2 files changed, 15 insertions, 87 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4b64ad31326f..d98e1d8d18f6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5626,51 +5626,22 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
         return selinux_nlmsg_perm(sk, skb);
 }
 
-static int ipc_alloc_security(struct kern_ipc_perm *perm,
-                              u16 sclass)
+static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
 {
-        struct ipc_security_struct *isec;
-
-        isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
-        if (!isec)
-                return -ENOMEM;
-
         isec->sclass = sclass;
         isec->sid = current_sid();
-        perm->security = isec;
-
-        return 0;
-}
-
-static void ipc_free_security(struct kern_ipc_perm *perm)
-{
-        struct ipc_security_struct *isec = perm->security;
-        perm->security = NULL;
-        kfree(isec);
 }
 
 static int msg_msg_alloc_security(struct msg_msg *msg)
 {
         struct msg_security_struct *msec;
 
-        msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
-        if (!msec)
-                return -ENOMEM;
-
+        msec = selinux_msg_msg(msg);
         msec->sid = SECINITSID_UNLABELED;
-        msg->security = msec;
 
         return 0;
 }
 
-static void msg_msg_free_security(struct msg_msg *msg)
-{
-        struct msg_security_struct *msec = msg->security;
-
-        msg->security = NULL;
-        kfree(msec);
-}
-
 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
                         u32 perms)
 {
@@ -5692,11 +5663,6 @@ static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
         return msg_msg_alloc_security(msg);
 }
 
-static void selinux_msg_msg_free_security(struct msg_msg *msg)
-{
-        msg_msg_free_security(msg);
-}
-
 /* message queue security operations */
 static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
 {
@@ -5705,11 +5671,8 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
         u32 sid = current_sid();
         int rc;
 
-        rc = ipc_alloc_security(msq, SECCLASS_MSGQ);
-        if (rc)
-                return rc;
-
-        isec = msq->security;
+        isec = selinux_ipc(msq);
+        ipc_init_security(isec, SECCLASS_MSGQ);
 
         ad.type = LSM_AUDIT_DATA_IPC;
         ad.u.ipc_id = msq->key;
@@ -5717,16 +5680,7 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
         rc = avc_has_perm(&selinux_state,
                           sid, isec->sid, SECCLASS_MSGQ,
                           MSGQ__CREATE, &ad);
-        if (rc) {
-                ipc_free_security(msq);
-                return rc;
-        }
-        return 0;
-}
-
-static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq)
-{
-        ipc_free_security(msq);
+        return rc;
 }
 
 static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
@@ -5856,11 +5810,8 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
         u32 sid = current_sid();
         int rc;
 
-        rc = ipc_alloc_security(shp, SECCLASS_SHM);
-        if (rc)
-                return rc;
-
-        isec = shp->security;
+        isec = selinux_ipc(shp);
+        ipc_init_security(isec, SECCLASS_SHM);
 
         ad.type = LSM_AUDIT_DATA_IPC;
         ad.u.ipc_id = shp->key;
@@ -5868,16 +5819,7 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
         rc = avc_has_perm(&selinux_state,
                           sid, isec->sid, SECCLASS_SHM,
                           SHM__CREATE, &ad);
-        if (rc) {
-                ipc_free_security(shp);
-                return rc;
-        }
-        return 0;
-}
-
-static void selinux_shm_free_security(struct kern_ipc_perm *shp)
-{
-        ipc_free_security(shp);
+        return rc;
 }
 
 static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
@@ -5953,11 +5895,8 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
         u32 sid = current_sid();
         int rc;
 
-        rc = ipc_alloc_security(sma, SECCLASS_SEM);
-        if (rc)
-                return rc;
-
-        isec = sma->security;
+        isec = selinux_ipc(sma);
+        ipc_init_security(isec, SECCLASS_SEM);
 
         ad.type = LSM_AUDIT_DATA_IPC;
         ad.u.ipc_id = sma->key;
@@ -5965,16 +5904,7 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
         rc = avc_has_perm(&selinux_state,
                           sid, isec->sid, SECCLASS_SEM,
                           SEM__CREATE, &ad);
-        if (rc) {
-                ipc_free_security(sma);
-                return rc;
-        }
-        return 0;
-}
-
-static void selinux_sem_free_security(struct kern_ipc_perm *sma)
-{
-        ipc_free_security(sma);
+        return rc;
 }
 
 static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
@@ -6607,6 +6537,8 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
         .lbs_cred = sizeof(struct task_security_struct),
         .lbs_file = sizeof(struct file_security_struct),
         .lbs_inode = sizeof(struct inode_security_struct),
+        .lbs_ipc = sizeof(struct ipc_security_struct),
+        .lbs_msg_msg = sizeof(struct msg_security_struct),
 };
 
 static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
@@ -6718,24 +6650,20 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
 
         LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
-        LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
 
         LSM_HOOK_INIT(msg_queue_alloc_security,
                         selinux_msg_queue_alloc_security),
-        LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
         LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
         LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
         LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
         LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
 
         LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
-        LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
         LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
         LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
         LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
 
         LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
-        LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
         LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
         LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
         LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 539cacf4a572..231262d8eac9 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -179,13 +179,13 @@ static inline struct inode_security_struct *selinux_inode(
 static inline struct msg_security_struct *selinux_msg_msg(
                                                 const struct msg_msg *msg_msg)
 {
-        return msg_msg->security;
+        return msg_msg->security + selinux_blob_sizes.lbs_msg_msg;
 }
 
 static inline struct ipc_security_struct *selinux_ipc(
                                                 const struct kern_ipc_perm *ipc)
 {
-        return ipc->security;
+        return ipc->security + selinux_blob_sizes.lbs_ipc;
 }
 
 #endif /* _SELINUX_OBJSEC_H_ */