1 files changed, 44 insertions, 32 deletions

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d106733ad987..4bca49414a40 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
         struct context context;
         int rc = 0;
 
+        /* An empty security context is never valid. */
+        if (!scontext_len)
+                return -EINVAL;
+
         if (!ss_initialized) {
                 int i;
 
@@ -1285,16 +1289,18 @@ out:
  * @scontext: security context
  * @scontext_len: length in bytes
  * @sid: security identifier, SID
+ * @gfp: context for the allocation
  *
  * Obtains a SID associated with the security context that
  * has the string representation specified by @scontext.
  * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
  * memory is available, or 0 on success.
  */
-int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
+int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid,
+                            gfp_t gfp)
 {
         return security_context_to_sid_core(scontext, scontext_len,
-                                            sid, SECSID_NULL, GFP_KERNEL, 0);
+                                            sid, SECSID_NULL, gfp, 0);
 }
 
 /**
@@ -1831,7 +1837,7 @@ static int security_preserve_bools(struct policydb *p);
  */
 int security_load_policy(void *data, size_t len)
 {
-        struct policydb oldpolicydb, newpolicydb;
+        struct policydb *oldpolicydb, *newpolicydb;
         struct sidtab oldsidtab, newsidtab;
         struct selinux_mapping *oldmap, *map = NULL;
         struct convert_context_args args;
@@ -1840,12 +1846,19 @@ int security_load_policy(void *data, size_t len)
         int rc = 0;
         struct policy_file file = { data, len }, *fp = &file;
 
+        oldpolicydb = kzalloc(2 * sizeof(*oldpolicydb), GFP_KERNEL);
+        if (!oldpolicydb) {
+                rc = -ENOMEM;
+                goto out;
+        }
+        newpolicydb = oldpolicydb + 1;
+
         if (!ss_initialized) {
                 avtab_cache_init();
                 rc = policydb_read(&policydb, fp);
                 if (rc) {
                         avtab_cache_destroy();
-                        return rc;
+                        goto out;
                 }
 
                 policydb.len = len;
@@ -1855,14 +1868,14 @@ int security_load_policy(void *data, size_t len)
                 if (rc) {
                         policydb_destroy(&policydb);
                         avtab_cache_destroy();
-                        return rc;
+                        goto out;
                 }
 
                 rc = policydb_load_isids(&policydb, &sidtab);
                 if (rc) {
                         policydb_destroy(&policydb);
                         avtab_cache_destroy();
-                        return rc;
+                        goto out;
                 }
 
                 security_load_policycaps();
@@ -1874,36 +1887,36 @@ int security_load_policy(void *data, size_t len)
                 selinux_status_update_policyload(seqno);
                 selinux_netlbl_cache_invalidate();
                 selinux_xfrm_notify_policyload();
-                return 0;
+                goto out;
         }
 
 #if 0
         sidtab_hash_eval(&sidtab, "sids");
 #endif
 
-        rc = policydb_read(&newpolicydb, fp);
+        rc = policydb_read(newpolicydb, fp);
         if (rc)
-                return rc;
+                goto out;
 
-        newpolicydb.len = len;
+        newpolicydb->len = len;
         /* If switching between different policy types, log MLS status */
-        if (policydb.mls_enabled && !newpolicydb.mls_enabled)
+        if (policydb.mls_enabled && !newpolicydb->mls_enabled)
                 printk(KERN_INFO "SELinux: Disabling MLS support...\n");
-        else if (!policydb.mls_enabled && newpolicydb.mls_enabled)
+        else if (!policydb.mls_enabled && newpolicydb->mls_enabled)
                 printk(KERN_INFO "SELinux: Enabling MLS support...\n");
 
-        rc = policydb_load_isids(&newpolicydb, &newsidtab);
+        rc = policydb_load_isids(newpolicydb, &newsidtab);
         if (rc) {
                 printk(KERN_ERR "SELinux:  unable to load the initial SIDs\n");
-                policydb_destroy(&newpolicydb);
-                return rc;
+                policydb_destroy(newpolicydb);
+                goto out;
         }
 
-        rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size);
+        rc = selinux_set_mapping(newpolicydb, secclass_map, &map, &map_size);
         if (rc)
                 goto err;
 
-        rc = security_preserve_bools(&newpolicydb);
+        rc = security_preserve_bools(newpolicydb);
         if (rc) {
                 printk(KERN_ERR "SELinux:  unable to preserve booleans\n");
                 goto err;
@@ -1921,7 +1934,7 @@ int security_load_policy(void *data, size_t len)
          * in the new SID table.
          */
         args.oldp = &policydb;
-        args.newp = &newpolicydb;
+        args.newp = newpolicydb;
         rc = sidtab_map(&newsidtab, convert_context, &args);
         if (rc) {
                 printk(KERN_ERR "SELinux:  unable to convert the internal"
@@ -1931,12 +1944,12 @@ int security_load_policy(void *data, size_t len)
         }
 
         /* Save the old policydb and SID table to free later. */
-        memcpy(&oldpolicydb, &policydb, sizeof policydb);
+        memcpy(oldpolicydb, &policydb, sizeof(policydb));
         sidtab_set(&oldsidtab, &sidtab);
 
         /* Install the new policydb and SID table. */
         write_lock_irq(&policy_rwlock);
-        memcpy(&policydb, &newpolicydb, sizeof policydb);
+        memcpy(&policydb, newpolicydb, sizeof(policydb));
         sidtab_set(&sidtab, &newsidtab);
         security_load_policycaps();
         oldmap = current_mapping;
@@ -1946,7 +1959,7 @@ int security_load_policy(void *data, size_t len)
         write_unlock_irq(&policy_rwlock);
 
         /* Free the old policydb and SID table. */
-        policydb_destroy(&oldpolicydb);
+        policydb_destroy(oldpolicydb);
         sidtab_destroy(&oldsidtab);
         kfree(oldmap);
 
@@ -1956,14 +1969,17 @@ int security_load_policy(void *data, size_t len)
         selinux_netlbl_cache_invalidate();
         selinux_xfrm_notify_policyload();
 
-        return 0;
+        rc = 0;
+        goto out;
 
 err:
         kfree(map);
         sidtab_destroy(&newsidtab);
-        policydb_destroy(&newpolicydb);
-        return rc;
+        policydb_destroy(newpolicydb);
 
+out:
+        kfree(oldpolicydb);
+        return rc;
 }
 
 size_t security_policydb_len(void)
@@ -2938,25 +2954,21 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
         struct selinux_audit_rule *rule = vrule;
         int match = 0;
 
-        if (!rule) {
-                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                          "selinux_audit_rule_match: missing rule\n");
+        if (unlikely(!rule)) {
+                WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
                 return -ENOENT;
         }
 
         read_lock(&policy_rwlock);
 
         if (rule->au_seqno < latest_granting) {
-                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                          "selinux_audit_rule_match: stale rule\n");
                 match = -ESTALE;
                 goto out;
         }
 
         ctxt = sidtab_search(&sidtab, sid);
-        if (!ctxt) {
-                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                          "selinux_audit_rule_match: unrecognized SID %d\n",
+        if (unlikely(!ctxt)) {
+                WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
                           sid);
                 match = -ENOENT;
                 goto out;