aboutsummaryrefslogtreecommitdiff
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2009-12-05 15:22:26 -0800
committerDavid S. Miller <davem@davemloft.net>2009-12-05 15:22:26 -0800
commit28b4d5cc17c20786848cdc07b7ea237a309776bb (patch)
treebae406a4b17229dcce7c11be5073f7a67665e477 /security/selinux/hooks.c
parentd29cecda036f251aee4947f47eea0fe9ed8cc931 (diff)
parent96fa2b508d2d3fe040cf4ef2fffb955f0a537ea1 (diff)
Merge branch 'master' of /home/davem/src/GIT/linux-2.6/
Conflicts: drivers/net/pcmcia/fmvj18x_cs.c drivers/net/pcmcia/nmclan_cs.c drivers/net/pcmcia/xirc2ps_cs.c drivers/net/wireless/ray_cs.c
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 83a4aada0b4..7a374c2eb04 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -91,7 +91,6 @@
#define NUM_SEL_MNT_OPTS 5
-extern unsigned int policydb_loaded_version;
extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
extern struct security_operations *security_ops;
@@ -3338,9 +3337,18 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
return 0;
}
-static int selinux_kernel_module_request(void)
+static int selinux_kernel_module_request(char *kmod_name)
{
- return task_has_system(current, SYSTEM__MODULE_REQUEST);
+ u32 sid;
+ struct common_audit_data ad;
+
+ sid = task_sid(current);
+
+ COMMON_AUDIT_DATA_INIT(&ad, KMOD);
+ ad.u.kmod_name = kmod_name;
+
+ return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
+ SYSTEM__MODULE_REQUEST, &ad);
}
static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
@@ -4714,10 +4722,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
if (err)
return err;
- if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
- err = selinux_nlmsg_perm(sk, skb);
-
- return err;
+ return selinux_nlmsg_perm(sk, skb);
}
static int selinux_netlink_recv(struct sk_buff *skb, int capability)
@@ -5830,12 +5835,12 @@ int selinux_disable(void)
selinux_disabled = 1;
selinux_enabled = 0;
- /* Try to destroy the avc node cache */
- avc_disable();
-
/* Reset security_ops to the secondary module, dummy or capability. */
security_ops = secondary_ops;
+ /* Try to destroy the avc node cache */
+ avc_disable();
+
/* Unregister netfilter hooks. */
selinux_nf_ip_exit();