summaryrefslogtreecommitdiff
path: root/include/linux/cred.h
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-09-13 06:54:10 +0400
committerJames Morris <jmorris@namei.org>2009-09-14 06:34:07 +0400
commited868a56988464cd31de0302426a5e94d3127f10 (patch)
treecdcd1715445aa19051b6a9a671b39250a449333a /include/linux/cred.h
parent86d710146fb9975f04c505ec78caa43d227c1018 (diff)
downloadlinux-ed868a56988464cd31de0302426a5e94d3127f10.tar.xz
Creds: creds->security can be NULL is selinux is disabled
__validate_process_creds should check if selinux is actually enabled before running tests on the selinux portion of the credentials struct. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/cred.h')
-rw-r--r--include/linux/cred.h13
1 files changed, 8 insertions, 5 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 24520a539c6f..fb371601a3b4 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -15,6 +15,7 @@
#include <linux/capability.h>
#include <linux/init.h>
#include <linux/key.h>
+#include <linux/selinux.h>
#include <asm/atomic.h>
struct user_struct;
@@ -182,11 +183,13 @@ static inline bool creds_are_invalid(const struct cred *cred)
if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
return true;
#ifdef CONFIG_SECURITY_SELINUX
- if ((unsigned long) cred->security < PAGE_SIZE)
- return true;
- if ((*(u32*)cred->security & 0xffffff00) ==
- (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
- return true;
+ if (selinux_is_enabled()) {
+ if ((unsigned long) cred->security < PAGE_SIZE)
+ return true;
+ if ((*(u32 *)cred->security & 0xffffff00) ==
+ (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
+ return true;
+ }
#endif
return false;
}