From 7a54cb9ce0c906d2ede940cfef5ce8af76de8fdd Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 22 Jun 2009 14:54:53 -0400 Subject: [PATCH] --- yaml --- r: 157299 b: refs/heads/master c: 20dda18be9035c487c2e9534e4d18d2a1e1deade h: refs/heads/master i: 157297: 44c3df65f0ad838e2e9f955c78719bc6f9741a85 157295: fa4b475b8633b02aaea44b5c473d1aacc348be82 v: v3 --- [refs] | 2 +- trunk/security/selinux/hooks.c | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/[refs] b/[refs] index f6a9c3d06a55..ee3111497082 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 56f8c9bc410deb55f21698e6a0d59f559ae1d794 +refs/heads/master: 20dda18be9035c487c2e9534e4d18d2a1e1deade diff --git a/trunk/security/selinux/hooks.c b/trunk/security/selinux/hooks.c index 15c2a08a66f1..d6f64783acd1 100644 --- a/trunk/security/selinux/hooks.c +++ b/trunk/security/selinux/hooks.c @@ -2938,11 +2938,6 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) const struct cred *cred = current_cred(); struct inode *inode = file->f_path.dentry->d_inode; - if (!mask) { - /* No permission to check. Existence test. */ - return 0; - } - /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) mask |= MAY_APPEND; @@ -2953,10 +2948,20 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) static int selinux_file_permission(struct file *file, int mask) { + struct inode *inode = file->f_path.dentry->d_inode; + struct file_security_struct *fsec = file->f_security; + struct inode_security_struct *isec = inode->i_security; + u32 sid = current_sid(); + if (!mask) /* No permission to check. Existence test. */ return 0; + if (sid == fsec->sid && fsec->isid == isec->sid && + fsec->pseqno == avc_policy_seqno()) + /* No change since dentry_open check. */ + return 0; + return selinux_revalidate_file_permission(file, mask); }