1 files changed, 44 insertions, 29 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index eb5c307fcc9a..6ab22720c277 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -106,7 +106,7 @@ int selinux_enforcing;
 static int __init enforcing_setup(char *str)
 {
        unsigned long enforcing;
-        if (!strict_strtoul(str, 0, &enforcing))
+        if (!kstrtoul(str, 0, &enforcing))
                selinux_enforcing = enforcing ? 1 : 0;
        return 1;
 }
@@ -119,7 +119,7 @@ int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
 static int __init selinux_enabled_setup(char *str)
 {
        unsigned long enabled;
-        if (!strict_strtoul(str, 0, &enabled))
+        if (!kstrtoul(str, 0, &enabled))
                selinux_enabled = enabled ? 1 : 0;
        return 1;
 }
@@ -668,7 +668,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
                if (flags[i] == SBLABEL_MNT)
                        continue;
                rc = security_context_to_sid(mount_options[i],
-                                             strlen(mount_options[i]), &sid);
+                                             strlen(mount_options[i]), &sid, GFP_KERNEL);
                if (rc) {
                        printk(KERN_WARNING "SELinux: security_context_to_sid"
                               "(%s) failed for (dev %s, type %s) errno=%d\n",
@@ -1418,15 +1418,33 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                isec->sid = sbsec->sid;
                if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
-                        if (opt_dentry) {
+                        /* We must have a dentry to determine the label on
-                                isec->sclass = inode_mode_to_security_class(inode->i_mode);
+                         * procfs inodes */
-                                rc = selinux_proc_get_sid(opt_dentry,
+                        if (opt_dentry)
-                                                          isec->sclass,
+                                /* Called from d_instantiate or
-                                                          &sid);
+                                 * d_splice_alias. */
-                                if (rc)
+                                dentry = dget(opt_dentry);
-                                        goto out_unlock;
+                        else
-                                isec->sid = sid;
+                                /* Called from selinux_complete_init, try to
-                        }
+                                 * find a dentry. */
+                                dentry = d_find_alias(inode);
+                        /*
+                         * This can be hit on boot when a file is accessed
+                         * before the policy is loaded.  When we load policy we
+                         * may find inodes that have no dentry on the
+                         * sbsec->isec_head list.  No reason to complain as
+                         * these will get fixed up the next time we go through
+                         * inode_doinit() with a dentry, before these inodes
+                         * could be used again by userspace.
+                         */
+                        if (!dentry)
+                                goto out_unlock;
+                        isec->sclass = inode_mode_to_security_class(inode->i_mode);
+                        rc = selinux_proc_get_sid(dentry, isec->sclass, &sid);
+                        dput(dentry);
+                        if (rc)
+                                goto out_unlock;
+                        isec->sid = sid;
                }
                break;
        }
@@ -2489,7 +2507,8 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
                if (flags[i] == SBLABEL_MNT)
                        continue;
                len = strlen(mount_options[i]);
-                rc = security_context_to_sid(mount_options[i], len, &sid);
+                rc = security_context_to_sid(mount_options[i], len, &sid,
+                                             GFP_KERNEL);
                if (rc) {
                        printk(KERN_WARNING "SELinux: security_context_to_sid"
                               "(%s) failed for (dev %s, type %s) errno=%d\n",
@@ -2893,7 +2912,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
        if (rc)
                return rc;
-        rc = security_context_to_sid(value, size, &newsid);
+        rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
        if (rc == -EINVAL) {
                if (!capable(CAP_MAC_ADMIN)) {
                        struct audit_buffer *ab;
@@ -3050,7 +3069,7 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
        if (!value || !size)
                return -EACCES;
-        rc = security_context_to_sid((void *)value, size, &newsid);
+        rc = security_context_to_sid((void *)value, size, &newsid, GFP_KERNEL);
        if (rc)
                return rc;
@@ -3204,24 +3223,20 @@ error:
 static int selinux_mmap_addr(unsigned long addr)
 {
-        int rc = 0;
+        int rc;
-        u32 sid = current_sid();
+        /* do DAC check on address space usage */
+        rc = cap_mmap_addr(addr);
+        if (rc)
+                return rc;
-        /*
-         * notice that we are intentionally putting the SELinux check before
-         * the secondary cap_file_mmap check.  This is such a likely attempt
-         * at bad behaviour/exploit that we always want to get the AVC, even
-         * if DAC would have also denied the operation.
-         */
        if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
+                u32 sid = current_sid();
                rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
                                  MEMPROTECT__MMAP_ZERO, NULL);
-                if (rc)
-                        return rc;
        }
-        /* do DAC check on address space usage */
+        return rc;
-        return cap_mmap_addr(addr);
 }
 static int selinux_mmap_file(struct file *file, unsigned long reqprot,
@@ -5529,7 +5544,7 @@ static int selinux_setprocattr(struct task_struct *p,
                        str[size-1] = 0;
                        size--;
                }
-                error = security_context_to_sid(value, size, &sid);
+                error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
                if (error == -EINVAL && !strcmp(name, "fscreate")) {
                        if (!capable(CAP_MAC_ADMIN)) {
                                struct audit_buffer *ab;
@@ -5638,7 +5653,7 @@ static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
 {
-        return security_context_to_sid(secdata, seclen, secid);
+        return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
 }
 static void selinux_release_secctx(char *secdata, u32 seclen)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index eb5c307fcc9a..6ab22720c277 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -106,7 +106,7 @@ int selinux_enforcing;
106	static int __init enforcing_setup(char *str)	106	static int __init enforcing_setup(char *str)
107	{	107	{
108	unsigned long enforcing;	108	unsigned long enforcing;
109	if (!strict_strtoul(str, 0, &enforcing))	109	if (!kstrtoul(str, 0, &enforcing))
110	selinux_enforcing = enforcing ? 1 : 0;	110	selinux_enforcing = enforcing ? 1 : 0;
111	return 1;	111	return 1;
112	}	112	}
@@ -119,7 +119,7 @@ int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
119	static int __init selinux_enabled_setup(char *str)	119	static int __init selinux_enabled_setup(char *str)
120	{	120	{
121	unsigned long enabled;	121	unsigned long enabled;
122	if (!strict_strtoul(str, 0, &enabled))	122	if (!kstrtoul(str, 0, &enabled))
123	selinux_enabled = enabled ? 1 : 0;	123	selinux_enabled = enabled ? 1 : 0;
124	return 1;	124	return 1;
125	}	125	}
@@ -668,7 +668,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
668	if (flags[i] == SBLABEL_MNT)	668	if (flags[i] == SBLABEL_MNT)
669	continue;	669	continue;
670	rc = security_context_to_sid(mount_options[i],	670	rc = security_context_to_sid(mount_options[i],
671	strlen(mount_options[i]), &sid);	671	strlen(mount_options[i]), &sid, GFP_KERNEL);
672	if (rc) {	672	if (rc) {
673	printk(KERN_WARNING "SELinux: security_context_to_sid"	673	printk(KERN_WARNING "SELinux: security_context_to_sid"
674	"(%s) failed for (dev %s, type %s) errno=%d\n",	674	"(%s) failed for (dev %s, type %s) errno=%d\n",
@@ -1418,15 +1418,33 @@ static int inode_doinit_with_dentry(struct inode inode, struct dentry opt_dent
1418	isec->sid = sbsec->sid;	1418	isec->sid = sbsec->sid;
1419		1419
1420	if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {	1420	if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1421	if (opt_dentry) {	1421	/* We must have a dentry to determine the label on
1422	isec->sclass = inode_mode_to_security_class(inode->i_mode);	1422	* procfs inodes */
1423	rc = selinux_proc_get_sid(opt_dentry,	1423	if (opt_dentry)
1424	isec->sclass,	1424	/* Called from d_instantiate or
1425	&sid);	1425	* d_splice_alias. */
1426	if (rc)	1426	dentry = dget(opt_dentry);
1427	goto out_unlock;	1427	else
1428	isec->sid = sid;	1428	/* Called from selinux_complete_init, try to
1429	}	1429	* find a dentry. */
		1430	dentry = d_find_alias(inode);
		1431	/*
		1432	* This can be hit on boot when a file is accessed
		1433	* before the policy is loaded. When we load policy we
		1434	* may find inodes that have no dentry on the
		1435	* sbsec->isec_head list. No reason to complain as
		1436	* these will get fixed up the next time we go through
		1437	* inode_doinit() with a dentry, before these inodes
		1438	* could be used again by userspace.
		1439	*/
		1440	if (!dentry)
		1441	goto out_unlock;
		1442	isec->sclass = inode_mode_to_security_class(inode->i_mode);
		1443	rc = selinux_proc_get_sid(dentry, isec->sclass, &sid);
		1444	dput(dentry);
		1445	if (rc)
		1446	goto out_unlock;
		1447	isec->sid = sid;
1430	}	1448	}
1431	break;	1449	break;
1432	}	1450	}
@@ -2489,7 +2507,8 @@ static int selinux_sb_remount(struct super_block sb, void data)
2489	if (flags[i] == SBLABEL_MNT)	2507	if (flags[i] == SBLABEL_MNT)
2490	continue;	2508	continue;
2491	len = strlen(mount_options[i]);	2509	len = strlen(mount_options[i]);
2492	rc = security_context_to_sid(mount_options[i], len, &sid);	2510	rc = security_context_to_sid(mount_options[i], len, &sid,
		2511	GFP_KERNEL);
2493	if (rc) {	2512	if (rc) {
2494	printk(KERN_WARNING "SELinux: security_context_to_sid"	2513	printk(KERN_WARNING "SELinux: security_context_to_sid"
2495	"(%s) failed for (dev %s, type %s) errno=%d\n",	2514	"(%s) failed for (dev %s, type %s) errno=%d\n",
@@ -2893,7 +2912,7 @@ static int selinux_inode_setxattr(struct dentry dentry, const char name,
2893	if (rc)	2912	if (rc)
2894	return rc;	2913	return rc;
2895		2914
2896	rc = security_context_to_sid(value, size, &newsid);	2915	rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
2897	if (rc == -EINVAL) {	2916	if (rc == -EINVAL) {
2898	if (!capable(CAP_MAC_ADMIN)) {	2917	if (!capable(CAP_MAC_ADMIN)) {
2899	struct audit_buffer *ab;	2918	struct audit_buffer *ab;
@@ -3050,7 +3069,7 @@ static int selinux_inode_setsecurity(struct inode inode, const char name,
3050	if (!value \|\| !size)	3069	if (!value \|\| !size)
3051	return -EACCES;	3070	return -EACCES;
3052		3071
3053	rc = security_context_to_sid((void *)value, size, &newsid);	3072	rc = security_context_to_sid((void *)value, size, &newsid, GFP_KERNEL);
3054	if (rc)	3073	if (rc)
3055	return rc;	3074	return rc;
3056		3075
@@ -3204,24 +3223,20 @@ error:
3204		3223
3205	static int selinux_mmap_addr(unsigned long addr)	3224	static int selinux_mmap_addr(unsigned long addr)
3206	{	3225	{
3207	int rc = 0;	3226	int rc;
3208	u32 sid = current_sid();	3227
		3228	/* do DAC check on address space usage */
		3229	rc = cap_mmap_addr(addr);
		3230	if (rc)
		3231	return rc;
3209		3232
3210	/*
3211	* notice that we are intentionally putting the SELinux check before
3212	* the secondary cap_file_mmap check. This is such a likely attempt
3213	* at bad behaviour/exploit that we always want to get the AVC, even
3214	* if DAC would have also denied the operation.
3215	*/
3216	if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {	3233	if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
		3234	u32 sid = current_sid();
3217	rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,	3235	rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3218	MEMPROTECT__MMAP_ZERO, NULL);	3236	MEMPROTECT__MMAP_ZERO, NULL);
3219	if (rc)
3220	return rc;
3221	}	3237	}
3222		3238
3223	/* do DAC check on address space usage */	3239	return rc;
3224	return cap_mmap_addr(addr);
3225	}	3240	}
3226		3241
3227	static int selinux_mmap_file(struct file *file, unsigned long reqprot,	3242	static int selinux_mmap_file(struct file *file, unsigned long reqprot,
@@ -5529,7 +5544,7 @@ static int selinux_setprocattr(struct task_struct *p,
5529	str[size-1] = 0;	5544	str[size-1] = 0;
5530	size--;	5545	size--;
5531	}	5546	}
5532	error = security_context_to_sid(value, size, &sid);	5547	error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5533	if (error == -EINVAL && !strcmp(name, "fscreate")) {	5548	if (error == -EINVAL && !strcmp(name, "fscreate")) {
5534	if (!capable(CAP_MAC_ADMIN)) {	5549	if (!capable(CAP_MAC_ADMIN)) {
5535	struct audit_buffer *ab;	5550	struct audit_buffer *ab;
@@ -5638,7 +5653,7 @@ static int selinux_secid_to_secctx(u32 secid, char *secdata, u32 seclen)
5638		5653
5639	static int selinux_secctx_to_secid(const char secdata, u32 seclen, u32 secid)	5654	static int selinux_secctx_to_secid(const char secdata, u32 seclen, u32 secid)
5640	{	5655	{
5641	return security_context_to_sid(secdata, seclen, secid);	5656	return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
5642	}	5657	}
5643		5658
5644	static void selinux_release_secctx(char *secdata, u32 seclen)	5659	static void selinux_release_secctx(char *secdata, u32 seclen)