Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6

author: Alex Elder <elder@ieee.org> 2009-09-10 15:33:56 -0400
committer: Alex Elder <aelder@sgi.com> 2009-09-10 15:33:56 -0400
commit: a4872d5b6ad69a49975c0268828b5bb2317ea5a0 (patch)
tree: f79577c2731753efb621ef62774949c1e0acdaad /security/selinux/hooks.c
parent: 4734d401d43c6469d568caf223d37aa0fc1bf4dc (diff)
parent: 74fca6a42863ffacaf7ba6f1936a9f228950f657 (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1e8cfc4c2ed6..8d8b69c5664e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3030,9 +3030,21 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
        int rc = 0;
        u32 sid = current_sid();
-        if (addr < mmap_min_addr)
+        /*
+         * notice that we are intentionally putting the SELinux check before
+         * the secondary cap_file_mmap check.  This is such a likely attempt
+         * at bad behaviour/exploit that we always want to get the AVC, even
+         * if DAC would have also denied the operation.
+         */
+        if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
                rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
                                  MEMPROTECT__MMAP_ZERO, NULL);
+                if (rc)
+                        return rc;
+        }
+        /* do DAC check on address space usage */
+        rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
        if (rc || addr_only)
                return rc;
author	Alex Elder <elder@ieee.org>	2009-09-10 15:33:56 -0400
committer	Alex Elder <aelder@sgi.com>	2009-09-10 15:33:56 -0400
commit	a4872d5b6ad69a49975c0268828b5bb2317ea5a0 (patch)
tree	f79577c2731753efb621ef62774949c1e0acdaad /security/selinux/hooks.c
parent	4734d401d43c6469d568caf223d37aa0fc1bf4dc (diff)
parent	74fca6a42863ffacaf7ba6f1936a9f228950f657 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1e8cfc4c2ed6..8d8b69c5664e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -3030,9 +3030,21 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3030	int rc = 0;	3030	int rc = 0;
3031	u32 sid = current_sid();	3031	u32 sid = current_sid();
3032		3032
3033	if (addr < mmap_min_addr)	3033	/*
		3034	* notice that we are intentionally putting the SELinux check before
		3035	* the secondary cap_file_mmap check. This is such a likely attempt
		3036	* at bad behaviour/exploit that we always want to get the AVC, even
		3037	* if DAC would have also denied the operation.
		3038	*/
		3039	if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3034	rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,	3040	rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3035	MEMPROTECT__MMAP_ZERO, NULL);	3041	MEMPROTECT__MMAP_ZERO, NULL);
		3042	if (rc)
		3043	return rc;
		3044	}
		3045
		3046	/* do DAC check on address space usage */
		3047	rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
3036	if (rc \|\| addr_only)	3048	if (rc \|\| addr_only)
3037	return rc;	3049	return rc;
3038		3050