tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:
"Like the audit pull request this is a little early due to some
upcoming vacation plans and uncertain network access while I'm away.
Also like the audit PR, the list of patches here is pretty minor, the
highlights include:

- Explicitly use __le variables to make sure "sparse" can verify
proper byte endian handling.

- Remove some BUG_ON()s that are no longer needed.

- Allow zero-byte writes to the "keycreate" procfs attribute without
requiring key:create to make it easier for userspace to reset the
keycreate label.

- Consistently log the "invalid_context" field as an untrusted string
in the AUDIT_SELINUX_ERR audit records"

* tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: format all invalid context as untrusted
selinux: fix empty write to keycreate file
selinux: remove some no-op BUG_ONs
selinux: provide __le variables explicitly

Linus Torvalds 7c0f8963 61fc5771

+31 -23
+6 -5
security/selinux/hooks.c
··· 6351 6351 } else if (!strcmp(name, "fscreate")) { 6352 6352 tsec->create_sid = sid; 6353 6353 } else if (!strcmp(name, "keycreate")) { 6354 - error = avc_has_perm(&selinux_state, 6355 - mysid, sid, SECCLASS_KEY, KEY__CREATE, 6356 - NULL); 6357 - if (error) 6358 - goto abort_change; 6354 + if (sid) { 6355 + error = avc_has_perm(&selinux_state, mysid, sid, 6356 + SECCLASS_KEY, KEY__CREATE, NULL); 6357 + if (error) 6358 + goto abort_change; 6359 + } 6359 6360 tsec->keycreate_sid = sid; 6360 6361 } else if (!strcmp(name, "sockcreate")) { 6361 6362 tsec->sockcreate_sid = sid;
+6 -4
security/selinux/ss/ebitmap.c
··· 347 347 { 348 348 struct ebitmap_node *n = NULL; 349 349 u32 mapunit, count, startbit, index; 350 + __le32 ebitmap_start; 350 351 u64 map; 352 + __le64 mapbits; 351 353 __le32 buf[3]; 352 354 int rc, i; 353 355 ··· 383 381 goto bad; 384 382 385 383 for (i = 0; i < count; i++) { 386 - rc = next_entry(&startbit, fp, sizeof(u32)); 384 + rc = next_entry(&ebitmap_start, fp, sizeof(u32)); 387 385 if (rc < 0) { 388 386 pr_err("SELinux: ebitmap: truncated map\n"); 389 387 goto bad; 390 388 } 391 - startbit = le32_to_cpu(startbit); 389 + startbit = le32_to_cpu(ebitmap_start); 392 390 393 391 if (startbit & (mapunit - 1)) { 394 392 pr_err("SELinux: ebitmap start bit (%d) is " ··· 425 423 goto bad; 426 424 } 427 425 428 - rc = next_entry(&map, fp, sizeof(u64)); 426 + rc = next_entry(&mapbits, fp, sizeof(u64)); 429 427 if (rc < 0) { 430 428 pr_err("SELinux: ebitmap: truncated map\n"); 431 429 goto bad; 432 430 } 433 - map = le64_to_cpu(map); 431 + map = le64_to_cpu(mapbits); 434 432 435 433 index = (startbit - n->startbit) / EBITMAP_UNIT_SIZE; 436 434 while (map) {
+19 -14
security/selinux/ss/services.c
··· 649 649 avkey.target_class = tclass; 650 650 avkey.specified = AVTAB_AV | AVTAB_XPERMS; 651 651 sattr = &policydb->type_attr_map_array[scontext->type - 1]; 652 - BUG_ON(!sattr); 653 652 tattr = &policydb->type_attr_map_array[tcontext->type - 1]; 654 - BUG_ON(!tattr); 655 653 ebitmap_for_each_positive_bit(sattr, snode, i) { 656 654 ebitmap_for_each_positive_bit(tattr, tnode, j) { 657 655 avkey.source_type = i + 1; ··· 1055 1057 avkey.target_class = tclass; 1056 1058 avkey.specified = AVTAB_XPERMS; 1057 1059 sattr = &policydb->type_attr_map_array[scontext->type - 1]; 1058 - BUG_ON(!sattr); 1059 1060 tattr = &policydb->type_attr_map_array[tcontext->type - 1]; 1060 - BUG_ON(!tattr); 1061 1061 ebitmap_for_each_positive_bit(sattr, snode, i) { 1062 1062 ebitmap_for_each_positive_bit(tattr, tnode, j) { 1063 1063 avkey.source_type = i + 1; ··· 1582 1586 struct policydb *policydb = &state->ss->policydb; 1583 1587 char *s = NULL, *t = NULL, *n = NULL; 1584 1588 u32 slen, tlen, nlen; 1589 + struct audit_buffer *ab; 1585 1590 1586 1591 if (context_struct_to_string(policydb, scontext, &s, &slen)) 1587 1592 goto out; ··· 1590 1593 goto out; 1591 1594 if (context_struct_to_string(policydb, newcontext, &n, &nlen)) 1592 1595 goto out; 1593 - audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR, 1594 - "op=security_compute_sid invalid_context=%s" 1595 - " scontext=%s" 1596 - " tcontext=%s" 1597 - " tclass=%s", 1598 - n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1)); 1596 + ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR); 1597 + audit_log_format(ab, 1598 + "op=security_compute_sid invalid_context="); 1599 + /* no need to record the NUL with untrusted strings */ 1600 + audit_log_n_untrustedstring(ab, n, nlen - 1); 1601 + audit_log_format(ab, " scontext=%s tcontext=%s tclass=%s", 1602 + s, t, sym_name(policydb, SYM_CLASSES, tclass-1)); 1603 + audit_log_end(ab); 1599 1604 out: 1600 1605 kfree(s); 1601 1606 kfree(t); ··· 3004 3005 if (rc) { 3005 3006 if (!context_struct_to_string(policydb, &newcon, &s, 3006 3007 &len)) { 3007 - audit_log(audit_context(), 3008 - GFP_ATOMIC, AUDIT_SELINUX_ERR, 3009 - "op=security_sid_mls_copy " 3010 - "invalid_context=%s", s); 3008 + struct audit_buffer *ab; 3009 + 3010 + ab = audit_log_start(audit_context(), 3011 + GFP_ATOMIC, 3012 + AUDIT_SELINUX_ERR); 3013 + audit_log_format(ab, 3014 + "op=security_sid_mls_copy invalid_context="); 3015 + /* don't record NUL with untrusted strings */ 3016 + audit_log_n_untrustedstring(ab, s, len - 1); 3017 + audit_log_end(ab); 3011 3018 kfree(s); 3012 3019 } 3013 3020 goto out_unlock;