summaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-05-03 08:50:52 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2017-05-03 08:50:52 -0700
commit0302e28dee643932ee7b3c112ebccdbb9f8ec32c (patch)
tree405d4cb3f772ef069ed7f291adc4b74a4e73346e /security/selinux/ss
parent89c9fea3c8034cdb2fd745f551cde0b507fd6893 (diff)
parent8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 (diff)
downloadop-kernel-dev-0302e28dee643932ee7b3c112ebccdbb9f8ec32c.zip
op-kernel-dev-0302e28dee643932ee7b3c112ebccdbb9f8ec32c.tar.gz
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "Highlights: IMA: - provide ">" and "<" operators for fowner/uid/euid rules KEYS: - add a system blacklist keyring - add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction functionality to userland via keyctl() LSM: - harden LSM API with __ro_after_init - add prlmit security hook, implement for SELinux - revive security_task_alloc hook TPM: - implement contextual TPM command 'spaces'" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits) tpm: Fix reference count to main device tpm_tis: convert to using locality callbacks tpm: fix handling of the TPM 2.0 event logs tpm_crb: remove a cruft constant keys: select CONFIG_CRYPTO when selecting DH / KDF apparmor: Make path_max parameter readonly apparmor: fix parameters so that the permission test is bypassed at boot apparmor: fix invalid reference to index variable of iterator line 836 apparmor: use SHASH_DESC_ON_STACK security/apparmor/lsm.c: set debug messages apparmor: fix boolreturn.cocci warnings Smack: Use GFP_KERNEL for smk_netlbl_mls(). smack: fix double free in smack_parse_opts_str() KEYS: add SP800-56A KDF support for DH KEYS: Keyring asymmetric key restrict method with chaining KEYS: Restrict asymmetric key linkage using a specific keychain KEYS: Add a lookup_restriction function for the asymmetric key type KEYS: Add KEYCTL_RESTRICT_KEYRING KEYS: Consistent ordering for __key_link_begin and restrict check KEYS: Add an optional lookup_restriction hook to key_type ...
Diffstat (limited to 'security/selinux/ss')
-rw-r--r--security/selinux/ss/conditional.c14
-rw-r--r--security/selinux/ss/hashtab.c10
-rw-r--r--security/selinux/ss/policydb.c59
-rw-r--r--security/selinux/ss/services.c2
-rw-r--r--security/selinux/ss/sidtab.c6
5 files changed, 40 insertions, 51 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 34afead..771c96a 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -176,8 +176,9 @@ void cond_policydb_destroy(struct policydb *p)
int cond_init_bool_indexes(struct policydb *p)
{
kfree(p->bool_val_to_struct);
- p->bool_val_to_struct =
- kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
+ p->bool_val_to_struct = kmalloc_array(p->p_bools.nprim,
+ sizeof(*p->bool_val_to_struct),
+ GFP_KERNEL);
if (!p->bool_val_to_struct)
return -ENOMEM;
return 0;
@@ -226,7 +227,7 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
u32 len;
int rc;
- booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL);
+ booldatum = kzalloc(sizeof(*booldatum), GFP_KERNEL);
if (!booldatum)
return -ENOMEM;
@@ -331,7 +332,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
goto err;
}
- list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);
+ list = kzalloc(sizeof(*list), GFP_KERNEL);
if (!list) {
rc = -ENOMEM;
goto err;
@@ -420,7 +421,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
goto err;
rc = -ENOMEM;
- expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
+ expr = kzalloc(sizeof(*expr), GFP_KERNEL);
if (!expr)
goto err;
@@ -471,7 +472,7 @@ int cond_read_list(struct policydb *p, void *fp)
for (i = 0; i < len; i++) {
rc = -ENOMEM;
- node = kzalloc(sizeof(struct cond_node), GFP_KERNEL);
+ node = kzalloc(sizeof(*node), GFP_KERNEL);
if (!node)
goto err;
@@ -663,5 +664,4 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
(node->key.specified & AVTAB_XPERMS))
services_compute_xperms_drivers(xperms, node);
}
- return;
}
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 2cc4961..3858706 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -17,15 +17,15 @@ struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *
u32 i;
p = kzalloc(sizeof(*p), GFP_KERNEL);
- if (p == NULL)
+ if (!p)
return p;
p->size = size;
p->nel = 0;
p->hash_value = hash_value;
p->keycmp = keycmp;
- p->htable = kmalloc(sizeof(*(p->htable)) * size, GFP_KERNEL);
- if (p->htable == NULL) {
+ p->htable = kmalloc_array(size, sizeof(*p->htable), GFP_KERNEL);
+ if (!p->htable) {
kfree(p);
return NULL;
}
@@ -58,7 +58,7 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum)
return -EEXIST;
newnode = kzalloc(sizeof(*newnode), GFP_KERNEL);
- if (newnode == NULL)
+ if (!newnode)
return -ENOMEM;
newnode->key = key;
newnode->datum = datum;
@@ -87,7 +87,7 @@ void *hashtab_search(struct hashtab *h, const void *key)
while (cur && h->keycmp(h, key, cur->key) > 0)
cur = cur->next;
- if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+ if (!cur || (h->keycmp(h, key, cur->key) != 0))
return NULL;
return cur->datum;
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 9c92f29..0080122 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -178,10 +178,9 @@ static int roles_init(struct policydb *p)
int rc;
struct role_datum *role;
- rc = -ENOMEM;
role = kzalloc(sizeof(*role), GFP_KERNEL);
if (!role)
- goto out;
+ return -ENOMEM;
rc = -EINVAL;
role->value = ++p->p_roles.nprim;
@@ -540,23 +539,23 @@ static int policydb_index(struct policydb *p)
#endif
rc = -ENOMEM;
- p->class_val_to_struct =
- kzalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)),
- GFP_KERNEL);
+ p->class_val_to_struct = kcalloc(p->p_classes.nprim,
+ sizeof(*p->class_val_to_struct),
+ GFP_KERNEL);
if (!p->class_val_to_struct)
goto out;
rc = -ENOMEM;
- p->role_val_to_struct =
- kzalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
- GFP_KERNEL);
+ p->role_val_to_struct = kcalloc(p->p_roles.nprim,
+ sizeof(*p->role_val_to_struct),
+ GFP_KERNEL);
if (!p->role_val_to_struct)
goto out;
rc = -ENOMEM;
- p->user_val_to_struct =
- kzalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
- GFP_KERNEL);
+ p->user_val_to_struct = kcalloc(p->p_users.nprim,
+ sizeof(*p->user_val_to_struct),
+ GFP_KERNEL);
if (!p->user_val_to_struct)
goto out;
@@ -880,8 +879,6 @@ void policydb_destroy(struct policydb *p)
ebitmap_destroy(&p->filename_trans_ttypes);
ebitmap_destroy(&p->policycaps);
ebitmap_destroy(&p->permissive_map);
-
- return;
}
/*
@@ -1120,10 +1117,9 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
__le32 buf[2];
u32 len;
- rc = -ENOMEM;
perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
if (!perdatum)
- goto bad;
+ return -ENOMEM;
rc = next_entry(buf, fp, sizeof buf);
if (rc)
@@ -1154,10 +1150,9 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp)
u32 len, nel;
int i, rc;
- rc = -ENOMEM;
comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
if (!comdatum)
- goto bad;
+ return -ENOMEM;
rc = next_entry(buf, fp, sizeof buf);
if (rc)
@@ -1320,10 +1315,9 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
u32 len, len2, ncons, nel;
int i, rc;
- rc = -ENOMEM;
cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
if (!cladatum)
- goto bad;
+ return -ENOMEM;
rc = next_entry(buf, fp, sizeof(u32)*6);
if (rc)
@@ -1414,10 +1408,9 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
__le32 buf[3];
u32 len;
- rc = -ENOMEM;
role = kzalloc(sizeof(*role), GFP_KERNEL);
if (!role)
- goto bad;
+ return -ENOMEM;
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 3;
@@ -1471,10 +1464,9 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp)
__le32 buf[4];
u32 len;
- rc = -ENOMEM;
typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
if (!typdatum)
- goto bad;
+ return -ENOMEM;
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 4;
@@ -1546,10 +1538,9 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp)
__le32 buf[3];
u32 len;
- rc = -ENOMEM;
usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
if (!usrdatum)
- goto bad;
+ return -ENOMEM;
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 3;
@@ -1597,10 +1588,9 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
__le32 buf[2];
u32 len;
- rc = -ENOMEM;
levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
if (!levdatum)
- goto bad;
+ return -ENOMEM;
rc = next_entry(buf, fp, sizeof buf);
if (rc)
@@ -1614,7 +1604,7 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
goto bad;
rc = -ENOMEM;
- levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
+ levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC);
if (!levdatum->level)
goto bad;
@@ -1639,10 +1629,9 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
__le32 buf[3];
u32 len;
- rc = -ENOMEM;
catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
if (!catdatum)
- goto bad;
+ return -ENOMEM;
rc = next_entry(buf, fp, sizeof buf);
if (rc)
@@ -1854,7 +1843,7 @@ static int range_read(struct policydb *p, void *fp)
rc = next_entry(buf, fp, sizeof(u32));
if (rc)
- goto out;
+ return rc;
nel = le32_to_cpu(buf[0]);
for (i = 0; i < nel; i++) {
@@ -1931,7 +1920,6 @@ static int filename_trans_read(struct policydb *p, void *fp)
nel = le32_to_cpu(buf[0]);
for (i = 0; i < nel; i++) {
- ft = NULL;
otype = NULL;
name = NULL;
@@ -2008,7 +1996,7 @@ static int genfs_read(struct policydb *p, void *fp)
rc = next_entry(buf, fp, sizeof(u32));
if (rc)
- goto out;
+ return rc;
nel = le32_to_cpu(buf[0]);
for (i = 0; i < nel; i++) {
@@ -2100,9 +2088,10 @@ static int genfs_read(struct policydb *p, void *fp)
}
rc = 0;
out:
- if (newgenfs)
+ if (newgenfs) {
kfree(newgenfs->fstype);
- kfree(newgenfs);
+ kfree(newgenfs);
+ }
ocontext_destroy(newc, OCON_FSUSE);
return rc;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b4aa491..60d9b02 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -157,7 +157,7 @@ static int selinux_set_mapping(struct policydb *pol,
}
k = 0;
- while (p_in->perms && p_in->perms[k]) {
+ while (p_in->perms[k]) {
/* An empty permission string skips ahead */
if (!*p_in->perms[k]) {
k++;
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index 5840a35..f6915f2 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -18,7 +18,7 @@ int sidtab_init(struct sidtab *s)
{
int i;
- s->htable = kmalloc(sizeof(*(s->htable)) * SIDTAB_SIZE, GFP_ATOMIC);
+ s->htable = kmalloc_array(SIDTAB_SIZE, sizeof(*s->htable), GFP_ATOMIC);
if (!s->htable)
return -ENOMEM;
for (i = 0; i < SIDTAB_SIZE; i++)
@@ -54,7 +54,7 @@ int sidtab_insert(struct sidtab *s, u32 sid, struct context *context)
}
newnode = kmalloc(sizeof(*newnode), GFP_ATOMIC);
- if (newnode == NULL) {
+ if (!newnode) {
rc = -ENOMEM;
goto out;
}
@@ -98,7 +98,7 @@ static struct context *sidtab_search_core(struct sidtab *s, u32 sid, int force)
if (force && cur && sid == cur->sid && cur->context.len)
return &cur->context;
- if (cur == NULL || sid != cur->sid || cur->context.len) {
+ if (!cur || sid != cur->sid || cur->context.len) {
/* Remap invalid SIDs to the unlabeled SID. */
sid = SECINITSID_UNLABELED;
hvalue = SIDTAB_HASH(sid);
OpenPOWER on IntegriCloud