summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2017-01-09 10:07:31 -0500
committerPaul Moore <paul@paul-moore.com>2017-01-09 10:07:31 -0500
commitbe0554c9bf9f7cc96f5205df8f8bd3573b74320e (patch)
treee7ab18363d24006d50a67d13d7b72d61efd40537 /security/security.c
parent01593d3299a1cfdb5e08acf95f63ec59dd674906 (diff)
downloadlwn-be0554c9bf9f7cc96f5205df8f8bd3573b74320e.tar.gz
lwn-be0554c9bf9f7cc96f5205df8f8bd3573b74320e.zip
selinux: clean up cred usage and simplify
SELinux was sometimes using the task "objective" credentials when it could/should use the "subjective" credentials. This was sometimes hidden by the fact that we were unnecessarily passing around pointers to the current task, making it appear as if the task could be something other than current, so eliminate all such passing of current. Inline various permission checking helper functions that can be reduced to a single avc_has_perm() call. Since the credentials infrastructure only allows a task to alter its own credentials, we can always assume that current must be the same as the target task in selinux_setprocattr after the check. We likely should move this check from selinux_setprocattr() to proc_pid_attr_write() and drop the task argument to the security hook altogether; it can only serve to confuse things. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
0 files changed, 0 insertions, 0 deletions