc.c b/security/selinux/avc.c index d515b2128a4e..dca1c22d9276 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -527,7 +527,7 @@ int avc_audit(u32 ssid, u32 tsid, * happened a little later. */ if ((a->type == LSM_AUDIT_DATA_INODE) && - (flags & IPERM_FLAG_RCU)) + (flags & MAY_NOT_BLOCK)) return -ECHILD; a->selinux_audit_data.tclass = tclass; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 47a059fff344..eb5d5cdf3c51 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2665,7 +2665,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) struct common_audit_data ad; u32 perms; bool from_access; - unsigned __flags = mask & MAY_NOT_BLOCK ? IPERM_FLAG_RCU : 0; + unsigned flags = mask & MAY_NOT_BLOCK; from_access = mask & MAY_ACCESS; mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); @@ -2682,7 +2682,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) perms = file_mask_to_av(inode->i_mode, mask); - return inode_has_perm(cred, inode, perms, &ad, __flags); + return inode_has_perm(cred, inode, perms, &ad, flags); } static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) -- cgit v1.2.3