diff options
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index cc043bc8fd4c..d61563a3695e 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: GPL-2.0-only /* * Implementation of the security services. * @@ -35,9 +36,6 @@ * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, version 2. */ #include <linux/kernel.h> #include <linux/slab.h> @@ -651,9 +649,7 @@ static void context_struct_compute_av(struct policydb *policydb, avkey.target_class = tclass; avkey.specified = AVTAB_AV | AVTAB_XPERMS; sattr = &policydb->type_attr_map_array[scontext->type - 1]; - BUG_ON(!sattr); tattr = &policydb->type_attr_map_array[tcontext->type - 1]; - BUG_ON(!tattr); ebitmap_for_each_positive_bit(sattr, snode, i) { ebitmap_for_each_positive_bit(tattr, tnode, j) { avkey.source_type = i + 1; @@ -1059,9 +1055,7 @@ void security_compute_xperms_decision(struct selinux_state *state, avkey.target_class = tclass; avkey.specified = AVTAB_XPERMS; sattr = &policydb->type_attr_map_array[scontext->type - 1]; - BUG_ON(!sattr); tattr = &policydb->type_attr_map_array[tcontext->type - 1]; - BUG_ON(!tattr); ebitmap_for_each_positive_bit(sattr, snode, i) { ebitmap_for_each_positive_bit(tattr, tnode, j) { avkey.source_type = i + 1; @@ -1588,6 +1582,7 @@ static int compute_sid_handle_invalid_context( struct policydb *policydb = &state->ss->policydb; char *s = NULL, *t = NULL, *n = NULL; u32 slen, tlen, nlen; + struct audit_buffer *ab; if (context_struct_to_string(policydb, scontext, &s, &slen)) goto out; @@ -1595,12 +1590,14 @@ static int compute_sid_handle_invalid_context( goto out; if (context_struct_to_string(policydb, newcontext, &n, &nlen)) goto out; - audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR, - "op=security_compute_sid invalid_context=%s" - " scontext=%s" - " tcontext=%s" - " tclass=%s", - n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1)); + ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR); + audit_log_format(ab, + "op=security_compute_sid invalid_context="); + /* no need to record the NUL with untrusted strings */ + audit_log_n_untrustedstring(ab, n, nlen - 1); + audit_log_format(ab, " scontext=%s tcontext=%s tclass=%s", + s, t, sym_name(policydb, SYM_CLASSES, tclass-1)); + audit_log_end(ab); out: kfree(s); kfree(t); @@ -3007,10 +3004,16 @@ int security_sid_mls_copy(struct selinux_state *state, if (rc) { if (!context_struct_to_string(policydb, &newcon, &s, &len)) { - audit_log(audit_context(), - GFP_ATOMIC, AUDIT_SELINUX_ERR, - "op=security_sid_mls_copy " - "invalid_context=%s", s); + struct audit_buffer *ab; + + ab = audit_log_start(audit_context(), + GFP_ATOMIC, + AUDIT_SELINUX_ERR); + audit_log_format(ab, + "op=security_sid_mls_copy invalid_context="); + /* don't record NUL with untrusted strings */ + audit_log_n_untrustedstring(ab, s, len - 1); + audit_log_end(ab); kfree(s); } goto out_unlock; |