diff options
| -rw-r--r-- | security/selinux/avc.c | 4 | ||||
| -rw-r--r-- | security/selinux/ss/avtab.c | 8 | ||||
| -rw-r--r-- | security/selinux/ss/conditional.c | 12 | ||||
| -rw-r--r-- | security/selinux/ss/ebitmap.c | 5 | ||||
| -rw-r--r-- | security/selinux/ss/policydb.c | 60 |
5 files changed, 52 insertions, 37 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 451502467a9..cf6020f8540 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -490,7 +490,7 @@ out: | |||
| 490 | } | 490 | } |
| 491 | 491 | ||
| 492 | static inline void avc_print_ipv6_addr(struct audit_buffer *ab, | 492 | static inline void avc_print_ipv6_addr(struct audit_buffer *ab, |
| 493 | struct in6_addr *addr, u16 port, | 493 | struct in6_addr *addr, __be16 port, |
| 494 | char *name1, char *name2) | 494 | char *name1, char *name2) |
| 495 | { | 495 | { |
| 496 | if (!ipv6_addr_any(addr)) | 496 | if (!ipv6_addr_any(addr)) |
| @@ -501,7 +501,7 @@ static inline void avc_print_ipv6_addr(struct audit_buffer *ab, | |||
| 501 | } | 501 | } |
| 502 | 502 | ||
| 503 | static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr, | 503 | static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr, |
| 504 | u16 port, char *name1, char *name2) | 504 | __be16 port, char *name1, char *name2) |
| 505 | { | 505 | { |
| 506 | if (addr) | 506 | if (addr) |
| 507 | audit_log_format(ab, " %s=%d.%d.%d.%d", name1, NIPQUAD(addr)); | 507 | audit_log_format(ab, " %s=%d.%d.%d.%d", name1, NIPQUAD(addr)); |
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 2e71af67b5d..dde094feb20 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c | |||
| @@ -297,8 +297,10 @@ int avtab_read_item(void *fp, u32 vers, struct avtab *a, | |||
| 297 | struct avtab_datum *d, void *p), | 297 | struct avtab_datum *d, void *p), |
| 298 | void *p) | 298 | void *p) |
| 299 | { | 299 | { |
| 300 | u16 buf16[4], enabled; | 300 | __le16 buf16[4]; |
| 301 | u32 buf32[7], items, items2, val; | 301 | u16 enabled; |
| 302 | __le32 buf32[7]; | ||
| 303 | u32 items, items2, val; | ||
| 302 | struct avtab_key key; | 304 | struct avtab_key key; |
| 303 | struct avtab_datum datum; | 305 | struct avtab_datum datum; |
| 304 | int i, rc; | 306 | int i, rc; |
| @@ -403,7 +405,7 @@ static int avtab_insertf(struct avtab *a, struct avtab_key *k, | |||
| 403 | int avtab_read(struct avtab *a, void *fp, u32 vers) | 405 | int avtab_read(struct avtab *a, void *fp, u32 vers) |
| 404 | { | 406 | { |
| 405 | int rc; | 407 | int rc; |
| 406 | u32 buf[1]; | 408 | __le32 buf[1]; |
| 407 | u32 nel, i; | 409 | u32 nel, i; |
| 408 | 410 | ||
| 409 | 411 | ||
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index b81cd668897..daf28800746 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
| @@ -216,7 +216,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) | |||
| 216 | { | 216 | { |
| 217 | char *key = NULL; | 217 | char *key = NULL; |
| 218 | struct cond_bool_datum *booldatum; | 218 | struct cond_bool_datum *booldatum; |
| 219 | u32 buf[3], len; | 219 | __le32 buf[3]; |
| 220 | u32 len; | ||
| 220 | int rc; | 221 | int rc; |
| 221 | 222 | ||
| 222 | booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); | 223 | booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); |
| @@ -342,7 +343,8 @@ err: | |||
| 342 | static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other) | 343 | static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other) |
| 343 | { | 344 | { |
| 344 | int i, rc; | 345 | int i, rc; |
| 345 | u32 buf[1], len; | 346 | __le32 buf[1]; |
| 347 | u32 len; | ||
| 346 | struct cond_insertf_data data; | 348 | struct cond_insertf_data data; |
| 347 | 349 | ||
| 348 | *ret_list = NULL; | 350 | *ret_list = NULL; |
| @@ -388,7 +390,8 @@ static int expr_isvalid(struct policydb *p, struct cond_expr *expr) | |||
| 388 | 390 | ||
| 389 | static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) | 391 | static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) |
| 390 | { | 392 | { |
| 391 | u32 buf[2], len, i; | 393 | __le32 buf[2]; |
| 394 | u32 len, i; | ||
| 392 | int rc; | 395 | int rc; |
| 393 | struct cond_expr *expr = NULL, *last = NULL; | 396 | struct cond_expr *expr = NULL, *last = NULL; |
| 394 | 397 | ||
| @@ -446,7 +449,8 @@ err: | |||
| 446 | int cond_read_list(struct policydb *p, void *fp) | 449 | int cond_read_list(struct policydb *p, void *fp) |
| 447 | { | 450 | { |
| 448 | struct cond_node *node, *last = NULL; | 451 | struct cond_node *node, *last = NULL; |
| 449 | u32 buf[1], i, len; | 452 | __le32 buf[1]; |
| 453 | u32 i, len; | ||
| 450 | int rc; | 454 | int rc; |
| 451 | 455 | ||
| 452 | rc = next_entry(buf, fp, sizeof buf); | 456 | rc = next_entry(buf, fp, sizeof buf); |
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index d8ce9cc0b9f..d515154128c 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c | |||
| @@ -196,8 +196,9 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
| 196 | { | 196 | { |
| 197 | int rc; | 197 | int rc; |
| 198 | struct ebitmap_node *n, *l; | 198 | struct ebitmap_node *n, *l; |
| 199 | u32 buf[3], mapsize, count, i; | 199 | __le32 buf[3]; |
| 200 | u64 map; | 200 | u32 mapsize, count, i; |
| 201 | __le64 map; | ||
| 201 | 202 | ||
| 202 | ebitmap_init(e); | 203 | ebitmap_init(e); |
| 203 | 204 | ||
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 7b03fa0f92b..0a758323a9c 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -744,7 +744,8 @@ int policydb_context_isvalid(struct policydb *p, struct context *c) | |||
| 744 | */ | 744 | */ |
| 745 | static int mls_read_range_helper(struct mls_range *r, void *fp) | 745 | static int mls_read_range_helper(struct mls_range *r, void *fp) |
| 746 | { | 746 | { |
| 747 | u32 buf[2], items; | 747 | __le32 buf[2]; |
| 748 | u32 items; | ||
| 748 | int rc; | 749 | int rc; |
| 749 | 750 | ||
| 750 | rc = next_entry(buf, fp, sizeof(u32)); | 751 | rc = next_entry(buf, fp, sizeof(u32)); |
| @@ -805,7 +806,7 @@ static int context_read_and_validate(struct context *c, | |||
| 805 | struct policydb *p, | 806 | struct policydb *p, |
| 806 | void *fp) | 807 | void *fp) |
| 807 | { | 808 | { |
| 808 | u32 buf[3]; | 809 | __le32 buf[3]; |
| 809 | int rc; | 810 | int rc; |
| 810 | 811 | ||
| 811 | rc = next_entry(buf, fp, sizeof buf); | 812 | rc = next_entry(buf, fp, sizeof buf); |
| @@ -845,7 +846,8 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 845 | char *key = NULL; | 846 | char *key = NULL; |
| 846 | struct perm_datum *perdatum; | 847 | struct perm_datum *perdatum; |
| 847 | int rc; | 848 | int rc; |
| 848 | u32 buf[2], len; | 849 | __le32 buf[2]; |
| 850 | u32 len; | ||
| 849 | 851 | ||
| 850 | perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); | 852 | perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); |
| 851 | if (!perdatum) { | 853 | if (!perdatum) { |
| @@ -885,7 +887,8 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 885 | { | 887 | { |
| 886 | char *key = NULL; | 888 | char *key = NULL; |
| 887 | struct common_datum *comdatum; | 889 | struct common_datum *comdatum; |
| 888 | u32 buf[4], len, nel; | 890 | __le32 buf[4]; |
| 891 | u32 len, nel; | ||
| 889 | int i, rc; | 892 | int i, rc; |
| 890 | 893 | ||
| 891 | comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); | 894 | comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); |
| @@ -939,7 +942,8 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
| 939 | { | 942 | { |
| 940 | struct constraint_node *c, *lc; | 943 | struct constraint_node *c, *lc; |
| 941 | struct constraint_expr *e, *le; | 944 | struct constraint_expr *e, *le; |
| 942 | u32 buf[3], nexpr; | 945 | __le32 buf[3]; |
| 946 | u32 nexpr; | ||
| 943 | int rc, i, j, depth; | 947 | int rc, i, j, depth; |
| 944 | 948 | ||
| 945 | lc = NULL; | 949 | lc = NULL; |
| @@ -1023,7 +1027,8 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1023 | { | 1027 | { |
| 1024 | char *key = NULL; | 1028 | char *key = NULL; |
| 1025 | struct class_datum *cladatum; | 1029 | struct class_datum *cladatum; |
| 1026 | u32 buf[6], len, len2, ncons, nel; | 1030 | __le32 buf[6]; |
| 1031 | u32 len, len2, ncons, nel; | ||
| 1027 | int i, rc; | 1032 | int i, rc; |
| 1028 | 1033 | ||
| 1029 | cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); | 1034 | cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); |
| @@ -1117,7 +1122,8 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1117 | char *key = NULL; | 1122 | char *key = NULL; |
| 1118 | struct role_datum *role; | 1123 | struct role_datum *role; |
| 1119 | int rc; | 1124 | int rc; |
| 1120 | u32 buf[2], len; | 1125 | __le32 buf[2]; |
| 1126 | u32 len; | ||
| 1121 | 1127 | ||
| 1122 | role = kmalloc(sizeof(*role), GFP_KERNEL); | 1128 | role = kmalloc(sizeof(*role), GFP_KERNEL); |
| 1123 | if (!role) { | 1129 | if (!role) { |
| @@ -1177,7 +1183,8 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1177 | char *key = NULL; | 1183 | char *key = NULL; |
| 1178 | struct type_datum *typdatum; | 1184 | struct type_datum *typdatum; |
| 1179 | int rc; | 1185 | int rc; |
| 1180 | u32 buf[3], len; | 1186 | __le32 buf[3]; |
| 1187 | u32 len; | ||
| 1181 | 1188 | ||
| 1182 | typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); | 1189 | typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); |
| 1183 | if (!typdatum) { | 1190 | if (!typdatum) { |
| @@ -1221,7 +1228,7 @@ bad: | |||
| 1221 | */ | 1228 | */ |
| 1222 | static int mls_read_level(struct mls_level *lp, void *fp) | 1229 | static int mls_read_level(struct mls_level *lp, void *fp) |
| 1223 | { | 1230 | { |
| 1224 | u32 buf[1]; | 1231 | __le32 buf[1]; |
| 1225 | int rc; | 1232 | int rc; |
| 1226 | 1233 | ||
| 1227 | memset(lp, 0, sizeof(*lp)); | 1234 | memset(lp, 0, sizeof(*lp)); |
| @@ -1249,7 +1256,8 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1249 | char *key = NULL; | 1256 | char *key = NULL; |
| 1250 | struct user_datum *usrdatum; | 1257 | struct user_datum *usrdatum; |
| 1251 | int rc; | 1258 | int rc; |
| 1252 | u32 buf[2], len; | 1259 | __le32 buf[2]; |
| 1260 | u32 len; | ||
| 1253 | 1261 | ||
| 1254 | usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); | 1262 | usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); |
| 1255 | if (!usrdatum) { | 1263 | if (!usrdatum) { |
| @@ -1303,7 +1311,8 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1303 | char *key = NULL; | 1311 | char *key = NULL; |
| 1304 | struct level_datum *levdatum; | 1312 | struct level_datum *levdatum; |
| 1305 | int rc; | 1313 | int rc; |
| 1306 | u32 buf[2], len; | 1314 | __le32 buf[2]; |
| 1315 | u32 len; | ||
| 1307 | 1316 | ||
| 1308 | levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); | 1317 | levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); |
| 1309 | if (!levdatum) { | 1318 | if (!levdatum) { |
| @@ -1354,7 +1363,8 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1354 | char *key = NULL; | 1363 | char *key = NULL; |
| 1355 | struct cat_datum *catdatum; | 1364 | struct cat_datum *catdatum; |
| 1356 | int rc; | 1365 | int rc; |
| 1357 | u32 buf[3], len; | 1366 | __le32 buf[3]; |
| 1367 | u32 len; | ||
| 1358 | 1368 | ||
| 1359 | catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); | 1369 | catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); |
| 1360 | if (!catdatum) { | 1370 | if (!catdatum) { |
| @@ -1417,7 +1427,8 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1417 | struct ocontext *l, *c, *newc; | 1427 | struct ocontext *l, *c, *newc; |
| 1418 | struct genfs *genfs_p, *genfs, *newgenfs; | 1428 | struct genfs *genfs_p, *genfs, *newgenfs; |
| 1419 | int i, j, rc; | 1429 | int i, j, rc; |
| 1420 | u32 buf[8], len, len2, config, nprim, nel, nel2; | 1430 | __le32 buf[8]; |
| 1431 | u32 len, len2, config, nprim, nel, nel2; | ||
| 1421 | char *policydb_str; | 1432 | char *policydb_str; |
| 1422 | struct policydb_compat_info *info; | 1433 | struct policydb_compat_info *info; |
| 1423 | struct range_trans *rt, *lrt; | 1434 | struct range_trans *rt, *lrt; |
| @@ -1433,17 +1444,14 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1433 | if (rc < 0) | 1444 | if (rc < 0) |
| 1434 | goto bad; | 1445 | goto bad; |
| 1435 | 1446 | ||
| 1436 | for (i = 0; i < 2; i++) | 1447 | if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { |
| 1437 | buf[i] = le32_to_cpu(buf[i]); | ||
| 1438 | |||
| 1439 | if (buf[0] != POLICYDB_MAGIC) { | ||
| 1440 | printk(KERN_ERR "security: policydb magic number 0x%x does " | 1448 | printk(KERN_ERR "security: policydb magic number 0x%x does " |
| 1441 | "not match expected magic number 0x%x\n", | 1449 | "not match expected magic number 0x%x\n", |
| 1442 | buf[0], POLICYDB_MAGIC); | 1450 | le32_to_cpu(buf[0]), POLICYDB_MAGIC); |
| 1443 | goto bad; | 1451 | goto bad; |
| 1444 | } | 1452 | } |
| 1445 | 1453 | ||
| 1446 | len = buf[1]; | 1454 | len = le32_to_cpu(buf[1]); |
| 1447 | if (len != strlen(POLICYDB_STRING)) { | 1455 | if (len != strlen(POLICYDB_STRING)) { |
| 1448 | printk(KERN_ERR "security: policydb string length %d does not " | 1456 | printk(KERN_ERR "security: policydb string length %d does not " |
| 1449 | "match expected length %Zu\n", | 1457 | "match expected length %Zu\n", |
| @@ -1478,19 +1486,17 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1478 | rc = next_entry(buf, fp, sizeof(u32)*4); | 1486 | rc = next_entry(buf, fp, sizeof(u32)*4); |
| 1479 | if (rc < 0) | 1487 | if (rc < 0) |
| 1480 | goto bad; | 1488 | goto bad; |
| 1481 | for (i = 0; i < 4; i++) | ||
| 1482 | buf[i] = le32_to_cpu(buf[i]); | ||
| 1483 | 1489 | ||
| 1484 | p->policyvers = buf[0]; | 1490 | p->policyvers = le32_to_cpu(buf[0]); |
| 1485 | if (p->policyvers < POLICYDB_VERSION_MIN || | 1491 | if (p->policyvers < POLICYDB_VERSION_MIN || |
| 1486 | p->policyvers > POLICYDB_VERSION_MAX) { | 1492 | p->policyvers > POLICYDB_VERSION_MAX) { |
| 1487 | printk(KERN_ERR "security: policydb version %d does not match " | 1493 | printk(KERN_ERR "security: policydb version %d does not match " |
| 1488 | "my version range %d-%d\n", | 1494 | "my version range %d-%d\n", |
| 1489 | buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); | 1495 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
| 1490 | goto bad; | 1496 | goto bad; |
| 1491 | } | 1497 | } |
| 1492 | 1498 | ||
| 1493 | if ((buf[1] & POLICYDB_CONFIG_MLS)) { | 1499 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
| 1494 | if (ss_initialized && !selinux_mls_enabled) { | 1500 | if (ss_initialized && !selinux_mls_enabled) { |
| 1495 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " | 1501 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " |
| 1496 | "policies\n"); | 1502 | "policies\n"); |
| @@ -1519,9 +1525,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1519 | goto bad; | 1525 | goto bad; |
| 1520 | } | 1526 | } |
| 1521 | 1527 | ||
| 1522 | if (buf[2] != info->sym_num || buf[3] != info->ocon_num) { | 1528 | if (le32_to_cpu(buf[2]) != info->sym_num || |
| 1529 | le32_to_cpu(buf[3]) != info->ocon_num) { | ||
| 1523 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " | 1530 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " |
| 1524 | "not match mine (%d,%d)\n", buf[2], buf[3], | 1531 | "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), |
| 1532 | le32_to_cpu(buf[3]), | ||
| 1525 | info->sym_num, info->ocon_num); | 1533 | info->sym_num, info->ocon_num); |
| 1526 | goto bad; | 1534 | goto bad; |
| 1527 | } | 1535 | } |