summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c1
-rw-r--r--security/keys/request_key.c9
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/smack/smack_lsm.c11
-rw-r--r--security/tomoyo/common.c12
-rw-r--r--security/tomoyo/common.h2
-rw-r--r--security/tomoyo/domain.c2
-rw-r--r--security/tomoyo/file.c2
-rw-r--r--security/tomoyo/realpath.c18
-rw-r--r--security/tomoyo/realpath.h2
-rw-r--r--security/tomoyo/tomoyo.c8
-rw-r--r--security/tomoyo/tomoyo.h2
12 files changed, 40 insertions, 31 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 7cd61a5f5205..beac0258c2a8 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -916,7 +916,6 @@ changed:
return commit_creds(new);
no_change:
- error = 0;
error:
abort_creds(new);
return error;
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 22a31582bfaa..03fe63ed55bd 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -311,7 +311,8 @@ static int construct_alloc_key(struct key_type *type,
set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
- down_write(&dest_keyring->sem);
+ if (dest_keyring)
+ down_write(&dest_keyring->sem);
/* attach the key to the destination keyring under lock, but we do need
* to do another check just in case someone beat us to it whilst we
@@ -322,10 +323,12 @@ static int construct_alloc_key(struct key_type *type,
if (!IS_ERR(key_ref))
goto key_already_present;
- __key_link(dest_keyring, key);
+ if (dest_keyring)
+ __key_link(dest_keyring, key);
mutex_unlock(&key_construction_mutex);
- up_write(&dest_keyring->sem);
+ if (dest_keyring)
+ up_write(&dest_keyring->sem);
mutex_unlock(&user->cons_lock);
*_key = key;
kleave(" = 0 [%d]", key_serial(key));
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ba808ef6babb..2fcad7c33eaf 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3153,7 +3153,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int signum)
{
struct file *file;
- u32 sid = current_sid();
+ u32 sid = task_sid(tsk);
u32 perm;
struct file_security_struct *fsec;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 921514902eca..98b3195347ab 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
if (!capable(CAP_MAC_ADMIN))
rc = -EPERM;
- /* a label cannot be void and cannot begin with '-' */
- if (size == 0 || (size > 0 && ((char *)value)[0] == '-'))
+ /*
+ * check label validity here so import wont fail on
+ * post_setxattr
+ */
+ if (size == 0 || size >= SMK_LABELLEN ||
+ smk_import(value, size) == NULL)
rc = -EINVAL;
} else
rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
if (strcmp(name, XATTR_NAME_SMACK))
return;
- if (size >= SMK_LABELLEN)
- return;
-
isp = dentry->d_inode->i_security;
/*
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index a0affd9cfca8..ddfb9cccf468 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/
@@ -1720,14 +1720,14 @@ static bool tomoyo_policy_loader_exists(void)
* policies are not loaded yet.
* Thus, let do_execve() call this function everytime.
*/
- struct nameidata nd;
+ struct path path;
- if (path_lookup(tomoyo_loader, LOOKUP_FOLLOW, &nd)) {
+ if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
printk(KERN_INFO "Not activating Mandatory Access Control now "
"since %s doesn't exist.\n", tomoyo_loader);
return false;
}
- path_put(&nd.path);
+ path_put(&path);
return true;
}
@@ -1773,7 +1773,7 @@ void tomoyo_load_policy(const char *filename)
envp[2] = NULL;
call_usermodehelper(argv[0], argv, envp, 1);
- printk(KERN_INFO "TOMOYO: 2.2.0-pre 2009/02/01\n");
+ printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n");
printk(KERN_INFO "Mandatory Access Control activated.\n");
tomoyo_policy_loaded = true;
{ /* Check all profiles currently assigned to domains are defined. */
@@ -1800,7 +1800,7 @@ void tomoyo_load_policy(const char *filename)
static int tomoyo_read_version(struct tomoyo_io_buffer *head)
{
if (!head->read_eof) {
- tomoyo_io_printf(head, "2.2.0-pre");
+ tomoyo_io_printf(head, "2.2.0");
head->read_eof = true;
}
return 0;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index e77e6a6de0f2..678f4ff16aa4 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 2f2b449ffd2d..2d6748741a26 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 65f50c1c5ee9..2316da8ec5bc 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 3bbe01a7a4b5..40927a84cb6e 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/
@@ -165,11 +165,11 @@ char *tomoyo_realpath_from_path(struct path *path)
*/
char *tomoyo_realpath(const char *pathname)
{
- struct nameidata nd;
+ struct path path;
- if (pathname && path_lookup(pathname, LOOKUP_FOLLOW, &nd) == 0) {
- char *buf = tomoyo_realpath_from_path(&nd.path);
- path_put(&nd.path);
+ if (pathname && kern_path(pathname, LOOKUP_FOLLOW, &path) == 0) {
+ char *buf = tomoyo_realpath_from_path(&path);
+ path_put(&path);
return buf;
}
return NULL;
@@ -184,11 +184,11 @@ char *tomoyo_realpath(const char *pathname)
*/
char *tomoyo_realpath_nofollow(const char *pathname)
{
- struct nameidata nd;
+ struct path path;
- if (pathname && path_lookup(pathname, 0, &nd) == 0) {
- char *buf = tomoyo_realpath_from_path(&nd.path);
- path_put(&nd.path);
+ if (pathname && kern_path(pathname, 0, &path) == 0) {
+ char *buf = tomoyo_realpath_from_path(&path);
+ path_put(&path);
return buf;
}
return NULL;
diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h
index 7ec9fc9cbc07..78217a37960b 100644
--- a/security/tomoyo/realpath.h
+++ b/security/tomoyo/realpath.h
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 3eeeae12c4dc..e42be5c4f055 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/
@@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
{
+ int rc;
+
+ rc = cap_bprm_set_creds(bprm);
+ if (rc)
+ return rc;
+
/*
* Do only if this function is called for the first time of an execve
* operation.
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
index a0c8f6e0bea4..41c6ebafb9c5 100644
--- a/security/tomoyo/tomoyo.h
+++ b/security/tomoyo/tomoyo.h
@@ -5,7 +5,7 @@
*
* Copyright (C) 2005-2009 NTT DATA CORPORATION
*
- * Version: 2.2.0-pre 2009/02/01
+ * Version: 2.2.0 2009/04/01
*
*/