ublk_drv: return flag of UBLK_F_URING_CMD_COMP_IN_TASK in case of module

[linux-block.git] / security / selinux / hooks.c

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 03bca97c8b297edfd9c8cd1494d84a660d18eeb3..f553c370397eeb16c2dc7509d97f733add15cfba 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4222,6 +4222,14 @@ static void selinux_task_to_inode(struct task_struct *p,
        spin_unlock(&isec->lock);
 }
 
+static int selinux_userns_create(const struct cred *cred)
+{
+       u32 sid = current_sid();
+
+       return avc_has_perm(&selinux_state, sid, sid, SECCLASS_USER_NAMESPACE,
+                                               USER_NAMESPACE__CREATE, NULL);
+}
+
 /* Returns error only if unable to parse addresses */
 static int selinux_parse_skb_ipv4(struct sk_buff *skb,
                        struct common_audit_data *ad, u8 *proto)
@@ -5987,7 +5995,6 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
        struct ipc_security_struct *isec;
        struct common_audit_data ad;
        u32 sid = current_sid();
-       int rc;
 
        isec = selinux_ipc(msq);
        ipc_init_security(isec, SECCLASS_MSGQ);
@@ -5995,10 +6002,9 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
        ad.type = LSM_AUDIT_DATA_IPC;
        ad.u.ipc_id = msq->key;
 
-       rc = avc_has_perm(&selinux_state,
-                         sid, isec->sid, SECCLASS_MSGQ,
-                         MSGQ__CREATE, &ad);
-       return rc;
+       return avc_has_perm(&selinux_state,
+                           sid, isec->sid, SECCLASS_MSGQ,
+                           MSGQ__CREATE, &ad);
 }
 
 static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
@@ -6126,7 +6132,6 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
        struct ipc_security_struct *isec;
        struct common_audit_data ad;
        u32 sid = current_sid();
-       int rc;
 
        isec = selinux_ipc(shp);
        ipc_init_security(isec, SECCLASS_SHM);
@@ -6134,10 +6139,9 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
        ad.type = LSM_AUDIT_DATA_IPC;
        ad.u.ipc_id = shp->key;
 
-       rc = avc_has_perm(&selinux_state,
-                         sid, isec->sid, SECCLASS_SHM,
-                         SHM__CREATE, &ad);
-       return rc;
+       return avc_has_perm(&selinux_state,
+                           sid, isec->sid, SECCLASS_SHM,
+                           SHM__CREATE, &ad);
 }
 
 static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
@@ -6211,7 +6215,6 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
        struct ipc_security_struct *isec;
        struct common_audit_data ad;
        u32 sid = current_sid();
-       int rc;
 
        isec = selinux_ipc(sma);
        ipc_init_security(isec, SECCLASS_SEM);
@@ -6219,10 +6222,9 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
        ad.type = LSM_AUDIT_DATA_IPC;
        ad.u.ipc_id = sma->key;
 
-       rc = avc_has_perm(&selinux_state,
-                         sid, isec->sid, SECCLASS_SEM,
-                         SEM__CREATE, &ad);
-       return rc;
+       return avc_has_perm(&selinux_state,
+                           sid, isec->sid, SECCLASS_SEM,
+                           SEM__CREATE, &ad);
 }
 
 static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
@@ -6328,7 +6330,7 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
 }
 
 static int selinux_getprocattr(struct task_struct *p,
-                              char *name, char **value)
+                              const char *name, char **value)
 {
        const struct task_security_struct *__tsec;
        u32 sid;
@@ -7134,6 +7136,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
        LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
        LSM_HOOK_INIT(task_kill, selinux_task_kill),
        LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
+       LSM_HOOK_INIT(userns_create, selinux_userns_create),
 
        LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
        LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),