aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/keys/key.c2
-rw-r--r--security/keys/process_keys.c2
-rw-r--r--security/selinux/hooks.c24
-rw-r--r--security/selinux/include/av_perm_to_string.h2
-rw-r--r--security/selinux/include/av_permissions.h2
-rw-r--r--security/selinux/selinuxfs.c9
-rw-r--r--security/selinux/ss/conditional.c9
-rw-r--r--security/selinux/ss/policydb.c15
-rw-r--r--security/selinux/ss/services.c6
9 files changed, 41 insertions, 30 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 3304d37bb379..fb89f9844465 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -980,7 +980,7 @@ void unregister_key_type(struct key_type *ktype)
980 spin_unlock(&key_serial_lock); 980 spin_unlock(&key_serial_lock);
981 981
982 /* make sure everyone revalidates their keys */ 982 /* make sure everyone revalidates their keys */
983 synchronize_kernel(); 983 synchronize_rcu();
984 984
985 /* we should now be able to destroy the payloads of all the keys of 985 /* we should now be able to destroy the payloads of all the keys of
986 * this type with impunity */ 986 * this type with impunity */
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 34db087bbcc7..9b0369c5a223 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -234,7 +234,7 @@ static int install_session_keyring(struct task_struct *tsk,
234 ret = 0; 234 ret = 0;
235 235
236 /* we're using RCU on the pointer */ 236 /* we're using RCU on the pointer */
237 synchronize_kernel(); 237 synchronize_rcu();
238 key_put(old); 238 key_put(old);
239 error: 239 error:
240 return ret; 240 return ret;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 87302a49067b..17a1189f1ff8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1658,9 +1658,8 @@ static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1658 1658
1659static void selinux_bprm_free_security(struct linux_binprm *bprm) 1659static void selinux_bprm_free_security(struct linux_binprm *bprm)
1660{ 1660{
1661 struct bprm_security_struct *bsec = bprm->security; 1661 kfree(bprm->security);
1662 bprm->security = NULL; 1662 bprm->security = NULL;
1663 kfree(bsec);
1664} 1663}
1665 1664
1666extern struct vfsmount *selinuxfs_mount; 1665extern struct vfsmount *selinuxfs_mount;
@@ -2477,6 +2476,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
2477 prot = reqprot; 2476 prot = reqprot;
2478 2477
2479#ifndef CONFIG_PPC32 2478#ifndef CONFIG_PPC32
2479 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
2480 (vma->vm_start >= vma->vm_mm->start_brk &&
2481 vma->vm_end <= vma->vm_mm->brk)) {
2482 /*
2483 * We are making an executable mapping in the brk region.
2484 * This has an additional execheap check.
2485 */
2486 rc = task_has_perm(current, current, PROCESS__EXECHEAP);
2487 if (rc)
2488 return rc;
2489 }
2480 if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { 2490 if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
2481 /* 2491 /*
2482 * We are making executable a file mapping that has 2492 * We are making executable a file mapping that has
@@ -2488,6 +2498,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
2488 if (rc) 2498 if (rc)
2489 return rc; 2499 return rc;
2490 } 2500 }
2501 if (!vma->vm_file && (prot & PROT_EXEC) &&
2502 vma->vm_start <= vma->vm_mm->start_stack &&
2503 vma->vm_end >= vma->vm_mm->start_stack) {
2504 /* Attempt to make the process stack executable.
2505 * This has an additional execstack check.
2506 */
2507 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2508 if (rc)
2509 return rc;
2510 }
2491#endif 2511#endif
2492 2512
2493 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); 2513 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 8928bb4d3c53..1deb59e1b762 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -70,6 +70,8 @@
70 S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") 70 S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") 71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") 72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
73 S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
74 S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
73 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") 75 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
74 S_(SECCLASS_MSG, MSG__SEND, "send") 76 S_(SECCLASS_MSG, MSG__SEND, "send")
75 S_(SECCLASS_MSG, MSG__RECEIVE, "receive") 77 S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index bdfce4ca8f8e..a78b5d59c9fc 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -465,6 +465,8 @@
465#define PROCESS__DYNTRANSITION 0x00800000UL 465#define PROCESS__DYNTRANSITION 0x00800000UL
466#define PROCESS__SETCURRENT 0x01000000UL 466#define PROCESS__SETCURRENT 0x01000000UL
467#define PROCESS__EXECMEM 0x02000000UL 467#define PROCESS__EXECMEM 0x02000000UL
468#define PROCESS__EXECSTACK 0x04000000UL
469#define PROCESS__EXECHEAP 0x08000000UL
468 470
469#define IPC__CREATE 0x00000001UL 471#define IPC__CREATE 0x00000001UL
470#define IPC__DESTROY 0x00000002UL 472#define IPC__DESTROY 0x00000002UL
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 07221568b505..8eb140dd2e4b 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -951,8 +951,7 @@ static int sel_make_bools(void)
951 u32 sid; 951 u32 sid;
952 952
953 /* remove any existing files */ 953 /* remove any existing files */
954 if (bool_pending_values) 954 kfree(bool_pending_values);
955 kfree(bool_pending_values);
956 955
957 sel_remove_bools(dir); 956 sel_remove_bools(dir);
958 957
@@ -997,10 +996,8 @@ static int sel_make_bools(void)
997out: 996out:
998 free_page((unsigned long)page); 997 free_page((unsigned long)page);
999 if (names) { 998 if (names) {
1000 for (i = 0; i < num; i++) { 999 for (i = 0; i < num; i++)
1001 if (names[i]) 1000 kfree(names[i]);
1002 kfree(names[i]);
1003 }
1004 kfree(names); 1001 kfree(names);
1005 } 1002 }
1006 return ret; 1003 return ret;
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index b53441184aca..e2057f5a411a 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -166,16 +166,14 @@ static void cond_list_destroy(struct cond_node *list)
166 166
167void cond_policydb_destroy(struct policydb *p) 167void cond_policydb_destroy(struct policydb *p)
168{ 168{
169 if (p->bool_val_to_struct != NULL) 169 kfree(p->bool_val_to_struct);
170 kfree(p->bool_val_to_struct);
171 avtab_destroy(&p->te_cond_avtab); 170 avtab_destroy(&p->te_cond_avtab);
172 cond_list_destroy(p->cond_list); 171 cond_list_destroy(p->cond_list);
173} 172}
174 173
175int cond_init_bool_indexes(struct policydb *p) 174int cond_init_bool_indexes(struct policydb *p)
176{ 175{
177 if (p->bool_val_to_struct) 176 kfree(p->bool_val_to_struct);
178 kfree(p->bool_val_to_struct);
179 p->bool_val_to_struct = (struct cond_bool_datum**) 177 p->bool_val_to_struct = (struct cond_bool_datum**)
180 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL); 178 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
181 if (!p->bool_val_to_struct) 179 if (!p->bool_val_to_struct)
@@ -185,8 +183,7 @@ int cond_init_bool_indexes(struct policydb *p)
185 183
186int cond_destroy_bool(void *key, void *datum, void *p) 184int cond_destroy_bool(void *key, void *datum, void *p)
187{ 185{
188 if (key) 186 kfree(key);
189 kfree(key);
190 kfree(datum); 187 kfree(datum);
191 return 0; 188 return 0;
192} 189}
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 14190efbf333..785c33cf4864 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -590,17 +590,12 @@ void policydb_destroy(struct policydb *p)
590 hashtab_destroy(p->symtab[i].table); 590 hashtab_destroy(p->symtab[i].table);
591 } 591 }
592 592
593 for (i = 0; i < SYM_NUM; i++) { 593 for (i = 0; i < SYM_NUM; i++)
594 if (p->sym_val_to_name[i]) 594 kfree(p->sym_val_to_name[i]);
595 kfree(p->sym_val_to_name[i]);
596 }
597 595
598 if (p->class_val_to_struct) 596 kfree(p->class_val_to_struct);
599 kfree(p->class_val_to_struct); 597 kfree(p->role_val_to_struct);
600 if (p->role_val_to_struct) 598 kfree(p->user_val_to_struct);
601 kfree(p->role_val_to_struct);
602 if (p->user_val_to_struct)
603 kfree(p->user_val_to_struct);
604 599
605 avtab_destroy(&p->te_avtab); 600 avtab_destroy(&p->te_avtab);
606 601
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b6149147d5cb..922bb45054aa 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1705,11 +1705,9 @@ out:
1705err: 1705err:
1706 if (*names) { 1706 if (*names) {
1707 for (i = 0; i < *len; i++) 1707 for (i = 0; i < *len; i++)
1708 if ((*names)[i]) 1708 kfree((*names)[i]);
1709 kfree((*names)[i]);
1710 } 1709 }
1711 if (*values) 1710 kfree(*values);
1712 kfree(*values);
1713 goto out; 1711 goto out;
1714} 1712}
1715 1713