selinux/stable-5.3 PR 20190702
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAl0bgMAUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNHGBAAhzLWq9IKtjNAro2TT9G6YQsO6Q/J
ZGIgmL5ZlfRAMP8X7/iHz4Jp6oC7q38l0pfyM/NGgwYF4zT37mMPMxV03tHUSzNq
cKE0PtpN3v0k1+zR8U9C9qK3yWhFRFPEdECEgqy6KBEVYc4bAvLH12iXUN6leizU
ZWfJC5NRG0IzvA+WMAEpw5R7Lyk6r3avpSr00wudxo4Kb/YOsVpZ4bUWmIZPbZAG
5S72R6F12DTEYXCdZPb1duj8iGfBBAnphMWfhkDLkgsNCWuED2ihLEAXpVl+V+Ao
pJ30J4ov5mVwsNHtALsdgfOq81dMLnXZalZcynHx50u9hlk3XxM/4Y+K3EbQs9fO
qVBXt1jn3Znftq+nq+KTeGPttbsqxKEFxTgooY/6PfFiXqGUE0471kD0UkMRDFlj
GaNSi8h6DhhHCaf8gmFXZN/hUbYEPeRklesggR1d+GHjAFPg0ySukPEZZaKifAbo
WIPcMPpClWmIap5gPt394IXca/5yXZLDQBuDfZHjSUMboEOvwtuWMU05mLZi2wWI
i9Kmd/gIq021xlIsi0FaumVNFuMVAFEKt012cDEtUYi7TTbKylZb3zxx9g2AfBm4
5K8UT1M6Z48l1OMSwbytYTNbd3nP5IrYvcxX1Jf7DuHYamZJCFFQ9H2Acb4nQ5BA
mX36B/AwhrMNo+8=
=e6OO
-----END PGP SIGNATURE-----
Merge tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
"Like the audit pull request this is a little early due to some
upcoming vacation plans and uncertain network access while I'm away.
Also like the audit PR, the list of patches here is pretty minor, the
highlights include:
- Explicitly use __le variables to make sure "sparse" can verify
proper byte endian handling.
- Remove some BUG_ON()s that are no longer needed.
- Allow zero-byte writes to the "keycreate" procfs attribute without
requiring key:create to make it easier for userspace to reset the
keycreate label.
- Consistently log the "invalid_context" field as an untrusted string
in the AUDIT_SELINUX_ERR audit records"
* tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: format all invalid context as untrusted
selinux: fix empty write to keycreate file
selinux: remove some no-op BUG_ONs
selinux: provide __le variables explicitly
This commit is contained in:
Linus Torvalds
commit
7c0f896348
|
|
@ -6351,11 +6351,12 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
|
|||
} else if (!strcmp(name, "fscreate")) {
|
||||
tsec->create_sid = sid;
|
||||
} else if (!strcmp(name, "keycreate")) {
|
||||
error = avc_has_perm(&selinux_state,
|
||||
mysid, sid, SECCLASS_KEY, KEY__CREATE,
|
||||
NULL);
|
||||
if (error)
|
||||
goto abort_change;
|
||||
if (sid) {
|
||||
error = avc_has_perm(&selinux_state, mysid, sid,
|
||||
SECCLASS_KEY, KEY__CREATE, NULL);
|
||||
if (error)
|
||||
goto abort_change;
|
||||
}
|
||||
tsec->keycreate_sid = sid;
|
||||
} else if (!strcmp(name, "sockcreate")) {
|
||||
tsec->sockcreate_sid = sid;
|
||||
|
|
|
|||
|
|
@ -347,7 +347,9 @@ int ebitmap_read(struct ebitmap *e, void *fp)
|
|||
{
|
||||
struct ebitmap_node *n = NULL;
|
||||
u32 mapunit, count, startbit, index;
|
||||
__le32 ebitmap_start;
|
||||
u64 map;
|
||||
__le64 mapbits;
|
||||
__le32 buf[3];
|
||||
int rc, i;
|
||||
|
||||
|
|
@ -381,12 +383,12 @@ int ebitmap_read(struct ebitmap *e, void *fp)
|
|||
goto bad;
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
rc = next_entry(&startbit, fp, sizeof(u32));
|
||||
rc = next_entry(&ebitmap_start, fp, sizeof(u32));
|
||||
if (rc < 0) {
|
||||
pr_err("SELinux: ebitmap: truncated map\n");
|
||||
goto bad;
|
||||
}
|
||||
startbit = le32_to_cpu(startbit);
|
||||
startbit = le32_to_cpu(ebitmap_start);
|
||||
|
||||
if (startbit & (mapunit - 1)) {
|
||||
pr_err("SELinux: ebitmap start bit (%d) is "
|
||||
|
|
@ -423,12 +425,12 @@ int ebitmap_read(struct ebitmap *e, void *fp)
|
|||
goto bad;
|
||||
}
|
||||
|
||||
rc = next_entry(&map, fp, sizeof(u64));
|
||||
rc = next_entry(&mapbits, fp, sizeof(u64));
|
||||
if (rc < 0) {
|
||||
pr_err("SELinux: ebitmap: truncated map\n");
|
||||
goto bad;
|
||||
}
|
||||
map = le64_to_cpu(map);
|
||||
map = le64_to_cpu(mapbits);
|
||||
|
||||
index = (startbit - n->startbit) / EBITMAP_UNIT_SIZE;
|
||||
while (map) {
|
||||
|
|
|
|||
|
|
@ -649,9 +649,7 @@ static void context_struct_compute_av(struct policydb *policydb,
|
|||
avkey.target_class = tclass;
|
||||
avkey.specified = AVTAB_AV | AVTAB_XPERMS;
|
||||
sattr = &policydb->type_attr_map_array[scontext->type - 1];
|
||||
BUG_ON(!sattr);
|
||||
tattr = &policydb->type_attr_map_array[tcontext->type - 1];
|
||||
BUG_ON(!tattr);
|
||||
ebitmap_for_each_positive_bit(sattr, snode, i) {
|
||||
ebitmap_for_each_positive_bit(tattr, tnode, j) {
|
||||
avkey.source_type = i + 1;
|
||||
|
|
@ -1057,9 +1055,7 @@ void security_compute_xperms_decision(struct selinux_state *state,
|
|||
avkey.target_class = tclass;
|
||||
avkey.specified = AVTAB_XPERMS;
|
||||
sattr = &policydb->type_attr_map_array[scontext->type - 1];
|
||||
BUG_ON(!sattr);
|
||||
tattr = &policydb->type_attr_map_array[tcontext->type - 1];
|
||||
BUG_ON(!tattr);
|
||||
ebitmap_for_each_positive_bit(sattr, snode, i) {
|
||||
ebitmap_for_each_positive_bit(tattr, tnode, j) {
|
||||
avkey.source_type = i + 1;
|
||||
|
|
@ -1586,6 +1582,7 @@ static int compute_sid_handle_invalid_context(
|
|||
struct policydb *policydb = &state->ss->policydb;
|
||||
char *s = NULL, *t = NULL, *n = NULL;
|
||||
u32 slen, tlen, nlen;
|
||||
struct audit_buffer *ab;
|
||||
|
||||
if (context_struct_to_string(policydb, scontext, &s, &slen))
|
||||
goto out;
|
||||
|
|
@ -1593,12 +1590,14 @@ static int compute_sid_handle_invalid_context(
|
|||
goto out;
|
||||
if (context_struct_to_string(policydb, newcontext, &n, &nlen))
|
||||
goto out;
|
||||
audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
||||
"op=security_compute_sid invalid_context=%s"
|
||||
" scontext=%s"
|
||||
" tcontext=%s"
|
||||
" tclass=%s",
|
||||
n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
|
||||
ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR);
|
||||
audit_log_format(ab,
|
||||
"op=security_compute_sid invalid_context=");
|
||||
/* no need to record the NUL with untrusted strings */
|
||||
audit_log_n_untrustedstring(ab, n, nlen - 1);
|
||||
audit_log_format(ab, " scontext=%s tcontext=%s tclass=%s",
|
||||
s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
|
||||
audit_log_end(ab);
|
||||
out:
|
||||
kfree(s);
|
||||
kfree(t);
|
||||
|
|
@ -3005,10 +3004,16 @@ int security_sid_mls_copy(struct selinux_state *state,
|
|||
if (rc) {
|
||||
if (!context_struct_to_string(policydb, &newcon, &s,
|
||||
&len)) {
|
||||
audit_log(audit_context(),
|
||||
GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
||||
"op=security_sid_mls_copy "
|
||||
"invalid_context=%s", s);
|
||||
struct audit_buffer *ab;
|
||||
|
||||
ab = audit_log_start(audit_context(),
|
||||
GFP_ATOMIC,
|
||||
AUDIT_SELINUX_ERR);
|
||||
audit_log_format(ab,
|
||||
"op=security_sid_mls_copy invalid_context=");
|
||||
/* don't record NUL with untrusted strings */
|
||||
audit_log_n_untrustedstring(ab, s, len - 1);
|
||||
audit_log_end(ab);
|
||||
kfree(s);
|
||||
}
|
||||
goto out_unlock;
|
||||
|
|
|
|||
Loading…
Reference in New Issue