summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--mm/shmem.c20
-rw-r--r--security/selinux/hooks.c27
2 files changed, 35 insertions, 12 deletions
diff --git a/mm/shmem.c b/mm/shmem.c
index 0d627a37da9..1f7aeb210c7 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1608,6 +1608,15 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
int error = -ENOSPC;
if (inode) {
+ error = security_inode_init_security(inode, dir, NULL, NULL,
+ NULL);
+ if (error) {
+ if (error != -EOPNOTSUPP) {
+ iput(inode);
+ return error;
+ }
+ error = 0;
+ }
if (dir->i_mode & S_ISGID) {
inode->i_gid = dir->i_gid;
if (S_ISDIR(mode))
@@ -1617,7 +1626,6 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
dir->i_ctime = dir->i_mtime = CURRENT_TIME;
d_instantiate(dentry, inode);
dget(dentry); /* Extra count - pin the dentry in core */
- error = 0;
}
return error;
}
@@ -1747,6 +1755,16 @@ static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *s
if (!inode)
return -ENOSPC;
+ error = security_inode_init_security(inode, dir, NULL, NULL,
+ NULL);
+ if (error) {
+ if (error != -EOPNOTSUPP) {
+ iput(inode);
+ return error;
+ }
+ error = 0;
+ }
+
info = SHMEM_I(inode);
inode->i_size = len-1;
if (len <= (char *)inode - (char *)info) {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 63701fe0e1a..265f33d3af9 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2032,9 +2032,9 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
struct inode_security_struct *dsec;
struct superblock_security_struct *sbsec;
struct inode_security_struct *isec;
- u32 newsid;
+ u32 newsid, clen;
int rc;
- char *namep, *context;
+ char *namep = NULL, *context;
tsec = current->security;
dsec = dir->i_security;
@@ -2059,17 +2059,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
inode_security_set_sid(inode, newsid);
- namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
- if (!namep)
- return -ENOMEM;
- *name = namep;
+ if (name) {
+ namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
+ if (!namep)
+ return -ENOMEM;
+ *name = namep;
+ }
- rc = security_sid_to_context(newsid, &context, len);
- if (rc) {
- kfree(namep);
- return rc;
+ if (value && len) {
+ rc = security_sid_to_context(newsid, &context, &clen);
+ if (rc) {
+ kfree(namep);
+ return rc;
+ }
+ *value = context;
+ *len = clen;
}
- *value = context;
isec->security_attr_init = 1;