Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: - Add LSM hooks, and SELinux access control hooks, for dnotify, fanotify, and inotify watches. This has been discussed with both the LSM and fs/notify folks and everybody is good with these new hooks. - The LSM stacking changes missed a few calls to current_security() in the SELinux code; we fix those and remove current_security() for good. - Improve our network object labeling cache so that we always return the object's label, even when under memory pressure. Previously we would return an error if we couldn't allocate a new cache entry, now we always return the label even if we can't create a new cache entry for it. - Convert the sidtab atomic_t counter to a normal u32 with READ/WRITE_ONCE() and memory barrier protection. - A few patches to policydb.c to clean things up (remove forward declarations, long lines, bad variable names, etc) * tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: lsm: remove current_security() selinux: fix residual uses of current_security() for the SELinux blob selinux: avoid atomic_t usage in sidtab fanotify, inotify, dnotify, security: add security hook for fs notifications selinux: always return a secid from the network caches if we find one selinux: policydb - rename type_val_to_struct_array selinux: policydb - fix some checkpatch.pl warnings selinux: shuffle around policydb.c to get rid of forward declarations
This commit is contained in:
Linus Torvalds
@@ -189,9 +189,9 @@ static void sel_netnode_insert(struct sel_netnode *node)
|
||||
*/
|
||||
static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
|
||||
{
|
||||
int ret = -ENOMEM;
|
||||
int ret;
|
||||
struct sel_netnode *node;
|
||||
struct sel_netnode *new = NULL;
|
||||
struct sel_netnode *new;
|
||||
|
||||
spin_lock_bh(&sel_netnode_lock);
|
||||
node = sel_netnode_find(addr, family);
|
||||
@@ -200,38 +200,36 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
|
||||
spin_unlock_bh(&sel_netnode_lock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
new = kzalloc(sizeof(*new), GFP_ATOMIC);
|
||||
if (new == NULL)
|
||||
goto out;
|
||||
switch (family) {
|
||||
case PF_INET:
|
||||
ret = security_node_sid(&selinux_state, PF_INET,
|
||||
addr, sizeof(struct in_addr), sid);
|
||||
new->nsec.addr.ipv4 = *(__be32 *)addr;
|
||||
if (new)
|
||||
new->nsec.addr.ipv4 = *(__be32 *)addr;
|
||||
break;
|
||||
case PF_INET6:
|
||||
ret = security_node_sid(&selinux_state, PF_INET6,
|
||||
addr, sizeof(struct in6_addr), sid);
|
||||
new->nsec.addr.ipv6 = *(struct in6_addr *)addr;
|
||||
if (new)
|
||||
new->nsec.addr.ipv6 = *(struct in6_addr *)addr;
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
ret = -EINVAL;
|
||||
}
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
if (ret == 0 && new) {
|
||||
new->nsec.family = family;
|
||||
new->nsec.sid = *sid;
|
||||
sel_netnode_insert(new);
|
||||
} else
|
||||
kfree(new);
|
||||
|
||||
new->nsec.family = family;
|
||||
new->nsec.sid = *sid;
|
||||
sel_netnode_insert(new);
|
||||
|
||||
out:
|
||||
spin_unlock_bh(&sel_netnode_lock);
|
||||
if (unlikely(ret)) {
|
||||
if (unlikely(ret))
|
||||
pr_warn("SELinux: failure in %s(), unable to determine network node label\n",
|
||||
__func__);
|
||||
kfree(new);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user