Get rid of passing mangled flag to do_last()

[safe/jmp/linux-2.6] / security / selinux / hooks.c
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c

index 9a2ee84..5feecb4 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -76,6 +76,7 @@
  #include <linux/selinux.h>
  #include <linux/mutex.h>
  #include <linux/posix-timers.h>
+#include <linux/syslog.h>
  
  #include "avc.h"
  #include "objsec.h"
@@ -125,13 +126,6 @@ __setup("selinux=", selinux_enabled_setup);
  int selinux_enabled = 1;
  #endif
  
-
-/*
- * Minimal support for a secondary security module,
- * just to allow the use of the capability module.
- */
-static struct security_operations *secondary_ops;
-
  /* Lists of inode and superblock security structures initialized
     before the policy was loaded. */
  static LIST_HEAD(superblock_security_head);
@@ -2049,29 +2043,30 @@ static int selinux_quota_on(struct dentry *dentry)
         return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
  }
  
-static int selinux_syslog(int type)
+static int selinux_syslog(int type, bool from_file)
  {
         int rc;
  
-       rc = cap_syslog(type);
+       rc = cap_syslog(type, from_file);
         if (rc)
                 return rc;
  
         switch (type) {
-       case 3:         /* Read last kernel messages */
-       case 10:        /* Return size of the log buffer */
+       case SYSLOG_ACTION_READ_ALL:    /* Read last kernel messages */
+       case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
                 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
                 break;
-       case 6:         /* Disable logging to console */
-       case 7:         /* Enable logging to console */
-       case 8:         /* Set level of messages printed to console */
+       case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
+       case SYSLOG_ACTION_CONSOLE_ON:  /* Enable logging to console */
+       /* Set level of messages printed to console */
+       case SYSLOG_ACTION_CONSOLE_LEVEL:
                 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
                 break;
-       case 0:         /* Close log */
-       case 1:         /* Open log */
-       case 2:         /* Read from log */
-       case 4:         /* Read/clear last kernel messages */
-       case 5:         /* Clear ring buffer */
+       case SYSLOG_ACTION_CLOSE:       /* Close log */
+       case SYSLOG_ACTION_OPEN:        /* Open log */
+       case SYSLOG_ACTION_READ:        /* Read from log */
+       case SYSLOG_ACTION_READ_CLEAR:  /* Read/clear last kernel messages */
+       case SYSLOG_ACTION_CLEAR:       /* Clear ring buffer */
         default:
                 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
                 break;
@@ -3334,7 +3329,7 @@ static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
  
         if (ret == 0)
                 tsec->create_sid = isec->sid;
-       return 0;
+       return ret;
  }
  
  static int selinux_kernel_module_request(char *kmod_name)
@@ -5672,9 +5667,6 @@ static __init int selinux_init(void)
                                             0, SLAB_PANIC, NULL);
         avc_init();
  
-       secondary_ops = security_ops;
-       if (!secondary_ops)
-               panic("SELinux: No initial security operations\n");
         if (register_security(&selinux_ops))
                 panic("SELinux: Unable to register with kernel.\n");
  
@@ -5835,8 +5827,7 @@ int selinux_disable(void)
         selinux_disabled = 1;
         selinux_enabled = 0;
  
-       /* Reset security_ops to the secondary module, dummy or capability. */
-       security_ops = secondary_ops;
+       reset_security_ops();
  
         /* Try to destroy the avc node cache */
         avc_disable();