diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/lsm.c | 15 | ||||
-rw-r--r-- | security/capability.c | 3 | ||||
-rw-r--r-- | security/commoncap.c | 17 | ||||
-rw-r--r-- | security/security.c | 51 | ||||
-rw-r--r-- | security/selinux/hooks.c | 15 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 36 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 15 |
7 files changed, 80 insertions, 72 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 032daab449b0..8ea39aabe948 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
@@ -490,17 +490,9 @@ static int common_mmap(int op, struct file *file, unsigned long prot, | |||
490 | return common_file_perm(op, file, mask); | 490 | return common_file_perm(op, file, mask); |
491 | } | 491 | } |
492 | 492 | ||
493 | static int apparmor_file_mmap(struct file *file, unsigned long reqprot, | 493 | static int apparmor_mmap_file(struct file *file, unsigned long reqprot, |
494 | unsigned long prot, unsigned long flags, | 494 | unsigned long prot, unsigned long flags) |
495 | unsigned long addr, unsigned long addr_only) | ||
496 | { | 495 | { |
497 | int rc = 0; | ||
498 | |||
499 | /* do DAC check */ | ||
500 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | ||
501 | if (rc || addr_only) | ||
502 | return rc; | ||
503 | |||
504 | return common_mmap(OP_FMMAP, file, prot, flags); | 496 | return common_mmap(OP_FMMAP, file, prot, flags); |
505 | } | 497 | } |
506 | 498 | ||
@@ -646,7 +638,8 @@ static struct security_operations apparmor_ops = { | |||
646 | .file_permission = apparmor_file_permission, | 638 | .file_permission = apparmor_file_permission, |
647 | .file_alloc_security = apparmor_file_alloc_security, | 639 | .file_alloc_security = apparmor_file_alloc_security, |
648 | .file_free_security = apparmor_file_free_security, | 640 | .file_free_security = apparmor_file_free_security, |
649 | .file_mmap = apparmor_file_mmap, | 641 | .mmap_file = apparmor_mmap_file, |
642 | .mmap_addr = cap_mmap_addr, | ||
650 | .file_mprotect = apparmor_file_mprotect, | 643 | .file_mprotect = apparmor_file_mprotect, |
651 | .file_lock = apparmor_file_lock, | 644 | .file_lock = apparmor_file_lock, |
652 | 645 | ||
diff --git a/security/capability.c b/security/capability.c index fca889676c5e..61095df8b89a 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -949,7 +949,8 @@ void __init security_fixup_ops(struct security_operations *ops) | |||
949 | set_to_cap_if_null(ops, file_alloc_security); | 949 | set_to_cap_if_null(ops, file_alloc_security); |
950 | set_to_cap_if_null(ops, file_free_security); | 950 | set_to_cap_if_null(ops, file_free_security); |
951 | set_to_cap_if_null(ops, file_ioctl); | 951 | set_to_cap_if_null(ops, file_ioctl); |
952 | set_to_cap_if_null(ops, file_mmap); | 952 | set_to_cap_if_null(ops, mmap_addr); |
953 | set_to_cap_if_null(ops, mmap_file); | ||
953 | set_to_cap_if_null(ops, file_mprotect); | 954 | set_to_cap_if_null(ops, file_mprotect); |
954 | set_to_cap_if_null(ops, file_lock); | 955 | set_to_cap_if_null(ops, file_lock); |
955 | set_to_cap_if_null(ops, file_fcntl); | 956 | set_to_cap_if_null(ops, file_fcntl); |
diff --git a/security/commoncap.c b/security/commoncap.c index e771cb1b2d79..6dbae4650abe 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -958,22 +958,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
958 | } | 958 | } |
959 | 959 | ||
960 | /* | 960 | /* |
961 | * cap_file_mmap - check if able to map given addr | 961 | * cap_mmap_addr - check if able to map given addr |
962 | * @file: unused | ||
963 | * @reqprot: unused | ||
964 | * @prot: unused | ||
965 | * @flags: unused | ||
966 | * @addr: address attempting to be mapped | 962 | * @addr: address attempting to be mapped |
967 | * @addr_only: unused | ||
968 | * | 963 | * |
969 | * If the process is attempting to map memory below dac_mmap_min_addr they need | 964 | * If the process is attempting to map memory below dac_mmap_min_addr they need |
970 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the | 965 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the |
971 | * capability security module. Returns 0 if this mapping should be allowed | 966 | * capability security module. Returns 0 if this mapping should be allowed |
972 | * -EPERM if not. | 967 | * -EPERM if not. |
973 | */ | 968 | */ |
974 | int cap_file_mmap(struct file *file, unsigned long reqprot, | 969 | int cap_mmap_addr(unsigned long addr) |
975 | unsigned long prot, unsigned long flags, | ||
976 | unsigned long addr, unsigned long addr_only) | ||
977 | { | 970 | { |
978 | int ret = 0; | 971 | int ret = 0; |
979 | 972 | ||
@@ -986,3 +979,9 @@ int cap_file_mmap(struct file *file, unsigned long reqprot, | |||
986 | } | 979 | } |
987 | return ret; | 980 | return ret; |
988 | } | 981 | } |
982 | |||
983 | int cap_mmap_file(struct file *file, unsigned long reqprot, | ||
984 | unsigned long prot, unsigned long flags) | ||
985 | { | ||
986 | return 0; | ||
987 | } | ||
diff --git a/security/security.c b/security/security.c index 5497a57fba01..3efc9b12aef4 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -20,6 +20,9 @@ | |||
20 | #include <linux/ima.h> | 20 | #include <linux/ima.h> |
21 | #include <linux/evm.h> | 21 | #include <linux/evm.h> |
22 | #include <linux/fsnotify.h> | 22 | #include <linux/fsnotify.h> |
23 | #include <linux/mman.h> | ||
24 | #include <linux/mount.h> | ||
25 | #include <linux/personality.h> | ||
23 | #include <net/flow.h> | 26 | #include <net/flow.h> |
24 | 27 | ||
25 | #define MAX_LSM_EVM_XATTR 2 | 28 | #define MAX_LSM_EVM_XATTR 2 |
@@ -657,18 +660,56 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
657 | return security_ops->file_ioctl(file, cmd, arg); | 660 | return security_ops->file_ioctl(file, cmd, arg); |
658 | } | 661 | } |
659 | 662 | ||
660 | int security_file_mmap(struct file *file, unsigned long reqprot, | 663 | static inline unsigned long mmap_prot(struct file *file, unsigned long prot) |
661 | unsigned long prot, unsigned long flags, | ||
662 | unsigned long addr, unsigned long addr_only) | ||
663 | { | 664 | { |
664 | int ret; | 665 | /* |
666 | * Does we have PROT_READ and does the application expect | ||
667 | * it to imply PROT_EXEC? If not, nothing to talk about... | ||
668 | */ | ||
669 | if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ) | ||
670 | return prot; | ||
671 | if (!(current->personality & READ_IMPLIES_EXEC)) | ||
672 | return prot; | ||
673 | /* | ||
674 | * if that's an anonymous mapping, let it. | ||
675 | */ | ||
676 | if (!file) | ||
677 | return prot | PROT_EXEC; | ||
678 | /* | ||
679 | * ditto if it's not on noexec mount, except that on !MMU we need | ||
680 | * BDI_CAP_EXEC_MMAP (== VM_MAYEXEC) in this case | ||
681 | */ | ||
682 | if (!(file->f_path.mnt->mnt_flags & MNT_NOEXEC)) { | ||
683 | #ifndef CONFIG_MMU | ||
684 | unsigned long caps = 0; | ||
685 | struct address_space *mapping = file->f_mapping; | ||
686 | if (mapping && mapping->backing_dev_info) | ||
687 | caps = mapping->backing_dev_info->capabilities; | ||
688 | if (!(caps & BDI_CAP_EXEC_MAP)) | ||
689 | return prot; | ||
690 | #endif | ||
691 | return prot | PROT_EXEC; | ||
692 | } | ||
693 | /* anything on noexec mount won't get PROT_EXEC */ | ||
694 | return prot; | ||
695 | } | ||
665 | 696 | ||
666 | ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); | 697 | int security_mmap_file(struct file *file, unsigned long prot, |
698 | unsigned long flags) | ||
699 | { | ||
700 | int ret; | ||
701 | ret = security_ops->mmap_file(file, prot, | ||
702 | mmap_prot(file, prot), flags); | ||
667 | if (ret) | 703 | if (ret) |
668 | return ret; | 704 | return ret; |
669 | return ima_file_mmap(file, prot); | 705 | return ima_file_mmap(file, prot); |
670 | } | 706 | } |
671 | 707 | ||
708 | int security_mmap_addr(unsigned long addr) | ||
709 | { | ||
710 | return security_ops->mmap_addr(addr); | ||
711 | } | ||
712 | |||
672 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, | 713 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, |
673 | unsigned long prot) | 714 | unsigned long prot) |
674 | { | 715 | { |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fa2341b68331..372ec6502aa8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -3083,9 +3083,7 @@ error: | |||
3083 | return rc; | 3083 | return rc; |
3084 | } | 3084 | } |
3085 | 3085 | ||
3086 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 3086 | static int selinux_mmap_addr(unsigned long addr) |
3087 | unsigned long prot, unsigned long flags, | ||
3088 | unsigned long addr, unsigned long addr_only) | ||
3089 | { | 3087 | { |
3090 | int rc = 0; | 3088 | int rc = 0; |
3091 | u32 sid = current_sid(); | 3089 | u32 sid = current_sid(); |
@@ -3104,10 +3102,12 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
3104 | } | 3102 | } |
3105 | 3103 | ||
3106 | /* do DAC check on address space usage */ | 3104 | /* do DAC check on address space usage */ |
3107 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 3105 | return cap_mmap_addr(addr); |
3108 | if (rc || addr_only) | 3106 | } |
3109 | return rc; | ||
3110 | 3107 | ||
3108 | static int selinux_mmap_file(struct file *file, unsigned long reqprot, | ||
3109 | unsigned long prot, unsigned long flags) | ||
3110 | { | ||
3111 | if (selinux_checkreqprot) | 3111 | if (selinux_checkreqprot) |
3112 | prot = reqprot; | 3112 | prot = reqprot; |
3113 | 3113 | ||
@@ -5570,7 +5570,8 @@ static struct security_operations selinux_ops = { | |||
5570 | .file_alloc_security = selinux_file_alloc_security, | 5570 | .file_alloc_security = selinux_file_alloc_security, |
5571 | .file_free_security = selinux_file_free_security, | 5571 | .file_free_security = selinux_file_free_security, |
5572 | .file_ioctl = selinux_file_ioctl, | 5572 | .file_ioctl = selinux_file_ioctl, |
5573 | .file_mmap = selinux_file_mmap, | 5573 | .mmap_file = selinux_mmap_file, |
5574 | .mmap_addr = selinux_mmap_addr, | ||
5574 | .file_mprotect = selinux_file_mprotect, | 5575 | .file_mprotect = selinux_file_mprotect, |
5575 | .file_lock = selinux_file_lock, | 5576 | .file_lock = selinux_file_lock, |
5576 | .file_fcntl = selinux_file_fcntl, | 5577 | .file_fcntl = selinux_file_fcntl, |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4e93f9ef970b..3ad290251288 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -1259,12 +1259,8 @@ static int sel_make_bools(void) | |||
1259 | if (!inode) | 1259 | if (!inode) |
1260 | goto out; | 1260 | goto out; |
1261 | 1261 | ||
1262 | ret = -EINVAL; | ||
1263 | len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); | ||
1264 | if (len < 0) | ||
1265 | goto out; | ||
1266 | |||
1267 | ret = -ENAMETOOLONG; | 1262 | ret = -ENAMETOOLONG; |
1263 | len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); | ||
1268 | if (len >= PAGE_SIZE) | 1264 | if (len >= PAGE_SIZE) |
1269 | goto out; | 1265 | goto out; |
1270 | 1266 | ||
@@ -1557,19 +1553,10 @@ static inline u32 sel_ino_to_perm(unsigned long ino) | |||
1557 | static ssize_t sel_read_class(struct file *file, char __user *buf, | 1553 | static ssize_t sel_read_class(struct file *file, char __user *buf, |
1558 | size_t count, loff_t *ppos) | 1554 | size_t count, loff_t *ppos) |
1559 | { | 1555 | { |
1560 | ssize_t rc, len; | ||
1561 | char *page; | ||
1562 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1556 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; |
1563 | 1557 | char res[TMPBUFLEN]; | |
1564 | page = (char *)__get_free_page(GFP_KERNEL); | 1558 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); |
1565 | if (!page) | 1559 | return simple_read_from_buffer(buf, count, ppos, res, len); |
1566 | return -ENOMEM; | ||
1567 | |||
1568 | len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino)); | ||
1569 | rc = simple_read_from_buffer(buf, count, ppos, page, len); | ||
1570 | free_page((unsigned long)page); | ||
1571 | |||
1572 | return rc; | ||
1573 | } | 1560 | } |
1574 | 1561 | ||
1575 | static const struct file_operations sel_class_ops = { | 1562 | static const struct file_operations sel_class_ops = { |
@@ -1580,19 +1567,10 @@ static const struct file_operations sel_class_ops = { | |||
1580 | static ssize_t sel_read_perm(struct file *file, char __user *buf, | 1567 | static ssize_t sel_read_perm(struct file *file, char __user *buf, |
1581 | size_t count, loff_t *ppos) | 1568 | size_t count, loff_t *ppos) |
1582 | { | 1569 | { |
1583 | ssize_t rc, len; | ||
1584 | char *page; | ||
1585 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1570 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; |
1586 | 1571 | char res[TMPBUFLEN]; | |
1587 | page = (char *)__get_free_page(GFP_KERNEL); | 1572 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); |
1588 | if (!page) | 1573 | return simple_read_from_buffer(buf, count, ppos, res, len); |
1589 | return -ENOMEM; | ||
1590 | |||
1591 | len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino)); | ||
1592 | rc = simple_read_from_buffer(buf, count, ppos, page, len); | ||
1593 | free_page((unsigned long)page); | ||
1594 | |||
1595 | return rc; | ||
1596 | } | 1574 | } |
1597 | 1575 | ||
1598 | static const struct file_operations sel_perm_ops = { | 1576 | static const struct file_operations sel_perm_ops = { |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d583c0545808..ee0bb5735f35 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -1171,7 +1171,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
1171 | } | 1171 | } |
1172 | 1172 | ||
1173 | /** | 1173 | /** |
1174 | * smack_file_mmap : | 1174 | * smack_mmap_file : |
1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. | 1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. |
1176 | * if mapping anonymous memory. | 1176 | * if mapping anonymous memory. |
1177 | * @file contains the file structure for file to map (may be NULL). | 1177 | * @file contains the file structure for file to map (may be NULL). |
@@ -1180,10 +1180,9 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
1180 | * @flags contains the operational flags. | 1180 | * @flags contains the operational flags. |
1181 | * Return 0 if permission is granted. | 1181 | * Return 0 if permission is granted. |
1182 | */ | 1182 | */ |
1183 | static int smack_file_mmap(struct file *file, | 1183 | static int smack_mmap_file(struct file *file, |
1184 | unsigned long reqprot, unsigned long prot, | 1184 | unsigned long reqprot, unsigned long prot, |
1185 | unsigned long flags, unsigned long addr, | 1185 | unsigned long flags) |
1186 | unsigned long addr_only) | ||
1187 | { | 1186 | { |
1188 | struct smack_known *skp; | 1187 | struct smack_known *skp; |
1189 | struct smack_rule *srp; | 1188 | struct smack_rule *srp; |
@@ -1198,11 +1197,6 @@ static int smack_file_mmap(struct file *file, | |||
1198 | int tmay; | 1197 | int tmay; |
1199 | int rc; | 1198 | int rc; |
1200 | 1199 | ||
1201 | /* do DAC check on address space usage */ | ||
1202 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | ||
1203 | if (rc || addr_only) | ||
1204 | return rc; | ||
1205 | |||
1206 | if (file == NULL || file->f_dentry == NULL) | 1200 | if (file == NULL || file->f_dentry == NULL) |
1207 | return 0; | 1201 | return 0; |
1208 | 1202 | ||
@@ -3482,7 +3476,8 @@ struct security_operations smack_ops = { | |||
3482 | .file_ioctl = smack_file_ioctl, | 3476 | .file_ioctl = smack_file_ioctl, |
3483 | .file_lock = smack_file_lock, | 3477 | .file_lock = smack_file_lock, |
3484 | .file_fcntl = smack_file_fcntl, | 3478 | .file_fcntl = smack_file_fcntl, |
3485 | .file_mmap = smack_file_mmap, | 3479 | .mmap_file = smack_mmap_file, |
3480 | .mmap_addr = cap_mmap_addr, | ||
3486 | .file_set_fowner = smack_file_set_fowner, | 3481 | .file_set_fowner = smack_file_set_fowner, |
3487 | .file_send_sigiotask = smack_file_send_sigiotask, | 3482 | .file_send_sigiotask = smack_file_send_sigiotask, |
3488 | .file_receive = smack_file_receive, | 3483 | .file_receive = smack_file_receive, |