diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/domain.c | 2 | ||||
| -rw-r--r-- | security/apparmor/lib.c | 1 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 5 | ||||
| -rw-r--r-- | security/capability.c | 2 | ||||
| -rw-r--r-- | security/device_cgroup.c | 18 | ||||
| -rw-r--r-- | security/keys/keyring.c | 1 | ||||
| -rw-r--r-- | security/keys/request_key.c | 6 | ||||
| -rw-r--r-- | security/security.c | 9 | ||||
| -rw-r--r-- | security/selinux/avc.c | 2 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 32 | ||||
| -rw-r--r-- | security/selinux/netnode.c | 20 | ||||
| -rw-r--r-- | security/selinux/netport.c | 20 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 38 | ||||
| -rw-r--r-- | security/selinux/ss/policydb.c | 3 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 5 | ||||
| -rw-r--r-- | security/tomoyo/mount.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/realpath.c | 2 |
17 files changed, 81 insertions, 87 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index c825c6e0b636..7312bf9f7afc 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -67,7 +67,7 @@ static int may_change_ptraced_domain(struct task_struct *task, int error = 0; rcu_read_lock(); - tracer = tracehook_tracer_task(task); + tracer = ptrace_parent(task); if (tracer) { /* released below */ cred = get_task_cred(tracer); diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 506d2baf6147..b82e383beb77 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -12,6 +12,7 @@ * License. */ +#include <linux/mm.h> #include <linux/slab.h> #include <linux/string.h> #include <linux/vmalloc.h> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ae3a698415e6..3d2fd141dff7 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -593,7 +593,8 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, sa.aad.op = OP_SETPROCATTR; sa.aad.info = name; sa.aad.error = -EINVAL; - return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL, + return aa_audit(AUDIT_APPARMOR_DENIED, + __aa_current_profile(), GFP_KERNEL, &sa, NULL); } } else if (strcmp(name, "exec") == 0) { @@ -611,7 +612,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, static int apparmor_task_setrlimit(struct task_struct *task, unsigned int resource, struct rlimit *new_rlim) { - struct aa_profile *profile = aa_current_profile(); + struct aa_profile *profile = __aa_current_profile(); int error = 0; if (!unconfined(profile)) diff --git a/security/capability.c b/security/capability.c index bbb51156261b..2984ea4f776f 100644 --- a/security/capability.c +++ b/security/capability.c @@ -181,7 +181,7 @@ static int cap_inode_follow_link(struct dentry *dentry, return 0; } -static int cap_inode_permission(struct inode *inode, int mask, unsigned flags) +static int cap_inode_permission(struct inode *inode, int mask) { return 0; } diff --git a/security/device_cgroup.c b/security/device_cgroup.c index cd1f779fa51d..4450fbeec411 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -125,14 +125,6 @@ static int dev_whitelist_add(struct dev_cgroup *dev_cgroup, return 0; } -static void whitelist_item_free(struct rcu_head *rcu) -{ - struct dev_whitelist_item *item; - - item = container_of(rcu, struct dev_whitelist_item, rcu); - kfree(item); -} - /* * called under devcgroup_mutex */ @@ -155,7 +147,7 @@ remove: walk->access &= ~wh->access; if (!walk->access) { list_del_rcu(&walk->list); - call_rcu(&walk->rcu, whitelist_item_free); + kfree_rcu(walk, rcu); } } } @@ -474,17 +466,11 @@ struct cgroup_subsys devices_subsys = { .subsys_id = devices_subsys_id, }; -int devcgroup_inode_permission(struct inode *inode, int mask) +int __devcgroup_inode_permission(struct inode *inode, int mask) { struct dev_cgroup *dev_cgroup; struct dev_whitelist_item *wh; - dev_t device = inode->i_rdev; - if (!device) - return 0; - if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode)) - return 0; - rcu_read_lock(); dev_cgroup = task_devcgroup(current); diff --git a/security/keys/keyring.c b/security/keys/keyring.c index a06ffab38568..30e242f7bd0e 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -155,7 +155,6 @@ static void keyring_destroy(struct key *keyring) } klist = rcu_dereference_check(keyring->payload.subscriptions, - rcu_read_lock_held() || atomic_read(&keyring->usage) == 0); if (klist) { for (loop = klist->nkeys - 1; loop >= 0; loop--) diff --git a/security/keys/request_key.c b/security/keys/request_key.c index d31862e0aa1c..82465328c39b 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -71,9 +71,8 @@ EXPORT_SYMBOL(complete_request_key); * This is called in context of freshly forked kthread before kernel_execve(), * so we can simply install the desired session_keyring at this point. */ -static int umh_keys_init(struct subprocess_info *info) +static int umh_keys_init(struct subprocess_info *info, struct cred *cred) { - struct cred *cred = (struct cred*)current_cred(); struct key *keyring = info->data; return install_session_keyring_to_cred(cred, keyring); @@ -470,7 +469,7 @@ static struct key *construct_key_and_link(struct key_type *type, } else if (ret == -EINPROGRESS) { ret = 0; } else { - key = ERR_PTR(ret); + goto couldnt_alloc_key; } key_put(dest_keyring); @@ -480,6 +479,7 @@ static struct key *construct_key_and_link(struct key_type *type, construction_failed: key_negate_and_link(key, key_negative_timeout, NULL, NULL); key_put(key); +couldnt_alloc_key: key_put(dest_keyring); kleave(" = %d", ret); return ERR_PTR(ret); diff --git a/security/security.c b/security/security.c index 4ba6d4cc061f..0e4fccfef12c 100644 --- a/security/security.c +++ b/security/security.c @@ -518,14 +518,7 @@ int security_inode_permission(struct inode *inode, int mask) { if (unlikely(IS_PRIVATE(inode))) return 0; - return security_ops->inode_permission(inode, mask, 0); -} - -int security_inode_exec_permission(struct inode *inode, unsigned int flags) -{ - if (unlikely(IS_PRIVATE(inode))) - return 0; - return security_ops->inode_permission(inode, MAY_EXEC, flags); + return security_ops->inode_permission(inode, mask); } int security_inode_setattr(struct dentry *dentry, struct iattr *attr) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index d515b2128a4e..dca1c22d9276 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -527,7 +527,7 @@ int avc_audit(u32 ssid, u32 tsid, * happened a little later. */ if ((a->type == LSM_AUDIT_DATA_INODE) && - (flags & IPERM_FLAG_RCU)) + (flags & MAY_NOT_BLOCK)) return -ECHILD; a->selinux_audit_data.tclass = tclass; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a0d38459d650..9f4c77dca35f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1476,7 +1476,6 @@ static int inode_has_perm(const struct cred *cred, unsigned flags) { struct inode_security_struct *isec; - struct common_audit_data ad; u32 sid; validate_creds(cred); @@ -1487,15 +1486,21 @@ static int inode_has_perm(const struct cred *cred, sid = cred_sid(cred); isec = inode->i_security; - if (!adp) { - adp = &ad; - COMMON_AUDIT_DATA_INIT(&ad, INODE); - ad.u.inode = inode; - } - return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); } +static int inode_has_perm_noadp(const struct cred *cred, + struct inode *inode, + u32 perms, + unsigned flags) +{ + struct common_audit_data ad; + + COMMON_AUDIT_DATA_INIT(&ad, INODE); + ad.u.inode = inode; + return inode_has_perm(cred, inode, perms, &ad, flags); +} + /* Same as inode_has_perm, but pass explicit audit data containing the dentry to help the auditing code to more easily generate the pathname if needed. */ @@ -2048,7 +2053,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) u32 ptsid = 0; rcu_read_lock(); - tracer = tracehook_tracer_task(current); + tracer = ptrace_parent(current); if (likely(tracer != NULL)) { sec = __task_cred(tracer)->security; ptsid = sec->sid; @@ -2122,8 +2127,8 @@ static inline void flush_unauthorized_files(const struct cred *cred, struct tty_file_private, list); file = file_priv->file; inode = file->f_path.dentry->d_inode; - if (inode_has_perm(cred, inode, - FILE__READ | FILE__WRITE, NULL, 0)) { + if (inode_has_perm_noadp(cred, inode, + FILE__READ | FILE__WRITE, 0)) { drop_tty = 1; } } @@ -2654,12 +2659,13 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na return dentry_has_perm(cred, dentry, FILE__READ); } -static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags) +static int selinux_inode_permission(struct inode *inode, int mask) { const struct cred *cred = current_cred(); struct common_audit_data ad; u32 perms; bool from_access; + unsigned flags = mask & MAY_NOT_BLOCK; from_access = mask & MAY_ACCESS; mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); @@ -3228,7 +3234,7 @@ static int selinux_dentry_open(struct file *file, const struct cred *cred) * new inode label or new policy. * This check is not redundant - do not remove. */ - return inode_has_perm(cred, inode, open_file_to_av(file), NULL, 0); + return inode_has_perm_noadp(cred, inode, open_file_to_av(file), 0); } /* task security operations */ @@ -5314,7 +5320,7 @@ static int selinux_setprocattr(struct task_struct *p, Otherwise, leave SID unchanged and fail. */ ptsid = 0; task_lock(p); - tracer = tracehook_tracer_task(p); + tracer = ptrace_parent(p); if (tracer) ptsid = task_sid(tracer); task_unlock(p); diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 3618251d0fdb..8b691a863186 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -69,22 +69,6 @@ static DEFINE_SPINLOCK(sel_netnode_lock); static struct sel_netnode_bkt sel_netnode_hash[SEL_NETNODE_HASH_SIZE]; /** - * sel_netnode_free - Frees a node entry - * @p: the entry's RCU field - * - * Description: - * This function is designed to be used as a callback to the call_rcu() - * function so that memory allocated to a hash table node entry can be - * released safely. - * - */ -static void sel_netnode_free(struct rcu_head *p) -{ - struct sel_netnode *node = container_of(p, struct sel_netnode, rcu); - kfree(node); -} - -/** * sel_netnode_hashfn_ipv4 - IPv4 hashing function for the node table * @addr: IPv4 address * @@ -193,7 +177,7 @@ static void sel_netnode_insert(struct sel_netnode *node) rcu_dereference(sel_netnode_hash[idx].list.prev), struct sel_netnode, list); list_del_rcu(&tail->list); - call_rcu(&tail->rcu, sel_netnode_free); + kfree_rcu(tail, rcu); } else sel_netnode_hash[idx].size++; } @@ -306,7 +290,7 @@ static void sel_netnode_flush(void) list_for_each_entry_safe(node, node_tmp, &sel_netnode_hash[idx].list, list) { list_del_rcu(&node->list); - call_rcu(&node->rcu, sel_netnode_free); + kfree_rcu(node, rcu); } sel_netnode_hash[idx].size = 0; } diff --git a/security/selinux/netport.c b/security/selinux/netport.c index cfe2d72d3fb7..ae76e298de7d 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -68,22 +68,6 @@ static DEFINE_SPINLOCK(sel_netport_lock); static struct sel_netport_bkt sel_netport_hash[SEL_NETPORT_HASH_SIZE]; /** - * sel_netport_free - Frees a port entry - * @p: the entry's RCU field - * - * Description: - * This function is designed to be used as a callback to the call_rcu() - * function so that memory allocated to a hash table port entry can be - * released safely. - * - */ -static void sel_netport_free(struct rcu_head *p) -{ - struct sel_netport *port = container_of(p, struct sel_netport, rcu); - kfree(port); -} - -/** * sel_netport_hashfn - Hashing function for the port table * @pnum: port number * @@ -142,7 +126,7 @@ static void sel_netport_insert(struct sel_netport *port) rcu_dereference(sel_netport_hash[idx].list.prev), struct sel_netport, list); list_del_rcu(&tail->list); - call_rcu(&tail->rcu, sel_netport_free); + kfree_rcu(tail, rcu); } else sel_netport_hash[idx].size++; } @@ -241,7 +225,7 @@ static void sel_netport_flush(void) list_for_each_entry_safe(port, port_tmp, &sel_netport_hash[idx].list, list) { list_del_rcu(&port->list); - call_rcu(&port->rcu, sel_netport_free); + kfree_rcu(port, rcu); } sel_netport_hash[idx].size = 0; } diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 77d44138864f..de7900ef53da 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -29,6 +29,7 @@ #include <linux/audit.h> #include <linux/uaccess.h> #include <linux/kobject.h> +#include <linux/ctype.h> /* selinuxfs pseudo filesystem for exporting the security policy API. Based on the proc code and the fs/nfsd/nfsctl.c code. */ @@ -751,6 +752,14 @@ out: return length; } +static inline int hexcode_to_int(int code) { + if (code == '\0' || !isxdigit(code)) + return -1; + if (isdigit(code)) + return code - '0'; + return tolower(code) - 'a' + 10; +} + static ssize_t sel_write_create(struct file *file, char *buf, size_t size) { char *scon = NULL, *tcon = NULL; @@ -785,8 +794,34 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); if (nargs < 3 || nargs > 4) goto out; - if (nargs == 4) + if (nargs == 4) { + /* + * If and when the name of new object to be queried contains + * either whitespace or multibyte characters, they shall be + * encoded based on the percentage-encoding rule. + * If not encoded, the sscanf logic picks up only left-half + * of the supplied name; splitted by a whitespace unexpectedly. + */ + char *r, *w; + int c1, c2; + + r = w = namebuf; + do { + c1 = *r++; + if (c1 == '+') + c1 = ' '; + else if (c1 == '%') { + if ((c1 = hexcode_to_int(*r++)) < 0) + goto out; + if ((c2 = hexcode_to_int(*r++)) < 0) + goto out; + c1 = (c1 << 4) | c2; + } + *w++ = c1; + } while (c1 != '\0'); + objname = namebuf; + } length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); if (length) @@ -1949,6 +1984,7 @@ __initcall(init_sel_fs); void exit_sel_fs(void) { kobject_put(selinuxfs_kobj); + kern_unmount(selinuxfs_mount); unregister_filesystem(&sel_fs_type); } #endif diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 102e9ec1b77a..d246aca3f4fb 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -3222,6 +3222,9 @@ static int filename_trans_write(struct policydb *p, void *fp) __le32 buf[1]; int rc; + if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) + return 0; + nel = 0; rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); if (rc) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 9831a39c11f6..f375eb2e1957 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -689,9 +689,10 @@ static int smack_inode_rename(struct inode *old_inode, * * Returns 0 if access is permitted, -EACCES otherwise */ -static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) +static int smack_inode_permission(struct inode *inode, int mask) { struct smk_audit_info ad; + int no_block = mask & MAY_NOT_BLOCK; mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); /* @@ -701,7 +702,7 @@ static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) return 0; /* May be droppable after audit */ - if (flags & IPERM_FLAG_RCU) + if (no_block) return -ECHILD; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE); smk_ad_setfield_u_fs_inode(&ad, inode); diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 162a864dba24..9fc2e15841c9 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c @@ -138,7 +138,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name, } if (need_dev) { /* Get mount point or device file. */ - if (kern_path(dev_name, LOOKUP_FOLLOW, &path)) { + if (!dev_name || kern_path(dev_name, LOOKUP_FOLLOW, &path)) { error = -ENOENT; goto out; } diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index d1e05b047715..8d95e91c9fc4 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -103,7 +103,7 @@ char *tomoyo_realpath_from_path(struct path *path) if (!buf) break; /* Get better name for socket. */ - if (dentry->d_sb && dentry->d_sb->s_magic == SOCKFS_MAGIC) { + if (dentry->d_sb->s_magic == SOCKFS_MAGIC) { struct inode *inode = dentry->d_inode; struct socket *sock = inode ? SOCKET_I(inode) : NULL; struct sock *sk = sock ? sock->sk : NULL; |