#include <linux/major.h>
#include <linux/seq_file.h>
#include <linux/percpu.h>
+#include <linux/audit.h>
#include <asm/uaccess.h>
#include <asm/semaphore.h>
length = task_has_security(current, SECURITY__SETENFORCE);
if (length)
goto out;
+ audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+ "enforcing=%d old_enforcing=%d auid=%u", new_value,
+ selinux_enforcing,
+ audit_get_loginuid(current->audit_context));
selinux_enforcing = new_value;
if (selinux_enforcing)
avc_ss_reset(0);
length = selinux_disable();
if (length < 0)
goto out;
+ audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+ "selinux=0 auid=%u",
+ audit_get_loginuid(current->audit_context));
}
length = count;
length = ret;
else
length = count;
+ audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
+ "policy loaded auid=%u",
+ audit_get_loginuid(current->audit_context));
out:
mutex_unlock(&sel_mutex);
vfree(data);
return ret;
err:
kfree(values);
- d_genocide(dir);
+ sel_remove_bools(dir);
ret = -ENOMEM;
goto out;
}
dentry = d_alloc_name(dir, files[i].name);
if (!dentry) {
ret = -ENOMEM;
- goto err;
+ goto out;
}
inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
if (!inode) {
ret = -ENOMEM;
- goto err;
+ goto out;
}
inode->i_fop = files[i].ops;
d_add(dentry, inode);
}
out:
return ret;
-err:
- d_genocide(dir);
- goto out;
}
-static int sel_make_dir(struct super_block *sb, struct dentry *dentry)
+static int sel_make_dir(struct inode *dir, struct dentry *dentry)
{
int ret = 0;
struct inode *inode;
- inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO);
+ inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO);
if (!inode) {
ret = -ENOMEM;
goto out;
/* directory inodes start off with i_nlink == 2 (for "." entry) */
inode->i_nlink++;
d_add(dentry, inode);
+ /* bump link count on parent directory, too */
+ dir->i_nlink++;
out:
return ret;
}
{
int ret;
struct dentry *dentry;
- struct inode *inode;
+ struct inode *inode, *root_inode;
struct inode_security_struct *isec;
static struct tree_descr selinux_files[] = {
if (ret)
goto err;
+ root_inode = sb->s_root->d_inode;
+
dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME);
if (!dentry) {
ret = -ENOMEM;
goto err;
}
- ret = sel_make_dir(sb, dentry);
+ ret = sel_make_dir(root_inode, dentry);
if (ret)
goto err;
bool_dir = dentry;
- ret = sel_make_bools();
- if (ret)
- goto err;
dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
if (!dentry) {
goto err;
}
- ret = sel_make_dir(sb, dentry);
+ ret = sel_make_dir(root_inode, dentry);
if (ret)
goto err;