#include <linux/string.h>
#include <linux/selinux.h>
#include <linux/mutex.h>
+#include <linux/posix-timers.h>
#include "avc.h"
#include "objsec.h"
return av;
}
+/* Convert a Linux file to an access vector. */
+static inline u32 file_to_av(struct file *file)
+{
+ u32 av = 0;
+
+ if (file->f_mode & FMODE_READ)
+ av |= FILE__READ;
+ if (file->f_mode & FMODE_WRITE) {
+ if (file->f_flags & O_APPEND)
+ av |= FILE__APPEND;
+ else
+ av |= FILE__WRITE;
+ }
+ if (!av) {
+ /*
+ * Special file opened with flags 3 for ioctl-only use.
+ */
+ av = FILE__IOCTL;
+ }
+
+ return av;
+}
+
/*
- * Convert a file mask to an access vector and include the correct open
+ * Convert a file to an access vector and include the correct open
* open permission.
*/
-static inline u32 open_file_mask_to_av(int mode, int mask)
+static inline u32 open_file_to_av(struct file *file)
{
- u32 av = file_mask_to_av(mode, mask);
+ u32 av = file_to_av(file);
if (selinux_policycap_openperm) {
+ mode_t mode = file->f_path.dentry->d_inode->i_mode;
/*
* lnk files and socks do not really have an 'open'
*/
av |= DIR__OPEN;
else
printk(KERN_ERR "SELinux: WARNING: inside %s with "
- "unknown mode:%x\n", __func__, mode);
- }
- return av;
-}
-
-/* Convert a Linux file to an access vector. */
-static inline u32 file_to_av(struct file *file)
-{
- u32 av = 0;
-
- if (file->f_mode & FMODE_READ)
- av |= FILE__READ;
- if (file->f_mode & FMODE_WRITE) {
- if (file->f_flags & O_APPEND)
- av |= FILE__APPEND;
- else
- av |= FILE__WRITE;
- }
- if (!av) {
- /*
- * Special file opened with flags 3 for ioctl-only use.
- */
- av = FILE__IOCTL;
+ "unknown mode:%o\n", __func__, mode);
}
-
return av;
}
tty = get_current_tty();
if (tty) {
file_list_lock();
- file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
- if (file) {
+ if (!list_empty(&tty->tty_files)) {
+ struct inode *inode;
+
/* Revalidate access to controlling tty.
Use inode_has_perm on the tty inode directly rather
than using file_has_perm, as this particular open
file may belong to another process and we are only
interested in the inode-based check here. */
- struct inode *inode = file->f_path.dentry->d_inode;
+ file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
+ inode = file->f_path.dentry->d_inode;
if (inode_has_perm(current, inode,
FILE__READ | FILE__WRITE, NULL)) {
drop_tty = 1;
struct rlimit *rlim, *initrlim;
struct itimerval itimer;
struct bprm_security_struct *bsec;
+ struct sighand_struct *psig;
int rc, i;
+ unsigned long flags;
tsec = current->security;
bsec = bprm->security;
initrlim = init_task.signal->rlim+i;
rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
}
- if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
- /*
- * This will cause RLIMIT_CPU calculations
- * to be refigured.
- */
- current->it_prof_expires = jiffies_to_cputime(1);
- }
+ update_rlimit_cpu(rlim->rlim_cur);
}
/* Wake up the parent if it is waiting so that it can
recheck wait permission to the new task SID. */
+ read_lock_irq(&tasklist_lock);
+ psig = current->parent->sighand;
+ spin_lock_irqsave(&psig->siglock, flags);
wake_up_interruptible(¤t->parent->signal->wait_chldexit);
+ spin_unlock_irqrestore(&psig->siglock, flags);
+ read_unlock_irq(&tasklist_lock);
}
/* superblock security operations */
}
return inode_has_perm(current, inode,
- open_file_mask_to_av(inode->i_mode, mask), NULL);
+ file_mask_to_av(inode->i_mode, mask), NULL);
}
static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
* new inode label or new policy.
* This check is not redundant - do not remove.
*/
- return inode_has_perm(current, inode, file_to_av(file), NULL);
+ return inode_has_perm(current, inode, open_file_to_av(file), NULL);
}
/* task security operations */
projects / linux-2.6-omap-h63xx.git / blobdiff