Commit 7e4b9359 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull security layer fixes from James Morris:
 "A fix for SELinux policy processing (regression introduced by
  commit fa1aa143: "selinux: extended permissions for ioctls"), as
  well as a fix for the user-triggerable oops in the Keys code"

* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  KEYS: Fix handling of stored error in a negatively instantiated user key
  selinux: fix bug in conditional rules handling
parents c64410f3 6e375929

security/keys/encrypted-keys/encrypted.c

+2 −0
Original line number Diff line number Diff line
@@ -845,6 +845,8 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) 
	size_t datalen = prep->datalen;

	int ret = 0;



	if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))

		return -ENOKEY;

	if (datalen <= 0 || datalen > 32767 || !prep->data)

		return -EINVAL;

security/keys/trusted.c

+4 −1
Original line number Diff line number Diff line
@@ -1007,13 +1007,16 @@ static void trusted_rcu_free(struct rcu_head *rcu) 
 */

static int trusted_update(struct key *key, struct key_preparsed_payload *prep)

{

	struct trusted_key_payload *p = key->payload.data[0];

	struct trusted_key_payload *p;

	struct trusted_key_payload *new_p;

	struct trusted_key_options *new_o;

	size_t datalen = prep->datalen;

	char *datablob;

	int ret = 0;



	if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))

		return -ENOKEY;

	p = key->payload.data[0];

	if (!p->migratable)

		return -EPERM;

	if (datalen <= 0 || datalen > 32767 || !prep->data)

security/keys/user_defined.c

+4 −1
Original line number Diff line number Diff line
@@ -120,7 +120,10 @@ int user_update(struct key *key, struct key_preparsed_payload *prep) 


	if (ret == 0) {

		/* attach the new data, displacing the old */

		if (!test_bit(KEY_FLAG_NEGATIVE, &key->flags))

			zap = key->payload.data[0];

		else

			zap = NULL;

		rcu_assign_keypointer(key, upayload);

		key->expiry = 0;

	}

security/selinux/ss/conditional.c

+2 −2
Original line number Diff line number Diff line
@@ -638,7 +638,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, 
{

	struct avtab_node *node;



	if (!ctab || !key || !avd || !xperms)

	if (!ctab || !key || !avd)

		return;



	for (node = avtab_search_node(ctab, key); node;
@@ -657,7 +657,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, 
		if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==

		    (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))

			avd->auditallow |= node->datum.u.data;

		if ((node->key.specified & AVTAB_ENABLED) &&

		if (xperms && (node->key.specified & AVTAB_ENABLED) &&

				(node->key.specified & AVTAB_XPERMS))

			services_compute_xperms_drivers(xperms, node);

	}

CRA Git | Maintained and supported by SUSTech CRA and CCSE