From db4c9641def55d36a6f9df79deb8a949292313ca Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Wed, 1 Feb 2006 03:05:54 -0800 Subject: [PATCH] selinux: fix and cleanup mprotect checks Fix the SELinux mprotect checks on executable mappings so that they are not re-applied when the mapping is already executable as well as cleaning up the code. This avoids a situation where e.g. an application is prevented from removing PROT_WRITE on an already executable mapping previously authorized via execmem permission due to an execmod denial. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/hooks.c | 50 ++++++++++++++++++++---------------------------- 1 file changed, 21 insertions(+), 29 deletions(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b9f8d9731c3..1bb5eea3b8c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2454,35 +2454,27 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, prot = reqprot; #ifndef CONFIG_PPC32 - if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) && - (vma->vm_start >= vma->vm_mm->start_brk && - vma->vm_end <= vma->vm_mm->brk)) { - /* - * We are making an executable mapping in the brk region. - * This has an additional execheap check. - */ - rc = task_has_perm(current, current, PROCESS__EXECHEAP); - if (rc) - return rc; - } - if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { - /* - * We are making executable a file mapping that has - * had some COW done. Since pages might have been written, - * check ability to execute the possibly modified content. - * This typically should only occur for text relocations. - */ - int rc = file_has_perm(current, vma->vm_file, FILE__EXECMOD); - if (rc) - return rc; - } - if (!vma->vm_file && (prot & PROT_EXEC) && - vma->vm_start <= vma->vm_mm->start_stack && - vma->vm_end >= vma->vm_mm->start_stack) { - /* Attempt to make the process stack executable. - * This has an additional execstack check. - */ - rc = task_has_perm(current, current, PROCESS__EXECSTACK); + if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { + rc = 0; + if (vma->vm_start >= vma->vm_mm->start_brk && + vma->vm_end <= vma->vm_mm->brk) { + rc = task_has_perm(current, current, + PROCESS__EXECHEAP); + } else if (!vma->vm_file && + vma->vm_start <= vma->vm_mm->start_stack && + vma->vm_end >= vma->vm_mm->start_stack) { + rc = task_has_perm(current, current, PROCESS__EXECSTACK); + } else if (vma->vm_file && vma->anon_vma) { + /* + * We are making executable a file mapping that has + * had some COW done. Since pages might have been + * written, check ability to execute the possibly + * modified content. This typically should only + * occur for text relocations. + */ + rc = file_has_perm(current, vma->vm_file, + FILE__EXECMOD); + } if (rc) return rc; } -- cgit v1.2.3-70-g09d2 From 26d2a4be6a56eec575dac651f6606756a971f0fb Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Wed, 1 Feb 2006 03:05:55 -0800 Subject: [PATCH] selinux: change file_alloc_security to use GFP_KERNEL This patch changes the SELinux file_alloc_security function to use GFP_KERNEL rather than GFP_ATOMIC; the use of GFP_ATOMIC appears to be a remnant of when this function was being called with the files_lock spinlock held, and is no longer necessary. Please apply. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1bb5eea3b8c..5e61635610b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -192,7 +192,7 @@ static int file_alloc_security(struct file *file) struct task_security_struct *tsec = current->security; struct file_security_struct *fsec; - fsec = kzalloc(sizeof(struct file_security_struct), GFP_ATOMIC); + fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); if (!fsec) return -ENOMEM; -- cgit v1.2.3-70-g09d2 From 9ac49d22138348198f729f07371ffb11991368e6 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Wed, 1 Feb 2006 03:05:56 -0800 Subject: [PATCH] selinux: remove security struct magic number fields and tests Remove the SELinux security structure magic number fields and tests, along with some unnecessary tests for NULL security pointers. These fields and tests are leftovers from the early attempts to support SELinux as a loadable module during LSM development. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/hooks.c | 49 ++++----------------------------------- security/selinux/include/objsec.h | 8 ------- 2 files changed, 5 insertions(+), 52 deletions(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5e61635610b..4ae834d89bc 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -127,7 +127,6 @@ static int task_alloc_security(struct task_struct *task) if (!tsec) return -ENOMEM; - tsec->magic = SELINUX_MAGIC; tsec->task = task; tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; task->security = tsec; @@ -138,10 +137,6 @@ static int task_alloc_security(struct task_struct *task) static void task_free_security(struct task_struct *task) { struct task_security_struct *tsec = task->security; - - if (!tsec || tsec->magic != SELINUX_MAGIC) - return; - task->security = NULL; kfree(tsec); } @@ -157,14 +152,10 @@ static int inode_alloc_security(struct inode *inode) init_MUTEX(&isec->sem); INIT_LIST_HEAD(&isec->list); - isec->magic = SELINUX_MAGIC; isec->inode = inode; isec->sid = SECINITSID_UNLABELED; isec->sclass = SECCLASS_FILE; - if (tsec && tsec->magic == SELINUX_MAGIC) - isec->task_sid = tsec->sid; - else - isec->task_sid = SECINITSID_UNLABELED; + isec->task_sid = tsec->sid; inode->i_security = isec; return 0; @@ -175,9 +166,6 @@ static void inode_free_security(struct inode *inode) struct inode_security_struct *isec = inode->i_security; struct superblock_security_struct *sbsec = inode->i_sb->s_security; - if (!isec || isec->magic != SELINUX_MAGIC) - return; - spin_lock(&sbsec->isec_lock); if (!list_empty(&isec->list)) list_del_init(&isec->list); @@ -196,15 +184,9 @@ static int file_alloc_security(struct file *file) if (!fsec) return -ENOMEM; - fsec->magic = SELINUX_MAGIC; fsec->file = file; - if (tsec && tsec->magic == SELINUX_MAGIC) { - fsec->sid = tsec->sid; - fsec->fown_sid = tsec->sid; - } else { - fsec->sid = SECINITSID_UNLABELED; - fsec->fown_sid = SECINITSID_UNLABELED; - } + fsec->sid = tsec->sid; + fsec->fown_sid = tsec->sid; file->f_security = fsec; return 0; @@ -213,10 +195,6 @@ static int file_alloc_security(struct file *file) static void file_free_security(struct file *file) { struct file_security_struct *fsec = file->f_security; - - if (!fsec || fsec->magic != SELINUX_MAGIC) - return; - file->f_security = NULL; kfree(fsec); } @@ -233,7 +211,6 @@ static int superblock_alloc_security(struct super_block *sb) INIT_LIST_HEAD(&sbsec->list); INIT_LIST_HEAD(&sbsec->isec_head); spin_lock_init(&sbsec->isec_lock); - sbsec->magic = SELINUX_MAGIC; sbsec->sb = sb; sbsec->sid = SECINITSID_UNLABELED; sbsec->def_sid = SECINITSID_FILE; @@ -246,9 +223,6 @@ static void superblock_free_security(struct super_block *sb) { struct superblock_security_struct *sbsec = sb->s_security; - if (!sbsec || sbsec->magic != SELINUX_MAGIC) - return; - spin_lock(&sb_security_lock); if (!list_empty(&sbsec->list)) list_del_init(&sbsec->list); @@ -270,7 +244,6 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority) if (!ssec) return -ENOMEM; - ssec->magic = SELINUX_MAGIC; ssec->sk = sk; ssec->peer_sid = SECINITSID_UNLABELED; sk->sk_security = ssec; @@ -282,7 +255,7 @@ static void sk_free_security(struct sock *sk) { struct sk_security_struct *ssec = sk->sk_security; - if (sk->sk_family != PF_UNIX || ssec->magic != SELINUX_MAGIC) + if (sk->sk_family != PF_UNIX) return; sk->sk_security = NULL; @@ -1483,7 +1456,6 @@ static int selinux_bprm_alloc_security(struct linux_binprm *bprm) if (!bsec) return -ENOMEM; - bsec->magic = SELINUX_MAGIC; bsec->bprm = bprm; bsec->sid = SECINITSID_UNLABELED; bsec->set = 0; @@ -3634,14 +3606,9 @@ static int ipc_alloc_security(struct task_struct *task, if (!isec) return -ENOMEM; - isec->magic = SELINUX_MAGIC; isec->sclass = sclass; isec->ipc_perm = perm; - if (tsec) { - isec->sid = tsec->sid; - } else { - isec->sid = SECINITSID_UNLABELED; - } + isec->sid = tsec->sid; perm->security = isec; return 0; @@ -3650,9 +3617,6 @@ static int ipc_alloc_security(struct task_struct *task, static void ipc_free_security(struct kern_ipc_perm *perm) { struct ipc_security_struct *isec = perm->security; - if (!isec || isec->magic != SELINUX_MAGIC) - return; - perm->security = NULL; kfree(isec); } @@ -3665,7 +3629,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg) if (!msec) return -ENOMEM; - msec->magic = SELINUX_MAGIC; msec->msg = msg; msec->sid = SECINITSID_UNLABELED; msg->security = msec; @@ -3676,8 +3639,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg) static void msg_msg_free_security(struct msg_msg *msg) { struct msg_security_struct *msec = msg->security; - if (!msec || msec->magic != SELINUX_MAGIC) - return; msg->security = NULL; kfree(msec); diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 887937c8134..54c03077888 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -27,7 +27,6 @@ #include "avc.h" struct task_security_struct { - unsigned long magic; /* magic number for this module */ struct task_struct *task; /* back pointer to task object */ u32 osid; /* SID prior to last execve */ u32 sid; /* current SID */ @@ -37,7 +36,6 @@ struct task_security_struct { }; struct inode_security_struct { - unsigned long magic; /* magic number for this module */ struct inode *inode; /* back pointer to inode object */ struct list_head list; /* list of inode_security_struct */ u32 task_sid; /* SID of creating task */ @@ -49,14 +47,12 @@ struct inode_security_struct { }; struct file_security_struct { - unsigned long magic; /* magic number for this module */ struct file *file; /* back pointer to file object */ u32 sid; /* SID of open file description */ u32 fown_sid; /* SID of file owner (for SIGIO) */ }; struct superblock_security_struct { - unsigned long magic; /* magic number for this module */ struct super_block *sb; /* back pointer to sb object */ struct list_head list; /* list of superblock_security_struct */ u32 sid; /* SID of file system */ @@ -70,20 +66,17 @@ struct superblock_security_struct { }; struct msg_security_struct { - unsigned long magic; /* magic number for this module */ struct msg_msg *msg; /* back pointer */ u32 sid; /* SID of message */ }; struct ipc_security_struct { - unsigned long magic; /* magic number for this module */ struct kern_ipc_perm *ipc_perm; /* back pointer */ u16 sclass; /* security class of this object */ u32 sid; /* SID of IPC resource */ }; struct bprm_security_struct { - unsigned long magic; /* magic number for this module */ struct linux_binprm *bprm; /* back pointer to bprm object */ u32 sid; /* SID for transformed process */ unsigned char set; @@ -102,7 +95,6 @@ struct netif_security_struct { }; struct sk_security_struct { - unsigned long magic; /* magic number for this module */ struct sock *sk; /* back pointer to sk object */ u32 peer_sid; /* SID of peer */ }; -- cgit v1.2.3-70-g09d2 From c2b507fda390b8ae90deba9b8cdc3fe727482193 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Sat, 4 Feb 2006 23:27:50 -0800 Subject: [PATCH] selinux: require SECURITY_NETWORK Make SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it requires the socket hooks for proper operation even in the local case. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/Kconfig | 2 +- security/selinux/Makefile | 4 +--- security/selinux/hooks.c | 21 +++------------------ 3 files changed, 5 insertions(+), 22 deletions(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index b59582b9228..502f78f13f5 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -1,6 +1,6 @@ config SECURITY_SELINUX bool "NSA SELinux Support" - depends on SECURITY && NET && INET + depends on SECURITY_NETWORK && NET && INET default n help This selects NSA Security-Enhanced Linux (SELinux). diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 06d54d9d20a..688c0a267b6 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -4,9 +4,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/ -selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o - -selinux-$(CONFIG_SECURITY_NETWORK) += netif.o +selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4ae834d89bc..b7773bf68ef 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -232,7 +232,6 @@ static void superblock_free_security(struct super_block *sb) kfree(sbsec); } -#ifdef CONFIG_SECURITY_NETWORK static int sk_alloc_security(struct sock *sk, int family, gfp_t priority) { struct sk_security_struct *ssec; @@ -261,7 +260,6 @@ static void sk_free_security(struct sock *sk) sk->sk_security = NULL; kfree(ssec); } -#endif /* CONFIG_SECURITY_NETWORK */ /* The security server must be initialized before any labeling or access decisions can be provided. */ @@ -2736,8 +2734,6 @@ static void selinux_task_to_inode(struct task_struct *p, return; } -#ifdef CONFIG_SECURITY_NETWORK - /* Returns error only if unable to parse addresses */ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad) { @@ -3556,15 +3552,6 @@ static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum, #endif /* CONFIG_NETFILTER */ -#else - -static inline int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) -{ - return 0; -} - -#endif /* CONFIG_SECURITY_NETWORK */ - static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) { struct task_security_struct *tsec; @@ -4340,7 +4327,6 @@ static struct security_operations selinux_ops = { .getprocattr = selinux_getprocattr, .setprocattr = selinux_setprocattr, -#ifdef CONFIG_SECURITY_NETWORK .unix_stream_connect = selinux_socket_unix_stream_connect, .unix_may_send = selinux_socket_unix_may_send, @@ -4362,7 +4348,6 @@ static struct security_operations selinux_ops = { .sk_alloc_security = selinux_sk_alloc_security, .sk_free_security = selinux_sk_free_security, .sk_getsid = selinux_sk_getsid_security, -#endif #ifdef CONFIG_SECURITY_NETWORK_XFRM .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, @@ -4440,7 +4425,7 @@ next_sb: all processes and objects when they are created. */ security_initcall(selinux_init); -#if defined(CONFIG_SECURITY_NETWORK) && defined(CONFIG_NETFILTER) +#if defined(CONFIG_NETFILTER) static struct nf_hook_ops selinux_ipv4_op = { .hook = selinux_ipv4_postroute_last, @@ -4501,13 +4486,13 @@ static void selinux_nf_ip_exit(void) } #endif -#else /* CONFIG_SECURITY_NETWORK && CONFIG_NETFILTER */ +#else /* CONFIG_NETFILTER */ #ifdef CONFIG_SECURITY_SELINUX_DISABLE #define selinux_nf_ip_exit() #endif -#endif /* CONFIG_SECURITY_NETWORK && CONFIG_NETFILTER */ +#endif /* CONFIG_NETFILTER */ #ifdef CONFIG_SECURITY_SELINUX_DISABLE int selinux_disable(void) -- cgit v1.2.3-70-g09d2