diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-30 13:30:51 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-31 13:11:54 -0400 |
| commit | e5467859f7f79b69fc49004403009dfdba3bec53 (patch) | |
| tree | 73b011daf79eeddd61bbcaf65cd197b5e5f6f149 /security | |
| parent | d007794a182bc072a7b7479909dbd0d67ba341be (diff) | |
split ->file_mmap() into ->mmap_addr()/->mmap_file()
... i.e. file-dependent and address-dependent checks.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/lsm.c | 15 | ||||
| -rw-r--r-- | security/capability.c | 3 | ||||
| -rw-r--r-- | security/commoncap.c | 21 | ||||
| -rw-r--r-- | security/security.c | 12 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 15 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 15 |
6 files changed, 30 insertions, 51 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8430d8937afb..8ea39aabe948 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -490,17 +490,9 @@ static int common_mmap(int op, struct file *file, unsigned long prot, | |||
| 490 | return common_file_perm(op, file, mask); | 490 | return common_file_perm(op, file, mask); |
| 491 | } | 491 | } |
| 492 | 492 | ||
| 493 | static int apparmor_file_mmap(struct file *file, unsigned long reqprot, | 493 | static int apparmor_mmap_file(struct file *file, unsigned long reqprot, |
| 494 | unsigned long prot, unsigned long flags, | 494 | unsigned long prot, unsigned long flags) |
| 495 | unsigned long addr, unsigned long addr_only) | ||
| 496 | { | 495 | { |
| 497 | int rc = 0; | ||
| 498 | |||
| 499 | /* do DAC check */ | ||
| 500 | rc = cap_mmap_addr(addr); | ||
| 501 | if (rc || addr_only) | ||
| 502 | return rc; | ||
| 503 | |||
| 504 | return common_mmap(OP_FMMAP, file, prot, flags); | 496 | return common_mmap(OP_FMMAP, file, prot, flags); |
| 505 | } | 497 | } |
| 506 | 498 | ||
| @@ -646,7 +638,8 @@ static struct security_operations apparmor_ops = { | |||
| 646 | .file_permission = apparmor_file_permission, | 638 | .file_permission = apparmor_file_permission, |
| 647 | .file_alloc_security = apparmor_file_alloc_security, | 639 | .file_alloc_security = apparmor_file_alloc_security, |
| 648 | .file_free_security = apparmor_file_free_security, | 640 | .file_free_security = apparmor_file_free_security, |
| 649 | .file_mmap = apparmor_file_mmap, | 641 | .mmap_file = apparmor_mmap_file, |
| 642 | .mmap_addr = cap_mmap_addr, | ||
| 650 | .file_mprotect = apparmor_file_mprotect, | 643 | .file_mprotect = apparmor_file_mprotect, |
| 651 | .file_lock = apparmor_file_lock, | 644 | .file_lock = apparmor_file_lock, |
| 652 | 645 | ||
diff --git a/security/capability.c b/security/capability.c index fca889676c5e..61095df8b89a 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -949,7 +949,8 @@ void __init security_fixup_ops(struct security_operations *ops) | |||
| 949 | set_to_cap_if_null(ops, file_alloc_security); | 949 | set_to_cap_if_null(ops, file_alloc_security); |
| 950 | set_to_cap_if_null(ops, file_free_security); | 950 | set_to_cap_if_null(ops, file_free_security); |
| 951 | set_to_cap_if_null(ops, file_ioctl); | 951 | set_to_cap_if_null(ops, file_ioctl); |
| 952 | set_to_cap_if_null(ops, file_mmap); | 952 | set_to_cap_if_null(ops, mmap_addr); |
| 953 | set_to_cap_if_null(ops, mmap_file); | ||
| 953 | set_to_cap_if_null(ops, file_mprotect); | 954 | set_to_cap_if_null(ops, file_mprotect); |
| 954 | set_to_cap_if_null(ops, file_lock); | 955 | set_to_cap_if_null(ops, file_lock); |
| 955 | set_to_cap_if_null(ops, file_fcntl); | 956 | set_to_cap_if_null(ops, file_fcntl); |
diff --git a/security/commoncap.c b/security/commoncap.c index ebac3618896e..6dbae4650abe 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -980,23 +980,8 @@ int cap_mmap_addr(unsigned long addr) | |||
| 980 | return ret; | 980 | return ret; |
| 981 | } | 981 | } |
| 982 | 982 | ||
| 983 | /* | 983 | int cap_mmap_file(struct file *file, unsigned long reqprot, |
| 984 | * cap_file_mmap - check if able to map given addr | 984 | unsigned long prot, unsigned long flags) |
| 985 | * @file: unused | ||
| 986 | * @reqprot: unused | ||
| 987 | * @prot: unused | ||
| 988 | * @flags: unused | ||
| 989 | * @addr: address attempting to be mapped | ||
| 990 | * @addr_only: unused | ||
| 991 | * | ||
| 992 | * If the process is attempting to map memory below dac_mmap_min_addr they need | ||
| 993 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the | ||
| 994 | * capability security module. Returns 0 if this mapping should be allowed | ||
| 995 | * -EPERM if not. | ||
| 996 | */ | ||
| 997 | int cap_file_mmap(struct file *file, unsigned long reqprot, | ||
| 998 | unsigned long prot, unsigned long flags, | ||
| 999 | unsigned long addr, unsigned long addr_only) | ||
| 1000 | { | 985 | { |
| 1001 | return cap_mmap_addr(addr); | 986 | return 0; |
| 1002 | } | 987 | } |
diff --git a/security/security.c b/security/security.c index 5497a57fba01..d91c66d3956b 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -657,18 +657,22 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
| 657 | return security_ops->file_ioctl(file, cmd, arg); | 657 | return security_ops->file_ioctl(file, cmd, arg); |
| 658 | } | 658 | } |
| 659 | 659 | ||
| 660 | int security_file_mmap(struct file *file, unsigned long reqprot, | 660 | int security_mmap_file(struct file *file, unsigned long reqprot, |
| 661 | unsigned long prot, unsigned long flags, | 661 | unsigned long prot, unsigned long flags) |
| 662 | unsigned long addr, unsigned long addr_only) | ||
| 663 | { | 662 | { |
| 664 | int ret; | 663 | int ret; |
| 665 | 664 | ||
| 666 | ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); | 665 | ret = security_ops->mmap_file(file, reqprot, prot, flags); |
| 667 | if (ret) | 666 | if (ret) |
| 668 | return ret; | 667 | return ret; |
| 669 | return ima_file_mmap(file, prot); | 668 | return ima_file_mmap(file, prot); |
| 670 | } | 669 | } |
| 671 | 670 | ||
| 671 | int security_mmap_addr(unsigned long addr) | ||
| 672 | { | ||
| 673 | return security_ops->mmap_addr(addr); | ||
| 674 | } | ||
| 675 | |||
| 672 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, | 676 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, |
| 673 | unsigned long prot) | 677 | unsigned long prot) |
| 674 | { | 678 | { |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 25c125eaa3d8..372ec6502aa8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3083,9 +3083,7 @@ error: | |||
| 3083 | return rc; | 3083 | return rc; |
| 3084 | } | 3084 | } |
| 3085 | 3085 | ||
| 3086 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 3086 | static int selinux_mmap_addr(unsigned long addr) |
| 3087 | unsigned long prot, unsigned long flags, | ||
| 3088 | unsigned long addr, unsigned long addr_only) | ||
| 3089 | { | 3087 | { |
| 3090 | int rc = 0; | 3088 | int rc = 0; |
| 3091 | u32 sid = current_sid(); | 3089 | u32 sid = current_sid(); |
| @@ -3104,10 +3102,12 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
| 3104 | } | 3102 | } |
| 3105 | 3103 | ||
| 3106 | /* do DAC check on address space usage */ | 3104 | /* do DAC check on address space usage */ |
| 3107 | rc = cap_mmap_addr(addr); | 3105 | return cap_mmap_addr(addr); |
| 3108 | if (rc || addr_only) | 3106 | } |
| 3109 | return rc; | ||
| 3110 | 3107 | ||
| 3108 | static int selinux_mmap_file(struct file *file, unsigned long reqprot, | ||
| 3109 | unsigned long prot, unsigned long flags) | ||
| 3110 | { | ||
| 3111 | if (selinux_checkreqprot) | 3111 | if (selinux_checkreqprot) |
| 3112 | prot = reqprot; | 3112 | prot = reqprot; |
| 3113 | 3113 | ||
| @@ -5570,7 +5570,8 @@ static struct security_operations selinux_ops = { | |||
| 5570 | .file_alloc_security = selinux_file_alloc_security, | 5570 | .file_alloc_security = selinux_file_alloc_security, |
| 5571 | .file_free_security = selinux_file_free_security, | 5571 | .file_free_security = selinux_file_free_security, |
| 5572 | .file_ioctl = selinux_file_ioctl, | 5572 | .file_ioctl = selinux_file_ioctl, |
| 5573 | .file_mmap = selinux_file_mmap, | 5573 | .mmap_file = selinux_mmap_file, |
| 5574 | .mmap_addr = selinux_mmap_addr, | ||
| 5574 | .file_mprotect = selinux_file_mprotect, | 5575 | .file_mprotect = selinux_file_mprotect, |
| 5575 | .file_lock = selinux_file_lock, | 5576 | .file_lock = selinux_file_lock, |
| 5576 | .file_fcntl = selinux_file_fcntl, | 5577 | .file_fcntl = selinux_file_fcntl, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a62197718768..ee0bb5735f35 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1171,7 +1171,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1171 | } | 1171 | } |
| 1172 | 1172 | ||
| 1173 | /** | 1173 | /** |
| 1174 | * smack_file_mmap : | 1174 | * smack_mmap_file : |
| 1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. | 1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. |
| 1176 | * if mapping anonymous memory. | 1176 | * if mapping anonymous memory. |
| 1177 | * @file contains the file structure for file to map (may be NULL). | 1177 | * @file contains the file structure for file to map (may be NULL). |
| @@ -1180,10 +1180,9 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1180 | * @flags contains the operational flags. | 1180 | * @flags contains the operational flags. |
| 1181 | * Return 0 if permission is granted. | 1181 | * Return 0 if permission is granted. |
| 1182 | */ | 1182 | */ |
| 1183 | static int smack_file_mmap(struct file *file, | 1183 | static int smack_mmap_file(struct file *file, |
| 1184 | unsigned long reqprot, unsigned long prot, | 1184 | unsigned long reqprot, unsigned long prot, |
| 1185 | unsigned long flags, unsigned long addr, | 1185 | unsigned long flags) |
| 1186 | unsigned long addr_only) | ||
| 1187 | { | 1186 | { |
| 1188 | struct smack_known *skp; | 1187 | struct smack_known *skp; |
| 1189 | struct smack_rule *srp; | 1188 | struct smack_rule *srp; |
| @@ -1198,11 +1197,6 @@ static int smack_file_mmap(struct file *file, | |||
| 1198 | int tmay; | 1197 | int tmay; |
| 1199 | int rc; | 1198 | int rc; |
| 1200 | 1199 | ||
| 1201 | /* do DAC check on address space usage */ | ||
| 1202 | rc = cap_mmap_addr(addr); | ||
| 1203 | if (rc || addr_only) | ||
| 1204 | return rc; | ||
| 1205 | |||
| 1206 | if (file == NULL || file->f_dentry == NULL) | 1200 | if (file == NULL || file->f_dentry == NULL) |
| 1207 | return 0; | 1201 | return 0; |
| 1208 | 1202 | ||
| @@ -3482,7 +3476,8 @@ struct security_operations smack_ops = { | |||
| 3482 | .file_ioctl = smack_file_ioctl, | 3476 | .file_ioctl = smack_file_ioctl, |
| 3483 | .file_lock = smack_file_lock, | 3477 | .file_lock = smack_file_lock, |
| 3484 | .file_fcntl = smack_file_fcntl, | 3478 | .file_fcntl = smack_file_fcntl, |
| 3485 | .file_mmap = smack_file_mmap, | 3479 | .mmap_file = smack_mmap_file, |
| 3480 | .mmap_addr = cap_mmap_addr, | ||
| 3486 | .file_set_fowner = smack_file_set_fowner, | 3481 | .file_set_fowner = smack_file_set_fowner, |
| 3487 | .file_send_sigiotask = smack_file_send_sigiotask, | 3482 | .file_send_sigiotask = smack_file_send_sigiotask, |
| 3488 | .file_receive = smack_file_receive, | 3483 | .file_receive = smack_file_receive, |