aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-09-12 22:54:10 -0400
committerJames Morris <jmorris@namei.org>2009-09-13 22:34:07 -0400
commited868a56988464cd31de0302426a5e94d3127f10 (patch)
treecdcd1715445aa19051b6a9a671b39250a449333a
parent86d710146fb9975f04c505ec78caa43d227c1018 (diff)
Creds: creds->security can be NULL is selinux is disabled
__validate_process_creds should check if selinux is actually enabled before running tests on the selinux portion of the credentials struct. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--include/linux/cred.h13
-rw-r--r--include/linux/selinux.h9
-rw-r--r--security/selinux/exports.c6
3 files changed, 23 insertions, 5 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 24520a539c6f..fb371601a3b4 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -15,6 +15,7 @@
15#include <linux/capability.h> 15#include <linux/capability.h>
16#include <linux/init.h> 16#include <linux/init.h>
17#include <linux/key.h> 17#include <linux/key.h>
18#include <linux/selinux.h>
18#include <asm/atomic.h> 19#include <asm/atomic.h>
19 20
20struct user_struct; 21struct user_struct;
@@ -182,11 +183,13 @@ static inline bool creds_are_invalid(const struct cred *cred)
182 if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers)) 183 if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
183 return true; 184 return true;
184#ifdef CONFIG_SECURITY_SELINUX 185#ifdef CONFIG_SECURITY_SELINUX
185 if ((unsigned long) cred->security < PAGE_SIZE) 186 if (selinux_is_enabled()) {
186 return true; 187 if ((unsigned long) cred->security < PAGE_SIZE)
187 if ((*(u32*)cred->security & 0xffffff00) == 188 return true;
188 (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) 189 if ((*(u32 *)cred->security & 0xffffff00) ==
189 return true; 190 (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
191 return true;
192 }
190#endif 193#endif
191 return false; 194 return false;
192} 195}
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 20f965d4b041..223d06a6feb1 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -61,6 +61,11 @@ void selinux_secmark_refcount_inc(void);
61 * existing SECMARK targets has been removed/flushed. 61 * existing SECMARK targets has been removed/flushed.
62 */ 62 */
63void selinux_secmark_refcount_dec(void); 63void selinux_secmark_refcount_dec(void);
64
65/**
66 * selinux_is_enabled - is SELinux enabled?
67 */
68bool selinux_is_enabled(void);
64#else 69#else
65 70
66static inline int selinux_string_to_sid(const char *str, u32 *sid) 71static inline int selinux_string_to_sid(const char *str, u32 *sid)
@@ -84,6 +89,10 @@ static inline void selinux_secmark_refcount_dec(void)
84 return; 89 return;
85} 90}
86 91
92static bool selinux_is_enabled(void)
93{
94 return false;
95}
87#endif /* CONFIG_SECURITY_SELINUX */ 96#endif /* CONFIG_SECURITY_SELINUX */
88 97
89#endif /* _LINUX_SELINUX_H */ 98#endif /* _LINUX_SELINUX_H */
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index c73aeaa008e8..c0a454aee1e0 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -63,3 +63,9 @@ void selinux_secmark_refcount_dec(void)
63 atomic_dec(&selinux_secmark_refcount); 63 atomic_dec(&selinux_secmark_refcount);
64} 64}
65EXPORT_SYMBOL_GPL(selinux_secmark_refcount_dec); 65EXPORT_SYMBOL_GPL(selinux_secmark_refcount_dec);
66
67bool selinux_is_enabled(void)
68{
69 return selinux_enabled;
70}
71EXPORT_SYMBOL_GPL(selinux_is_enabled);