diff options
| author | Daniel Vetter <daniel.vetter@ffwll.ch> | 2015-09-22 11:02:18 +0200 |
|---|---|---|
| committer | Daniel Vetter <daniel.vetter@ffwll.ch> | 2015-09-24 17:18:41 +0200 |
| commit | 646db260b843d2f758559a5483174354c304acf8 (patch) | |
| tree | 73cf06896311567e8fcb75730d4461fd689a3d3f /security/selinux/ss/conditional.c | |
| parent | a645654b817feba05e5156345325d19fc85ebc9f (diff) | |
| parent | 1f93e4a96c9109378204c147b3eec0d0e8100fde (diff) | |
Merge tag 'v4.3-rc2' into topic/drm-misc
Backmerge Linux 4.3-rc2 because of conflicts in the dp helper code
between bugfixes and new code. Just adjacent lines really.
On top of that there's a silent conflict in the new fsl-dcu driver
merged into 4.3 and
commit 844f9111f6f54f88eb2f0fac121b82ce77193866
Author: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Date: Wed Sep 2 10:42:40 2015 +0200
drm/atomic: Make prepare_fb/cleanup_fb only take state, v3.
which Thierry Reding spotted and provided a fixup for.
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Diffstat (limited to 'security/selinux/ss/conditional.c')
| -rw-r--r-- | security/selinux/ss/conditional.c | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 62c6773be0b7..18643bf9894d 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -15,6 +15,7 @@ #include "security.h" #include "conditional.h" +#include "services.h" /* * cond_evaluate_expr evaluates a conditional expr @@ -612,21 +613,39 @@ int cond_write_list(struct policydb *p, struct cond_node *list, void *fp) return 0; } + +void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, + struct extended_perms_decision *xpermd) +{ + struct avtab_node *node; + + if (!ctab || !key || !xpermd) + return; + + for (node = avtab_search_node(ctab, key); node; + node = avtab_search_node_next(node, key->specified)) { + if (node->key.specified & AVTAB_ENABLED) + services_compute_xperms_decision(xpermd, node); + } + return; + +} /* Determine whether additional permissions are granted by the conditional * av table, and if so, add them to the result */ -void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd) +void cond_compute_av(struct avtab *ctab, struct avtab_key *key, + struct av_decision *avd, struct extended_perms *xperms) { struct avtab_node *node; - if (!ctab || !key || !avd) + if (!ctab || !key || !avd || !xperms) return; for (node = avtab_search_node(ctab, key); node; node = avtab_search_node_next(node, key->specified)) { if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) == (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) - avd->allowed |= node->datum.data; + avd->allowed |= node->datum.u.data; if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) == (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) /* Since a '0' in an auditdeny mask represents a @@ -634,10 +653,13 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi * the '&' operand to ensure that all '0's in the mask * are retained (much unlike the allow and auditallow cases). */ - avd->auditdeny &= node->datum.data; + avd->auditdeny &= node->datum.u.data; if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) == (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) - avd->auditallow |= node->datum.data; + avd->auditallow |= node->datum.u.data; + if ((node->key.specified & AVTAB_ENABLED) && + (node->key.specified & AVTAB_XPERMS)) + services_compute_xperms_drivers(xperms, node); } return; } |