Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Sep 24, 2020. It is now read-only.

Rebase changes from the v4.8.6 branch #28

Merged
merged 21 commits into from
Nov 29, 2016
Merged

Rebase changes from the v4.8.6 branch #28

Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
61aa910
security, overlayfs: provide copy up security hook for unioned files
rhvgoyal Jul 19, 2016
591db70
selinux: Implementation for inode_copy_up() hook
rhvgoyal Jul 19, 2016
c4b0abc
security,overlayfs: Provide security hook for copy up of xattrs for o…
rhvgoyal Jul 19, 2016
0b0daf4
selinux: Implementation for inode_copy_up_xattr() hook
rhvgoyal Jul 19, 2016
27a7af7
selinux: Pass security pointer to determine_inode_label()
rhvgoyal Jul 19, 2016
1271cf9
security, overlayfs: Provide hook to correctly label newly created files
rhvgoyal Jul 19, 2016
2c1808b
selinux: Implement dentry_create_files_as() hook
rhvgoyal Jul 19, 2016
11eef9a
Add secure_modules() call
Aug 9, 2013
e2e5d62
PCI: Lock down BAR access when module security is enabled
Mar 8, 2012
dac8156
x86: Lock down IO port access when module security is enabled
Mar 8, 2012
af958e1
ACPI: Limit access to custom_method
Mar 9, 2012
78eca91
asus-wmi: Restrict debugfs interface when module loading is restricted
Mar 9, 2012
d012dc5
Restrict /dev/mem and /dev/kmem when module loading is restricted
Mar 9, 2012
c5afea7
acpi: Ignore acpi_rsdp kernel parameter when module loading is restri…
jwboyer Jun 25, 2012
ef69c62
kexec: Disable at runtime if the kernel enforces module loading restr…
Nov 20, 2015
7328100
x86: Restrict MSR access when module loading is restricted
Feb 8, 2013
30317cc
Add option to automatically enforce module signatures when in Secure …
Aug 9, 2013
fe523b6
efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
Aug 27, 2013
e75618e
efi: Add EFI_SECURE_BOOT bit
Aug 27, 2013
e2c1136
hibernate: Disable in a signed modules environment
Jun 20, 2014
7856850
kbuild: derive relative path for KBUILD_SRC from CURDIR
Nov 25, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
selinux: Pass security pointer to determine_inode_label() 
Right now selinux_determine_inode_label() works on security pointer of
current task. Soon I need this to work on a security pointer retrieved
from a set of creds. So start passing in a pointer and caller can decide
where to fetch security pointer from.

Signed-off-by: Vivek Goyal <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
  • Loading branch information
@rhvgoyal @dm0-
rhvgoyal authored and dm0- committed Nov 29, 2016
commit 27a7af7125c4984bdb75c2a027d6046744df411c
19 changes: 10 additions & 9 deletions security/selinux/hooks.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1808,13 +1808,13 @@ static int file_has_perm(const struct cred *cred,
/*
* Determine the label for an inode that might be unioned.
*/
static int selinux_determine_inode_label(struct inode *dir,
const struct qstr *name,
u16 tclass,
u32 *_new_isid)
static int
selinux_determine_inode_label(const struct task_security_struct *tsec,
struct inode *dir,
const struct qstr *name, u16 tclass,
u32 *_new_isid)
{
const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
const struct task_security_struct *tsec = current_security();

if ((sbsec->flags & SE_SBINITIALIZED) &&
(sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
Expand Down Expand Up @@ -1857,8 +1857,8 @@ static int may_create(struct inode *dir,
if (rc)
return rc;

rc = selinux_determine_inode_label(dir, &dentry->d_name, tclass,
&newsid);
rc = selinux_determine_inode_label(current_security(), dir,
&dentry->d_name, tclass, &newsid);
if (rc)
return rc;

Expand Down Expand Up @@ -2838,7 +2838,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
u32 newsid;
int rc;

rc = selinux_determine_inode_label(d_inode(dentry->d_parent), name,
rc = selinux_determine_inode_label(current_security(),
d_inode(dentry->d_parent), name,
inode_mode_to_security_class(mode),
&newsid);
if (rc)
Expand All @@ -2863,7 +2864,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
sid = tsec->sid;
newsid = tsec->create_sid;

rc = selinux_determine_inode_label(
rc = selinux_determine_inode_label(current_security(),
dir, qstr,
inode_mode_to_security_class(inode->i_mode),
&newsid);
Expand Down