diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 4 | ||||
-rw-r--r-- | security/selinux/ss/avtab.c | 8 | ||||
-rw-r--r-- | security/selinux/ss/conditional.c | 12 | ||||
-rw-r--r-- | security/selinux/ss/ebitmap.c | 5 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 60 |
5 files changed, 52 insertions, 37 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 451502467a9b..cf6020f85403 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -490,7 +490,7 @@ out: | |||
490 | } | 490 | } |
491 | 491 | ||
492 | static inline void avc_print_ipv6_addr(struct audit_buffer *ab, | 492 | static inline void avc_print_ipv6_addr(struct audit_buffer *ab, |
493 | struct in6_addr *addr, u16 port, | 493 | struct in6_addr *addr, __be16 port, |
494 | char *name1, char *name2) | 494 | char *name1, char *name2) |
495 | { | 495 | { |
496 | if (!ipv6_addr_any(addr)) | 496 | if (!ipv6_addr_any(addr)) |
@@ -501,7 +501,7 @@ static inline void avc_print_ipv6_addr(struct audit_buffer *ab, | |||
501 | } | 501 | } |
502 | 502 | ||
503 | static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr, | 503 | static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr, |
504 | u16 port, char *name1, char *name2) | 504 | __be16 port, char *name1, char *name2) |
505 | { | 505 | { |
506 | if (addr) | 506 | if (addr) |
507 | audit_log_format(ab, " %s=%d.%d.%d.%d", name1, NIPQUAD(addr)); | 507 | audit_log_format(ab, " %s=%d.%d.%d.%d", name1, NIPQUAD(addr)); |
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 2e71af67b5d8..dde094feb20d 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c | |||
@@ -297,8 +297,10 @@ int avtab_read_item(void *fp, u32 vers, struct avtab *a, | |||
297 | struct avtab_datum *d, void *p), | 297 | struct avtab_datum *d, void *p), |
298 | void *p) | 298 | void *p) |
299 | { | 299 | { |
300 | u16 buf16[4], enabled; | 300 | __le16 buf16[4]; |
301 | u32 buf32[7], items, items2, val; | 301 | u16 enabled; |
302 | __le32 buf32[7]; | ||
303 | u32 items, items2, val; | ||
302 | struct avtab_key key; | 304 | struct avtab_key key; |
303 | struct avtab_datum datum; | 305 | struct avtab_datum datum; |
304 | int i, rc; | 306 | int i, rc; |
@@ -403,7 +405,7 @@ static int avtab_insertf(struct avtab *a, struct avtab_key *k, | |||
403 | int avtab_read(struct avtab *a, void *fp, u32 vers) | 405 | int avtab_read(struct avtab *a, void *fp, u32 vers) |
404 | { | 406 | { |
405 | int rc; | 407 | int rc; |
406 | u32 buf[1]; | 408 | __le32 buf[1]; |
407 | u32 nel, i; | 409 | u32 nel, i; |
408 | 410 | ||
409 | 411 | ||
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index b81cd6688978..daf288007460 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -216,7 +216,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) | |||
216 | { | 216 | { |
217 | char *key = NULL; | 217 | char *key = NULL; |
218 | struct cond_bool_datum *booldatum; | 218 | struct cond_bool_datum *booldatum; |
219 | u32 buf[3], len; | 219 | __le32 buf[3]; |
220 | u32 len; | ||
220 | int rc; | 221 | int rc; |
221 | 222 | ||
222 | booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); | 223 | booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); |
@@ -342,7 +343,8 @@ err: | |||
342 | static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other) | 343 | static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other) |
343 | { | 344 | { |
344 | int i, rc; | 345 | int i, rc; |
345 | u32 buf[1], len; | 346 | __le32 buf[1]; |
347 | u32 len; | ||
346 | struct cond_insertf_data data; | 348 | struct cond_insertf_data data; |
347 | 349 | ||
348 | *ret_list = NULL; | 350 | *ret_list = NULL; |
@@ -388,7 +390,8 @@ static int expr_isvalid(struct policydb *p, struct cond_expr *expr) | |||
388 | 390 | ||
389 | static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) | 391 | static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) |
390 | { | 392 | { |
391 | u32 buf[2], len, i; | 393 | __le32 buf[2]; |
394 | u32 len, i; | ||
392 | int rc; | 395 | int rc; |
393 | struct cond_expr *expr = NULL, *last = NULL; | 396 | struct cond_expr *expr = NULL, *last = NULL; |
394 | 397 | ||
@@ -446,7 +449,8 @@ err: | |||
446 | int cond_read_list(struct policydb *p, void *fp) | 449 | int cond_read_list(struct policydb *p, void *fp) |
447 | { | 450 | { |
448 | struct cond_node *node, *last = NULL; | 451 | struct cond_node *node, *last = NULL; |
449 | u32 buf[1], i, len; | 452 | __le32 buf[1]; |
453 | u32 i, len; | ||
450 | int rc; | 454 | int rc; |
451 | 455 | ||
452 | rc = next_entry(buf, fp, sizeof buf); | 456 | rc = next_entry(buf, fp, sizeof buf); |
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index d8ce9cc0b9f1..d515154128cc 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c | |||
@@ -196,8 +196,9 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
196 | { | 196 | { |
197 | int rc; | 197 | int rc; |
198 | struct ebitmap_node *n, *l; | 198 | struct ebitmap_node *n, *l; |
199 | u32 buf[3], mapsize, count, i; | 199 | __le32 buf[3]; |
200 | u64 map; | 200 | u32 mapsize, count, i; |
201 | __le64 map; | ||
201 | 202 | ||
202 | ebitmap_init(e); | 203 | ebitmap_init(e); |
203 | 204 | ||
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 7b03fa0f92b0..0a758323a9cf 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -744,7 +744,8 @@ int policydb_context_isvalid(struct policydb *p, struct context *c) | |||
744 | */ | 744 | */ |
745 | static int mls_read_range_helper(struct mls_range *r, void *fp) | 745 | static int mls_read_range_helper(struct mls_range *r, void *fp) |
746 | { | 746 | { |
747 | u32 buf[2], items; | 747 | __le32 buf[2]; |
748 | u32 items; | ||
748 | int rc; | 749 | int rc; |
749 | 750 | ||
750 | rc = next_entry(buf, fp, sizeof(u32)); | 751 | rc = next_entry(buf, fp, sizeof(u32)); |
@@ -805,7 +806,7 @@ static int context_read_and_validate(struct context *c, | |||
805 | struct policydb *p, | 806 | struct policydb *p, |
806 | void *fp) | 807 | void *fp) |
807 | { | 808 | { |
808 | u32 buf[3]; | 809 | __le32 buf[3]; |
809 | int rc; | 810 | int rc; |
810 | 811 | ||
811 | rc = next_entry(buf, fp, sizeof buf); | 812 | rc = next_entry(buf, fp, sizeof buf); |
@@ -845,7 +846,8 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |||
845 | char *key = NULL; | 846 | char *key = NULL; |
846 | struct perm_datum *perdatum; | 847 | struct perm_datum *perdatum; |
847 | int rc; | 848 | int rc; |
848 | u32 buf[2], len; | 849 | __le32 buf[2]; |
850 | u32 len; | ||
849 | 851 | ||
850 | perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); | 852 | perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); |
851 | if (!perdatum) { | 853 | if (!perdatum) { |
@@ -885,7 +887,8 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |||
885 | { | 887 | { |
886 | char *key = NULL; | 888 | char *key = NULL; |
887 | struct common_datum *comdatum; | 889 | struct common_datum *comdatum; |
888 | u32 buf[4], len, nel; | 890 | __le32 buf[4]; |
891 | u32 len, nel; | ||
889 | int i, rc; | 892 | int i, rc; |
890 | 893 | ||
891 | comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); | 894 | comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); |
@@ -939,7 +942,8 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
939 | { | 942 | { |
940 | struct constraint_node *c, *lc; | 943 | struct constraint_node *c, *lc; |
941 | struct constraint_expr *e, *le; | 944 | struct constraint_expr *e, *le; |
942 | u32 buf[3], nexpr; | 945 | __le32 buf[3]; |
946 | u32 nexpr; | ||
943 | int rc, i, j, depth; | 947 | int rc, i, j, depth; |
944 | 948 | ||
945 | lc = NULL; | 949 | lc = NULL; |
@@ -1023,7 +1027,8 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1023 | { | 1027 | { |
1024 | char *key = NULL; | 1028 | char *key = NULL; |
1025 | struct class_datum *cladatum; | 1029 | struct class_datum *cladatum; |
1026 | u32 buf[6], len, len2, ncons, nel; | 1030 | __le32 buf[6]; |
1031 | u32 len, len2, ncons, nel; | ||
1027 | int i, rc; | 1032 | int i, rc; |
1028 | 1033 | ||
1029 | cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); | 1034 | cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); |
@@ -1117,7 +1122,8 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1117 | char *key = NULL; | 1122 | char *key = NULL; |
1118 | struct role_datum *role; | 1123 | struct role_datum *role; |
1119 | int rc; | 1124 | int rc; |
1120 | u32 buf[2], len; | 1125 | __le32 buf[2]; |
1126 | u32 len; | ||
1121 | 1127 | ||
1122 | role = kmalloc(sizeof(*role), GFP_KERNEL); | 1128 | role = kmalloc(sizeof(*role), GFP_KERNEL); |
1123 | if (!role) { | 1129 | if (!role) { |
@@ -1177,7 +1183,8 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1177 | char *key = NULL; | 1183 | char *key = NULL; |
1178 | struct type_datum *typdatum; | 1184 | struct type_datum *typdatum; |
1179 | int rc; | 1185 | int rc; |
1180 | u32 buf[3], len; | 1186 | __le32 buf[3]; |
1187 | u32 len; | ||
1181 | 1188 | ||
1182 | typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); | 1189 | typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); |
1183 | if (!typdatum) { | 1190 | if (!typdatum) { |
@@ -1221,7 +1228,7 @@ bad: | |||
1221 | */ | 1228 | */ |
1222 | static int mls_read_level(struct mls_level *lp, void *fp) | 1229 | static int mls_read_level(struct mls_level *lp, void *fp) |
1223 | { | 1230 | { |
1224 | u32 buf[1]; | 1231 | __le32 buf[1]; |
1225 | int rc; | 1232 | int rc; |
1226 | 1233 | ||
1227 | memset(lp, 0, sizeof(*lp)); | 1234 | memset(lp, 0, sizeof(*lp)); |
@@ -1249,7 +1256,8 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1249 | char *key = NULL; | 1256 | char *key = NULL; |
1250 | struct user_datum *usrdatum; | 1257 | struct user_datum *usrdatum; |
1251 | int rc; | 1258 | int rc; |
1252 | u32 buf[2], len; | 1259 | __le32 buf[2]; |
1260 | u32 len; | ||
1253 | 1261 | ||
1254 | usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); | 1262 | usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); |
1255 | if (!usrdatum) { | 1263 | if (!usrdatum) { |
@@ -1303,7 +1311,8 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1303 | char *key = NULL; | 1311 | char *key = NULL; |
1304 | struct level_datum *levdatum; | 1312 | struct level_datum *levdatum; |
1305 | int rc; | 1313 | int rc; |
1306 | u32 buf[2], len; | 1314 | __le32 buf[2]; |
1315 | u32 len; | ||
1307 | 1316 | ||
1308 | levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); | 1317 | levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); |
1309 | if (!levdatum) { | 1318 | if (!levdatum) { |
@@ -1354,7 +1363,8 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1354 | char *key = NULL; | 1363 | char *key = NULL; |
1355 | struct cat_datum *catdatum; | 1364 | struct cat_datum *catdatum; |
1356 | int rc; | 1365 | int rc; |
1357 | u32 buf[3], len; | 1366 | __le32 buf[3]; |
1367 | u32 len; | ||
1358 | 1368 | ||
1359 | catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); | 1369 | catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); |
1360 | if (!catdatum) { | 1370 | if (!catdatum) { |
@@ -1417,7 +1427,8 @@ int policydb_read(struct policydb *p, void *fp) | |||
1417 | struct ocontext *l, *c, *newc; | 1427 | struct ocontext *l, *c, *newc; |
1418 | struct genfs *genfs_p, *genfs, *newgenfs; | 1428 | struct genfs *genfs_p, *genfs, *newgenfs; |
1419 | int i, j, rc; | 1429 | int i, j, rc; |
1420 | u32 buf[8], len, len2, config, nprim, nel, nel2; | 1430 | __le32 buf[8]; |
1431 | u32 len, len2, config, nprim, nel, nel2; | ||
1421 | char *policydb_str; | 1432 | char *policydb_str; |
1422 | struct policydb_compat_info *info; | 1433 | struct policydb_compat_info *info; |
1423 | struct range_trans *rt, *lrt; | 1434 | struct range_trans *rt, *lrt; |
@@ -1433,17 +1444,14 @@ int policydb_read(struct policydb *p, void *fp) | |||
1433 | if (rc < 0) | 1444 | if (rc < 0) |
1434 | goto bad; | 1445 | goto bad; |
1435 | 1446 | ||
1436 | for (i = 0; i < 2; i++) | 1447 | if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { |
1437 | buf[i] = le32_to_cpu(buf[i]); | ||
1438 | |||
1439 | if (buf[0] != POLICYDB_MAGIC) { | ||
1440 | printk(KERN_ERR "security: policydb magic number 0x%x does " | 1448 | printk(KERN_ERR "security: policydb magic number 0x%x does " |
1441 | "not match expected magic number 0x%x\n", | 1449 | "not match expected magic number 0x%x\n", |
1442 | buf[0], POLICYDB_MAGIC); | 1450 | le32_to_cpu(buf[0]), POLICYDB_MAGIC); |
1443 | goto bad; | 1451 | goto bad; |
1444 | } | 1452 | } |
1445 | 1453 | ||
1446 | len = buf[1]; | 1454 | len = le32_to_cpu(buf[1]); |
1447 | if (len != strlen(POLICYDB_STRING)) { | 1455 | if (len != strlen(POLICYDB_STRING)) { |
1448 | printk(KERN_ERR "security: policydb string length %d does not " | 1456 | printk(KERN_ERR "security: policydb string length %d does not " |
1449 | "match expected length %Zu\n", | 1457 | "match expected length %Zu\n", |
@@ -1478,19 +1486,17 @@ int policydb_read(struct policydb *p, void *fp) | |||
1478 | rc = next_entry(buf, fp, sizeof(u32)*4); | 1486 | rc = next_entry(buf, fp, sizeof(u32)*4); |
1479 | if (rc < 0) | 1487 | if (rc < 0) |
1480 | goto bad; | 1488 | goto bad; |
1481 | for (i = 0; i < 4; i++) | ||
1482 | buf[i] = le32_to_cpu(buf[i]); | ||
1483 | 1489 | ||
1484 | p->policyvers = buf[0]; | 1490 | p->policyvers = le32_to_cpu(buf[0]); |
1485 | if (p->policyvers < POLICYDB_VERSION_MIN || | 1491 | if (p->policyvers < POLICYDB_VERSION_MIN || |
1486 | p->policyvers > POLICYDB_VERSION_MAX) { | 1492 | p->policyvers > POLICYDB_VERSION_MAX) { |
1487 | printk(KERN_ERR "security: policydb version %d does not match " | 1493 | printk(KERN_ERR "security: policydb version %d does not match " |
1488 | "my version range %d-%d\n", | 1494 | "my version range %d-%d\n", |
1489 | buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); | 1495 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
1490 | goto bad; | 1496 | goto bad; |
1491 | } | 1497 | } |
1492 | 1498 | ||
1493 | if ((buf[1] & POLICYDB_CONFIG_MLS)) { | 1499 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
1494 | if (ss_initialized && !selinux_mls_enabled) { | 1500 | if (ss_initialized && !selinux_mls_enabled) { |
1495 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " | 1501 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " |
1496 | "policies\n"); | 1502 | "policies\n"); |
@@ -1519,9 +1525,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1519 | goto bad; | 1525 | goto bad; |
1520 | } | 1526 | } |
1521 | 1527 | ||
1522 | if (buf[2] != info->sym_num || buf[3] != info->ocon_num) { | 1528 | if (le32_to_cpu(buf[2]) != info->sym_num || |
1529 | le32_to_cpu(buf[3]) != info->ocon_num) { | ||
1523 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " | 1530 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " |
1524 | "not match mine (%d,%d)\n", buf[2], buf[3], | 1531 | "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), |
1532 | le32_to_cpu(buf[3]), | ||
1525 | info->sym_num, info->ocon_num); | 1533 | info->sym_num, info->ocon_num); |
1526 | goto bad; | 1534 | goto bad; |
1527 | } | 1535 | } |