Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
cloud-kernel
提交
98de59bf
cloud-kernel
项目概览
openanolis
/
cloud-kernel
1 年多 前同步成功
通知
160
Star
36
Fork
7
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
10
列表
看板
标记
里程碑
合并请求
2
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
cloud-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
10
Issue
10
列表
看板
标记
里程碑
合并请求
2
合并请求
2
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
98de59bf
编写于
5月 30, 2012
作者:
A
Al Viro
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
take calculation of final prot in security_mmap_file() into a helper
Signed-off-by:
N
Al Viro
<
viro@zeniv.linux.org.uk
>
上级
9ac4ed4b
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
28 addition
and
18 deletion
+28
-18
security/security.c
security/security.c
+28
-18
未找到文件。
security/security.c
浏览文件 @
98de59bf
...
...
@@ -660,36 +660,46 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
return
security_ops
->
file_ioctl
(
file
,
cmd
,
arg
);
}
int
security_mmap_file
(
struct
file
*
file
,
unsigned
long
prot
,
unsigned
long
flags
)
static
inline
unsigned
long
mmap_prot
(
struct
file
*
file
,
unsigned
long
prot
)
{
unsigned
long
reqprot
=
prot
;
int
ret
;
/*
* Does the application expect PROT_READ to imply PROT_EXEC?
*
* (the exception is when the underlying filesystem is noexec
* mounted, in which case we dont add PROT_EXEC.)
* Does we have PROT_READ and does the application expect
* it to imply PROT_EXEC? If not, nothing to talk about...
*/
if
(
!
(
reqprot
&
PROT_READ
)
)
goto
ou
t
;
if
(
(
prot
&
(
PROT_READ
|
PROT_EXEC
))
!=
PROT_READ
)
return
pro
t
;
if
(
!
(
current
->
personality
&
READ_IMPLIES_EXEC
))
goto
out
;
if
(
!
file
)
{
prot
|=
PROT_EXEC
;
}
else
if
(
!
(
file
->
f_path
.
mnt
->
mnt_flags
&
MNT_NOEXEC
))
{
return
prot
;
/*
* if that's an anonymous mapping, let it.
*/
if
(
!
file
)
return
prot
|
PROT_EXEC
;
/*
* ditto if it's not on noexec mount, except that on !MMU we need
* BDI_CAP_EXEC_MMAP (== VM_MAYEXEC) in this case
*/
if
(
!
(
file
->
f_path
.
mnt
->
mnt_flags
&
MNT_NOEXEC
))
{
#ifndef CONFIG_MMU
unsigned
long
caps
=
0
;
struct
address_space
*
mapping
=
file
->
f_mapping
;
if
(
mapping
&&
mapping
->
backing_dev_info
)
caps
=
mapping
->
backing_dev_info
->
capabilities
;
if
(
!
(
caps
&
BDI_CAP_EXEC_MAP
))
goto
ou
t
;
return
pro
t
;
#endif
prot
|=
PROT_EXEC
;
return
prot
|
PROT_EXEC
;
}
out:
ret
=
security_ops
->
mmap_file
(
file
,
reqprot
,
prot
,
flags
);
/* anything on noexec mount won't get PROT_EXEC */
return
prot
;
}
int
security_mmap_file
(
struct
file
*
file
,
unsigned
long
prot
,
unsigned
long
flags
)
{
int
ret
;
ret
=
security_ops
->
mmap_file
(
file
,
prot
,
mmap_prot
(
file
,
prot
),
flags
);
if
(
ret
)
return
ret
;
return
ima_file_mmap
(
file
,
prot
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录