summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2026-07-02 12:36:41 -0400
committerPaul Moore <paul@paul-moore.com>2026-07-02 12:36:41 -0400
commitae3d476caeba0bb7779334b1ce9d9a795ed602d2 (patch)
tree8fd0a61d28b2dcb4fc18a078ba4a913cec2d7aba /security
parent56acfeb10019e200ab6787d01f8d7cbe0f01526f (diff)
parentef0740b4b75fe48fb411b2a76aafbab0cdd6b0ba (diff)
downloadlinux-next-ae3d476caeba0bb7779334b1ce9d9a795ed602d2.tar.gz
linux-next-ae3d476caeba0bb7779334b1ce9d9a795ed602d2.zip
Automated merge of 'dev' into 'next'
* dev: selinux: tighten type validation during policy load selinux: drop unnecessary goto and label from avc_alloc_node() selinux: convert int flags to bool flags in ss/services.c selinux: clean up selinuxfs resources on init failure selinux: hooks: use kmalloc() to allocate path buffer
Diffstat (limited to 'security')
-rw-r--r--security/selinux/avc.c3
-rw-r--r--security/selinux/hooks.c6
-rw-r--r--security/selinux/selinuxfs.c19
-rw-r--r--security/selinux/ss/policydb.c11
-rw-r--r--security/selinux/ss/services.c18
5 files changed, 34 insertions, 23 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 813e82bcfc27..a9401d6c2e5f 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -497,7 +497,7 @@ static struct avc_node *avc_alloc_node(void)
node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
if (!node)
- goto out;
+ return NULL;
INIT_HLIST_NODE(&node->list);
avc_cache_stats_incr(allocations);
@@ -506,7 +506,6 @@ static struct avc_node *avc_alloc_node(void)
selinux_avc.avc_cache_threshold)
avc_reclaim_node();
-out:
return node;
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 70a3388c047d..c70f65d86ab1 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1336,11 +1336,11 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
struct super_block *sb = dentry->d_sb;
char *buffer, *path;
- buffer = (char *)__get_free_page(GFP_KERNEL);
+ buffer = kmalloc(PATH_MAX, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
- path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
+ path = dentry_path_raw(dentry, buffer, PATH_MAX);
if (IS_ERR(path))
rc = PTR_ERR(path);
else {
@@ -1361,7 +1361,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
rc = 0;
}
}
- free_page((unsigned long)buffer);
+ kfree(buffer);
return rc;
}
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 5aaaf69410bb..c7d91476971c 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1984,17 +1984,15 @@ int __init init_sel_fs(void)
return err;
err = register_filesystem(&sel_fs_type);
- if (err) {
- sysfs_remove_mount_point(fs_kobj, "selinux");
- return err;
- }
+ if (err)
+ goto err_remove_mount_point;
selinux_null.mnt = kern_mount(&sel_fs_type);
if (IS_ERR(selinux_null.mnt)) {
pr_err("selinuxfs: could not mount!\n");
err = PTR_ERR(selinux_null.mnt);
selinux_null.mnt = NULL;
- return err;
+ goto err_unregister_fs;
}
selinux_null.dentry = try_lookup_noperm(&null_name,
@@ -2003,7 +2001,7 @@ int __init init_sel_fs(void)
pr_err("selinuxfs: could not lookup null!\n");
err = PTR_ERR(selinux_null.dentry);
selinux_null.dentry = NULL;
- return err;
+ goto err_unmount;
}
/*
@@ -2012,5 +2010,14 @@ int __init init_sel_fs(void)
*/
(void) selinux_kernel_status_page();
+ return 0;
+
+err_unmount:
+ kern_unmount(selinux_null.mnt);
+ selinux_null.mnt = NULL;
+err_unregister_fs:
+ unregister_filesystem(&sel_fs_type);
+err_remove_mount_point:
+ sysfs_remove_mount_point(fs_kobj, "selinux");
return err;
}
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index ead504a639e3..ba1c9bd9e29f 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -604,10 +604,15 @@ static int type_index(void *key, void *datum, void *datap)
typdatum = datum;
p = datap;
+ if (!typdatum->value || typdatum->value > p->p_types.nprim ||
+ typdatum->bounds > p->p_types.nprim) {
+ pr_err("SELinux: type %s had value %u bounds %u nprim %u\n",
+ (char *)key, typdatum->value, typdatum->bounds,
+ p->p_types.nprim);
+ return -EINVAL;
+ }
+
if (typdatum->primary) {
- if (!typdatum->value || typdatum->value > p->p_types.nprim ||
- typdatum->bounds > p->p_types.nprim)
- return -EINVAL;
p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
p->type_val_to_struct[typdatum->value - 1] = typdatum;
}
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2d828548f3db..c03d3acc0a7c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1355,8 +1355,8 @@ const char *security_get_initial_sid_context(u32 sid)
}
static int security_sid_to_context_core(u32 sid, char **scontext,
- u32 *scontext_len, int force,
- int only_invalid)
+ u32 *scontext_len, bool force,
+ bool only_invalid)
{
struct selinux_policy *policy;
struct policydb *policydb;
@@ -1439,14 +1439,14 @@ out_unlock:
int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
{
return security_sid_to_context_core(sid, scontext,
- scontext_len, 0, 0);
+ scontext_len, false, false);
}
int security_sid_to_context_force(u32 sid,
char **scontext, u32 *scontext_len)
{
return security_sid_to_context_core(sid, scontext,
- scontext_len, 1, 0);
+ scontext_len, true, false);
}
/**
@@ -1466,7 +1466,7 @@ int security_sid_to_context_inval(u32 sid,
char **scontext, u32 *scontext_len)
{
return security_sid_to_context_core(sid, scontext,
- scontext_len, 1, 1);
+ scontext_len, true, true);
}
/*
@@ -1552,7 +1552,7 @@ out:
static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
u32 *sid, u32 def_sid, gfp_t gfp_flags,
- int force)
+ bool force)
{
struct selinux_policy *policy;
struct policydb *policydb;
@@ -1641,7 +1641,7 @@ int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid,
gfp_t gfp)
{
return security_context_to_sid_core(scontext, scontext_len,
- sid, SECSID_NULL, gfp, 0);
+ sid, SECSID_NULL, gfp, false);
}
int security_context_str_to_sid(const char *scontext, u32 *sid, gfp_t gfp)
@@ -1673,14 +1673,14 @@ int security_context_to_sid_default(const char *scontext, u32 scontext_len,
u32 *sid, u32 def_sid, gfp_t gfp_flags)
{
return security_context_to_sid_core(scontext, scontext_len,
- sid, def_sid, gfp_flags, 1);
+ sid, def_sid, gfp_flags, true);
}
int security_context_to_sid_force(const char *scontext, u32 scontext_len,
u32 *sid)
{
return security_context_to_sid_core(scontext, scontext_len,
- sid, SECSID_NULL, GFP_KERNEL, 1);
+ sid, SECSID_NULL, GFP_KERNEL, true);
}
static int compute_sid_handle_invalid_context(