summaryrefslogtreecommitdiff
path: root/security/selinux/ss/conditional.c
Commit message (Collapse)AuthorAgeFilesLines
* selinux: Cleanup printk logging in conditionalpeter enderborg2018-06-191-8/+8
| | | | | | | Replace printk with pr_* to avoid checkpatch warnings. Signed-off-by: Peter Enderborg <peter.enderborg@sony.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* selinux: remove redundant assignment to lenColin Ian King2017-10-161-1/+0
| | | | | | | | | | The variable len is being set to zero and this value is never being read since len is being set to a different value just a few lines later. Remove this redundant assignment. Cleans up clang warning: Value stored to 'len' is never read Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* selinux: Improve size determinations in four functionsMarkus Elfring2017-03-231-4/+4
| | | | | | | | | Replace the specification of data structures by pointer dereferences as the parameter for the operator "sizeof" to make the corresponding size determination a bit safer. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Paul Moore <paul@paul-moore.com>
* selinux: Delete an unnecessary return statement in cond_compute_av()Markus Elfring2017-03-231-1/+0
| | | | | | | | | | | The script "checkpatch.pl" pointed information out like the following. WARNING: void function return statements are not generally useful Thus remove such a statement in the affected function. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Paul Moore <paul@paul-moore.com>
* selinux: Use kmalloc_array() in cond_init_bool_indexes()Markus Elfring2017-03-231-2/+3
| | | | | | | | | | | | | | | * A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. * Replace the specification of a data type by a pointer dereference to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Paul Moore <paul@paul-moore.com>
* selinux: fix overflow and 0 length allocationsWilliam Roberts2016-08-301-0/+2
| | | | | | | | | Throughout the SELinux LSM, values taken from sepolicy are used in places where length == 0 or length == <saturated> matter, find and fix these. Signed-off-by: William Roberts <william.c.roberts@intel.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
* selinux: fix bug in conditional rules handlingStephen Smalley2015-11-241-2/+2
| | | | | | | | | | | | | | | | | | | | commit fa1aa143ac4a ("selinux: extended permissions for ioctls") introduced a bug into the handling of conditional rules, skipping the processing entirely when the caller does not provide an extended permissions (xperms) structure. Access checks from userspace using /sys/fs/selinux/access do not include such a structure since that interface does not presently expose extended permission information. As a result, conditional rules were being ignored entirely on userspace access requests, producing denials when access was allowed by conditional rules in the policy. Fix the bug by only skipping computation of extended permissions in this situation, not the entire conditional rules processing. Reported-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: fixed long lines in patch description] Cc: stable@vger.kernel.org # 4.3 Signed-off-by: Paul Moore <pmoore@redhat.com>
* selinux: extended permissions for ioctlsJeff Vander Stoep2015-07-131-5/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add extended permissions logic to selinux. Extended permissions provides additional permissions in 256 bit increments. Extend the generic ioctl permission check to use the extended permissions for per-command filtering. Source/target/class sets including the ioctl permission may additionally include a set of commands. Example: allowxperm <source> <target>:<class> ioctl unpriv_app_socket_cmds auditallowxperm <source> <target>:<class> ioctl priv_gpu_cmds Where unpriv_app_socket_cmds and priv_gpu_cmds are macros representing commonly granted sets of ioctl commands. When ioctl commands are omitted only the permissions are checked. This feature is intended to provide finer granularity for the ioctl permission that may be too imprecise. For example, the same driver may use ioctls to provide important and benign functionality such as driver version or socket type as well as dangerous capabilities such as debugging features, read/write/execute to physical memory or access to sensitive data. Per-command filtering provides a mechanism to reduce the attack surface of the kernel, and limit applications to the subset of commands required. The format of the policy binary has been modified to include ioctl commands, and the policy version number has been incremented to POLICYDB_VERSION_XPERMS_IOCTL=30 to account for the format change. The extended permissions logic is deliberately generic to allow components to be reused e.g. netlink filters Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Acked-by: Nick Kralevich <nnk@google.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
* selinux: fix a possible memory leak in cond_read_node()Namhyung Kim2014-06-191-1/+1
| | | | | | | | | The cond_read_node() should free the given node on error path as it's not linked to p->cond_list yet. This is done via cond_node_destroy() but it's not called when next_entry() fails before the expr loop. Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Paul Moore <pmoore@redhat.com>
* selinux: simple cleanup for cond_read_node()Namhyung Kim2014-06-191-7/+2
| | | | | | | | | The node->cur_state and len can be read in a single call of next_entry(). And setting len before reading is a dead write so can be eliminated. Signed-off-by: Namhyung Kim <namhyung@kernel.org> (Minor tweak to the length parameter in the call to next_entry()) Signed-off-by: Paul Moore <pmoore@redhat.com>
* selinux: Casting (void *) value returned by kmalloc is uselessThomas Meyer2011-12-191-1/+1
| | | | | | | | The semantic patch that makes this change is available in scripts/coccinelle/api/alloc/drop_kmalloc_cast.cocci. Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: sparse fix: fix several warnings in the security server codeJames Morris2011-09-091-1/+1
| | | | | | Fix several sparse warnings in the SELinux security server code. Signed-off-by: James Morris <jmorris@namei.org>
* selinux: return -ENOMEM when memory allocation failsDavidlohr Bueso2011-01-241-1/+1
| | | | | | | | Return -ENOMEM when memory allocation fails in cond_init_bool_indexes, correctly propagating error code to caller. Signed-off-by: Davidlohr Bueso <dave@gnu.org> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: convert part of the sym_val_to_name array to use flex_arrayEric Paris2010-11-301-1/+5
| | | | | | | | | The sym_val_to_name type array can be quite large as it grows linearly with the number of types. With known policies having over 5k types these allocations are growing large enough that they are likely to fail. Convert those to flex_array so no allocation is larger than PAGE_SIZE Signed-off-by: Eric Paris <eparis@redhat.com>
* SELinux: allow userspace to read policy back out of the kernelEric Paris2010-10-211-0/+123
| | | | | | | | | | There is interest in being able to see what the actual policy is that was loaded into the kernel. The patch creates a new selinuxfs file /selinux/policy which can be read by userspace. The actual policy that is loaded into the kernel will be written back out to userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: fix error codes in cond_read_bool()Dan Carpenter2010-08-021-5/+8
| | | | | | | | | | | | | The original code always returned -1 (-EPERM) on error. The new code returns either -ENOMEM, or -EINVAL or it propagates the error codes from lower level functions next_entry() or hashtab_insert(). next_entry() returns -EINVAL. hashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: fix error codes in cond_policydb_init()Dan Carpenter2010-08-021-2/+6
| | | | | | | | | | It's better to propagate the error code from avtab_init() instead of returning -1 (-EPERM). It turns out that avtab_init() never fails so this patch doesn't change how the code runs but it's still a clean up. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: fix error codes in cond_read_node()Dan Carpenter2010-08-021-8/+12
| | | | | | | | | | | | | | Originally cond_read_node() returned -1 (-EPERM) on errors which was incorrect. Now it either propagates the error codes from lower level functions next_entry() or cond_read_av_list() or it returns -ENOMEM or -EINVAL. next_entry() returns -EINVAL. cond_read_av_list() returns -EINVAL or -ENOMEM. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: fix error codes in cond_read_av_list()Dan Carpenter2010-08-021-6/+8
| | | | | | | | | | | | | After this patch cond_read_av_list() no longer returns -1 for any errors. It just propagates error code back from lower levels. Those can either be -EINVAL or -ENOMEM. I also modified cond_insertf() since cond_read_av_list() passes that as a function pointer to avtab_read_item(). It isn't used anywhere else. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: propagate error codes in cond_read_list()Dan Carpenter2010-08-021-4/+6
| | | | | | | | | | | | | These are passed back when the security module gets loaded. The original code always returned -1 (-EPERM) on error but after this patch it can return -EINVAL, or -ENOMEM or propagate the error code from cond_read_node(). cond_read_node() still returns -1 all the time, but I fix that in a later patch. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* selinux: Unify for- and while-loop styleVesa-Matti Kari2008-08-151-8/+8
| | | | | | | | | | Replace "thing != NULL" comparisons with just "thing" to make the code look more uniform (mixed styles were used even in the same source file). Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* SELinux: Trivial minor fixes that change C null character styleVesa-Matti J Kari2008-08-051-1/+1
| | | | | | | Trivial minor fixes that change C null character style. Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi> Signed-off-by: James Morris <jmorris@namei.org>
* Merge branch 'for-linus' of ↵Linus Torvalds2008-04-211-40/+33
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: SELinux: one little, two little, three little whitespaces, the avc.c saga. SELinux: cleanup on isle selinuxfs.c changing whitespace for fun and profit: policydb.c SELinux: whitespace and formating fixes for hooks.c SELinux: clean up printks SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups SELinux: services.c whitespace, syntax, and static declaraction cleanups SELinux: mls.c whitespace, syntax, and static declaraction cleanups SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups SELinux: conditional.c whitespace, syntax, and static declaraction cleanups SELinux: avtab.c whitespace, syntax, and static declaraction cleanups SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups SELinux: netnode.c whitespace, syntax, and static declaraction cleanups SELinux: netlink.c whitespace, syntax, and static declaraction cleanups SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups SELinux: netif.c whitespace, syntax, and static declaraction cleanups
| * SELinux: clean up printksEric Paris2008-04-211-7/+7
| | | | | | | | | | | | | | | | | | | | Make sure all printk start with KERN_* Make sure all printk end with \n Make sure all printk have the word 'selinux' in them Change "function name" to "%s", __func__ (found 2 wrong) Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
| * SELinux: conditional.c whitespace, syntax, and static declaraction cleanupsEric Paris2008-04-211-33/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch changes conditional.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | security: Remove unnecessary inclusions of asm/semaphore.hMatthew Wilcox2008-04-181-1/+0
|/ | | | | | | None of these files use any of the functionality promised by asm/semaphore.h. Signed-off-by: Matthew Wilcox <willy@linux.intel.com>
* SELinux: unify printk messagesJames Morris2008-04-181-8/+8
| | | | | | | | Replace "security:" prefixes in printk messages with "SELinux" to help users identify the source of the messages. Also fix a couple of minor formatting issues. Signed-off-by: James Morris <jmorris@namei.org>
* SELinux: add more validity checks on policy loadStephen Smalley2007-11-081-1/+2
| | | | | | | | | | Add more validity checks at policy load time to reject malformed policies and prevent subsequent out-of-range indexing when in permissive mode. Resolves the NULL pointer dereference reported in https://bugzilla.redhat.com/show_bug.cgi?id=357541. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* SELinux: tune avtab to reduce memory usageYuichi Nakamura2007-10-171-0/+4
| | | | | | | | | | | | This patch reduces memory usage of SELinux by tuning avtab. Number of hash slots in avtab was 32768. Unused slots used memory when number of rules is fewer. This patch decides number of hash slots dynamically based on number of rules. (chain length)^2 is also printed out in avtab_hash_eval to see standard deviation of avtab hash table. Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
* [PATCH] SELinux: convert to kzallocJames Morris2005-10-301-8/+4
| | | | | | | | | | | | | | | | | This patch converts SELinux code from kmalloc/memset to the new kazalloc unction. On i386, this results in a text saving of over 1K. Before: text data bss dec hex filename 86319 4642 15236 106197 19ed5 security/selinux/built-in.o After: text data bss dec hex filename 85278 4642 15236 105156 19ac4 security/selinux/built-in.o Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] selinux: endian notationsAlexey Dobriyan2005-09-051-4/+8
| | | | | | | | This patch adds endian notations to the SELinux code. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] selinux: Reduce memory use by avtabStephen Smalley2005-09-051-91/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch improves memory use by SELinux by both reducing the avtab node size and reducing the number of avtab nodes. The memory savings are substantial, e.g. on a 64-bit system after boot, James Morris reported the following data for the targeted and strict policies: #objs objsize kernmem Targeted: Before: 237888 40 9.1MB After: 19968 24 468KB Strict: Before: 571680 40 21.81MB After: 221052 24 5.06MB The improvement in memory use comes at a cost in the speed of security server computations of access vectors, but these computations are only required on AVC cache misses, and performance measurements by James Morris using a number of benchmarks have shown that the change does not cause any significant degradation. Note that a rebuilt policy via an updated policy toolchain (libsepol/checkpolicy) is required in order to gain the full benefits of this patch, although some memory savings benefits are immediately applied even to older policies (in particular, the reduction in avtab node size). Sources for the updated toolchain are presently available from the sourceforge CVS tree (http://sourceforge.net/cvs/?group_id=21266), and tarballs are available from http://www.flux.utah.edu/~sds. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] selinux: kfree cleanupJesper Juhl2005-06-251-6/+3
| | | | | | | | | kfree(NULL) is legal. Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds2005-04-161-0/+489
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!