Eric Paris a5dda68332 SELinux: check seqno when updating an avc_node ...

The avc update node callbacks do not check the seqno of the caller with the
seqno of the node found.  It is possible that a policy change could happen
(although almost impossibly unlikely) in which a permissive or
permissive_domain decision is not valid for the entry found.  Simply pass
and check that the seqno of the caller and the seqno of the node found
match.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

2009-02-14 09:22:34 +11:00

..

include

SELinux: Add new security mount option to indicate security label support.

2009-01-19 09:47:06 +11:00

ss

Merge branch 'next' into for-linus

2009-01-07 09:58:22 +11:00

avc.c

SELinux: check seqno when updating an avc_node

2009-02-14 09:22:34 +11:00

exports.c

CRED: Wrap current->cred and a few other accessors

2008-11-14 10:39:18 +11:00

hooks.c

SELinux: NULL terminate al contexts from disk

2009-02-14 09:22:30 +11:00

Kconfig

selinux: Deprecate and schedule the removal of the the compat_net functionality

2008-12-31 12:54:11 -05:00

Makefile

SELinux: Add network port SID cache

2008-04-18 20:26:16 +10:00

netif.c

SELinux fixups needed for preemptable RCU from -rt

2008-04-22 15:37:23 +10:00

netlabel.c

selinux: Cache NetLabel secattrs in the socket's security struct

2008-10-10 10:16:33 -04:00

netlink.c

SELinux: netlink.c whitespace, syntax, and static declaraction cleanups

2008-04-21 19:05:05 +10:00

netnode.c

SELinux: keep the code clean formating and syntax

2008-07-14 15:01:36 +10:00

netport.c

SELinux: keep the code clean formating and syntax

2008-07-14 15:01:36 +10:00

nlmsgtab.c

selinux: recognize netlink messages for 'ip addrlabel'

2008-11-06 07:08:36 +08:00

selinuxfs.c

Merge branch 'next' into for-linus

2009-01-07 09:58:22 +11:00

xfrm.c

CRED: Wrap current->cred and a few other accessors

2008-11-14 10:39:18 +11:00