Merge tag 'v3.14' into next
Linux 3.14
diff --git a/MAINTAINERS b/MAINTAINERS
index 900d98e..ae2e141 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -7730,11 +7730,10 @@
S: Supported
SELINUX SECURITY MODULE
-M: Stephen Smalley <sds@tycho.nsa.gov>
-M: James Morris <james.l.morris@oracle.com>
-M: Eric Paris <eparis@parisplace.org>
M: Paul Moore <paul@paul-moore.com>
-L: selinux@tycho.nsa.gov (subscribers-only, general discussion)
+M: Stephen Smalley <sds@tycho.nsa.gov>
+M: Eric Paris <eparis@parisplace.org>
+L: selinux@tycho.nsa.gov (moderated for non-subscribers)
W: http://selinuxproject.org
T: git git://git.infradead.org/users/pcmoore/selinux
S: Supported
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b332e2c..d58946d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1418,15 +1418,33 @@
isec->sid = sbsec->sid;
if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
- if (opt_dentry) {
- isec->sclass = inode_mode_to_security_class(inode->i_mode);
- rc = selinux_proc_get_sid(opt_dentry,
- isec->sclass,
- &sid);
- if (rc)
- goto out_unlock;
- isec->sid = sid;
- }
+ /* We must have a dentry to determine the label on
+ * procfs inodes */
+ if (opt_dentry)
+ /* Called from d_instantiate or
+ * d_splice_alias. */
+ dentry = dget(opt_dentry);
+ else
+ /* Called from selinux_complete_init, try to
+ * find a dentry. */
+ dentry = d_find_alias(inode);
+ /*
+ * This can be hit on boot when a file is accessed
+ * before the policy is loaded. When we load policy we
+ * may find inodes that have no dentry on the
+ * sbsec->isec_head list. No reason to complain as
+ * these will get fixed up the next time we go through
+ * inode_doinit() with a dentry, before these inodes
+ * could be used again by userspace.
+ */
+ if (!dentry)
+ goto out_unlock;
+ isec->sclass = inode_mode_to_security_class(inode->i_mode);
+ rc = selinux_proc_get_sid(dentry, isec->sclass, &sid);
+ dput(dentry);
+ if (rc)
+ goto out_unlock;
+ isec->sid = sid;
}
break;
}
@@ -3205,24 +3223,20 @@
static int selinux_mmap_addr(unsigned long addr)
{
- int rc = 0;
- u32 sid = current_sid();
-
- /*
- * notice that we are intentionally putting the SELinux check before
- * the secondary cap_file_mmap check. This is such a likely attempt
- * at bad behaviour/exploit that we always want to get the AVC, even
- * if DAC would have also denied the operation.
- */
- if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
- rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
- MEMPROTECT__MMAP_ZERO, NULL);
- if (rc)
- return rc;
- }
+ int rc;
/* do DAC check on address space usage */
- return cap_mmap_addr(addr);
+ rc = cap_mmap_addr(addr);
+ if (rc)
+ return rc;
+
+ if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
+ u32 sid = current_sid();
+ rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
+ MEMPROTECT__MMAP_ZERO, NULL);
+ }
+
+ return rc;
}
static int selinux_mmap_file(struct file *file, unsigned long reqprot,
