linux/security/selinux
Eric Paris 562abf6241 SELinux: pass last path component in may_create
New inodes are created in a two stage process.  We first will compute the
label on a new inode in security_inode_create() and check if the
operation is allowed.  We will then actually re-compute that same label and
apply it in security_inode_init_security().  The change to do new label
calculations based in part on the last component of the path name only
passed the path component information all the way down the
security_inode_init_security hook.  Down the security_inode_create hook the
path information did not make it past may_create.  Thus the two calculations
came up differently and the permissions check might not actually be against
the label that is created.  Pass and use the same information in both places
to harmonize the calculations and checks.

Reported-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2011-04-28 15:15:54 -04:00
..
include SELINUX: Make selinux cache VFS RCU walks safe 2011-04-25 16:24:41 -04:00
ss SELinux: put name based create rules in a hashtable 2011-04-28 15:15:53 -04:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
avc.c LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE 2011-04-25 18:13:15 -04:00
exports.c secmark: make secmark object handling generic 2010-10-21 10:12:48 +11:00
hooks.c SELinux: pass last path component in may_create 2011-04-28 15:15:54 -04:00
Kconfig selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
Makefile selinux: change to new flag variable 2010-10-21 10:12:40 +11:00
netif.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
netlabel.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netlink.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netnode.c SELinux: silence build warning when !CONFIG_BUG 2011-04-25 10:18:27 -04:00
netport.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nlmsgtab.c SELinux: define permissions for DCB netlink messages 2010-12-16 12:50:17 -05:00
selinuxfs.c selinux: add type_transition with name extension support for selinuxfs 2011-04-01 17:13:23 -04:00
xfrm.c selinux: Fix check for xfrm selinux context algorithm 2011-02-25 15:00:44 -05:00