Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: SELinux: Remove security_get_policycaps() security: allow Kconfig to set default mmap_min_addr protection
author: Linus Torvalds <torvalds@woody.linux-foundation.org> 2008-02-06 13:48:34 -0500
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2008-02-06 13:48:34 -0500
commit: 8ed5de58cf4c45ff0ca97cb0d48d76f0e42faec6 (patch)
tree: ede6bc489b4d0cae91d730393d6c0dc654528b46
parent: 2dd550b90b03d5f236a18ae491bf6e70798469a8 (diff)
parent: 394c6753978a75cab7558a377f2551a3c1101027 (diff)
4 files changed, 21 insertions, 35 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 25ffe1b9dc98..5dfc206748cf 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -104,6 +104,24 @@ config SECURITY_ROOTPLUG
          
          If you are unsure how to answer this question, answer N.
+config SECURITY_DEFAULT_MMAP_MIN_ADDR
+        int "Low address space to protect from user allocation"
+        depends on SECURITY
+        default 0
+        help
+          This is the portion of low virtual memory which should be protected
+          from userspace allocation.  Keeping a user from writing to low pages
+          can help reduce the impact of kernel NULL pointer bugs.
+          For most users with lots of address space a value of 65536 is
+          reasonable and should cause no problems.  Programs which use vm86
+          functionality would either need additional permissions from either
+          the LSM or the capabilities module or have this protection disabled.
+          This value can be changed after boot using the
+          /proc/sys/vm/mmap_min_addr tunable.
 source security/selinux/Kconfig
 source security/smack/Kconfig
diff --git a/security/security.c b/security/security.c
index b6c57a6b2ff5..d15e56cbaade 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
 extern void security_fixup_ops(struct security_operations *ops);
 struct security_operations *security_ops;       /* Initialized to NULL */
-unsigned long mmap_min_addr;            /* 0 means no protection */
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
 static inline int verify(struct security_operations *ops)
 {
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 23137c17f917..837ce420d2f6 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -107,7 +107,6 @@ int security_get_classes(char ***classes, int *nclasses);
 int security_get_permissions(char *class, char ***perms, int *nperms);
 int security_get_reject_unknown(void);
 int security_get_allow_unknown(void);
-int security_get_policycaps(int *len, int **values);
 #define SECURITY_FS_USE_XATTR           1 /* use xattr */
 #define SECURITY_FS_USE_TRANS           2 /* use transition SIDs, e.g. devpts/tmpfs */
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index fced6bccee76..f37418601215 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2246,39 +2246,6 @@ int security_get_allow_unknown(void)
 }
 /**
- * security_get_policycaps - Query the loaded policy for its capabilities
- * @len: the number of capability bits
- * @values: the capability bit array
- *
- * Description:
- * Get an array of the policy capabilities in @values where each entry in
- * @values is either true (1) or false (0) depending the policy's support of
- * that feature.  The policy capabilities are defined by the
- * POLICYDB_CAPABILITY_* enums.  The size of the array is stored in @len and it
- * is up to the caller to free the array in @values.  Returns zero on success,
- * negative values on failure.
- *
- */
-int security_get_policycaps(int *len, int **values)
-{
-        int rc = -ENOMEM;
-        unsigned int iter;
-        POLICY_RDLOCK;
-        *values = kcalloc(POLICYDB_CAPABILITY_MAX, sizeof(int), GFP_ATOMIC);
-        if (*values == NULL)
-                goto out;
-        for (iter = 0; iter < POLICYDB_CAPABILITY_MAX; iter++)
-                (*values)[iter] = ebitmap_get_bit(&policydb.policycaps, iter);
-        *len = POLICYDB_CAPABILITY_MAX;
-out:
-        POLICY_RDUNLOCK;
-        return rc;
-}
-/**
 * security_policycap_supported - Check for a specific policy capability
 * @req_cap: capability
 *
author	Linus Torvalds <torvalds@woody.linux-foundation.org>	2008-02-06 13:48:34 -0500
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2008-02-06 13:48:34 -0500
commit	8ed5de58cf4c45ff0ca97cb0d48d76f0e42faec6 (patch)
tree	ede6bc489b4d0cae91d730393d6c0dc654528b46
parent	2dd550b90b03d5f236a18ae491bf6e70798469a8 (diff)
parent	394c6753978a75cab7558a377f2551a3c1101027 (diff)

diff --git a/security/Kconfig b/security/Kconfig index 25ffe1b9dc98..5dfc206748cf 100644 --- a/security/Kconfig +++ b/security/Kconfig
@@ -104,6 +104,24 @@ config SECURITY_ROOTPLUG
104		104
105	If you are unsure how to answer this question, answer N.	105	If you are unsure how to answer this question, answer N.
106		106
		107	config SECURITY_DEFAULT_MMAP_MIN_ADDR
		108	int "Low address space to protect from user allocation"
		109	depends on SECURITY
		110	default 0
		111	help
		112	This is the portion of low virtual memory which should be protected
		113	from userspace allocation. Keeping a user from writing to low pages
		114	can help reduce the impact of kernel NULL pointer bugs.
		115
		116	For most users with lots of address space a value of 65536 is
		117	reasonable and should cause no problems. Programs which use vm86
		118	functionality would either need additional permissions from either
		119	the LSM or the capabilities module or have this protection disabled.
		120
		121	This value can be changed after boot using the
		122	/proc/sys/vm/mmap_min_addr tunable.
		123
		124
107	source security/selinux/Kconfig	125	source security/selinux/Kconfig
108	source security/smack/Kconfig	126	source security/smack/Kconfig
109		127


diff --git a/security/security.c b/security/security.c index b6c57a6b2ff5..d15e56cbaade 100644 --- a/security/security.c +++ b/security/security.c
@@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
23	extern void security_fixup_ops(struct security_operations *ops);	23	extern void security_fixup_ops(struct security_operations *ops);
24		24
25	struct security_operations security_ops; / Initialized to NULL */	25	struct security_operations security_ops; / Initialized to NULL */
26	unsigned long mmap_min_addr; /* 0 means no protection */	26
		27	/* amount of vm to protect from userspace access */
		28	unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
27		29
28	static inline int verify(struct security_operations *ops)	30	static inline int verify(struct security_operations *ops)
29	{	31	{


diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 23137c17f917..837ce420d2f6 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h
@@ -107,7 +107,6 @@ int security_get_classes(char **classes, int nclasses);
107	int security_get_permissions(char class, char *perms, int nperms);	107	int security_get_permissions(char class, char *perms, int nperms);
108	int security_get_reject_unknown(void);	108	int security_get_reject_unknown(void);
109	int security_get_allow_unknown(void);	109	int security_get_allow_unknown(void);
110	int security_get_policycaps(int len, int *values);
111		110
112	#define SECURITY_FS_USE_XATTR 1 /* use xattr */	111	#define SECURITY_FS_USE_XATTR 1 /* use xattr */
113	#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */	112	#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */


diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index fced6bccee76..f37418601215 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -2246,39 +2246,6 @@ int security_get_allow_unknown(void)
2246	}	2246	}
2247		2247
2248	/**	2248	/**
2249	* security_get_policycaps - Query the loaded policy for its capabilities
2250	* @len: the number of capability bits
2251	* @values: the capability bit array
2252	*
2253	* Description:
2254	* Get an array of the policy capabilities in @values where each entry in
2255	* @values is either true (1) or false (0) depending the policy's support of
2256	* that feature. The policy capabilities are defined by the
2257	* POLICYDB_CAPABILITY_* enums. The size of the array is stored in @len and it
2258	* is up to the caller to free the array in @values. Returns zero on success,
2259	* negative values on failure.
2260	*
2261	*/
2262	int security_get_policycaps(int len, int *values)
2263	{
2264	int rc = -ENOMEM;
2265	unsigned int iter;
2266
2267	POLICY_RDLOCK;
2268
2269	*values = kcalloc(POLICYDB_CAPABILITY_MAX, sizeof(int), GFP_ATOMIC);
2270	if (*values == NULL)
2271	goto out;
2272	for (iter = 0; iter < POLICYDB_CAPABILITY_MAX; iter++)
2273	(*values)[iter] = ebitmap_get_bit(&policydb.policycaps, iter);
2274	*len = POLICYDB_CAPABILITY_MAX;
2275
2276	out:
2277	POLICY_RDUNLOCK;
2278	return rc;
2279	}
2280
2281	/**
2282	* security_policycap_supported - Check for a specific policy capability	2249	* security_policycap_supported - Check for a specific policy capability
2283	* @req_cap: capability	2250	* @req_cap: capability
2284	*	2251	*