diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/key.c | 2 | ||||
-rw-r--r-- | security/keys/process_keys.c | 2 | ||||
-rw-r--r-- | security/selinux/hooks.c | 24 | ||||
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 2 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 2 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 9 | ||||
-rw-r--r-- | security/selinux/ss/conditional.c | 9 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 15 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 6 |
9 files changed, 41 insertions, 30 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 3304d37bb379..fb89f9844465 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -980,7 +980,7 @@ void unregister_key_type(struct key_type *ktype) | |||
980 | spin_unlock(&key_serial_lock); | 980 | spin_unlock(&key_serial_lock); |
981 | 981 | ||
982 | /* make sure everyone revalidates their keys */ | 982 | /* make sure everyone revalidates their keys */ |
983 | synchronize_kernel(); | 983 | synchronize_rcu(); |
984 | 984 | ||
985 | /* we should now be able to destroy the payloads of all the keys of | 985 | /* we should now be able to destroy the payloads of all the keys of |
986 | * this type with impunity */ | 986 | * this type with impunity */ |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 34db087bbcc7..9b0369c5a223 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -234,7 +234,7 @@ static int install_session_keyring(struct task_struct *tsk, | |||
234 | ret = 0; | 234 | ret = 0; |
235 | 235 | ||
236 | /* we're using RCU on the pointer */ | 236 | /* we're using RCU on the pointer */ |
237 | synchronize_kernel(); | 237 | synchronize_rcu(); |
238 | key_put(old); | 238 | key_put(old); |
239 | error: | 239 | error: |
240 | return ret; | 240 | return ret; |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 87302a49067b..17a1189f1ff8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1658,9 +1658,8 @@ static int selinux_bprm_secureexec (struct linux_binprm *bprm) | |||
1658 | 1658 | ||
1659 | static void selinux_bprm_free_security(struct linux_binprm *bprm) | 1659 | static void selinux_bprm_free_security(struct linux_binprm *bprm) |
1660 | { | 1660 | { |
1661 | struct bprm_security_struct *bsec = bprm->security; | 1661 | kfree(bprm->security); |
1662 | bprm->security = NULL; | 1662 | bprm->security = NULL; |
1663 | kfree(bsec); | ||
1664 | } | 1663 | } |
1665 | 1664 | ||
1666 | extern struct vfsmount *selinuxfs_mount; | 1665 | extern struct vfsmount *selinuxfs_mount; |
@@ -2477,6 +2476,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
2477 | prot = reqprot; | 2476 | prot = reqprot; |
2478 | 2477 | ||
2479 | #ifndef CONFIG_PPC32 | 2478 | #ifndef CONFIG_PPC32 |
2479 | if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) && | ||
2480 | (vma->vm_start >= vma->vm_mm->start_brk && | ||
2481 | vma->vm_end <= vma->vm_mm->brk)) { | ||
2482 | /* | ||
2483 | * We are making an executable mapping in the brk region. | ||
2484 | * This has an additional execheap check. | ||
2485 | */ | ||
2486 | rc = task_has_perm(current, current, PROCESS__EXECHEAP); | ||
2487 | if (rc) | ||
2488 | return rc; | ||
2489 | } | ||
2480 | if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { | 2490 | if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { |
2481 | /* | 2491 | /* |
2482 | * We are making executable a file mapping that has | 2492 | * We are making executable a file mapping that has |
@@ -2488,6 +2498,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, | |||
2488 | if (rc) | 2498 | if (rc) |
2489 | return rc; | 2499 | return rc; |
2490 | } | 2500 | } |
2501 | if (!vma->vm_file && (prot & PROT_EXEC) && | ||
2502 | vma->vm_start <= vma->vm_mm->start_stack && | ||
2503 | vma->vm_end >= vma->vm_mm->start_stack) { | ||
2504 | /* Attempt to make the process stack executable. | ||
2505 | * This has an additional execstack check. | ||
2506 | */ | ||
2507 | rc = task_has_perm(current, current, PROCESS__EXECSTACK); | ||
2508 | if (rc) | ||
2509 | return rc; | ||
2510 | } | ||
2491 | #endif | 2511 | #endif |
2492 | 2512 | ||
2493 | return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); | 2513 | return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); |
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 8928bb4d3c53..1deb59e1b762 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -70,6 +70,8 @@ | |||
70 | S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") | 70 | S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") |
71 | S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") | 71 | S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") |
72 | S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") | 72 | S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") |
73 | S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") | ||
74 | S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") | ||
73 | S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") | 75 | S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") |
74 | S_(SECCLASS_MSG, MSG__SEND, "send") | 76 | S_(SECCLASS_MSG, MSG__SEND, "send") |
75 | S_(SECCLASS_MSG, MSG__RECEIVE, "receive") | 77 | S_(SECCLASS_MSG, MSG__RECEIVE, "receive") |
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index bdfce4ca8f8e..a78b5d59c9fc 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -465,6 +465,8 @@ | |||
465 | #define PROCESS__DYNTRANSITION 0x00800000UL | 465 | #define PROCESS__DYNTRANSITION 0x00800000UL |
466 | #define PROCESS__SETCURRENT 0x01000000UL | 466 | #define PROCESS__SETCURRENT 0x01000000UL |
467 | #define PROCESS__EXECMEM 0x02000000UL | 467 | #define PROCESS__EXECMEM 0x02000000UL |
468 | #define PROCESS__EXECSTACK 0x04000000UL | ||
469 | #define PROCESS__EXECHEAP 0x08000000UL | ||
468 | 470 | ||
469 | #define IPC__CREATE 0x00000001UL | 471 | #define IPC__CREATE 0x00000001UL |
470 | #define IPC__DESTROY 0x00000002UL | 472 | #define IPC__DESTROY 0x00000002UL |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 07221568b505..8eb140dd2e4b 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -951,8 +951,7 @@ static int sel_make_bools(void) | |||
951 | u32 sid; | 951 | u32 sid; |
952 | 952 | ||
953 | /* remove any existing files */ | 953 | /* remove any existing files */ |
954 | if (bool_pending_values) | 954 | kfree(bool_pending_values); |
955 | kfree(bool_pending_values); | ||
956 | 955 | ||
957 | sel_remove_bools(dir); | 956 | sel_remove_bools(dir); |
958 | 957 | ||
@@ -997,10 +996,8 @@ static int sel_make_bools(void) | |||
997 | out: | 996 | out: |
998 | free_page((unsigned long)page); | 997 | free_page((unsigned long)page); |
999 | if (names) { | 998 | if (names) { |
1000 | for (i = 0; i < num; i++) { | 999 | for (i = 0; i < num; i++) |
1001 | if (names[i]) | 1000 | kfree(names[i]); |
1002 | kfree(names[i]); | ||
1003 | } | ||
1004 | kfree(names); | 1001 | kfree(names); |
1005 | } | 1002 | } |
1006 | return ret; | 1003 | return ret; |
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index b53441184aca..e2057f5a411a 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -166,16 +166,14 @@ static void cond_list_destroy(struct cond_node *list) | |||
166 | 166 | ||
167 | void cond_policydb_destroy(struct policydb *p) | 167 | void cond_policydb_destroy(struct policydb *p) |
168 | { | 168 | { |
169 | if (p->bool_val_to_struct != NULL) | 169 | kfree(p->bool_val_to_struct); |
170 | kfree(p->bool_val_to_struct); | ||
171 | avtab_destroy(&p->te_cond_avtab); | 170 | avtab_destroy(&p->te_cond_avtab); |
172 | cond_list_destroy(p->cond_list); | 171 | cond_list_destroy(p->cond_list); |
173 | } | 172 | } |
174 | 173 | ||
175 | int cond_init_bool_indexes(struct policydb *p) | 174 | int cond_init_bool_indexes(struct policydb *p) |
176 | { | 175 | { |
177 | if (p->bool_val_to_struct) | 176 | kfree(p->bool_val_to_struct); |
178 | kfree(p->bool_val_to_struct); | ||
179 | p->bool_val_to_struct = (struct cond_bool_datum**) | 177 | p->bool_val_to_struct = (struct cond_bool_datum**) |
180 | kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL); | 178 | kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL); |
181 | if (!p->bool_val_to_struct) | 179 | if (!p->bool_val_to_struct) |
@@ -185,8 +183,7 @@ int cond_init_bool_indexes(struct policydb *p) | |||
185 | 183 | ||
186 | int cond_destroy_bool(void *key, void *datum, void *p) | 184 | int cond_destroy_bool(void *key, void *datum, void *p) |
187 | { | 185 | { |
188 | if (key) | 186 | kfree(key); |
189 | kfree(key); | ||
190 | kfree(datum); | 187 | kfree(datum); |
191 | return 0; | 188 | return 0; |
192 | } | 189 | } |
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 14190efbf333..785c33cf4864 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -590,17 +590,12 @@ void policydb_destroy(struct policydb *p) | |||
590 | hashtab_destroy(p->symtab[i].table); | 590 | hashtab_destroy(p->symtab[i].table); |
591 | } | 591 | } |
592 | 592 | ||
593 | for (i = 0; i < SYM_NUM; i++) { | 593 | for (i = 0; i < SYM_NUM; i++) |
594 | if (p->sym_val_to_name[i]) | 594 | kfree(p->sym_val_to_name[i]); |
595 | kfree(p->sym_val_to_name[i]); | ||
596 | } | ||
597 | 595 | ||
598 | if (p->class_val_to_struct) | 596 | kfree(p->class_val_to_struct); |
599 | kfree(p->class_val_to_struct); | 597 | kfree(p->role_val_to_struct); |
600 | if (p->role_val_to_struct) | 598 | kfree(p->user_val_to_struct); |
601 | kfree(p->role_val_to_struct); | ||
602 | if (p->user_val_to_struct) | ||
603 | kfree(p->user_val_to_struct); | ||
604 | 599 | ||
605 | avtab_destroy(&p->te_avtab); | 600 | avtab_destroy(&p->te_avtab); |
606 | 601 | ||
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index b6149147d5cb..922bb45054aa 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1705,11 +1705,9 @@ out: | |||
1705 | err: | 1705 | err: |
1706 | if (*names) { | 1706 | if (*names) { |
1707 | for (i = 0; i < *len; i++) | 1707 | for (i = 0; i < *len; i++) |
1708 | if ((*names)[i]) | 1708 | kfree((*names)[i]); |
1709 | kfree((*names)[i]); | ||
1710 | } | 1709 | } |
1711 | if (*values) | 1710 | kfree(*values); |
1712 | kfree(*values); | ||
1713 | goto out; | 1711 | goto out; |
1714 | } | 1712 | } |
1715 | 1713 | ||