SELinux: Abstract use of file security blob (bb6c6b02) · Commits · 戴 / test

security/selinux/hooks.c

+9 −9

Original line number	Diff line number	Diff line
		@@ -394,7 +394,7 @@ static int file_alloc_security(struct file *file)

		static void file_free_security(struct file *file)
		{
		struct file_security_struct *fsec = file->f_security;
		struct file_security_struct *fsec = selinux_file(file);
		file->f_security = NULL;
		kmem_cache_free(file_security_cache, fsec);
		}
		@@ -1733,7 +1733,7 @@ static int file_has_perm(const struct cred *cred,
		struct file *file,
		u32 av)
		{
		struct file_security_struct *fsec = file->f_security;
		struct file_security_struct *fsec = selinux_file(file);
		struct inode *inode = file_inode(file);
		struct common_audit_data ad;
		u32 sid = cred_sid(cred);
		@@ -2077,7 +2077,7 @@ static int selinux_binder_transfer_file(struct task_struct *from,
		struct file *file)
		{
		u32 sid = task_sid(to);
		struct file_security_struct *fsec = file->f_security;
		struct file_security_struct *fsec = selinux_file(file);
		struct dentry *dentry = file->f_path.dentry;
		struct inode_security_struct *isec;
		struct common_audit_data ad;
		@@ -3323,7 +3323,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
		static int selinux_file_permission(struct file *file, int mask)
		{
		struct inode *inode = file_inode(file);
		struct file_security_struct *fsec = file->f_security;
		struct file_security_struct *fsec = selinux_file(file);
		struct inode_security_struct *isec;
		u32 sid = current_sid();

		@@ -3358,7 +3358,7 @@ static int ioctl_has_perm(const struct cred cred, struct file file,
		u32 requested, u16 cmd)
		{
		struct common_audit_data ad;
		struct file_security_struct *fsec = file->f_security;
		struct file_security_struct *fsec = selinux_file(file);
		struct inode *inode = file_inode(file);
		struct inode_security_struct *isec;
		struct lsm_ioctlop_audit ioctl;
		@@ -3610,7 +3610,7 @@ static void selinux_file_set_fowner(struct file *file)
		{
		struct file_security_struct *fsec;

		fsec = file->f_security;
		fsec = selinux_file(file);
		fsec->fown_sid = current_sid();
		}

		@@ -3625,7 +3625,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
		/* struct fown_struct is never outside the context of a struct file */
		file = container_of(fown, struct file, f_owner);

		fsec = file->f_security;
		fsec = selinux_file(file);

		if (!signum)
		perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
		@@ -3649,7 +3649,7 @@ static int selinux_file_open(struct file *file)
		struct file_security_struct *fsec;
		struct inode_security_struct *isec;

		fsec = file->f_security;
		fsec = selinux_file(file);
		isec = inode_security(file_inode(file));
		/*
		* Save inode label and policy sequence number
		@@ -3788,7 +3788,7 @@ static int selinux_kernel_module_from_file(struct file *file)
		ad.type = LSM_AUDIT_DATA_FILE;
		ad.u.file = file;

		fsec = file->f_security;
		fsec = selinux_file(file);
		if (sid != fsec->sid) {
		rc = avc_has_perm(&selinux_state,
		sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);

security/selinux/include/objsec.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -165,4 +165,9 @@ static inline struct task_security_struct selinux_cred(const struct cred cred)
		return cred->security + selinux_blob_sizes.lbs_cred;
		}

		static inline struct file_security_struct selinux_file(const struct file file)
		{
		return file->f_security;
		}

		#endif /* _SELINUX_OBJSEC_H_ */

Admin message