Browse Source

switch flush_unauthorized_files() to replace_fd()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
master
Al Viro 10 years ago
parent
commit
ee97cd872d
  1. 47
      security/selinux/hooks.c

47
security/selinux/hooks.c

@ -2126,8 +2126,6 @@ static inline void flush_unauthorized_files(const struct cred *cred,
spin_lock(&files->file_lock);
for (;;) {
unsigned long set, i;
int fd;
j++;
i = j * BITS_PER_LONG;
fdt = files_fdtable(files);
@ -2138,38 +2136,23 @@ static inline void flush_unauthorized_files(const struct cred *cred,
continue;
spin_unlock(&files->file_lock);
for ( ; set ; i++, set >>= 1) {
if (set & 1) {
file = fget(i);
if (!file)
continue;
if (file_has_perm(cred,
file,
file_to_av(file))) {
sys_close(i);
fd = get_unused_fd();
if (fd != i) {
if (fd >= 0)
put_unused_fd(fd);
fput(file);
continue;
}
if (devnull) {
get_file(devnull);
} else {
devnull = dentry_open(
&selinux_null,
O_RDWR, cred);
if (IS_ERR(devnull)) {
devnull = NULL;
put_unused_fd(fd);
fput(file);
continue;
}
}
fd_install(fd, devnull);
if (!(set & 1))
continue;
file = fget(i);
if (!file)
continue;
if (file_has_perm(cred, file, file_to_av(file))) {
if (devnull) {
get_file(devnull);
} else {
devnull = dentry_open(&selinux_null,
O_RDWR, cred);
if (IS_ERR(devnull))
devnull = NULL;
}
fput(file);
replace_fd(i, devnull, 0);
}
fput(file);
}
spin_lock(&files->file_lock);

Loading…
Cancel
Save