提交 d541bbee 编写于 作者: J James Morris

selinux: remove secondary ops call to file_mprotect

Remove secondary ops call to file_mprotect, which is
a noop in capabilities.
Acked-by: NSerge Hallyn <serue@us.ibm.com>
Acked-by: NEric Paris <eparis@redhat.com>
Signed-off-by: NJames Morris <jmorris@namei.org>
上级 438add6b
...@@ -3056,18 +3056,13 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, ...@@ -3056,18 +3056,13 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
unsigned long prot) unsigned long prot)
{ {
const struct cred *cred = current_cred(); const struct cred *cred = current_cred();
int rc;
rc = secondary_ops->file_mprotect(vma, reqprot, prot);
if (rc)
return rc;
if (selinux_checkreqprot) if (selinux_checkreqprot)
prot = reqprot; prot = reqprot;
#ifndef CONFIG_PPC32 #ifndef CONFIG_PPC32
if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
rc = 0; int rc = 0;
if (vma->vm_start >= vma->vm_mm->start_brk && if (vma->vm_start >= vma->vm_mm->start_brk &&
vma->vm_end <= vma->vm_mm->brk) { vma->vm_end <= vma->vm_mm->brk) {
rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP); rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册