diff options
author | Steven Rostedt (Red Hat) <rostedt@goodmis.org> | 2014-05-12 16:05:55 -0400 |
---|---|---|
committer | Steven Rostedt <rostedt@goodmis.org> | 2014-05-12 16:05:55 -0400 |
commit | d20bdcfeed0ba049c77c70f2f3efe4d1577838c5 (patch) | |
tree | a52d5e86633ec75a40bdb6ec42fb18a8920bcd47 /security/selinux/hooks.c | |
parent | fe723c8bd3b6f71672ac8f9c01ab712a8fdd318a (diff) | |
parent | ae2a5e128caf100a957cd142818fd7be6276bd11 (diff) |
Merge tag 'v3.12.18' into v3.12-rt
This is the 3.12.18 stable release
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 25d5ebaf25f9..630b8adf0ce5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1386,15 +1386,33 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent isec->sid = sbsec->sid; if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { - if (opt_dentry) { - isec->sclass = inode_mode_to_security_class(inode->i_mode); - rc = selinux_proc_get_sid(opt_dentry, - isec->sclass, - &sid); - if (rc) - goto out_unlock; - isec->sid = sid; - } + /* We must have a dentry to determine the label on + * procfs inodes */ + if (opt_dentry) + /* Called from d_instantiate or + * d_splice_alias. */ + dentry = dget(opt_dentry); + else + /* Called from selinux_complete_init, try to + * find a dentry. */ + dentry = d_find_alias(inode); + /* + * This can be hit on boot when a file is accessed + * before the policy is loaded. When we load policy we + * may find inodes that have no dentry on the + * sbsec->isec_head list. No reason to complain as + * these will get fixed up the next time we go through + * inode_doinit() with a dentry, before these inodes + * could be used again by userspace. + */ + if (!dentry) + goto out_unlock; + isec->sclass = inode_mode_to_security_class(inode->i_mode); + rc = selinux_proc_get_sid(dentry, isec->sclass, &sid); + dput(dentry); + if (rc) + goto out_unlock; + isec->sid = sid; } break; } |