diff options
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 24 | ||||
-rw-r--r-- | security/selinux/netif.c | 3 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 30 | ||||
-rw-r--r-- | security/selinux/ss/conditional.c | 12 | ||||
-rw-r--r-- | security/selinux/ss/ebitmap.c | 9 | ||||
-rw-r--r-- | security/selinux/ss/hashtab.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 51 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 11 |
8 files changed, 49 insertions, 97 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 447a1e0f48cb..8cd33b2cd865 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -122,11 +122,10 @@ static int task_alloc_security(struct task_struct *task) | |||
122 | { | 122 | { |
123 | struct task_security_struct *tsec; | 123 | struct task_security_struct *tsec; |
124 | 124 | ||
125 | tsec = kmalloc(sizeof(struct task_security_struct), GFP_KERNEL); | 125 | tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); |
126 | if (!tsec) | 126 | if (!tsec) |
127 | return -ENOMEM; | 127 | return -ENOMEM; |
128 | 128 | ||
129 | memset(tsec, 0, sizeof(struct task_security_struct)); | ||
130 | tsec->magic = SELINUX_MAGIC; | 129 | tsec->magic = SELINUX_MAGIC; |
131 | tsec->task = task; | 130 | tsec->task = task; |
132 | tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; | 131 | tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; |
@@ -151,11 +150,10 @@ static int inode_alloc_security(struct inode *inode) | |||
151 | struct task_security_struct *tsec = current->security; | 150 | struct task_security_struct *tsec = current->security; |
152 | struct inode_security_struct *isec; | 151 | struct inode_security_struct *isec; |
153 | 152 | ||
154 | isec = kmalloc(sizeof(struct inode_security_struct), GFP_KERNEL); | 153 | isec = kzalloc(sizeof(struct inode_security_struct), GFP_KERNEL); |
155 | if (!isec) | 154 | if (!isec) |
156 | return -ENOMEM; | 155 | return -ENOMEM; |
157 | 156 | ||
158 | memset(isec, 0, sizeof(struct inode_security_struct)); | ||
159 | init_MUTEX(&isec->sem); | 157 | init_MUTEX(&isec->sem); |
160 | INIT_LIST_HEAD(&isec->list); | 158 | INIT_LIST_HEAD(&isec->list); |
161 | isec->magic = SELINUX_MAGIC; | 159 | isec->magic = SELINUX_MAGIC; |
@@ -193,11 +191,10 @@ static int file_alloc_security(struct file *file) | |||
193 | struct task_security_struct *tsec = current->security; | 191 | struct task_security_struct *tsec = current->security; |
194 | struct file_security_struct *fsec; | 192 | struct file_security_struct *fsec; |
195 | 193 | ||
196 | fsec = kmalloc(sizeof(struct file_security_struct), GFP_ATOMIC); | 194 | fsec = kzalloc(sizeof(struct file_security_struct), GFP_ATOMIC); |
197 | if (!fsec) | 195 | if (!fsec) |
198 | return -ENOMEM; | 196 | return -ENOMEM; |
199 | 197 | ||
200 | memset(fsec, 0, sizeof(struct file_security_struct)); | ||
201 | fsec->magic = SELINUX_MAGIC; | 198 | fsec->magic = SELINUX_MAGIC; |
202 | fsec->file = file; | 199 | fsec->file = file; |
203 | if (tsec && tsec->magic == SELINUX_MAGIC) { | 200 | if (tsec && tsec->magic == SELINUX_MAGIC) { |
@@ -227,11 +224,10 @@ static int superblock_alloc_security(struct super_block *sb) | |||
227 | { | 224 | { |
228 | struct superblock_security_struct *sbsec; | 225 | struct superblock_security_struct *sbsec; |
229 | 226 | ||
230 | sbsec = kmalloc(sizeof(struct superblock_security_struct), GFP_KERNEL); | 227 | sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL); |
231 | if (!sbsec) | 228 | if (!sbsec) |
232 | return -ENOMEM; | 229 | return -ENOMEM; |
233 | 230 | ||
234 | memset(sbsec, 0, sizeof(struct superblock_security_struct)); | ||
235 | init_MUTEX(&sbsec->sem); | 231 | init_MUTEX(&sbsec->sem); |
236 | INIT_LIST_HEAD(&sbsec->list); | 232 | INIT_LIST_HEAD(&sbsec->list); |
237 | INIT_LIST_HEAD(&sbsec->isec_head); | 233 | INIT_LIST_HEAD(&sbsec->isec_head); |
@@ -269,11 +265,10 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority) | |||
269 | if (family != PF_UNIX) | 265 | if (family != PF_UNIX) |
270 | return 0; | 266 | return 0; |
271 | 267 | ||
272 | ssec = kmalloc(sizeof(*ssec), priority); | 268 | ssec = kzalloc(sizeof(*ssec), priority); |
273 | if (!ssec) | 269 | if (!ssec) |
274 | return -ENOMEM; | 270 | return -ENOMEM; |
275 | 271 | ||
276 | memset(ssec, 0, sizeof(*ssec)); | ||
277 | ssec->magic = SELINUX_MAGIC; | 272 | ssec->magic = SELINUX_MAGIC; |
278 | ssec->sk = sk; | 273 | ssec->sk = sk; |
279 | ssec->peer_sid = SECINITSID_UNLABELED; | 274 | ssec->peer_sid = SECINITSID_UNLABELED; |
@@ -1483,11 +1478,10 @@ static int selinux_bprm_alloc_security(struct linux_binprm *bprm) | |||
1483 | { | 1478 | { |
1484 | struct bprm_security_struct *bsec; | 1479 | struct bprm_security_struct *bsec; |
1485 | 1480 | ||
1486 | bsec = kmalloc(sizeof(struct bprm_security_struct), GFP_KERNEL); | 1481 | bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL); |
1487 | if (!bsec) | 1482 | if (!bsec) |
1488 | return -ENOMEM; | 1483 | return -ENOMEM; |
1489 | 1484 | ||
1490 | memset(bsec, 0, sizeof *bsec); | ||
1491 | bsec->magic = SELINUX_MAGIC; | 1485 | bsec->magic = SELINUX_MAGIC; |
1492 | bsec->bprm = bprm; | 1486 | bsec->bprm = bprm; |
1493 | bsec->sid = SECINITSID_UNLABELED; | 1487 | bsec->sid = SECINITSID_UNLABELED; |
@@ -3599,11 +3593,10 @@ static int ipc_alloc_security(struct task_struct *task, | |||
3599 | struct task_security_struct *tsec = task->security; | 3593 | struct task_security_struct *tsec = task->security; |
3600 | struct ipc_security_struct *isec; | 3594 | struct ipc_security_struct *isec; |
3601 | 3595 | ||
3602 | isec = kmalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); | 3596 | isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); |
3603 | if (!isec) | 3597 | if (!isec) |
3604 | return -ENOMEM; | 3598 | return -ENOMEM; |
3605 | 3599 | ||
3606 | memset(isec, 0, sizeof(struct ipc_security_struct)); | ||
3607 | isec->magic = SELINUX_MAGIC; | 3600 | isec->magic = SELINUX_MAGIC; |
3608 | isec->sclass = sclass; | 3601 | isec->sclass = sclass; |
3609 | isec->ipc_perm = perm; | 3602 | isec->ipc_perm = perm; |
@@ -3631,11 +3624,10 @@ static int msg_msg_alloc_security(struct msg_msg *msg) | |||
3631 | { | 3624 | { |
3632 | struct msg_security_struct *msec; | 3625 | struct msg_security_struct *msec; |
3633 | 3626 | ||
3634 | msec = kmalloc(sizeof(struct msg_security_struct), GFP_KERNEL); | 3627 | msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); |
3635 | if (!msec) | 3628 | if (!msec) |
3636 | return -ENOMEM; | 3629 | return -ENOMEM; |
3637 | 3630 | ||
3638 | memset(msec, 0, sizeof(struct msg_security_struct)); | ||
3639 | msec->magic = SELINUX_MAGIC; | 3631 | msec->magic = SELINUX_MAGIC; |
3640 | msec->msg = msg; | 3632 | msec->msg = msg; |
3641 | msec->sid = SECINITSID_UNLABELED; | 3633 | msec->sid = SECINITSID_UNLABELED; |
diff --git a/security/selinux/netif.c b/security/selinux/netif.c index 718d7be9f4dd..b10c34e8a743 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c | |||
@@ -114,13 +114,12 @@ static struct sel_netif *sel_netif_lookup(struct net_device *dev) | |||
114 | if (likely(netif != NULL)) | 114 | if (likely(netif != NULL)) |
115 | goto out; | 115 | goto out; |
116 | 116 | ||
117 | new = kmalloc(sizeof(*new), GFP_ATOMIC); | 117 | new = kzalloc(sizeof(*new), GFP_ATOMIC); |
118 | if (!new) { | 118 | if (!new) { |
119 | netif = ERR_PTR(-ENOMEM); | 119 | netif = ERR_PTR(-ENOMEM); |
120 | goto out; | 120 | goto out; |
121 | } | 121 | } |
122 | 122 | ||
123 | memset(new, 0, sizeof(*new)); | ||
124 | nsec = &new->nsec; | 123 | nsec = &new->nsec; |
125 | 124 | ||
126 | ret = security_netif_sid(dev->name, &nsec->if_sid, &nsec->msg_sid); | 125 | ret = security_netif_sid(dev->name, &nsec->if_sid, &nsec->msg_sid); |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index a45cc971e735..5f8427627211 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -424,15 +424,13 @@ static ssize_t sel_write_access(struct file * file, char *buf, size_t size) | |||
424 | return length; | 424 | return length; |
425 | 425 | ||
426 | length = -ENOMEM; | 426 | length = -ENOMEM; |
427 | scon = kmalloc(size+1, GFP_KERNEL); | 427 | scon = kzalloc(size+1, GFP_KERNEL); |
428 | if (!scon) | 428 | if (!scon) |
429 | return length; | 429 | return length; |
430 | memset(scon, 0, size+1); | ||
431 | 430 | ||
432 | tcon = kmalloc(size+1, GFP_KERNEL); | 431 | tcon = kzalloc(size+1, GFP_KERNEL); |
433 | if (!tcon) | 432 | if (!tcon) |
434 | goto out; | 433 | goto out; |
435 | memset(tcon, 0, size+1); | ||
436 | 434 | ||
437 | length = -EINVAL; | 435 | length = -EINVAL; |
438 | if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) | 436 | if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) |
@@ -475,15 +473,13 @@ static ssize_t sel_write_create(struct file * file, char *buf, size_t size) | |||
475 | return length; | 473 | return length; |
476 | 474 | ||
477 | length = -ENOMEM; | 475 | length = -ENOMEM; |
478 | scon = kmalloc(size+1, GFP_KERNEL); | 476 | scon = kzalloc(size+1, GFP_KERNEL); |
479 | if (!scon) | 477 | if (!scon) |
480 | return length; | 478 | return length; |
481 | memset(scon, 0, size+1); | ||
482 | 479 | ||
483 | tcon = kmalloc(size+1, GFP_KERNEL); | 480 | tcon = kzalloc(size+1, GFP_KERNEL); |
484 | if (!tcon) | 481 | if (!tcon) |
485 | goto out; | 482 | goto out; |
486 | memset(tcon, 0, size+1); | ||
487 | 483 | ||
488 | length = -EINVAL; | 484 | length = -EINVAL; |
489 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) | 485 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) |
@@ -536,15 +532,13 @@ static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size) | |||
536 | return length; | 532 | return length; |
537 | 533 | ||
538 | length = -ENOMEM; | 534 | length = -ENOMEM; |
539 | scon = kmalloc(size+1, GFP_KERNEL); | 535 | scon = kzalloc(size+1, GFP_KERNEL); |
540 | if (!scon) | 536 | if (!scon) |
541 | return length; | 537 | return length; |
542 | memset(scon, 0, size+1); | ||
543 | 538 | ||
544 | tcon = kmalloc(size+1, GFP_KERNEL); | 539 | tcon = kzalloc(size+1, GFP_KERNEL); |
545 | if (!tcon) | 540 | if (!tcon) |
546 | goto out; | 541 | goto out; |
547 | memset(tcon, 0, size+1); | ||
548 | 542 | ||
549 | length = -EINVAL; | 543 | length = -EINVAL; |
550 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) | 544 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) |
@@ -595,15 +589,13 @@ static ssize_t sel_write_user(struct file * file, char *buf, size_t size) | |||
595 | return length; | 589 | return length; |
596 | 590 | ||
597 | length = -ENOMEM; | 591 | length = -ENOMEM; |
598 | con = kmalloc(size+1, GFP_KERNEL); | 592 | con = kzalloc(size+1, GFP_KERNEL); |
599 | if (!con) | 593 | if (!con) |
600 | return length; | 594 | return length; |
601 | memset(con, 0, size+1); | ||
602 | 595 | ||
603 | user = kmalloc(size+1, GFP_KERNEL); | 596 | user = kzalloc(size+1, GFP_KERNEL); |
604 | if (!user) | 597 | if (!user) |
605 | goto out; | 598 | goto out; |
606 | memset(user, 0, size+1); | ||
607 | 599 | ||
608 | length = -EINVAL; | 600 | length = -EINVAL; |
609 | if (sscanf(buf, "%s %s", con, user) != 2) | 601 | if (sscanf(buf, "%s %s", con, user) != 2) |
@@ -658,15 +650,13 @@ static ssize_t sel_write_member(struct file * file, char *buf, size_t size) | |||
658 | return length; | 650 | return length; |
659 | 651 | ||
660 | length = -ENOMEM; | 652 | length = -ENOMEM; |
661 | scon = kmalloc(size+1, GFP_KERNEL); | 653 | scon = kzalloc(size+1, GFP_KERNEL); |
662 | if (!scon) | 654 | if (!scon) |
663 | return length; | 655 | return length; |
664 | memset(scon, 0, size+1); | ||
665 | 656 | ||
666 | tcon = kmalloc(size+1, GFP_KERNEL); | 657 | tcon = kzalloc(size+1, GFP_KERNEL); |
667 | if (!tcon) | 658 | if (!tcon) |
668 | goto out; | 659 | goto out; |
669 | memset(tcon, 0, size+1); | ||
670 | 660 | ||
671 | length = -EINVAL; | 661 | length = -EINVAL; |
672 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) | 662 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) |
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index daf288007460..d2737edba541 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -220,10 +220,9 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) | |||
220 | u32 len; | 220 | u32 len; |
221 | int rc; | 221 | int rc; |
222 | 222 | ||
223 | booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); | 223 | booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); |
224 | if (!booldatum) | 224 | if (!booldatum) |
225 | return -1; | 225 | return -1; |
226 | memset(booldatum, 0, sizeof(struct cond_bool_datum)); | ||
227 | 226 | ||
228 | rc = next_entry(buf, fp, sizeof buf); | 227 | rc = next_entry(buf, fp, sizeof buf); |
229 | if (rc < 0) | 228 | if (rc < 0) |
@@ -321,10 +320,9 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
321 | goto err; | 320 | goto err; |
322 | } | 321 | } |
323 | 322 | ||
324 | list = kmalloc(sizeof(struct cond_av_list), GFP_KERNEL); | 323 | list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL); |
325 | if (!list) | 324 | if (!list) |
326 | goto err; | 325 | goto err; |
327 | memset(list, 0, sizeof(*list)); | ||
328 | 326 | ||
329 | list->node = node_ptr; | 327 | list->node = node_ptr; |
330 | if (!data->head) | 328 | if (!data->head) |
@@ -414,11 +412,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) | |||
414 | if (rc < 0) | 412 | if (rc < 0) |
415 | goto err; | 413 | goto err; |
416 | 414 | ||
417 | expr = kmalloc(sizeof(struct cond_expr), GFP_KERNEL); | 415 | expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL); |
418 | if (!expr) { | 416 | if (!expr) { |
419 | goto err; | 417 | goto err; |
420 | } | 418 | } |
421 | memset(expr, 0, sizeof(struct cond_expr)); | ||
422 | 419 | ||
423 | expr->expr_type = le32_to_cpu(buf[0]); | 420 | expr->expr_type = le32_to_cpu(buf[0]); |
424 | expr->bool = le32_to_cpu(buf[1]); | 421 | expr->bool = le32_to_cpu(buf[1]); |
@@ -460,10 +457,9 @@ int cond_read_list(struct policydb *p, void *fp) | |||
460 | len = le32_to_cpu(buf[0]); | 457 | len = le32_to_cpu(buf[0]); |
461 | 458 | ||
462 | for (i = 0; i < len; i++) { | 459 | for (i = 0; i < len; i++) { |
463 | node = kmalloc(sizeof(struct cond_node), GFP_KERNEL); | 460 | node = kzalloc(sizeof(struct cond_node), GFP_KERNEL); |
464 | if (!node) | 461 | if (!node) |
465 | goto err; | 462 | goto err; |
466 | memset(node, 0, sizeof(struct cond_node)); | ||
467 | 463 | ||
468 | if (cond_read_node(p, node, fp) != 0) | 464 | if (cond_read_node(p, node, fp) != 0) |
469 | goto err; | 465 | goto err; |
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index d515154128cc..47024a6e1844 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c | |||
@@ -39,12 +39,11 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src) | |||
39 | n = src->node; | 39 | n = src->node; |
40 | prev = NULL; | 40 | prev = NULL; |
41 | while (n) { | 41 | while (n) { |
42 | new = kmalloc(sizeof(*new), GFP_ATOMIC); | 42 | new = kzalloc(sizeof(*new), GFP_ATOMIC); |
43 | if (!new) { | 43 | if (!new) { |
44 | ebitmap_destroy(dst); | 44 | ebitmap_destroy(dst); |
45 | return -ENOMEM; | 45 | return -ENOMEM; |
46 | } | 46 | } |
47 | memset(new, 0, sizeof(*new)); | ||
48 | new->startbit = n->startbit; | 47 | new->startbit = n->startbit; |
49 | new->map = n->map; | 48 | new->map = n->map; |
50 | new->next = NULL; | 49 | new->next = NULL; |
@@ -150,10 +149,9 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) | |||
150 | if (!value) | 149 | if (!value) |
151 | return 0; | 150 | return 0; |
152 | 151 | ||
153 | new = kmalloc(sizeof(*new), GFP_ATOMIC); | 152 | new = kzalloc(sizeof(*new), GFP_ATOMIC); |
154 | if (!new) | 153 | if (!new) |
155 | return -ENOMEM; | 154 | return -ENOMEM; |
156 | memset(new, 0, sizeof(*new)); | ||
157 | 155 | ||
158 | new->startbit = bit & ~(MAPSIZE - 1); | 156 | new->startbit = bit & ~(MAPSIZE - 1); |
159 | new->map = (MAPBIT << (bit - new->startbit)); | 157 | new->map = (MAPBIT << (bit - new->startbit)); |
@@ -232,13 +230,12 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
232 | printk(KERN_ERR "security: ebitmap: truncated map\n"); | 230 | printk(KERN_ERR "security: ebitmap: truncated map\n"); |
233 | goto bad; | 231 | goto bad; |
234 | } | 232 | } |
235 | n = kmalloc(sizeof(*n), GFP_KERNEL); | 233 | n = kzalloc(sizeof(*n), GFP_KERNEL); |
236 | if (!n) { | 234 | if (!n) { |
237 | printk(KERN_ERR "security: ebitmap: out of memory\n"); | 235 | printk(KERN_ERR "security: ebitmap: out of memory\n"); |
238 | rc = -ENOMEM; | 236 | rc = -ENOMEM; |
239 | goto bad; | 237 | goto bad; |
240 | } | 238 | } |
241 | memset(n, 0, sizeof(*n)); | ||
242 | 239 | ||
243 | n->startbit = le32_to_cpu(buf[0]); | 240 | n->startbit = le32_to_cpu(buf[0]); |
244 | 241 | ||
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 26661fcc00ce..24e5ec957630 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c | |||
@@ -15,11 +15,10 @@ struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, void *key), | |||
15 | struct hashtab *p; | 15 | struct hashtab *p; |
16 | u32 i; | 16 | u32 i; |
17 | 17 | ||
18 | p = kmalloc(sizeof(*p), GFP_KERNEL); | 18 | p = kzalloc(sizeof(*p), GFP_KERNEL); |
19 | if (p == NULL) | 19 | if (p == NULL) |
20 | return p; | 20 | return p; |
21 | 21 | ||
22 | memset(p, 0, sizeof(*p)); | ||
23 | p->size = size; | 22 | p->size = size; |
24 | p->nel = 0; | 23 | p->nel = 0; |
25 | p->hash_value = hash_value; | 24 | p->hash_value = hash_value; |
@@ -55,10 +54,9 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum) | |||
55 | if (cur && (h->keycmp(h, key, cur->key) == 0)) | 54 | if (cur && (h->keycmp(h, key, cur->key) == 0)) |
56 | return -EEXIST; | 55 | return -EEXIST; |
57 | 56 | ||
58 | newnode = kmalloc(sizeof(*newnode), GFP_KERNEL); | 57 | newnode = kzalloc(sizeof(*newnode), GFP_KERNEL); |
59 | if (newnode == NULL) | 58 | if (newnode == NULL) |
60 | return -ENOMEM; | 59 | return -ENOMEM; |
61 | memset(newnode, 0, sizeof(*newnode)); | ||
62 | newnode->key = key; | 60 | newnode->key = key; |
63 | newnode->datum = datum; | 61 | newnode->datum = datum; |
64 | if (prev) { | 62 | if (prev) { |
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 8e6262d12aa9..2f5f539875f2 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -121,12 +121,11 @@ static int roles_init(struct policydb *p) | |||
121 | int rc; | 121 | int rc; |
122 | struct role_datum *role; | 122 | struct role_datum *role; |
123 | 123 | ||
124 | role = kmalloc(sizeof(*role), GFP_KERNEL); | 124 | role = kzalloc(sizeof(*role), GFP_KERNEL); |
125 | if (!role) { | 125 | if (!role) { |
126 | rc = -ENOMEM; | 126 | rc = -ENOMEM; |
127 | goto out; | 127 | goto out; |
128 | } | 128 | } |
129 | memset(role, 0, sizeof(*role)); | ||
130 | role->value = ++p->p_roles.nprim; | 129 | role->value = ++p->p_roles.nprim; |
131 | if (role->value != OBJECT_R_VAL) { | 130 | if (role->value != OBJECT_R_VAL) { |
132 | rc = -EINVAL; | 131 | rc = -EINVAL; |
@@ -851,12 +850,11 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |||
851 | __le32 buf[2]; | 850 | __le32 buf[2]; |
852 | u32 len; | 851 | u32 len; |
853 | 852 | ||
854 | perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); | 853 | perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); |
855 | if (!perdatum) { | 854 | if (!perdatum) { |
856 | rc = -ENOMEM; | 855 | rc = -ENOMEM; |
857 | goto out; | 856 | goto out; |
858 | } | 857 | } |
859 | memset(perdatum, 0, sizeof(*perdatum)); | ||
860 | 858 | ||
861 | rc = next_entry(buf, fp, sizeof buf); | 859 | rc = next_entry(buf, fp, sizeof buf); |
862 | if (rc < 0) | 860 | if (rc < 0) |
@@ -893,12 +891,11 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |||
893 | u32 len, nel; | 891 | u32 len, nel; |
894 | int i, rc; | 892 | int i, rc; |
895 | 893 | ||
896 | comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); | 894 | comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); |
897 | if (!comdatum) { | 895 | if (!comdatum) { |
898 | rc = -ENOMEM; | 896 | rc = -ENOMEM; |
899 | goto out; | 897 | goto out; |
900 | } | 898 | } |
901 | memset(comdatum, 0, sizeof(*comdatum)); | ||
902 | 899 | ||
903 | rc = next_entry(buf, fp, sizeof buf); | 900 | rc = next_entry(buf, fp, sizeof buf); |
904 | if (rc < 0) | 901 | if (rc < 0) |
@@ -950,10 +947,9 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
950 | 947 | ||
951 | lc = NULL; | 948 | lc = NULL; |
952 | for (i = 0; i < ncons; i++) { | 949 | for (i = 0; i < ncons; i++) { |
953 | c = kmalloc(sizeof(*c), GFP_KERNEL); | 950 | c = kzalloc(sizeof(*c), GFP_KERNEL); |
954 | if (!c) | 951 | if (!c) |
955 | return -ENOMEM; | 952 | return -ENOMEM; |
956 | memset(c, 0, sizeof(*c)); | ||
957 | 953 | ||
958 | if (lc) { | 954 | if (lc) { |
959 | lc->next = c; | 955 | lc->next = c; |
@@ -969,10 +965,9 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
969 | le = NULL; | 965 | le = NULL; |
970 | depth = -1; | 966 | depth = -1; |
971 | for (j = 0; j < nexpr; j++) { | 967 | for (j = 0; j < nexpr; j++) { |
972 | e = kmalloc(sizeof(*e), GFP_KERNEL); | 968 | e = kzalloc(sizeof(*e), GFP_KERNEL); |
973 | if (!e) | 969 | if (!e) |
974 | return -ENOMEM; | 970 | return -ENOMEM; |
975 | memset(e, 0, sizeof(*e)); | ||
976 | 971 | ||
977 | if (le) { | 972 | if (le) { |
978 | le->next = e; | 973 | le->next = e; |
@@ -1033,12 +1028,11 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1033 | u32 len, len2, ncons, nel; | 1028 | u32 len, len2, ncons, nel; |
1034 | int i, rc; | 1029 | int i, rc; |
1035 | 1030 | ||
1036 | cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); | 1031 | cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); |
1037 | if (!cladatum) { | 1032 | if (!cladatum) { |
1038 | rc = -ENOMEM; | 1033 | rc = -ENOMEM; |
1039 | goto out; | 1034 | goto out; |
1040 | } | 1035 | } |
1041 | memset(cladatum, 0, sizeof(*cladatum)); | ||
1042 | 1036 | ||
1043 | rc = next_entry(buf, fp, sizeof(u32)*6); | 1037 | rc = next_entry(buf, fp, sizeof(u32)*6); |
1044 | if (rc < 0) | 1038 | if (rc < 0) |
@@ -1127,12 +1121,11 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1127 | __le32 buf[2]; | 1121 | __le32 buf[2]; |
1128 | u32 len; | 1122 | u32 len; |
1129 | 1123 | ||
1130 | role = kmalloc(sizeof(*role), GFP_KERNEL); | 1124 | role = kzalloc(sizeof(*role), GFP_KERNEL); |
1131 | if (!role) { | 1125 | if (!role) { |
1132 | rc = -ENOMEM; | 1126 | rc = -ENOMEM; |
1133 | goto out; | 1127 | goto out; |
1134 | } | 1128 | } |
1135 | memset(role, 0, sizeof(*role)); | ||
1136 | 1129 | ||
1137 | rc = next_entry(buf, fp, sizeof buf); | 1130 | rc = next_entry(buf, fp, sizeof buf); |
1138 | if (rc < 0) | 1131 | if (rc < 0) |
@@ -1188,12 +1181,11 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1188 | __le32 buf[3]; | 1181 | __le32 buf[3]; |
1189 | u32 len; | 1182 | u32 len; |
1190 | 1183 | ||
1191 | typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); | 1184 | typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); |
1192 | if (!typdatum) { | 1185 | if (!typdatum) { |
1193 | rc = -ENOMEM; | 1186 | rc = -ENOMEM; |
1194 | return rc; | 1187 | return rc; |
1195 | } | 1188 | } |
1196 | memset(typdatum, 0, sizeof(*typdatum)); | ||
1197 | 1189 | ||
1198 | rc = next_entry(buf, fp, sizeof buf); | 1190 | rc = next_entry(buf, fp, sizeof buf); |
1199 | if (rc < 0) | 1191 | if (rc < 0) |
@@ -1261,12 +1253,11 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1261 | __le32 buf[2]; | 1253 | __le32 buf[2]; |
1262 | u32 len; | 1254 | u32 len; |
1263 | 1255 | ||
1264 | usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); | 1256 | usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); |
1265 | if (!usrdatum) { | 1257 | if (!usrdatum) { |
1266 | rc = -ENOMEM; | 1258 | rc = -ENOMEM; |
1267 | goto out; | 1259 | goto out; |
1268 | } | 1260 | } |
1269 | memset(usrdatum, 0, sizeof(*usrdatum)); | ||
1270 | 1261 | ||
1271 | rc = next_entry(buf, fp, sizeof buf); | 1262 | rc = next_entry(buf, fp, sizeof buf); |
1272 | if (rc < 0) | 1263 | if (rc < 0) |
@@ -1316,12 +1307,11 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1316 | __le32 buf[2]; | 1307 | __le32 buf[2]; |
1317 | u32 len; | 1308 | u32 len; |
1318 | 1309 | ||
1319 | levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); | 1310 | levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); |
1320 | if (!levdatum) { | 1311 | if (!levdatum) { |
1321 | rc = -ENOMEM; | 1312 | rc = -ENOMEM; |
1322 | goto out; | 1313 | goto out; |
1323 | } | 1314 | } |
1324 | memset(levdatum, 0, sizeof(*levdatum)); | ||
1325 | 1315 | ||
1326 | rc = next_entry(buf, fp, sizeof buf); | 1316 | rc = next_entry(buf, fp, sizeof buf); |
1327 | if (rc < 0) | 1317 | if (rc < 0) |
@@ -1368,12 +1358,11 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1368 | __le32 buf[3]; | 1358 | __le32 buf[3]; |
1369 | u32 len; | 1359 | u32 len; |
1370 | 1360 | ||
1371 | catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); | 1361 | catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); |
1372 | if (!catdatum) { | 1362 | if (!catdatum) { |
1373 | rc = -ENOMEM; | 1363 | rc = -ENOMEM; |
1374 | goto out; | 1364 | goto out; |
1375 | } | 1365 | } |
1376 | memset(catdatum, 0, sizeof(*catdatum)); | ||
1377 | 1366 | ||
1378 | rc = next_entry(buf, fp, sizeof buf); | 1367 | rc = next_entry(buf, fp, sizeof buf); |
1379 | if (rc < 0) | 1368 | if (rc < 0) |
@@ -1567,12 +1556,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1567 | nel = le32_to_cpu(buf[0]); | 1556 | nel = le32_to_cpu(buf[0]); |
1568 | ltr = NULL; | 1557 | ltr = NULL; |
1569 | for (i = 0; i < nel; i++) { | 1558 | for (i = 0; i < nel; i++) { |
1570 | tr = kmalloc(sizeof(*tr), GFP_KERNEL); | 1559 | tr = kzalloc(sizeof(*tr), GFP_KERNEL); |
1571 | if (!tr) { | 1560 | if (!tr) { |
1572 | rc = -ENOMEM; | 1561 | rc = -ENOMEM; |
1573 | goto bad; | 1562 | goto bad; |
1574 | } | 1563 | } |
1575 | memset(tr, 0, sizeof(*tr)); | ||
1576 | if (ltr) { | 1564 | if (ltr) { |
1577 | ltr->next = tr; | 1565 | ltr->next = tr; |
1578 | } else { | 1566 | } else { |
@@ -1593,12 +1581,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1593 | nel = le32_to_cpu(buf[0]); | 1581 | nel = le32_to_cpu(buf[0]); |
1594 | lra = NULL; | 1582 | lra = NULL; |
1595 | for (i = 0; i < nel; i++) { | 1583 | for (i = 0; i < nel; i++) { |
1596 | ra = kmalloc(sizeof(*ra), GFP_KERNEL); | 1584 | ra = kzalloc(sizeof(*ra), GFP_KERNEL); |
1597 | if (!ra) { | 1585 | if (!ra) { |
1598 | rc = -ENOMEM; | 1586 | rc = -ENOMEM; |
1599 | goto bad; | 1587 | goto bad; |
1600 | } | 1588 | } |
1601 | memset(ra, 0, sizeof(*ra)); | ||
1602 | if (lra) { | 1589 | if (lra) { |
1603 | lra->next = ra; | 1590 | lra->next = ra; |
1604 | } else { | 1591 | } else { |
@@ -1627,12 +1614,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1627 | nel = le32_to_cpu(buf[0]); | 1614 | nel = le32_to_cpu(buf[0]); |
1628 | l = NULL; | 1615 | l = NULL; |
1629 | for (j = 0; j < nel; j++) { | 1616 | for (j = 0; j < nel; j++) { |
1630 | c = kmalloc(sizeof(*c), GFP_KERNEL); | 1617 | c = kzalloc(sizeof(*c), GFP_KERNEL); |
1631 | if (!c) { | 1618 | if (!c) { |
1632 | rc = -ENOMEM; | 1619 | rc = -ENOMEM; |
1633 | goto bad; | 1620 | goto bad; |
1634 | } | 1621 | } |
1635 | memset(c, 0, sizeof(*c)); | ||
1636 | if (l) { | 1622 | if (l) { |
1637 | l->next = c; | 1623 | l->next = c; |
1638 | } else { | 1624 | } else { |
@@ -1743,12 +1729,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1743 | if (rc < 0) | 1729 | if (rc < 0) |
1744 | goto bad; | 1730 | goto bad; |
1745 | len = le32_to_cpu(buf[0]); | 1731 | len = le32_to_cpu(buf[0]); |
1746 | newgenfs = kmalloc(sizeof(*newgenfs), GFP_KERNEL); | 1732 | newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); |
1747 | if (!newgenfs) { | 1733 | if (!newgenfs) { |
1748 | rc = -ENOMEM; | 1734 | rc = -ENOMEM; |
1749 | goto bad; | 1735 | goto bad; |
1750 | } | 1736 | } |
1751 | memset(newgenfs, 0, sizeof(*newgenfs)); | ||
1752 | 1737 | ||
1753 | newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); | 1738 | newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); |
1754 | if (!newgenfs->fstype) { | 1739 | if (!newgenfs->fstype) { |
@@ -1790,12 +1775,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1790 | goto bad; | 1775 | goto bad; |
1791 | len = le32_to_cpu(buf[0]); | 1776 | len = le32_to_cpu(buf[0]); |
1792 | 1777 | ||
1793 | newc = kmalloc(sizeof(*newc), GFP_KERNEL); | 1778 | newc = kzalloc(sizeof(*newc), GFP_KERNEL); |
1794 | if (!newc) { | 1779 | if (!newc) { |
1795 | rc = -ENOMEM; | 1780 | rc = -ENOMEM; |
1796 | goto bad; | 1781 | goto bad; |
1797 | } | 1782 | } |
1798 | memset(newc, 0, sizeof(*newc)); | ||
1799 | 1783 | ||
1800 | newc->u.name = kmalloc(len + 1,GFP_KERNEL); | 1784 | newc->u.name = kmalloc(len + 1,GFP_KERNEL); |
1801 | if (!newc->u.name) { | 1785 | if (!newc->u.name) { |
@@ -1843,12 +1827,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1843 | nel = le32_to_cpu(buf[0]); | 1827 | nel = le32_to_cpu(buf[0]); |
1844 | lrt = NULL; | 1828 | lrt = NULL; |
1845 | for (i = 0; i < nel; i++) { | 1829 | for (i = 0; i < nel; i++) { |
1846 | rt = kmalloc(sizeof(*rt), GFP_KERNEL); | 1830 | rt = kzalloc(sizeof(*rt), GFP_KERNEL); |
1847 | if (!rt) { | 1831 | if (!rt) { |
1848 | rc = -ENOMEM; | 1832 | rc = -ENOMEM; |
1849 | goto bad; | 1833 | goto bad; |
1850 | } | 1834 | } |
1851 | memset(rt, 0, sizeof(*rt)); | ||
1852 | if (lrt) | 1835 | if (lrt) |
1853 | lrt->next = rt; | 1836 | lrt->next = rt; |
1854 | else | 1837 | else |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index aecdded55e74..44eb4d74908d 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1531,12 +1531,11 @@ int security_get_user_sids(u32 fromsid, | |||
1531 | } | 1531 | } |
1532 | usercon.user = user->value; | 1532 | usercon.user = user->value; |
1533 | 1533 | ||
1534 | mysids = kmalloc(maxnel*sizeof(*mysids), GFP_ATOMIC); | 1534 | mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC); |
1535 | if (!mysids) { | 1535 | if (!mysids) { |
1536 | rc = -ENOMEM; | 1536 | rc = -ENOMEM; |
1537 | goto out_unlock; | 1537 | goto out_unlock; |
1538 | } | 1538 | } |
1539 | memset(mysids, 0, maxnel*sizeof(*mysids)); | ||
1540 | 1539 | ||
1541 | ebitmap_for_each_bit(&user->roles, rnode, i) { | 1540 | ebitmap_for_each_bit(&user->roles, rnode, i) { |
1542 | if (!ebitmap_node_get_bit(rnode, i)) | 1541 | if (!ebitmap_node_get_bit(rnode, i)) |
@@ -1566,13 +1565,12 @@ int security_get_user_sids(u32 fromsid, | |||
1566 | mysids[mynel++] = sid; | 1565 | mysids[mynel++] = sid; |
1567 | } else { | 1566 | } else { |
1568 | maxnel += SIDS_NEL; | 1567 | maxnel += SIDS_NEL; |
1569 | mysids2 = kmalloc(maxnel*sizeof(*mysids2), GFP_ATOMIC); | 1568 | mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC); |
1570 | if (!mysids2) { | 1569 | if (!mysids2) { |
1571 | rc = -ENOMEM; | 1570 | rc = -ENOMEM; |
1572 | kfree(mysids); | 1571 | kfree(mysids); |
1573 | goto out_unlock; | 1572 | goto out_unlock; |
1574 | } | 1573 | } |
1575 | memset(mysids2, 0, maxnel*sizeof(*mysids2)); | ||
1576 | memcpy(mysids2, mysids, mynel * sizeof(*mysids2)); | 1574 | memcpy(mysids2, mysids, mynel * sizeof(*mysids2)); |
1577 | kfree(mysids); | 1575 | kfree(mysids); |
1578 | mysids = mysids2; | 1576 | mysids = mysids2; |
@@ -1714,12 +1712,11 @@ int security_get_bools(int *len, char ***names, int **values) | |||
1714 | goto out; | 1712 | goto out; |
1715 | } | 1713 | } |
1716 | 1714 | ||
1717 | *names = (char**)kmalloc(sizeof(char*) * *len, GFP_ATOMIC); | 1715 | *names = (char**)kcalloc(*len, sizeof(char*), GFP_ATOMIC); |
1718 | if (!*names) | 1716 | if (!*names) |
1719 | goto err; | 1717 | goto err; |
1720 | memset(*names, 0, sizeof(char*) * *len); | ||
1721 | 1718 | ||
1722 | *values = (int*)kmalloc(sizeof(int) * *len, GFP_ATOMIC); | 1719 | *values = (int*)kcalloc(*len, sizeof(int), GFP_ATOMIC); |
1723 | if (!*values) | 1720 | if (!*values) |
1724 | goto err; | 1721 | goto err; |
1725 | 1722 | ||