From 38c19b36b3a18b018090f507484f6ac3ae46793c Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Thu, 12 Feb 2009 14:50:11 -0500 Subject: [PATCH] --- yaml --- r: 132624 b: refs/heads/master c: a5dda683328f99c781f92c66cc52ffc0639bef58 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/security/selinux/avc.c | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/[refs] b/[refs] index 51023ef59ef0..e40742a52e4a 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 4cb912f1d1447077160ace9ce3b3a10696dd74e5 +refs/heads/master: a5dda683328f99c781f92c66cc52ffc0639bef58 diff --git a/trunk/security/selinux/avc.c b/trunk/security/selinux/avc.c index eb41f43e2772..0d00f4874f32 100644 --- a/trunk/security/selinux/avc.c +++ b/trunk/security/selinux/avc.c @@ -742,13 +742,15 @@ static inline int avc_sidcmp(u32 x, u32 y) * @event : Updating event * @perms : Permission mask bits * @ssid,@tsid,@tclass : identifier of an AVC entry + * @seqno : sequence number when decision was made * * if a valid AVC entry doesn't exist,this function returns -ENOENT. * if kmalloc() called internal returns NULL, this function returns -ENOMEM. * otherwise, this function update the AVC entry. The original AVC-entry object * will release later by RCU. */ -static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass) +static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, + u32 seqno) { int hvalue, rc = 0; unsigned long flag; @@ -767,7 +769,8 @@ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass) list_for_each_entry(pos, &avc_cache.slots[hvalue], list) { if (ssid == pos->ae.ssid && tsid == pos->ae.tsid && - tclass == pos->ae.tclass){ + tclass == pos->ae.tclass && + seqno == pos->ae.avd.seqno){ orig = pos; break; } @@ -908,7 +911,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, rc = -EACCES; else if (!selinux_enforcing || security_permissive_sid(ssid)) avc_update_node(AVC_CALLBACK_GRANT, requested, ssid, - tsid, tclass); + tsid, tclass, p_ae->avd.seqno); else rc = -EACCES; }