Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

selinux: improve error checking in sel_write_load()

Browse source 
[ Upstream commit 42c773238037c90b3302bf37a57ae3b5c3f6004a ]

Move our existing input sanity checking to the top of sel_write_load()
and add a check to ensure the buffer size is non-zero.

Move a local variable initialization from the declaration to before it
is used.

Minor style adjustments.

Reported-by: Sam Sun <samsun1006219@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
[cascardo: keep fsi initialization at its declaration point as it is used earlier]
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Paul Moore 2024-10-25 11:21:07 -03:00 committed by Ksawlii
parent 7649aa77c4
commit 49c852ee24
1 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
security/selinux/selinuxfs.c
View file

@ -620,6 +620,13 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
ssize_t length; ssize_t length;
void *data = NULL; void *data = NULL;
/* no partial writes */
if (*ppos)
return -EINVAL;
/* no empty policies */
if (!count)
return -EINVAL;
mutex_lock(&fsi->state->policy_mutex); mutex_lock(&fsi->state->policy_mutex);
length = avc_has_perm(&selinux_state, length = avc_has_perm(&selinux_state,
@ -628,26 +635,21 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
if (length) if (length)
goto out; goto out;
/* No partial writes. */
length = -EINVAL;
if (*ppos != 0)
goto out;
length = -ENOMEM;
data = vmalloc(count); data = vmalloc(count);
if (!data) if (!data) {
length = -ENOMEM;
goto out; goto out;
}
length = -EFAULT; if (copy_from_user(data, buf, count) != 0) {
if (copy_from_user(data, buf, count) != 0) length = -EFAULT;
goto out; goto out;
}
length = security_load_policy(fsi->state, data, count, &load_state); length = security_load_policy(fsi->state, data, count, &load_state);
if (length) { if (length) {
pr_warn_ratelimited("SELinux: failed to load policy\n"); pr_warn_ratelimited("SELinux: failed to load policy\n");
goto out; goto out;
} }
length = sel_make_policy_nodes(fsi, load_state.policy); length = sel_make_policy_nodes(fsi, load_state.policy);
if (length) { if (length) {
selinux_policy_cancel(fsi->state, &load_state); selinux_policy_cancel(fsi->state, &load_state);
@ -655,13 +657,12 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
} }
selinux_policy_commit(fsi->state, &load_state); selinux_policy_commit(fsi->state, &load_state);
length = count; length = count;
audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
"auid=%u ses=%u lsm=selinux res=1", "auid=%u ses=%u lsm=selinux res=1",
from_kuid(&init_user_ns, audit_get_loginuid(current)), from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current)); audit_get_sessionid(current));
out: out:
mutex_unlock(&fsi->state->policy_mutex); mutex_unlock(&fsi->state->policy_mutex);
vfree(data); vfree(data);