diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-14 20:07:31 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-14 20:07:31 -0700 |
| commit | 18240904960a39e582ced8ba8ececb10b8c22dd3 (patch) | |
| tree | 90cbad5533c17657969acb97a0371e41923f7f93 /include | |
| parent | f86054c24565d09d1997f03192761dabf6b8a9c9 (diff) | |
| parent | 8a478905adbb2e09a59644e76f7fe7e0ab644204 (diff) | |
| download | linux-3.10-18240904960a39e582ced8ba8ececb10b8c22dd3.tar.gz linux-3.10-18240904960a39e582ced8ba8ececb10b8c22dd3.tar.bz2 linux-3.10-18240904960a39e582ced8ba8ececb10b8c22dd3.zip | |
Merge branch 'for-linus3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
SELinux: inline selinux_is_enabled in !CONFIG_SECURITY_SELINUX
KEYS: Fix garbage collector
KEYS: Unlock tasklist when exiting early from keyctl_session_to_parent
CRED: Allow put_cred() to cope with a NULL groups list
SELinux: flush the avc before disabling SELinux
SELinux: seperate avc_cache flushing
Creds: creds->security can be NULL is selinux is disabled
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/cred.h | 13 | ||||
| -rw-r--r-- | include/linux/selinux.h | 9 |
2 files changed, 17 insertions, 5 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h index 24520a539c6..fb371601a3b 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -15,6 +15,7 @@ #include <linux/capability.h> #include <linux/init.h> #include <linux/key.h> +#include <linux/selinux.h> #include <asm/atomic.h> struct user_struct; @@ -182,11 +183,13 @@ static inline bool creds_are_invalid(const struct cred *cred) if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers)) return true; #ifdef CONFIG_SECURITY_SELINUX - if ((unsigned long) cred->security < PAGE_SIZE) - return true; - if ((*(u32*)cred->security & 0xffffff00) == - (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) - return true; + if (selinux_is_enabled()) { + if ((unsigned long) cred->security < PAGE_SIZE) + return true; + if ((*(u32 *)cred->security & 0xffffff00) == + (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) + return true; + } #endif return false; } diff --git a/include/linux/selinux.h b/include/linux/selinux.h index 20f965d4b04..82e0f26a129 100644 --- a/include/linux/selinux.h +++ b/include/linux/selinux.h @@ -61,6 +61,11 @@ void selinux_secmark_refcount_inc(void); * existing SECMARK targets has been removed/flushed. */ void selinux_secmark_refcount_dec(void); + +/** + * selinux_is_enabled - is SELinux enabled? + */ +bool selinux_is_enabled(void); #else static inline int selinux_string_to_sid(const char *str, u32 *sid) @@ -84,6 +89,10 @@ static inline void selinux_secmark_refcount_dec(void) return; } +static inline bool selinux_is_enabled(void) +{ + return false; +} #endif /* CONFIG_SECURITY_SELINUX */ #endif /* _LINUX_SELINUX_H */ |