diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-08-09 16:51:35 +0100 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-08-09 16:51:35 +0100 |
commit | c973b112c76c9d8fd042991128f218a738cc8d0a (patch) | |
tree | e813b0da5d0a0e19e06de6462d145a29ad683026 /security | |
parent | c5fbc3966f48279dbebfde10248c977014aa9988 (diff) | |
parent | 00dd1e433967872f3997a45d5adf35056fdf2f56 (diff) | |
download | lwn-c973b112c76c9d8fd042991128f218a738cc8d0a.tar.gz lwn-c973b112c76c9d8fd042991128f218a738cc8d0a.zip |
Merge with /shiny/git/linux-2.6/.git
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/keyctl.c | 11 | ||||
-rw-r--r-- | security/keys/keyring.c | 6 | ||||
-rw-r--r-- | security/keys/process_keys.c | 2 | ||||
-rw-r--r-- | security/keys/request_key.c | 2 | ||||
-rw-r--r-- | security/selinux/hooks.c | 7 | ||||
-rw-r--r-- | security/selinux/include/security.h | 2 | ||||
-rw-r--r-- | security/selinux/ss/mls.c | 71 | ||||
-rw-r--r-- | security/selinux/ss/mls.h | 4 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 55 |
9 files changed, 113 insertions, 47 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fea262860ea0..a6516a64b297 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -49,9 +49,6 @@ asmlinkage long sys_add_key(const char __user *_type, goto error; type[31] = '\0'; - if (!type[0]) - goto error; - ret = -EPERM; if (type[0] == '.') goto error; @@ -144,6 +141,10 @@ asmlinkage long sys_request_key(const char __user *_type, goto error; type[31] = '\0'; + ret = -EPERM; + if (type[0] == '.') + goto error; + /* pull the description into kernel space */ ret = -EFAULT; dlen = strnlen_user(_description, PAGE_SIZE - 1); @@ -362,7 +363,7 @@ long keyctl_revoke_key(key_serial_t id) key_put(key); error: - return 0; + return ret; } /* end keyctl_revoke_key() */ @@ -685,6 +686,8 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) goto can_read_key2; ret = PTR_ERR(skey); + if (ret == -EAGAIN) + ret = -EACCES; goto error2; } diff --git a/security/keys/keyring.c b/security/keys/keyring.c index a1f6bac647a1..9c208c756df8 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -201,7 +201,11 @@ static void keyring_destroy(struct key *keyring) if (keyring->description) { write_lock(&keyring_name_lock); - list_del(&keyring->type_data.link); + + if (keyring->type_data.link.next != NULL && + !list_empty(&keyring->type_data.link)) + list_del(&keyring->type_data.link); + write_unlock(&keyring_name_lock); } diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 9b0369c5a223..c089f78fb94e 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -678,7 +678,7 @@ long join_session_keyring(const char *name) keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); if (IS_ERR(keyring)) { ret = PTR_ERR(keyring); - goto error; + goto error2; } } else if (IS_ERR(keyring)) { diff --git a/security/keys/request_key.c b/security/keys/request_key.c index dfcd983af1fd..90c1506d007c 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -405,7 +405,7 @@ struct key *request_key_and_link(struct key_type *type, key_user_put(user); /* link the new key into the appropriate keyring */ - if (!PTR_ERR(key)) + if (!IS_ERR(key)) request_key_link(key, dest_keyring); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5e755a3f4cae..9f9463000683 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -826,7 +826,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent sid = sbsec->def_sid; rc = 0; } else { - rc = security_context_to_sid(context, rc, &sid); + rc = security_context_to_sid_default(context, rc, &sid, + sbsec->def_sid); if (rc) { printk(KERN_WARNING "%s: context_to_sid(%s) " "returned %d for dev=%s ino=%ld\n", @@ -3125,12 +3126,12 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, if (sk->sk_family == PF_INET) { addr4 = (struct sockaddr_in *)address; - if (addrlen != sizeof(struct sockaddr_in)) + if (addrlen < sizeof(struct sockaddr_in)) return -EINVAL; snum = ntohs(addr4->sin_port); } else { addr6 = (struct sockaddr_in6 *)address; - if (addrlen != sizeof(struct sockaddr_in6)) + if (addrlen < SIN6_LEN_RFC2133) return -EINVAL; snum = ntohs(addr6->sin6_port); } diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index fa187c9a351d..71c0a19c9753 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -65,6 +65,8 @@ int security_sid_to_context(u32 sid, char **scontext, int security_context_to_sid(char *scontext, u32 scontext_len, u32 *out_sid); +int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid); + int security_get_user_sids(u32 callsid, char *username, u32 **sids, u32 *nel); diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 756036bcc243..d4c32c39ccc9 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -15,6 +15,7 @@ #include <linux/slab.h> #include <linux/string.h> #include <linux/errno.h> +#include "sidtab.h" #include "mls.h" #include "policydb.h" #include "services.h" @@ -208,6 +209,26 @@ int mls_context_isvalid(struct policydb *p, struct context *c) } /* + * Copies the MLS range from `src' into `dst'. + */ +static inline int mls_copy_context(struct context *dst, + struct context *src) +{ + int l, rc = 0; + + /* Copy the MLS range from the source context */ + for (l = 0; l < 2; l++) { + dst->range.level[l].sens = src->range.level[l].sens; + rc = ebitmap_cpy(&dst->range.level[l].cat, + &src->range.level[l].cat); + if (rc) + break; + } + + return rc; +} + +/* * Set the MLS fields in the security context structure * `context' based on the string representation in * the string `*scontext'. Update `*scontext' to @@ -216,10 +237,20 @@ int mls_context_isvalid(struct policydb *p, struct context *c) * * This function modifies the string in place, inserting * NULL characters to terminate the MLS fields. + * + * If a def_sid is provided and no MLS field is present, + * copy the MLS field of the associated default context. + * Used for upgraded to MLS systems where objects may lack + * MLS fields. + * + * Policy read-lock must be held for sidtab lookup. + * */ int mls_context_to_sid(char oldc, char **scontext, - struct context *context) + struct context *context, + struct sidtab *s, + u32 def_sid) { char delim; @@ -231,9 +262,23 @@ int mls_context_to_sid(char oldc, if (!selinux_mls_enabled) return 0; - /* No MLS component to the security context. */ - if (!oldc) + /* + * No MLS component to the security context, try and map to + * default if provided. + */ + if (!oldc) { + struct context *defcon; + + if (def_sid == SECSID_NULL) + goto out; + + defcon = sidtab_search(s, def_sid); + if (!defcon) + goto out; + + rc = mls_copy_context(context, defcon); goto out; + } /* Extract low sensitivity. */ scontextp = p = *scontext; @@ -334,26 +379,6 @@ out: } /* - * Copies the MLS range from `src' into `dst'. - */ -static inline int mls_copy_context(struct context *dst, - struct context *src) -{ - int l, rc = 0; - - /* Copy the MLS range from the source context */ - for (l = 0; l < 2; l++) { - dst->range.level[l].sens = src->range.level[l].sens; - rc = ebitmap_cpy(&dst->range.level[l].cat, - &src->range.level[l].cat); - if (rc) - break; - } - - return rc; -} - -/* * Copies the effective MLS range from `src' into `dst'. */ static inline int mls_scopy_context(struct context *dst, diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 0d37beaa85e2..03de697c8058 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h @@ -23,7 +23,9 @@ int mls_context_isvalid(struct policydb *p, struct context *c); int mls_context_to_sid(char oldc, char **scontext, - struct context *context); + struct context *context, + struct sidtab *s, + u32 def_sid); int mls_convert_context(struct policydb *oldp, struct policydb *newp, diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index bfa5a7dd6cf5..45d317044cb2 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -601,18 +601,7 @@ out: } -/** - * security_context_to_sid - Obtain a SID for a given security context. - * @scontext: security context - * @scontext_len: length in bytes - * @sid: security identifier, SID - * - * Obtains a SID associated with the security context that - * has the string representation specified by @scontext. - * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient - * memory is available, or 0 on success. - */ -int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) +static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) { char *scontext2; struct context context; @@ -703,7 +692,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) context.type = typdatum->value; - rc = mls_context_to_sid(oldc, &p, &context); + rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid); if (rc) goto out_unlock; @@ -727,6 +716,46 @@ out: return rc; } +/** + * security_context_to_sid - Obtain a SID for a given security context. + * @scontext: security context + * @scontext_len: length in bytes + * @sid: security identifier, SID + * + * Obtains a SID associated with the security context that + * has the string representation specified by @scontext. + * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient + * memory is available, or 0 on success. + */ +int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) +{ + return security_context_to_sid_core(scontext, scontext_len, + sid, SECSID_NULL); +} + +/** + * security_context_to_sid_default - Obtain a SID for a given security context, + * falling back to specified default if needed. + * + * @scontext: security context + * @scontext_len: length in bytes + * @sid: security identifier, SID + * @def_sid: default SID to assign on errror + * + * Obtains a SID associated with the security context that + * has the string representation specified by @scontext. + * The default SID is passed to the MLS layer to be used to allow + * kernel labeling of the MLS field if the MLS field is not present + * (for upgrading to MLS without full relabel). + * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient + * memory is available, or 0 on success. + */ +int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) +{ + return security_context_to_sid_core(scontext, scontext_len, + sid, def_sid); +} + static int compute_sid_handle_invalid_context( struct context *scontext, struct context *tcontext, |