summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-09-14 20:07:31 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2009-09-14 20:07:31 -0700
commit18240904960a39e582ced8ba8ececb10b8c22dd3 (patch)
tree90cbad5533c17657969acb97a0371e41923f7f93 /include
parentf86054c24565d09d1997f03192761dabf6b8a9c9 (diff)
parent8a478905adbb2e09a59644e76f7fe7e0ab644204 (diff)
downloadlinux-18240904960a39e582ced8ba8ececb10b8c22dd3.tar.bz2
Merge branch 'for-linus3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: SELinux: inline selinux_is_enabled in !CONFIG_SECURITY_SELINUX KEYS: Fix garbage collector KEYS: Unlock tasklist when exiting early from keyctl_session_to_parent CRED: Allow put_cred() to cope with a NULL groups list SELinux: flush the avc before disabling SELinux SELinux: seperate avc_cache flushing Creds: creds->security can be NULL is selinux is disabled
Diffstat (limited to 'include')
-rw-r--r--include/linux/cred.h13
-rw-r--r--include/linux/selinux.h9
2 files changed, 17 insertions, 5 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 24520a539c6f..fb371601a3b4 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -15,6 +15,7 @@
#include <linux/capability.h>
#include <linux/init.h>
#include <linux/key.h>
+#include <linux/selinux.h>
#include <asm/atomic.h>
struct user_struct;
@@ -182,11 +183,13 @@ static inline bool creds_are_invalid(const struct cred *cred)
if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
return true;
#ifdef CONFIG_SECURITY_SELINUX
- if ((unsigned long) cred->security < PAGE_SIZE)
- return true;
- if ((*(u32*)cred->security & 0xffffff00) ==
- (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
- return true;
+ if (selinux_is_enabled()) {
+ if ((unsigned long) cred->security < PAGE_SIZE)
+ return true;
+ if ((*(u32 *)cred->security & 0xffffff00) ==
+ (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
+ return true;
+ }
#endif
return false;
}
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 20f965d4b041..82e0f26a1299 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -61,6 +61,11 @@ void selinux_secmark_refcount_inc(void);
* existing SECMARK targets has been removed/flushed.
*/
void selinux_secmark_refcount_dec(void);
+
+/**
+ * selinux_is_enabled - is SELinux enabled?
+ */
+bool selinux_is_enabled(void);
#else
static inline int selinux_string_to_sid(const char *str, u32 *sid)
@@ -84,6 +89,10 @@ static inline void selinux_secmark_refcount_dec(void)
return;
}
+static inline bool selinux_is_enabled(void)
+{
+ return false;
+}
#endif /* CONFIG_SECURITY_SELINUX */
#endif /* _LINUX_SELINUX_H */