diff options
author | James Morris | 2008-09-21 17:41:56 -0700 |
---|---|---|
committer | James Morris | 2008-09-21 17:41:56 -0700 |
commit | ab2b49518e743962f71b94246855c44ee9cf52cc (patch) | |
tree | 26b260a350f0a0a0d19b558bf147b812e3a1564c /security | |
parent | f058925b201357fba48d56cc9c1719ae274b2022 (diff) | |
parent | 72d31053f62c4bc464c2783974926969614a8649 (diff) |
Merge branch 'master' into next
Conflicts:
MAINTAINERS
Thanks for breaking my tree :-)
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/device_cgroup.c | 18 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 6 |
2 files changed, 12 insertions, 12 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 7bd296cca041..46f23971f7e4 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -508,12 +508,11 @@ int devcgroup_inode_permission(struct inode *inode, int mask) return 0; if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode)) return 0; - dev_cgroup = css_to_devcgroup(task_subsys_state(current, - devices_subsys_id)); - if (!dev_cgroup) - return 0; rcu_read_lock(); + + dev_cgroup = task_devcgroup(current); + list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) { if (wh->type & DEV_ALL) goto acc_check; @@ -533,6 +532,7 @@ acc_check: rcu_read_unlock(); return 0; } + rcu_read_unlock(); return -EPERM; @@ -543,12 +543,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev) struct dev_cgroup *dev_cgroup; struct dev_whitelist_item *wh; - dev_cgroup = css_to_devcgroup(task_subsys_state(current, - devices_subsys_id)); - if (!dev_cgroup) - return 0; - rcu_read_lock(); + + dev_cgroup = task_devcgroup(current); + list_for_each_entry(wh, &dev_cgroup->whitelist, list) { if (wh->type & DEV_ALL) goto acc_check; @@ -566,6 +564,8 @@ acc_check: rcu_read_unlock(); return 0; } + rcu_read_unlock(); + return -EPERM; } diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4f233d9960e7..876b815c1ba4 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -981,11 +981,12 @@ static int string_to_context_struct(struct policydb *pol, /* Check the validity of the new context. */ if (!policydb_context_isvalid(pol, ctx)) { rc = -EINVAL; - context_destroy(ctx); goto out; } rc = 0; out: + if (rc) + context_destroy(ctx); return rc; } @@ -1038,8 +1039,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, } else if (rc) goto out; rc = sidtab_context_to_sid(&sidtab, &context, sid); - if (rc) - context_destroy(&context); + context_destroy(&context); out: read_unlock(&policy_rwlock); kfree(scontext2); |