7 files changed, 44 insertions, 113 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 90db5c76cf6e..0c62798ac7d8 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -67,9 +67,10 @@ asmlinkage long sys_add_key(const char __user *_type,
        description = kmalloc(dlen + 1, GFP_KERNEL);
        if (!description)
                goto error;
+        description[dlen] = '\0';
        ret = -EFAULT;
-        if (copy_from_user(description, _description, dlen + 1) != 0)
+        if (copy_from_user(description, _description, dlen) != 0)
                goto error2;
        /* pull the payload in if one was supplied */
@@ -161,9 +162,10 @@ asmlinkage long sys_request_key(const char __user *_type,
        description = kmalloc(dlen + 1, GFP_KERNEL);
        if (!description)
                goto error;
+        description[dlen] = '\0';
        ret = -EFAULT;
-        if (copy_from_user(description, _description, dlen + 1) != 0)
+        if (copy_from_user(description, _description, dlen) != 0)
                goto error2;
        /* pull the callout info into kernel space */
@@ -182,9 +184,10 @@ asmlinkage long sys_request_key(const char __user *_type,
                callout_info = kmalloc(dlen + 1, GFP_KERNEL);
                if (!callout_info)
                        goto error2;
+                callout_info[dlen] = '\0';
                ret = -EFAULT;
-                if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0)
+                if (copy_from_user(callout_info, _callout_info, dlen) != 0)
                        goto error3;
        }
@@ -279,9 +282,10 @@ long keyctl_join_session_keyring(const char __user *_name)
                name = kmalloc(nlen + 1, GFP_KERNEL);
                if (!name)
                        goto error;
+                name[nlen] = '\0';
                ret = -EFAULT;
-                if (copy_from_user(name, _name, nlen + 1) != 0)
+                if (copy_from_user(name, _name, nlen) != 0)
                        goto error2;
        }
@@ -583,9 +587,10 @@ long keyctl_keyring_search(key_serial_t ringid,
        description = kmalloc(dlen + 1, GFP_KERNEL);
        if (!description)
                goto error;
+        description[dlen] = '\0';
        ret = -EFAULT;
-        if (copy_from_user(description, _description, dlen + 1) != 0)
+        if (copy_from_user(description, _description, dlen) != 0)
                goto error2;
        /* get the keyring at which to begin the search */
diff --git a/security/seclvl.c b/security/seclvl.c
index 1caac0164643..8529ea6f7aa8 100644
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -368,8 +368,8 @@ static int seclvl_capable(struct task_struct *tsk, int cap)
 */
 static int seclvl_settime(struct timespec *tv, struct timezone *tz)
 {
-        struct timespec now;
+        if (tv && seclvl > 1) {
-        if (seclvl > 1) {
+                struct timespec now;
                now = current_kernel_time();
                if (tv->tv_sec < now.tv_sec ||
                    (tv->tv_sec == now.tv_sec && tv->tv_nsec < now.tv_nsec)) {
diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index b59582b92283..f636f53ca544 100644
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -1,6 +1,6 @@
 config SECURITY_SELINUX
        bool "NSA SELinux Support"
-        depends on SECURITY && NET && INET
+        depends on SECURITY_NETWORK && AUDIT && NET && INET
        default n
        help
          This selects NSA Security-Enhanced Linux (SELinux).
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index 06d54d9d20a5..688c0a267b62 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -4,9 +4,7 @@
 obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/
-selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o
+selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o
-selinux-$(CONFIG_SECURITY_NETWORK) += netif.o
 selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 53d6c7bbf564..ac5d69bb3377 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -43,13 +43,11 @@ static const struct av_perm_to_string
 #undef S_
 };
-#ifdef CONFIG_AUDIT
 static const char *class_to_string[] = {
 #define S_(s) s,
 #include "class_to_string.h"
 #undef S_
 };
-#endif
 #define TB_(s) static const char * s [] = {
 #define TE_(s) };
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b9f8d9731c3d..b7773bf68efa 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -127,7 +127,6 @@ static int task_alloc_security(struct task_struct *task)
        if (!tsec)
                return -ENOMEM;
-        tsec->magic = SELINUX_MAGIC;
        tsec->task = task;
        tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
        task->security = tsec;
@@ -138,10 +137,6 @@ static int task_alloc_security(struct task_struct *task)
 static void task_free_security(struct task_struct *task)
 {
        struct task_security_struct *tsec = task->security;
-        if (!tsec || tsec->magic != SELINUX_MAGIC)
-                return;
        task->security = NULL;
        kfree(tsec);
 }
@@ -157,14 +152,10 @@ static int inode_alloc_security(struct inode *inode)
        init_MUTEX(&isec->sem);
        INIT_LIST_HEAD(&isec->list);
-        isec->magic = SELINUX_MAGIC;
        isec->inode = inode;
        isec->sid = SECINITSID_UNLABELED;
        isec->sclass = SECCLASS_FILE;
-        if (tsec && tsec->magic == SELINUX_MAGIC)
+        isec->task_sid = tsec->sid;
-                isec->task_sid = tsec->sid;
-        else
-                isec->task_sid = SECINITSID_UNLABELED;
        inode->i_security = isec;
        return 0;
@@ -175,9 +166,6 @@ static void inode_free_security(struct inode *inode)
        struct inode_security_struct *isec = inode->i_security;
        struct superblock_security_struct *sbsec = inode->i_sb->s_security;
-        if (!isec || isec->magic != SELINUX_MAGIC)
-                return;
        spin_lock(&sbsec->isec_lock);
        if (!list_empty(&isec->list))
                list_del_init(&isec->list);
@@ -192,19 +180,13 @@ static int file_alloc_security(struct file *file)
        struct task_security_struct *tsec = current->security;
        struct file_security_struct *fsec;
-        fsec = kzalloc(sizeof(struct file_security_struct), GFP_ATOMIC);
+        fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
        if (!fsec)
                return -ENOMEM;
-        fsec->magic = SELINUX_MAGIC;
        fsec->file = file;
-        if (tsec && tsec->magic == SELINUX_MAGIC) {
+        fsec->sid = tsec->sid;
-                fsec->sid = tsec->sid;
+        fsec->fown_sid = tsec->sid;
-                fsec->fown_sid = tsec->sid;
-        } else {
-                fsec->sid = SECINITSID_UNLABELED;
-                fsec->fown_sid = SECINITSID_UNLABELED;
-        }
        file->f_security = fsec;
        return 0;
@@ -213,10 +195,6 @@ static int file_alloc_security(struct file *file)
 static void file_free_security(struct file *file)
 {
        struct file_security_struct *fsec = file->f_security;
-        if (!fsec || fsec->magic != SELINUX_MAGIC)
-                return;
        file->f_security = NULL;
        kfree(fsec);
 }
@@ -233,7 +211,6 @@ static int superblock_alloc_security(struct super_block *sb)
        INIT_LIST_HEAD(&sbsec->list);
        INIT_LIST_HEAD(&sbsec->isec_head);
        spin_lock_init(&sbsec->isec_lock);
-        sbsec->magic = SELINUX_MAGIC;
        sbsec->sb = sb;
        sbsec->sid = SECINITSID_UNLABELED;
        sbsec->def_sid = SECINITSID_FILE;
@@ -246,9 +223,6 @@ static void superblock_free_security(struct super_block *sb)
 {
        struct superblock_security_struct *sbsec = sb->s_security;
-        if (!sbsec || sbsec->magic != SELINUX_MAGIC)
-                return;
        spin_lock(&sb_security_lock);
        if (!list_empty(&sbsec->list))
                list_del_init(&sbsec->list);
@@ -258,7 +232,6 @@ static void superblock_free_security(struct super_block *sb)
        kfree(sbsec);
 }
-#ifdef CONFIG_SECURITY_NETWORK
 static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
 {
        struct sk_security_struct *ssec;
@@ -270,7 +243,6 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
        if (!ssec)
                return -ENOMEM;
-        ssec->magic = SELINUX_MAGIC;
        ssec->sk = sk;
        ssec->peer_sid = SECINITSID_UNLABELED;
        sk->sk_security = ssec;
@@ -282,13 +254,12 @@ static void sk_free_security(struct sock *sk)
 {
        struct sk_security_struct *ssec = sk->sk_security;
-        if (sk->sk_family != PF_UNIX || ssec->magic != SELINUX_MAGIC)
+        if (sk->sk_family != PF_UNIX)
                return;
        sk->sk_security = NULL;
        kfree(ssec);
 }
-#endif  /* CONFIG_SECURITY_NETWORK */
 /* The security server must be initialized before
   any labeling or access decisions can be provided. */
@@ -1483,7 +1454,6 @@ static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
        if (!bsec)
                return -ENOMEM;
-        bsec->magic = SELINUX_MAGIC;
        bsec->bprm = bprm;
        bsec->sid = SECINITSID_UNLABELED;
        bsec->set = 0;
@@ -2454,35 +2424,27 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                prot = reqprot;
 #ifndef CONFIG_PPC32
-        if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
+        if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
-           (vma->vm_start >= vma->vm_mm->start_brk &&
+                rc = 0;
-            vma->vm_end <= vma->vm_mm->brk)) {
+                if (vma->vm_start >= vma->vm_mm->start_brk &&
-                /*
+                    vma->vm_end <= vma->vm_mm->brk) {
-                 * We are making an executable mapping in the brk region.
+                        rc = task_has_perm(current, current,
-                 * This has an additional execheap check.
+                                           PROCESS__EXECHEAP);
-                 */
+                } else if (!vma->vm_file &&
-                rc = task_has_perm(current, current, PROCESS__EXECHEAP);
+                           vma->vm_start <= vma->vm_mm->start_stack &&
-                if (rc)
+                           vma->vm_end >= vma->vm_mm->start_stack) {
-                        return rc;
+                        rc = task_has_perm(current, current, PROCESS__EXECSTACK);
-        }
+                } else if (vma->vm_file && vma->anon_vma) {
-        if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
+                        /*
-                /*
+                         * We are making executable a file mapping that has
-                 * We are making executable a file mapping that has
+                         * had some COW done. Since pages might have been
-                 * had some COW done. Since pages might have been written,
+                         * written, check ability to execute the possibly
-                 * check ability to execute the possibly modified content.
+                         * modified content.  This typically should only
-                 * This typically should only occur for text relocations.
+                         * occur for text relocations.
-                 */
+                         */
-                int rc = file_has_perm(current, vma->vm_file, FILE__EXECMOD);
+                        rc = file_has_perm(current, vma->vm_file,
-                if (rc)
+                                           FILE__EXECMOD);
-                        return rc;
+                }
-        }
-        if (!vma->vm_file && (prot & PROT_EXEC) &&
-                vma->vm_start <= vma->vm_mm->start_stack &&
-                vma->vm_end >= vma->vm_mm->start_stack) {
-                /* Attempt to make the process stack executable.
-                 * This has an additional execstack check.
-                 */
-                rc = task_has_perm(current, current, PROCESS__EXECSTACK);
                if (rc)
                        return rc;
        }
@@ -2772,8 +2734,6 @@ static void selinux_task_to_inode(struct task_struct *p,
        return;
 }
-#ifdef CONFIG_SECURITY_NETWORK
 /* Returns error only if unable to parse addresses */
 static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad)
 {
@@ -3592,15 +3552,6 @@ static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum,
 #endif  /* CONFIG_NETFILTER */
-#else
-static inline int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
-{
-        return 0;
-}
-#endif  /* CONFIG_SECURITY_NETWORK */
 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
        struct task_security_struct *tsec;
@@ -3642,14 +3593,9 @@ static int ipc_alloc_security(struct task_struct *task,
        if (!isec)
                return -ENOMEM;
-        isec->magic = SELINUX_MAGIC;
        isec->sclass = sclass;
        isec->ipc_perm = perm;
-        if (tsec) {
+        isec->sid = tsec->sid;
-                isec->sid = tsec->sid;
-        } else {
-                isec->sid = SECINITSID_UNLABELED;
-        }
        perm->security = isec;
        return 0;
@@ -3658,9 +3604,6 @@ static int ipc_alloc_security(struct task_struct *task,
 static void ipc_free_security(struct kern_ipc_perm *perm)
 {
        struct ipc_security_struct *isec = perm->security;
-        if (!isec || isec->magic != SELINUX_MAGIC)
-                return;
        perm->security = NULL;
        kfree(isec);
 }
@@ -3673,7 +3616,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
        if (!msec)
                return -ENOMEM;
-        msec->magic = SELINUX_MAGIC;
        msec->msg = msg;
        msec->sid = SECINITSID_UNLABELED;
        msg->security = msec;
@@ -3684,8 +3626,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
 static void msg_msg_free_security(struct msg_msg *msg)
 {
        struct msg_security_struct *msec = msg->security;
-        if (!msec || msec->magic != SELINUX_MAGIC)
-                return;
        msg->security = NULL;
        kfree(msec);
@@ -4387,7 +4327,6 @@ static struct security_operations selinux_ops = {
        .getprocattr =                  selinux_getprocattr,
        .setprocattr =                  selinux_setprocattr,
-#ifdef CONFIG_SECURITY_NETWORK
        .unix_stream_connect =          selinux_socket_unix_stream_connect,
        .unix_may_send =                selinux_socket_unix_may_send,
@@ -4409,7 +4348,6 @@ static struct security_operations selinux_ops = {
        .sk_alloc_security =            selinux_sk_alloc_security,
        .sk_free_security =             selinux_sk_free_security,
        .sk_getsid =                    selinux_sk_getsid_security,
-#endif
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
        .xfrm_policy_alloc_security =   selinux_xfrm_policy_alloc,
@@ -4487,7 +4425,7 @@ next_sb:
   all processes and objects when they are created. */
 security_initcall(selinux_init);
-#if defined(CONFIG_SECURITY_NETWORK) && defined(CONFIG_NETFILTER)
+#if defined(CONFIG_NETFILTER)
 static struct nf_hook_ops selinux_ipv4_op = {
        .hook =         selinux_ipv4_postroute_last,
@@ -4548,13 +4486,13 @@ static void selinux_nf_ip_exit(void)
 }
 #endif
-#else /* CONFIG_SECURITY_NETWORK && CONFIG_NETFILTER */
+#else /* CONFIG_NETFILTER */
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 #define selinux_nf_ip_exit()
 #endif
-#endif /* CONFIG_SECURITY_NETWORK && CONFIG_NETFILTER */
+#endif /* CONFIG_NETFILTER */
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 int selinux_disable(void)
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 887937c8134a..54c030778882 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -27,7 +27,6 @@
 #include "avc.h"
 struct task_security_struct {
-        unsigned long magic;           /* magic number for this module */
        struct task_struct *task;      /* back pointer to task object */
        u32 osid;            /* SID prior to last execve */
        u32 sid;             /* current SID */
@@ -37,7 +36,6 @@ struct task_security_struct {
 };
 struct inode_security_struct {
-        unsigned long magic;           /* magic number for this module */
        struct inode *inode;           /* back pointer to inode object */
        struct list_head list;         /* list of inode_security_struct */
        u32 task_sid;        /* SID of creating task */
@@ -49,14 +47,12 @@ struct inode_security_struct {
 };
 struct file_security_struct {
-        unsigned long magic;            /* magic number for this module */
        struct file *file;              /* back pointer to file object */
        u32 sid;              /* SID of open file description */
        u32 fown_sid;         /* SID of file owner (for SIGIO) */
 };
 struct superblock_security_struct {
-        unsigned long magic;            /* magic number for this module */
        struct super_block *sb;         /* back pointer to sb object */
        struct list_head list;          /* list of superblock_security_struct */
        u32 sid;              /* SID of file system */
@@ -70,20 +66,17 @@ struct superblock_security_struct {
 };
 struct msg_security_struct {
-        unsigned long magic;            /* magic number for this module */
        struct msg_msg *msg;            /* back pointer */
        u32 sid;              /* SID of message */
 };
 struct ipc_security_struct {
-        unsigned long magic;            /* magic number for this module */
        struct kern_ipc_perm *ipc_perm; /* back pointer */
        u16 sclass;     /* security class of this object */
        u32 sid;              /* SID of IPC resource */
 };
 struct bprm_security_struct {
-        unsigned long magic;           /* magic number for this module */
        struct linux_binprm *bprm;     /* back pointer to bprm object */
        u32 sid;                       /* SID for transformed process */
        unsigned char set;
@@ -102,7 +95,6 @@ struct netif_security_struct {
 };
 struct sk_security_struct {
-        unsigned long magic;            /* magic number for this module */
        struct sock *sk;                /* back pointer to sk object */
        u32 peer_sid;                   /* SID of peer */
 };