diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 94de51628fdc..3ec7ac70c313 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6351,11 +6351,12 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) } else if (!strcmp(name, "fscreate")) { tsec->create_sid = sid; } else if (!strcmp(name, "keycreate")) { - error = avc_has_perm(&selinux_state, - mysid, sid, SECCLASS_KEY, KEY__CREATE, - NULL); - if (error) - goto abort_change; + if (sid) { + error = avc_has_perm(&selinux_state, mysid, sid, + SECCLASS_KEY, KEY__CREATE, NULL); + if (error) + goto abort_change; + } tsec->keycreate_sid = sid; } else if (!strcmp(name, "sockcreate")) { tsec->sockcreate_sid = sid; diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 8f624f80055b..09929fc5ab47 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -347,7 +347,9 @@ int ebitmap_read(struct ebitmap *e, void *fp) { struct ebitmap_node *n = NULL; u32 mapunit, count, startbit, index; + __le32 ebitmap_start; u64 map; + __le64 mapbits; __le32 buf[3]; int rc, i; @@ -381,12 +383,12 @@ int ebitmap_read(struct ebitmap *e, void *fp) goto bad; for (i = 0; i < count; i++) { - rc = next_entry(&startbit, fp, sizeof(u32)); + rc = next_entry(&ebitmap_start, fp, sizeof(u32)); if (rc < 0) { pr_err("SELinux: ebitmap: truncated map\n"); goto bad; } - startbit = le32_to_cpu(startbit); + startbit = le32_to_cpu(ebitmap_start); if (startbit & (mapunit - 1)) { pr_err("SELinux: ebitmap start bit (%d) is " @@ -423,12 +425,12 @@ int ebitmap_read(struct ebitmap *e, void *fp) goto bad; } - rc = next_entry(&map, fp, sizeof(u64)); + rc = next_entry(&mapbits, fp, sizeof(u64)); if (rc < 0) { pr_err("SELinux: ebitmap: truncated map\n"); goto bad; } - map = le64_to_cpu(map); + map = le64_to_cpu(mapbits); index = (startbit - n->startbit) / EBITMAP_UNIT_SIZE; while (map) { diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index d3f5568c1f60..d61563a3695e 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -649,9 +649,7 @@ static void context_struct_compute_av(struct policydb *policydb, avkey.target_class = tclass; avkey.specified = AVTAB_AV | AVTAB_XPERMS; sattr = &policydb->type_attr_map_array[scontext->type - 1]; - BUG_ON(!sattr); tattr = &policydb->type_attr_map_array[tcontext->type - 1]; - BUG_ON(!tattr); ebitmap_for_each_positive_bit(sattr, snode, i) { ebitmap_for_each_positive_bit(tattr, tnode, j) { avkey.source_type = i + 1; @@ -1057,9 +1055,7 @@ void security_compute_xperms_decision(struct selinux_state *state, avkey.target_class = tclass; avkey.specified = AVTAB_XPERMS; sattr = &policydb->type_attr_map_array[scontext->type - 1]; - BUG_ON(!sattr); tattr = &policydb->type_attr_map_array[tcontext->type - 1]; - BUG_ON(!tattr); ebitmap_for_each_positive_bit(sattr, snode, i) { ebitmap_for_each_positive_bit(tattr, tnode, j) { avkey.source_type = i + 1; @@ -1586,6 +1582,7 @@ static int compute_sid_handle_invalid_context( struct policydb *policydb = &state->ss->policydb; char *s = NULL, *t = NULL, *n = NULL; u32 slen, tlen, nlen; + struct audit_buffer *ab; if (context_struct_to_string(policydb, scontext, &s, &slen)) goto out; @@ -1593,12 +1590,14 @@ static int compute_sid_handle_invalid_context( goto out; if (context_struct_to_string(policydb, newcontext, &n, &nlen)) goto out; - audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR, - "op=security_compute_sid invalid_context=%s" - " scontext=%s" - " tcontext=%s" - " tclass=%s", - n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1)); + ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR); + audit_log_format(ab, + "op=security_compute_sid invalid_context="); + /* no need to record the NUL with untrusted strings */ + audit_log_n_untrustedstring(ab, n, nlen - 1); + audit_log_format(ab, " scontext=%s tcontext=%s tclass=%s", + s, t, sym_name(policydb, SYM_CLASSES, tclass-1)); + audit_log_end(ab); out: kfree(s); kfree(t); @@ -3005,10 +3004,16 @@ int security_sid_mls_copy(struct selinux_state *state, if (rc) { if (!context_struct_to_string(policydb, &newcon, &s, &len)) { - audit_log(audit_context(), - GFP_ATOMIC, AUDIT_SELINUX_ERR, - "op=security_sid_mls_copy " - "invalid_context=%s", s); + struct audit_buffer *ab; + + ab = audit_log_start(audit_context(), + GFP_ATOMIC, + AUDIT_SELINUX_ERR); + audit_log_format(ab, + "op=security_sid_mls_copy invalid_context="); + /* don't record NUL with untrusted strings */ + audit_log_n_untrustedstring(ab, s, len - 1); + audit_log_end(ab); kfree(s); } goto out_unlock;