diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad725213f568..932eef18db33 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2477,6 +2477,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
| 2477 | prot = reqprot; | 2477 | prot = reqprot; |
| 2478 | 2478 | ||
| 2479 | #ifndef CONFIG_PPC32 | 2479 | #ifndef CONFIG_PPC32 |
| 2480 | if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) && | ||
| 2481 | (vma->vm_start >= vma->vm_mm->start_brk && | ||
| 2482 | vma->vm_end <= vma->vm_mm->brk)) { | ||
| 2483 | /* | ||
| 2484 | * We are making an executable mapping in the brk region. | ||
| 2485 | * This has an additional execheap check. | ||
| 2486 | */ | ||
| 2487 | rc = task_has_perm(current, current, PROCESS__EXECHEAP); | ||
| 2488 | if (rc) | ||
| 2489 | return rc; | ||
| 2490 | } | ||
| 2480 | if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { | 2491 | if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { |
| 2481 | /* | 2492 | /* |
| 2482 | * We are making executable a file mapping that has | 2493 | * We are making executable a file mapping that has |