diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 15c2a08a66f1..8d8b69c5664e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1285,6 +1285,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
| 1285 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, | 1285 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, |
| 1286 | context, len); | 1286 | context, len); |
| 1287 | if (rc == -ERANGE) { | 1287 | if (rc == -ERANGE) { |
| 1288 | kfree(context); | ||
| 1289 | |||
| 1288 | /* Need a larger buffer. Query for the right size. */ | 1290 | /* Need a larger buffer. Query for the right size. */ |
| 1289 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, | 1291 | rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, |
| 1290 | NULL, 0); | 1292 | NULL, 0); |
| @@ -1292,7 +1294,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
| 1292 | dput(dentry); | 1294 | dput(dentry); |
| 1293 | goto out_unlock; | 1295 | goto out_unlock; |
| 1294 | } | 1296 | } |
| 1295 | kfree(context); | ||
| 1296 | len = rc; | 1297 | len = rc; |
| 1297 | context = kmalloc(len+1, GFP_NOFS); | 1298 | context = kmalloc(len+1, GFP_NOFS); |
| 1298 | if (!context) { | 1299 | if (!context) { |
| @@ -3029,9 +3030,21 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
| 3029 | int rc = 0; | 3030 | int rc = 0; |
| 3030 | u32 sid = current_sid(); | 3031 | u32 sid = current_sid(); |
| 3031 | 3032 | ||
| 3032 | if (addr < mmap_min_addr) | 3033 | /* |
| 3034 | * notice that we are intentionally putting the SELinux check before | ||
| 3035 | * the secondary cap_file_mmap check. This is such a likely attempt | ||
| 3036 | * at bad behaviour/exploit that we always want to get the AVC, even | ||
| 3037 | * if DAC would have also denied the operation. | ||
| 3038 | */ | ||
| 3039 | if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { | ||
| 3033 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, | 3040 | rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, |
| 3034 | MEMPROTECT__MMAP_ZERO, NULL); | 3041 | MEMPROTECT__MMAP_ZERO, NULL); |
| 3042 | if (rc) | ||
| 3043 | return rc; | ||
| 3044 | } | ||
| 3045 | |||
| 3046 | /* do DAC check on address space usage */ | ||
| 3047 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | ||
| 3035 | if (rc || addr_only) | 3048 | if (rc || addr_only) |
| 3036 | return rc; | 3049 | return rc; |
| 3037 | 3050 | ||