sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks
All of the implementations of security hooks that take sem_array only access sem_perm the struct kern_ipc_perm member. This means the dependencies of the sem security hooks can be simplified by passing the kern_ipc_perm member of sem_array. Making this change will allow struct sem and struct sem_array to become private to ipc/sem.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman
@ -5767,53 +5767,53 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
|
||||
}
|
||||
|
||||
/* Semaphore security operations */
|
||||
static int selinux_sem_alloc_security(struct sem_array *sma)
|
||||
static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
|
||||
{
|
||||
struct ipc_security_struct *isec;
|
||||
struct common_audit_data ad;
|
||||
u32 sid = current_sid();
|
||||
int rc;
|
||||
|
||||
rc = ipc_alloc_security(&sma->sem_perm, SECCLASS_SEM);
|
||||
rc = ipc_alloc_security(sma, SECCLASS_SEM);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
isec = sma->sem_perm.security;
|
||||
isec = sma->security;
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_IPC;
|
||||
ad.u.ipc_id = sma->sem_perm.key;
|
||||
ad.u.ipc_id = sma->key;
|
||||
|
||||
rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
|
||||
SEM__CREATE, &ad);
|
||||
if (rc) {
|
||||
ipc_free_security(&sma->sem_perm);
|
||||
ipc_free_security(sma);
|
||||
return rc;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void selinux_sem_free_security(struct sem_array *sma)
|
||||
static void selinux_sem_free_security(struct kern_ipc_perm *sma)
|
||||
{
|
||||
ipc_free_security(&sma->sem_perm);
|
||||
ipc_free_security(sma);
|
||||
}
|
||||
|
||||
static int selinux_sem_associate(struct sem_array *sma, int semflg)
|
||||
static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
|
||||
{
|
||||
struct ipc_security_struct *isec;
|
||||
struct common_audit_data ad;
|
||||
u32 sid = current_sid();
|
||||
|
||||
isec = sma->sem_perm.security;
|
||||
isec = sma->security;
|
||||
|
||||
ad.type = LSM_AUDIT_DATA_IPC;
|
||||
ad.u.ipc_id = sma->sem_perm.key;
|
||||
ad.u.ipc_id = sma->key;
|
||||
|
||||
return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
|
||||
SEM__ASSOCIATE, &ad);
|
||||
}
|
||||
|
||||
/* Note, at this point, sma is locked down */
|
||||
static int selinux_sem_semctl(struct sem_array *sma, int cmd)
|
||||
static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
|
||||
{
|
||||
int err;
|
||||
u32 perms;
|
||||
@ -5851,11 +5851,11 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd)
|
||||
return 0;
|
||||
}
|
||||
|
||||
err = ipc_has_perm(&sma->sem_perm, perms);
|
||||
err = ipc_has_perm(sma, perms);
|
||||
return err;
|
||||
}
|
||||
|
||||
static int selinux_sem_semop(struct sem_array *sma,
|
||||
static int selinux_sem_semop(struct kern_ipc_perm *sma,
|
||||
struct sembuf *sops, unsigned nsops, int alter)
|
||||
{
|
||||
u32 perms;
|
||||
@ -5865,7 +5865,7 @@ static int selinux_sem_semop(struct sem_array *sma,
|
||||
else
|
||||
perms = SEM__READ;
|
||||
|
||||
return ipc_has_perm(&sma->sem_perm, perms);
|
||||
return ipc_has_perm(sma, perms);
|
||||
}
|
||||
|
||||
static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
|
||||
|
||||
Reference in New Issue
Block a user