selinux: place open in the common file perms

kernel can dynamically remap perms. Drop the open lookup table and put open in the common file perms. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
mariux64 · Aug 2, 2010 · 49b7b8d · 49b7b8d
1 parent b782e0a
commit 49b7b8d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 28 deletions.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -1776,27 +1776,9 @@ static inline u32 open_file_to_av(struct file *file)
 {
 	u32 av = file_to_av(file);
 
-	if (selinux_policycap_openperm) {
-		mode_t mode = file->f_path.dentry->d_inode->i_mode;
-		/*
-		 * lnk files and socks do not really have an 'open'
-		 */
-		if (S_ISREG(mode))
-			av |= FILE__OPEN;
-		else if (S_ISCHR(mode))
-			av |= CHR_FILE__OPEN;
-		else if (S_ISBLK(mode))
-			av |= BLK_FILE__OPEN;
-		else if (S_ISFIFO(mode))
-			av |= FIFO_FILE__OPEN;
-		else if (S_ISDIR(mode))
-			av |= DIR__OPEN;
-		else if (S_ISSOCK(mode))
-			av |= SOCK_FILE__OPEN;
-		else
-			printk(KERN_ERR "SELinux: WARNING: inside %s with "
-				"unknown mode:%o\n", __func__, mode);
-	}
+	if (selinux_policycap_openperm)
+		av |= FILE__OPEN;
+
 	return av;
 }
 

diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
@@ -2,7 +2,8 @@
     "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"
 
 #define COMMON_FILE_PERMS COMMON_FILE_SOCK_PERMS, "unlink", "link", \
-    "rename", "execute", "swapon", "quotaon", "mounton", "audit_access"
+    "rename", "execute", "swapon", "quotaon", "mounton", "audit_access", \
+    "open"
 
 #define COMMON_SOCK_PERMS COMMON_FILE_SOCK_PERMS, "bind", "connect", \
     "listen", "accept", "getopt", "setopt", "shutdown", "recvfrom",  \
@@ -43,22 +44,22 @@ struct security_class_mapping secclass_map[] = {
 	    "quotaget", NULL } },
 	{ "file",
 	  { COMMON_FILE_PERMS,
-	    "execute_no_trans", "entrypoint", "execmod", "open", NULL } },
+	    "execute_no_trans", "entrypoint", "execmod", NULL } },
 	{ "dir",
 	  { COMMON_FILE_PERMS, "add_name", "remove_name",
-	    "reparent", "search", "rmdir", "open", NULL } },
+	    "reparent", "search", "rmdir", NULL } },
 	{ "fd", { "use", NULL } },
 	{ "lnk_file",
 	  { COMMON_FILE_PERMS, NULL } },
 	{ "chr_file",
 	  { COMMON_FILE_PERMS,
-	    "execute_no_trans", "entrypoint", "execmod", "open", NULL } },
+	    "execute_no_trans", "entrypoint", "execmod", NULL } },
 	{ "blk_file",
-	  { COMMON_FILE_PERMS, "open", NULL } },
+	  { COMMON_FILE_PERMS, NULL } },
 	{ "sock_file",
-	  { COMMON_FILE_PERMS, "open", NULL } },
+	  { COMMON_FILE_PERMS, NULL } },
 	{ "fifo_file",
-	  { COMMON_FILE_PERMS, "open", NULL } },
+	  { COMMON_FILE_PERMS, NULL } },
 	{ "socket",
 	  { COMMON_SOCK_PERMS, NULL } },
 	{ "tcp_socket",