diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/selinuxfs.c | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index ac6fe99bd32c..2fa483f26113 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -65,6 +65,7 @@ static DEFINE_MUTEX(sel_mutex); | |||
65 | /* global data for booleans */ | 65 | /* global data for booleans */ |
66 | static struct dentry *bool_dir = NULL; | 66 | static struct dentry *bool_dir = NULL; |
67 | static int bool_num = 0; | 67 | static int bool_num = 0; |
68 | static char **bool_pending_names; | ||
68 | static int *bool_pending_values = NULL; | 69 | static int *bool_pending_values = NULL; |
69 | 70 | ||
70 | /* global data for classes */ | 71 | /* global data for classes */ |
@@ -832,11 +833,16 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |||
832 | ssize_t length; | 833 | ssize_t length; |
833 | ssize_t ret; | 834 | ssize_t ret; |
834 | int cur_enforcing; | 835 | int cur_enforcing; |
835 | struct inode *inode; | 836 | struct inode *inode = filep->f_path.dentry->d_inode; |
837 | unsigned index = inode->i_ino & SEL_INO_MASK; | ||
838 | const char *name = filep->f_path.dentry->d_name.name; | ||
836 | 839 | ||
837 | mutex_lock(&sel_mutex); | 840 | mutex_lock(&sel_mutex); |
838 | 841 | ||
839 | ret = -EFAULT; | 842 | if (index >= bool_num || strcmp(name, bool_pending_names[index])) { |
843 | ret = -EINVAL; | ||
844 | goto out; | ||
845 | } | ||
840 | 846 | ||
841 | if (count > PAGE_SIZE) { | 847 | if (count > PAGE_SIZE) { |
842 | ret = -EINVAL; | 848 | ret = -EINVAL; |
@@ -847,15 +853,13 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |||
847 | goto out; | 853 | goto out; |
848 | } | 854 | } |
849 | 855 | ||
850 | inode = filep->f_path.dentry->d_inode; | 856 | cur_enforcing = security_get_bool_value(index); |
851 | cur_enforcing = security_get_bool_value(inode->i_ino&SEL_INO_MASK); | ||
852 | if (cur_enforcing < 0) { | 857 | if (cur_enforcing < 0) { |
853 | ret = cur_enforcing; | 858 | ret = cur_enforcing; |
854 | goto out; | 859 | goto out; |
855 | } | 860 | } |
856 | |||
857 | length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, | 861 | length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, |
858 | bool_pending_values[inode->i_ino&SEL_INO_MASK]); | 862 | bool_pending_values[index]); |
859 | ret = simple_read_from_buffer(buf, count, ppos, page, length); | 863 | ret = simple_read_from_buffer(buf, count, ppos, page, length); |
860 | out: | 864 | out: |
861 | mutex_unlock(&sel_mutex); | 865 | mutex_unlock(&sel_mutex); |
@@ -868,9 +872,11 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
868 | size_t count, loff_t *ppos) | 872 | size_t count, loff_t *ppos) |
869 | { | 873 | { |
870 | char *page = NULL; | 874 | char *page = NULL; |
871 | ssize_t length = -EFAULT; | 875 | ssize_t length; |
872 | int new_value; | 876 | int new_value; |
873 | struct inode *inode; | 877 | struct inode *inode = filep->f_path.dentry->d_inode; |
878 | unsigned index = inode->i_ino & SEL_INO_MASK; | ||
879 | const char *name = filep->f_path.dentry->d_name.name; | ||
874 | 880 | ||
875 | mutex_lock(&sel_mutex); | 881 | mutex_lock(&sel_mutex); |
876 | 882 | ||
@@ -878,12 +884,19 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
878 | if (length) | 884 | if (length) |
879 | goto out; | 885 | goto out; |
880 | 886 | ||
887 | if (index >= bool_num || strcmp(name, bool_pending_names[index])) { | ||
888 | length = -EINVAL; | ||
889 | goto out; | ||
890 | } | ||
891 | |||
881 | if (count >= PAGE_SIZE) { | 892 | if (count >= PAGE_SIZE) { |
882 | length = -ENOMEM; | 893 | length = -ENOMEM; |
883 | goto out; | 894 | goto out; |
884 | } | 895 | } |
896 | |||
885 | if (*ppos != 0) { | 897 | if (*ppos != 0) { |
886 | /* No partial writes. */ | 898 | /* No partial writes. */ |
899 | length = -EINVAL; | ||
887 | goto out; | 900 | goto out; |
888 | } | 901 | } |
889 | page = (char*)get_zeroed_page(GFP_KERNEL); | 902 | page = (char*)get_zeroed_page(GFP_KERNEL); |
@@ -892,6 +905,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
892 | goto out; | 905 | goto out; |
893 | } | 906 | } |
894 | 907 | ||
908 | length = -EFAULT; | ||
895 | if (copy_from_user(page, buf, count)) | 909 | if (copy_from_user(page, buf, count)) |
896 | goto out; | 910 | goto out; |
897 | 911 | ||
@@ -902,8 +916,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
902 | if (new_value) | 916 | if (new_value) |
903 | new_value = 1; | 917 | new_value = 1; |
904 | 918 | ||
905 | inode = filep->f_path.dentry->d_inode; | 919 | bool_pending_values[index] = new_value; |
906 | bool_pending_values[inode->i_ino&SEL_INO_MASK] = new_value; | ||
907 | length = count; | 920 | length = count; |
908 | 921 | ||
909 | out: | 922 | out: |
@@ -923,7 +936,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, | |||
923 | size_t count, loff_t *ppos) | 936 | size_t count, loff_t *ppos) |
924 | { | 937 | { |
925 | char *page = NULL; | 938 | char *page = NULL; |
926 | ssize_t length = -EFAULT; | 939 | ssize_t length; |
927 | int new_value; | 940 | int new_value; |
928 | 941 | ||
929 | mutex_lock(&sel_mutex); | 942 | mutex_lock(&sel_mutex); |
@@ -946,6 +959,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, | |||
946 | goto out; | 959 | goto out; |
947 | } | 960 | } |
948 | 961 | ||
962 | length = -EFAULT; | ||
949 | if (copy_from_user(page, buf, count)) | 963 | if (copy_from_user(page, buf, count)) |
950 | goto out; | 964 | goto out; |
951 | 965 | ||
@@ -1010,7 +1024,9 @@ static int sel_make_bools(void) | |||
1010 | u32 sid; | 1024 | u32 sid; |
1011 | 1025 | ||
1012 | /* remove any existing files */ | 1026 | /* remove any existing files */ |
1027 | kfree(bool_pending_names); | ||
1013 | kfree(bool_pending_values); | 1028 | kfree(bool_pending_values); |
1029 | bool_pending_names = NULL; | ||
1014 | bool_pending_values = NULL; | 1030 | bool_pending_values = NULL; |
1015 | 1031 | ||
1016 | sel_remove_entries(dir); | 1032 | sel_remove_entries(dir); |
@@ -1052,16 +1068,17 @@ static int sel_make_bools(void) | |||
1052 | d_add(dentry, inode); | 1068 | d_add(dentry, inode); |
1053 | } | 1069 | } |
1054 | bool_num = num; | 1070 | bool_num = num; |
1071 | bool_pending_names = names; | ||
1055 | bool_pending_values = values; | 1072 | bool_pending_values = values; |
1056 | out: | 1073 | out: |
1057 | free_page((unsigned long)page); | 1074 | free_page((unsigned long)page); |
1075 | return ret; | ||
1076 | err: | ||
1058 | if (names) { | 1077 | if (names) { |
1059 | for (i = 0; i < num; i++) | 1078 | for (i = 0; i < num; i++) |
1060 | kfree(names[i]); | 1079 | kfree(names[i]); |
1061 | kfree(names); | 1080 | kfree(names); |
1062 | } | 1081 | } |
1063 | return ret; | ||
1064 | err: | ||
1065 | kfree(values); | 1082 | kfree(values); |
1066 | sel_remove_entries(dir); | 1083 | sel_remove_entries(dir); |
1067 | ret = -ENOMEM; | 1084 | ret = -ENOMEM; |