1. 02 8月, 2010 1 次提交
  2. 09 4月, 2010 1 次提交
  3. 09 2月, 2010 1 次提交
    • X
      selinux: fix memory leak in sel_make_bools · 8007f102
      Xiaotian Feng 提交于
      In sel_make_bools, kernel allocates memory for bool_pending_names[i]
      with security_get_bools. So if we just free bool_pending_names, those
      memories for bool_pending_names[i] will be leaked.
      
      This patch resolves dozens of following kmemleak report after resuming
      from suspend:
      unreferenced object 0xffff88022e4c7380 (size 32):
        comm "init", pid 1, jiffies 4294677173
        backtrace:
          [<ffffffff810f76b5>] create_object+0x1a2/0x2a9
          [<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b
          [<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8
          [<ffffffff811cd511>] security_get_bools+0xd7/0x16f
          [<ffffffff811c48c0>] sel_write_load+0x12e/0x62b
          [<ffffffff810f9a39>] vfs_write+0xae/0x10b
          [<ffffffff810f9b56>] sys_write+0x4a/0x6e
          [<ffffffff81011b82>] system_call_fastpath+0x16/0x1b
          [<ffffffffffffffff>] 0xffffffffffffffff
      Signed-off-by: NXiaotian Feng <dfeng@redhat.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      8007f102
  4. 04 2月, 2010 1 次提交
  5. 18 1月, 2010 1 次提交
    • S
      selinux: change the handling of unknown classes · 19439d05
      Stephen Smalley 提交于
      If allow_unknown==deny, SELinux treats an undefined kernel security
      class as an error condition rather than as a typical permission denial
      and thus does not allow permissions on undefined classes even when in
      permissive mode.  Change the SELinux logic so that this case is handled
      as a typical permission denial, subject to the usual permissive mode and
      permissive domain handling.
      
      Also drop the 'requested' argument from security_compute_av() and
      helpers as it is a legacy of the original security server interface and
      is unused.
      
      Changes:
      - Handle permissive domains consistently by moving up the test for a
      permissive domain.
      - Make security_compute_av_user() consistent with security_compute_av();
      the only difference now is that security_compute_av() performs mapping
      between the kernel-private class and permission indices and the policy
      values.  In the userspace case, this mapping is handled by libselinux.
      - Moved avd_init inside the policy lock.
      
      Based in part on a patch by Paul Moore <paul.moore@hp.com>.
      Reported-by: NAndrew Worsley <amworsley@gmail.com>
      Signed-off-by: NStephen D. Smalley <sds@tycho.nsa.gov>
      Reviewed-by: NPaul Moore <paul.moore@hp.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      19439d05
  6. 07 10月, 2009 1 次提交
    • S
      selinux: dynamic class/perm discovery · c6d3aaa4
      Stephen Smalley 提交于
      Modify SELinux to dynamically discover class and permission values
      upon policy load, based on the dynamic object class/perm discovery
      logic from libselinux.  A mapping is created between kernel-private
      class and permission indices used outside the security server and the
      policy values used within the security server.
      
      The mappings are only applied upon kernel-internal computations;
      similar mappings for the private indices of userspace object managers
      is handled on a per-object manager basis by the userspace AVC.  The
      interfaces for compute_av and transition_sid are split for kernel
      vs. userspace; the userspace functions are distinguished by a _user
      suffix.
      
      The kernel-private class indices are no longer tied to the policy
      values and thus do not need to skip indices for userspace classes;
      thus the kernel class index values are compressed.  The flask.h
      definitions were regenerated by deleting the userspace classes from
      refpolicy's definitions and then regenerating the headers.  Going
      forward, we can just maintain the flask.h, av_permissions.h, and
      classmap.h definitions separately from policy as they are no longer
      tied to the policy values.  The next patch introduces a utility to
      automate generation of flask.h and av_permissions.h from the
      classmap.h definitions.
      
      The older kernel class and permission string tables are removed and
      replaced by a single security class mapping table that is walked at
      policy load to generate the mapping.  The old kernel class validation
      logic is completely replaced by the mapping logic.
      
      The handle unknown logic is reworked.  reject_unknown=1 is handled
      when the mappings are computed at policy load time, similar to the old
      handling by the class validation logic.  allow_unknown=1 is handled
      when computing and mapping decisions - if the permission was not able
      to be mapped (i.e. undefined, mapped to zero), then it is
      automatically added to the allowed vector.  If the class was not able
      to be mapped (i.e. undefined, mapped to zero), then all permissions
      are allowed for it if allow_unknown=1.
      
      avc_audit leverages the new security class mapping table to lookup the
      class and permission names from the kernel-private indices.
      
      The mdp program is updated to use the new table when generating the
      class definitions and allow rules for a minimal boot policy for the
      kernel.  It should be noted that this policy will not include any
      userspace classes, nor will its policy index values for the kernel
      classes correspond with the ones in refpolicy (they will instead match
      the kernel-private indices).
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      c6d3aaa4
  7. 19 5月, 2009 1 次提交
    • S
      selinux: remove obsolete read buffer limit from sel_read_bool · c5642f4b
      Stephen Smalley 提交于
      On Tue, 2009-05-19 at 00:05 -0400, Eamon Walsh wrote:
      > Recent versions of coreutils have bumped the read buffer size from 4K to
      > 32K in several of the utilities.
      >
      > This means that "cat /selinux/booleans/xserver_object_manager" no longer
      > works, it returns "Invalid argument" on F11.  getsebool works fine.
      >
      > sel_read_bool has a check for "count > PAGE_SIZE" that doesn't seem to
      > be present in the other read functions.  Maybe it could be removed?
      
      Yes, that check is obsoleted by the conversion of those functions to
      using simple_read_from_buffer(), which will reduce count if necessary to
      what is available in the buffer.
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      c5642f4b
  8. 02 4月, 2009 1 次提交
    • K
      Permissive domain in userspace object manager · 8a6f83af
      KaiGai Kohei 提交于
      This patch enables applications to handle permissive domain correctly.
      
      Since the v2.6.26 kernel, SELinux has supported an idea of permissive
      domain which allows certain processes to work as if permissive mode,
      even if the global setting is enforcing mode.
      However, we don't have an application program interface to inform
      what domains are permissive one, and what domains are not.
      It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL
      and so on) cannot handle permissive domain correctly.
      
      This patch add the sixth field (flags) on the reply of the /selinux/access
      interface which is used to make an access control decision from userspace.
      If the first bit of the flags field is positive, it means the required
      access control decision is on permissive domain, so application should
      allow any required actions, as the kernel doing.
      
      This patch also has a side benefit. The av_decision.flags is set at
      context_struct_compute_av(). It enables to check required permissions
      without read_lock(&policy_rwlock).
      Signed-off-by: NKaiGai Kohei <kaigai@ak.jp.nec.com>
      Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: NEric Paris <eparis@redhat.com>
      --
       security/selinux/avc.c              |    2 +-
       security/selinux/include/security.h |    4 +++-
       security/selinux/selinuxfs.c        |    4 ++--
       security/selinux/ss/services.c      |   30 +++++-------------------------
       4 files changed, 11 insertions(+), 29 deletions(-)
      Signed-off-by: NJames Morris <jmorris@namei.org>
      8a6f83af
  9. 28 3月, 2009 1 次提交
  10. 14 2月, 2009 1 次提交
  11. 06 1月, 2009 1 次提交
  12. 01 1月, 2009 2 次提交
    • R
      cpumask: prepare for iterators to only go to nr_cpu_ids/nr_cpumask_bits.: core · 4f4b6c1a
      Rusty Russell 提交于
      Impact: cleanup
      
      In future, all cpumask ops will only be valid (in general) for bit
      numbers < nr_cpu_ids.  So use that instead of NR_CPUS in iterators
      and other comparisons.
      
      This is always safe: no cpu number can be >= nr_cpu_ids, and
      nr_cpu_ids is initialized to NR_CPUS at boot.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NMike Travis <travis@sgi.com>
      Acked-by: NIngo Molnar <mingo@elte.hu>
      Acked-by: NJames Morris <jmorris@namei.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      4f4b6c1a
    • P
      selinux: Deprecate and schedule the removal of the the compat_net functionality · 277d342f
      Paul Moore 提交于
      This patch is the first step towards removing the old "compat_net" code from
      the kernel.  Secmark, the "compat_net" replacement was first introduced in
      2.6.18 (September 2006) and the major Linux distributions with SELinux support
      have transitioned to Secmark so it is time to start deprecating the "compat_net"
      mechanism.  Testing a patched version of 2.6.28-rc6 with the initial release of
      Fedora Core 5 did not show any problems when running in enforcing mode.
      
      This patch adds an entry to the feature-removal-schedule.txt file and removes
      the SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT configuration option, forcing
      Secmark on by default although it can still be disabled at runtime.  The patch
      also makes the Secmark permission checks "dynamic" in the sense that they are
      only executed when Secmark is configured; this should help prevent problems
      with older distributions that have not yet migrated to Secmark.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Acked-by: NJames Morris <jmorris@namei.org>
      277d342f
  13. 14 11月, 2008 2 次提交
  14. 14 7月, 2008 2 次提交
  15. 21 4月, 2008 2 次提交
  16. 19 4月, 2008 1 次提交
  17. 18 4月, 2008 2 次提交
  18. 02 2月, 2008 2 次提交
  19. 30 1月, 2008 1 次提交
  20. 25 1月, 2008 1 次提交
  21. 05 12月, 2007 2 次提交
  22. 17 10月, 2007 1 次提交
  23. 12 7月, 2007 3 次提交
  24. 26 4月, 2007 4 次提交
  25. 13 2月, 2007 1 次提交
  26. 09 12月, 2006 1 次提交
  27. 01 10月, 2006 1 次提交
  28. 27 9月, 2006 1 次提交
新手
引导
客服 返回
顶部