diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-09 03:59:56 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-09 03:59:56 +0200 |
commit | 7c0f89634892693fc0b46f25e0a6d57bd6dd5698 (patch) | |
tree | e39af6fb6fe0d82f2b011d9bde4d2d335f199bc7 /security/selinux/hooks.c | |
parent | Merge tag 'audit-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/gi... (diff) | |
parent | selinux: format all invalid context as untrusted (diff) | |
download | linux-7c0f89634892693fc0b46f25e0a6d57bd6dd5698.tar.xz linux-7c0f89634892693fc0b46f25e0a6d57bd6dd5698.zip |
Merge tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
"Like the audit pull request this is a little early due to some
upcoming vacation plans and uncertain network access while I'm away.
Also like the audit PR, the list of patches here is pretty minor, the
highlights include:
- Explicitly use __le variables to make sure "sparse" can verify
proper byte endian handling.
- Remove some BUG_ON()s that are no longer needed.
- Allow zero-byte writes to the "keycreate" procfs attribute without
requiring key:create to make it easier for userspace to reset the
keycreate label.
- Consistently log the "invalid_context" field as an untrusted string
in the AUDIT_SELINUX_ERR audit records"
* tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: format all invalid context as untrusted
selinux: fix empty write to keycreate file
selinux: remove some no-op BUG_ONs
selinux: provide __le variables explicitly
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 94de51628fdc..3ec7ac70c313 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6351,11 +6351,12 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) } else if (!strcmp(name, "fscreate")) { tsec->create_sid = sid; } else if (!strcmp(name, "keycreate")) { - error = avc_has_perm(&selinux_state, - mysid, sid, SECCLASS_KEY, KEY__CREATE, - NULL); - if (error) - goto abort_change; + if (sid) { + error = avc_has_perm(&selinux_state, mysid, sid, + SECCLASS_KEY, KEY__CREATE, NULL); + if (error) + goto abort_change; + } tsec->keycreate_sid = sid; } else if (!strcmp(name, "sockcreate")) { tsec->sockcreate_sid = sid; |