diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-03-02 14:47:24 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-03-02 14:47:24 -0800 |
| commit | 832d30ca72c0a59058e66e097f5ea11f99640819 (patch) | |
| tree | ab71581c4ad66b2a151298ed13c0eb2506fc8068 /security/selinux/avc.c | |
| parent | 3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff) | |
| parent | b4ccebdd37ff70d349321a198f416ba737a5e833 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (38 commits)
SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0
TOMOYO: Protect find_task_by_vpid() with RCU.
Security: add static to security_ops and default_security_ops variable
selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()
TOMOYO: Remove __func__ from tomoyo_is_correct_path/domain
security: fix a couple of sparse warnings
TOMOYO: Remove unneeded parameter.
TOMOYO: Use shorter names.
TOMOYO: Use enum for index numbers.
TOMOYO: Add garbage collector.
TOMOYO: Add refcounter on domain structure.
TOMOYO: Merge headers.
TOMOYO: Add refcounter on string data.
TOMOYO: Reduce lines by using common path for addition and deletion.
selinux: fix memory leak in sel_make_bools
TOMOYO: Extract bitfield
syslog: clean up needless comment
syslog: use defined constants instead of raw numbers
syslog: distinguish between /proc/kmsg and syscalls
selinux: allow MLS->non-MLS and vice versa upon policy reload
...
Diffstat (limited to 'security/selinux/avc.c')
| -rw-r--r-- | security/selinux/avc.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index f2dde268165a..db0fd9f33499 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -489,17 +489,14 @@ void avc_audit(u32 ssid, u32 tsid, struct common_audit_data stack_data; u32 denied, audited; denied = requested & ~avd->allowed; - if (denied) { - audited = denied; - if (!(audited & avd->auditdeny)) - return; - } else if (result) { + if (denied) + audited = denied & avd->auditdeny; + else if (result) audited = denied = requested; - } else { - audited = requested; - if (!(audited & avd->auditallow)) - return; - } + else + audited = requested & avd->auditallow; + if (!audited) + return; if (!a) { a = &stack_data; memset(a, 0, sizeof(*a)); @@ -746,9 +743,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, else avd = &avd_entry; - rc = security_compute_av(ssid, tsid, tclass, requested, avd); - if (rc) - goto out; + security_compute_av(ssid, tsid, tclass, avd); rcu_read_lock(); node = avc_insert(ssid, tsid, tclass, avd); } else { @@ -770,7 +765,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, } rcu_read_unlock(); -out: return rc; } |