diff options
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 98 |
1 files changed, 13 insertions, 85 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4b64ad31326f..d98e1d8d18f6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -5626,51 +5626,22 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
5626 | return selinux_nlmsg_perm(sk, skb); | 5626 | return selinux_nlmsg_perm(sk, skb); |
5627 | } | 5627 | } |
5628 | 5628 | ||
5629 | static int ipc_alloc_security(struct kern_ipc_perm *perm, | 5629 | static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) |
5630 | u16 sclass) | ||
5631 | { | 5630 | { |
5632 | struct ipc_security_struct *isec; | ||
5633 | |||
5634 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); | ||
5635 | if (!isec) | ||
5636 | return -ENOMEM; | ||
5637 | |||
5638 | isec->sclass = sclass; | 5631 | isec->sclass = sclass; |
5639 | isec->sid = current_sid(); | 5632 | isec->sid = current_sid(); |
5640 | perm->security = isec; | ||
5641 | |||
5642 | return 0; | ||
5643 | } | ||
5644 | |||
5645 | static void ipc_free_security(struct kern_ipc_perm *perm) | ||
5646 | { | ||
5647 | struct ipc_security_struct *isec = perm->security; | ||
5648 | perm->security = NULL; | ||
5649 | kfree(isec); | ||
5650 | } | 5633 | } |
5651 | 5634 | ||
5652 | static int msg_msg_alloc_security(struct msg_msg *msg) | 5635 | static int msg_msg_alloc_security(struct msg_msg *msg) |
5653 | { | 5636 | { |
5654 | struct msg_security_struct *msec; | 5637 | struct msg_security_struct *msec; |
5655 | 5638 | ||
5656 | msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); | 5639 | msec = selinux_msg_msg(msg); |
5657 | if (!msec) | ||
5658 | return -ENOMEM; | ||
5659 | |||
5660 | msec->sid = SECINITSID_UNLABELED; | 5640 | msec->sid = SECINITSID_UNLABELED; |
5661 | msg->security = msec; | ||
5662 | 5641 | ||
5663 | return 0; | 5642 | return 0; |
5664 | } | 5643 | } |
5665 | 5644 | ||
5666 | static void msg_msg_free_security(struct msg_msg *msg) | ||
5667 | { | ||
5668 | struct msg_security_struct *msec = msg->security; | ||
5669 | |||
5670 | msg->security = NULL; | ||
5671 | kfree(msec); | ||
5672 | } | ||
5673 | |||
5674 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, | 5645 | static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, |
5675 | u32 perms) | 5646 | u32 perms) |
5676 | { | 5647 | { |
@@ -5692,11 +5663,6 @@ static int selinux_msg_msg_alloc_security(struct msg_msg *msg) | |||
5692 | return msg_msg_alloc_security(msg); | 5663 | return msg_msg_alloc_security(msg); |
5693 | } | 5664 | } |
5694 | 5665 | ||
5695 | static void selinux_msg_msg_free_security(struct msg_msg *msg) | ||
5696 | { | ||
5697 | msg_msg_free_security(msg); | ||
5698 | } | ||
5699 | |||
5700 | /* message queue security operations */ | 5666 | /* message queue security operations */ |
5701 | static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) | 5667 | static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) |
5702 | { | 5668 | { |
@@ -5705,11 +5671,8 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) | |||
5705 | u32 sid = current_sid(); | 5671 | u32 sid = current_sid(); |
5706 | int rc; | 5672 | int rc; |
5707 | 5673 | ||
5708 | rc = ipc_alloc_security(msq, SECCLASS_MSGQ); | 5674 | isec = selinux_ipc(msq); |
5709 | if (rc) | 5675 | ipc_init_security(isec, SECCLASS_MSGQ); |
5710 | return rc; | ||
5711 | |||
5712 | isec = msq->security; | ||
5713 | 5676 | ||
5714 | ad.type = LSM_AUDIT_DATA_IPC; | 5677 | ad.type = LSM_AUDIT_DATA_IPC; |
5715 | ad.u.ipc_id = msq->key; | 5678 | ad.u.ipc_id = msq->key; |
@@ -5717,16 +5680,7 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) | |||
5717 | rc = avc_has_perm(&selinux_state, | 5680 | rc = avc_has_perm(&selinux_state, |
5718 | sid, isec->sid, SECCLASS_MSGQ, | 5681 | sid, isec->sid, SECCLASS_MSGQ, |
5719 | MSGQ__CREATE, &ad); | 5682 | MSGQ__CREATE, &ad); |
5720 | if (rc) { | 5683 | return rc; |
5721 | ipc_free_security(msq); | ||
5722 | return rc; | ||
5723 | } | ||
5724 | return 0; | ||
5725 | } | ||
5726 | |||
5727 | static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq) | ||
5728 | { | ||
5729 | ipc_free_security(msq); | ||
5730 | } | 5684 | } |
5731 | 5685 | ||
5732 | static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) | 5686 | static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) |
@@ -5856,11 +5810,8 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) | |||
5856 | u32 sid = current_sid(); | 5810 | u32 sid = current_sid(); |
5857 | int rc; | 5811 | int rc; |
5858 | 5812 | ||
5859 | rc = ipc_alloc_security(shp, SECCLASS_SHM); | 5813 | isec = selinux_ipc(shp); |
5860 | if (rc) | 5814 | ipc_init_security(isec, SECCLASS_SHM); |
5861 | return rc; | ||
5862 | |||
5863 | isec = shp->security; | ||
5864 | 5815 | ||
5865 | ad.type = LSM_AUDIT_DATA_IPC; | 5816 | ad.type = LSM_AUDIT_DATA_IPC; |
5866 | ad.u.ipc_id = shp->key; | 5817 | ad.u.ipc_id = shp->key; |
@@ -5868,16 +5819,7 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) | |||
5868 | rc = avc_has_perm(&selinux_state, | 5819 | rc = avc_has_perm(&selinux_state, |
5869 | sid, isec->sid, SECCLASS_SHM, | 5820 | sid, isec->sid, SECCLASS_SHM, |
5870 | SHM__CREATE, &ad); | 5821 | SHM__CREATE, &ad); |
5871 | if (rc) { | 5822 | return rc; |
5872 | ipc_free_security(shp); | ||
5873 | return rc; | ||
5874 | } | ||
5875 | return 0; | ||
5876 | } | ||
5877 | |||
5878 | static void selinux_shm_free_security(struct kern_ipc_perm *shp) | ||
5879 | { | ||
5880 | ipc_free_security(shp); | ||
5881 | } | 5823 | } |
5882 | 5824 | ||
5883 | static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) | 5825 | static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) |
@@ -5953,11 +5895,8 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma) | |||
5953 | u32 sid = current_sid(); | 5895 | u32 sid = current_sid(); |
5954 | int rc; | 5896 | int rc; |
5955 | 5897 | ||
5956 | rc = ipc_alloc_security(sma, SECCLASS_SEM); | 5898 | isec = selinux_ipc(sma); |
5957 | if (rc) | 5899 | ipc_init_security(isec, SECCLASS_SEM); |
5958 | return rc; | ||
5959 | |||
5960 | isec = sma->security; | ||
5961 | 5900 | ||
5962 | ad.type = LSM_AUDIT_DATA_IPC; | 5901 | ad.type = LSM_AUDIT_DATA_IPC; |
5963 | ad.u.ipc_id = sma->key; | 5902 | ad.u.ipc_id = sma->key; |
@@ -5965,16 +5904,7 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma) | |||
5965 | rc = avc_has_perm(&selinux_state, | 5904 | rc = avc_has_perm(&selinux_state, |
5966 | sid, isec->sid, SECCLASS_SEM, | 5905 | sid, isec->sid, SECCLASS_SEM, |
5967 | SEM__CREATE, &ad); | 5906 | SEM__CREATE, &ad); |
5968 | if (rc) { | 5907 | return rc; |
5969 | ipc_free_security(sma); | ||
5970 | return rc; | ||
5971 | } | ||
5972 | return 0; | ||
5973 | } | ||
5974 | |||
5975 | static void selinux_sem_free_security(struct kern_ipc_perm *sma) | ||
5976 | { | ||
5977 | ipc_free_security(sma); | ||
5978 | } | 5908 | } |
5979 | 5909 | ||
5980 | static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) | 5910 | static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) |
@@ -6607,6 +6537,8 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { | |||
6607 | .lbs_cred = sizeof(struct task_security_struct), | 6537 | .lbs_cred = sizeof(struct task_security_struct), |
6608 | .lbs_file = sizeof(struct file_security_struct), | 6538 | .lbs_file = sizeof(struct file_security_struct), |
6609 | .lbs_inode = sizeof(struct inode_security_struct), | 6539 | .lbs_inode = sizeof(struct inode_security_struct), |
6540 | .lbs_ipc = sizeof(struct ipc_security_struct), | ||
6541 | .lbs_msg_msg = sizeof(struct msg_security_struct), | ||
6610 | }; | 6542 | }; |
6611 | 6543 | ||
6612 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | 6544 | static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { |
@@ -6718,24 +6650,20 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
6718 | LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), | 6650 | LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), |
6719 | 6651 | ||
6720 | LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), | 6652 | LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), |
6721 | LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security), | ||
6722 | 6653 | ||
6723 | LSM_HOOK_INIT(msg_queue_alloc_security, | 6654 | LSM_HOOK_INIT(msg_queue_alloc_security, |
6724 | selinux_msg_queue_alloc_security), | 6655 | selinux_msg_queue_alloc_security), |
6725 | LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security), | ||
6726 | LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), | 6656 | LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), |
6727 | LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), | 6657 | LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), |
6728 | LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), | 6658 | LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), |
6729 | LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), | 6659 | LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), |
6730 | 6660 | ||
6731 | LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), | 6661 | LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), |
6732 | LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security), | ||
6733 | LSM_HOOK_INIT(shm_associate, selinux_shm_associate), | 6662 | LSM_HOOK_INIT(shm_associate, selinux_shm_associate), |
6734 | LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), | 6663 | LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), |
6735 | LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), | 6664 | LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), |
6736 | 6665 | ||
6737 | LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), | 6666 | LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), |
6738 | LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security), | ||
6739 | LSM_HOOK_INIT(sem_associate, selinux_sem_associate), | 6667 | LSM_HOOK_INIT(sem_associate, selinux_sem_associate), |
6740 | LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), | 6668 | LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), |
6741 | LSM_HOOK_INIT(sem_semop, selinux_sem_semop), | 6669 | LSM_HOOK_INIT(sem_semop, selinux_sem_semop), |