diff options
author | Eric Paris <eparis@redhat.com> | 2009-09-13 06:54:10 +0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-09-14 06:34:07 +0400 |
commit | ed868a56988464cd31de0302426a5e94d3127f10 (patch) | |
tree | cdcd1715445aa19051b6a9a671b39250a449333a /include/linux/cred.h | |
parent | 86d710146fb9975f04c505ec78caa43d227c1018 (diff) | |
download | linux-ed868a56988464cd31de0302426a5e94d3127f10.tar.xz |
Creds: creds->security can be NULL is selinux is disabled
__validate_process_creds should check if selinux is actually enabled before
running tests on the selinux portion of the credentials struct.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/cred.h')
-rw-r--r-- | include/linux/cred.h | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h index 24520a539c6f..fb371601a3b4 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -15,6 +15,7 @@ #include <linux/capability.h> #include <linux/init.h> #include <linux/key.h> +#include <linux/selinux.h> #include <asm/atomic.h> struct user_struct; @@ -182,11 +183,13 @@ static inline bool creds_are_invalid(const struct cred *cred) if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers)) return true; #ifdef CONFIG_SECURITY_SELINUX - if ((unsigned long) cred->security < PAGE_SIZE) - return true; - if ((*(u32*)cred->security & 0xffffff00) == - (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) - return true; + if (selinux_is_enabled()) { + if ((unsigned long) cred->security < PAGE_SIZE) + return true; + if ((*(u32 *)cred->security & 0xffffff00) == + (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) + return true; + } #endif return false; } |