selinux: improve error checking in sel_write_load()
Move our existing input sanity checking to the top of sel_write_load() and add a check to ensure the buffer size is non-zero. Move a local variable initialization from the declaration to before it is used. Minor style adjustments. Reported-by: Sam Sun <samsun1006219@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
e6b5ebca41
commit
42c7732380
@ -571,11 +571,18 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
|
|||||||
size_t count, loff_t *ppos)
|
size_t count, loff_t *ppos)
|
||||||
|
|
||||||
{
|
{
|
||||||
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
|
struct selinux_fs_info *fsi;
|
||||||
struct selinux_load_state load_state;
|
struct selinux_load_state load_state;
|
||||||
ssize_t length;
|
ssize_t length;
|
||||||
void *data = NULL;
|
void *data = NULL;
|
||||||
|
|
||||||
|
/* no partial writes */
|
||||||
|
if (*ppos)
|
||||||
|
return -EINVAL;
|
||||||
|
/* no empty policies */
|
||||||
|
if (!count)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
mutex_lock(&selinux_state.policy_mutex);
|
mutex_lock(&selinux_state.policy_mutex);
|
||||||
|
|
||||||
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
|
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
|
||||||
@ -583,26 +590,22 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
|
|||||||
if (length)
|
if (length)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
/* No partial writes. */
|
|
||||||
length = -EINVAL;
|
|
||||||
if (*ppos != 0)
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
length = -ENOMEM;
|
|
||||||
data = vmalloc(count);
|
data = vmalloc(count);
|
||||||
if (!data)
|
if (!data) {
|
||||||
|
length = -ENOMEM;
|
||||||
goto out;
|
goto out;
|
||||||
|
}
|
||||||
|
if (copy_from_user(data, buf, count) != 0) {
|
||||||
length = -EFAULT;
|
length = -EFAULT;
|
||||||
if (copy_from_user(data, buf, count) != 0)
|
|
||||||
goto out;
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
length = security_load_policy(data, count, &load_state);
|
length = security_load_policy(data, count, &load_state);
|
||||||
if (length) {
|
if (length) {
|
||||||
pr_warn_ratelimited("SELinux: failed to load policy\n");
|
pr_warn_ratelimited("SELinux: failed to load policy\n");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
fsi = file_inode(file)->i_sb->s_fs_info;
|
||||||
length = sel_make_policy_nodes(fsi, load_state.policy);
|
length = sel_make_policy_nodes(fsi, load_state.policy);
|
||||||
if (length) {
|
if (length) {
|
||||||
pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
|
pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
|
||||||
@ -611,13 +614,12 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
selinux_policy_commit(&load_state);
|
selinux_policy_commit(&load_state);
|
||||||
|
|
||||||
length = count;
|
length = count;
|
||||||
|
|
||||||
audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
|
audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
|
||||||
"auid=%u ses=%u lsm=selinux res=1",
|
"auid=%u ses=%u lsm=selinux res=1",
|
||||||
from_kuid(&init_user_ns, audit_get_loginuid(current)),
|
from_kuid(&init_user_ns, audit_get_loginuid(current)),
|
||||||
audit_get_sessionid(current));
|
audit_get_sessionid(current));
|
||||||
|
|
||||||
out:
|
out:
|
||||||
mutex_unlock(&selinux_state.policy_mutex);
|
mutex_unlock(&selinux_state.policy_mutex);
|
||||||
vfree(data);
|
vfree(data);
|
||||||
|
Loading…
Reference in New Issue
Block a user