From patchwork Thu Apr 20 15:04:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13218905 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31A49C77B72 for ; Thu, 20 Apr 2023 15:05:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231320AbjDTPFy (ORCPT ); Thu, 20 Apr 2023 11:05:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233807AbjDTPFw (ORCPT ); Thu, 20 Apr 2023 11:05:52 -0400 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 052884EEC for ; Thu, 20 Apr 2023 08:05:52 -0700 (PDT) Received: by mail-ej1-x62e.google.com with SMTP id b16so7154926ejz.3 for ; Thu, 20 Apr 2023 08:05:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1682003150; x=1684595150; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=XYmzet09TovA3hk6JVDaVysD3DndFA+WLI0ROK/kfzE=; b=gntlLpfyaZprhf+d5HkfEVPWG0lzNJsv+CO5NtzwSJEoHZ3MoJ+e/hBVXMYGD6Aywm VsM6fNxKVg+UVEXCAn5f3M+PmznDfSadICP7kJqFgVF04cMuFQ/GiW1mnNPNaWsBa/o7 Va5Q/8qBnCDaqBjnvQzyCJ2jYqWHUY137dTLqKzWhTPZiJGjvtGfD1iPoPChW0bKMS8Z sFYgMzLXEAhBb7VBYrLYiKRDdb5Q3ud2jKmJce4DpqigyZtkh6zVhIfpo+7F19QrtG9s 66CsgymfuUNfGZXPAsD2TF48GBPeajlUS+bvt0agerdJZF0v3J+vFMDAGp20NZYQ6MDK mGTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682003150; x=1684595150; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XYmzet09TovA3hk6JVDaVysD3DndFA+WLI0ROK/kfzE=; b=bb2OI7+CsYIH4xWWjicqZ9PLDuDnvPn9CoE2beKPKQjFrkpcXJ+/S4vzMcrMRByPN8 Kir71lDzzy/9icDLLGh6wZvPSt5UMwLsGdNOrUa/K6Q7ropX6oy1gAuJpWJMP6luWtfB YoGlMeo/P/Y04YXQd7MBK7vHqaToN8flc0dEzS3UmoynvubuHRtctDGjEgcaAI7WOPCc ojC0MT5h3mCYdUBMMT8VQnXA4Ji+JMBiVYDv8M/bx0fOM8p+QVph3t8ESdwkgu7w3XyW hf/OrcEqL/KmHyKbtTkjUSvoVwfTAQbTovHcxpqnSSjFSX/50JT+/cPX7VFVRyb/DnU5 UkrA== X-Gm-Message-State: AAQBX9dHNKXKrttHcKSsX7JOWuXLWIsgk70lOs9UBT1cQrp7iD6N55JR O4KGr0F6BOFoU5WdruwFJJc= X-Google-Smtp-Source: AKy350bC/YFNWX3xvXGhTK9aUq5F5AvQl9l0csZjNHGfEtyRvY0DW7pS/07JO0vyh5lDudELIh1oMw== X-Received: by 2002:a17:906:491:b0:94f:bdda:b29 with SMTP id f17-20020a170906049100b0094fbdda0b29mr1771094eja.77.1682003150392; Thu, 20 Apr 2023 08:05:50 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-119-201-251.95.119.pool.telefonica.de. [95.119.201.251]) by smtp.gmail.com with ESMTPSA id jo2-20020a170906f6c200b009538cc79241sm827430ejb.56.2023.04.20.08.05.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Apr 2023 08:05:49 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org Subject: [PATCH 1/6] selinux: do not leave dangling pointer behind Date: Thu, 20 Apr 2023 17:04:58 +0200 Message-Id: <20230420150503.22227-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In case mls_context_cpy() fails due to OOM set the free'd pointer in context_cpy() to NULL to avoid it potentially being dereferenced or free'd again in future. Freeing a NULL pointer is well-defined and a hard NULL dereference crash is at least not exploitable and should give a workable stack trace. Fixes: 12b29f34558b ("selinux: support deferred mapping of contexts") Signed-off-by: Christian Göttsche --- security/selinux/ss/context.h | 1 + 1 file changed, 1 insertion(+) diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h index eda32c3d4c0a..44179977f434 100644 --- a/security/selinux/ss/context.h +++ b/security/selinux/ss/context.h @@ -167,6 +167,7 @@ static inline int context_cpy(struct context *dst, const struct context *src) rc = mls_context_cpy(dst, src); if (rc) { kfree(dst->str); + dst->str = NULL; return rc; } return 0; From patchwork Thu Apr 20 15:04:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13218906 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E59A5C77B76 for ; Thu, 20 Apr 2023 15:05:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232134AbjDTPFy (ORCPT ); Thu, 20 Apr 2023 11:05:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233814AbjDTPFy (ORCPT ); Thu, 20 Apr 2023 11:05:54 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6758527A for ; Thu, 20 Apr 2023 08:05:52 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id dm2so7057868ejc.8 for ; Thu, 20 Apr 2023 08:05:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1682003151; x=1684595151; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CWjcK5QBFoPapJ2mUnTvrIxFHaP0NjqWeXLAOwwwqVQ=; b=qfsmhjAjPUK+vRtFe3VN5A7/rM1mE6pBbIjgo7b1MewD+JfVrRaSOSeoM5ci+/zCPd cwNGZJshSJfT9EzDCkMdLU2Zus4+EvLlNzPugppx5XkvEQisF71mjNbH3xFTrCJzZ5rL v9dipBs3+Oi6rWG1JRgbZuUZi5AJFlmBZQhylEgcDDEOKe9E7Lci6ZCSD5RyADzm2K0k PytMP0C3zS4ZHj6EXIzNonQPUYU8D3PDEf2v/YtmJXUfWseKOA0iATL4dlEGUL06EGa5 tnGuPExUIpvOD0tad/08Ovntcs/CkmiJQzUavtNTpPn5zuHZW7mRG1p7qdewYidXhqQi o+Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682003151; x=1684595151; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CWjcK5QBFoPapJ2mUnTvrIxFHaP0NjqWeXLAOwwwqVQ=; b=d4ddvd+JcGtJmCPbDFKNDmYkMEyYmoeOlLcgOP1Il01dZYMI99dBtVwv02fU4N5EqI irSm0/goeohNv+Pbjj+cIP6xMV1nOFlTuDSbNhyLySot+mCknU4WY0vvwpFriLD04gif 98g6nRNkUUqvHP0zwVBd8ZA7IbcQ4PHv1M6HipOaXNQLEQvKiJFHcQGdyROkLxwtfY5c erxqxik4ooxUt+jUSiJ4Nv/KpKPdKtOGP6gBlSkhMO3lYjBDgARDdS3E6b2YMJrNAi6a 2jYiCrhNpwYcs706lr7CP+H4FGpAjyFqHkTI+rWR1kQ7m6Y9FHzFUmA4w2fFB2HdatsU tuag== X-Gm-Message-State: AAQBX9fJXAYZvNyP3k1uxMKQrgZtmVpOlc3RsNBOSO3ZkC6VaAFES2TU pa3wTn0unN3Cq/F6EfhbPcY= X-Google-Smtp-Source: AKy350b6dbHXse+0G0vXW8ZMhMZFkx1BBcW9L60OPz4+7vOpac5uWRRS/YoTmxbsWXt9yQ27FdoaoA== X-Received: by 2002:a17:906:5648:b0:94f:2eb1:ffd2 with SMTP id v8-20020a170906564800b0094f2eb1ffd2mr2071423ejr.40.1682003150953; Thu, 20 Apr 2023 08:05:50 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-119-201-251.95.119.pool.telefonica.de. [95.119.201.251]) by smtp.gmail.com with ESMTPSA id jo2-20020a170906f6c200b009538cc79241sm827430ejb.56.2023.04.20.08.05.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Apr 2023 08:05:50 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org Subject: [PATCH 2/6] selinux: adjust typos in comments Date: Thu, 20 Apr 2023 17:04:59 +0200 Message-Id: <20230420150503.22227-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230420150503.22227-1-cgzones@googlemail.com> References: <20230420150503.22227-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Found by codespell(1) Signed-off-by: Christian Göttsche --- security/selinux/hooks.c | 2 +- security/selinux/ima.c | 2 +- security/selinux/include/audit.h | 2 +- security/selinux/include/ima.h | 2 +- security/selinux/selinuxfs.c | 2 +- security/selinux/ss/services.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 79b4890e9936..c49ce2044a17 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -937,7 +937,7 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, } /* - * NOTE: the caller is resposible for freeing the memory even if on error. + * NOTE: the caller is responsible for freeing the memory even if on error. */ static int selinux_add_opt(int token, const char *s, void **mnt_opts) { diff --git a/security/selinux/ima.c b/security/selinux/ima.c index 7daf59667f59..aa34da9b0aeb 100644 --- a/security/selinux/ima.c +++ b/security/selinux/ima.c @@ -4,7 +4,7 @@ * * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) * - * Measure critical data structures maintainted by SELinux + * Measure critical data structures maintained by SELinux * using IMA subsystem. */ #include diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 406bceb90c6c..d5495134a5b9 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -41,7 +41,7 @@ void selinux_audit_rule_free(void *rule); * selinux_audit_rule_match - determine if a context ID matches a rule. * @sid: the context ID to check * @field: the field this rule refers to - * @op: the operater the rule uses + * @op: the operator the rule uses * @rule: pointer to the audit rule to check against * * Returns 1 if the context id matches the rule, 0 if it does not, and diff --git a/security/selinux/include/ima.h b/security/selinux/include/ima.h index 05e04172c86d..93c05e97eb7f 100644 --- a/security/selinux/include/ima.h +++ b/security/selinux/include/ima.h @@ -4,7 +4,7 @@ * * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) * - * Measure critical data structures maintainted by SELinux + * Measure critical data structures maintained by SELinux * using IMA subsystem. */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 69a583b91fc5..7cc7e2f0272b 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -951,7 +951,7 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) * either whitespace or multibyte characters, they shall be * encoded based on the percentage-encoding rule. * If not encoded, the sscanf logic picks up only left-half - * of the supplied name; splitted by a whitespace unexpectedly. + * of the supplied name; split by a whitespace unexpectedly. */ char *r, *w; int c1, c2; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f14d1ffe54c5..9571a447e427 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -583,7 +583,7 @@ static void type_attribute_bounds_av(struct policydb *policydb, /* * flag which drivers have permissions - * only looking for ioctl based extended permssions + * only looking for ioctl based extended permissions */ void services_compute_xperms_drivers( struct extended_perms *xperms, From patchwork Thu Apr 20 15:05:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13218908 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88D06C77B73 for ; Thu, 20 Apr 2023 15:05:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233793AbjDTPFz (ORCPT ); Thu, 20 Apr 2023 11:05:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232226AbjDTPFy (ORCPT ); Thu, 20 Apr 2023 11:05:54 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E076558E for ; Thu, 20 Apr 2023 08:05:53 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id b16so7155082ejz.3 for ; Thu, 20 Apr 2023 08:05:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1682003151; x=1684595151; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=O5a5OHVelsIRUN/Fw4kYGHYHUK5S0uRDFkWh1RP0Pvg=; b=Up1fWl/uhqiaXxJd3E8I0CPM40U4Y495CgDsbUoxzjBQD3uej7cbarVOdBJ0IYfbfS duXua3aZAspGgMLHpYdETmNBLAIPIZdM8TvDrNfNsVXXfh9NOdARSiu32MVQOJkMiBGW zyvPkiKnKnme4Mcy/bXCBKJolBJ1fymqYhS7V3ptupmPjs1FqhYfoaLLj4BVOSWXv3KM H7IrmzpWMG7JLZaXWB1aEcmIvClEzEQA/dlCexMy3ks1AnyYePT3dm0TugyhYHglVoaU 7UU7F0nhDeQ1j7ZRw2lYH03s1vYy1dvH4hgj84E5tF0KDcWt/MJ+Yvpfy17J4ke1Ln3M G39g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682003151; x=1684595151; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O5a5OHVelsIRUN/Fw4kYGHYHUK5S0uRDFkWh1RP0Pvg=; b=bFmshPjbhFcsZIW9Zm12Xu0+fJhKQa/l/Epg0+oqU2UAaKb3iAHy98esv/dfu5rXdS e+goNEg8dt2j8fa28QdmUHDEXlHCOgd4u9IKppU2gHlVPESg8eNE0wrO8QnckMxO+FDh c4RpDG1LIPhyBwbIU+2ieEc0z9QM+hw6mVFEgTA4eIKYGBNsS+rR+ou/PfPIfuAuhjMp gYn/JzXWaiDdhA6QzM0Kdizg38U4fwyZSr1yQSPQ1SIhGlMLB89tqTlr0fM6RmkKDeeY Gb5fdR99GpxZqG+odP/T2w6j8udMW5UcAkfm1wSVCwDvrA98NpibRnhdBA0Q704ADv+L ua2Q== X-Gm-Message-State: AAQBX9fRWPEMX4Vih+SfkMn3vox/jZp6Ly1DnzR4pi+PYxTnKQHEGzz4 W4+F9nM7LDYbOGkTNhIXb5AaQYE6vTQ= X-Google-Smtp-Source: AKy350aDd79X3u404tkMePw/pJJKAdwQi8sot85CU2xWASz9s1al8BJP574a/EfStIArVdIOdBKw6w== X-Received: by 2002:a17:906:2d6:b0:94f:3045:2255 with SMTP id 22-20020a17090602d600b0094f30452255mr1723303ejk.50.1682003151602; Thu, 20 Apr 2023 08:05:51 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-119-201-251.95.119.pool.telefonica.de. [95.119.201.251]) by smtp.gmail.com with ESMTPSA id jo2-20020a170906f6c200b009538cc79241sm827430ejb.56.2023.04.20.08.05.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Apr 2023 08:05:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org Subject: [PATCH 3/6] selinux: avc: drop unused function avc_disable() Date: Thu, 20 Apr 2023 17:05:00 +0200 Message-Id: <20230420150503.22227-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230420150503.22227-1-cgzones@googlemail.com> References: <20230420150503.22227-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Since commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality") the function avc_disable() is no longer used. Improves: f22f9aaf6c3d ("selinux: remove the runtime disable functionality") Signed-off-by: Christian Göttsche --- security/selinux/avc.c | 19 ------------------- security/selinux/include/avc.h | 3 --- 2 files changed, 22 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index eaed5c2da02b..6bc65830e1a9 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -1203,22 +1203,3 @@ u32 avc_policy_seqno(void) { return selinux_avc.avc_cache.latest_notif; } - -void avc_disable(void) -{ - /* - * If you are looking at this because you have realized that we are - * not destroying the avc_node_cachep it might be easy to fix, but - * I don't know the memory barrier semantics well enough to know. It's - * possible that some other task dereferenced security_ops when - * it still pointed to selinux operations. If that is the case it's - * possible that it is about to use the avc and is about to need the - * avc_node_cachep. I know I could wrap the security.c security_ops call - * in an rcu_lock, but seriously, it's not worth it. Instead I just flush - * the cache and get that memory back. - */ - if (avc_node_cachep) { - avc_flush(); - /* kmem_cache_destroy(avc_node_cachep); */ - } -} diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 9301222c8e55..9e055f74daf6 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -168,9 +168,6 @@ int avc_get_hash_stats(char *page); unsigned int avc_get_cache_threshold(void); void avc_set_cache_threshold(unsigned int cache_threshold); -/* Attempt to free avc node cache */ -void avc_disable(void); - #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); #endif From patchwork Thu Apr 20 15:05:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13218907 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E396CC77B7C for ; Thu, 20 Apr 2023 15:05:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232226AbjDTPF4 (ORCPT ); Thu, 20 Apr 2023 11:05:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53156 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232600AbjDTPFz (ORCPT ); Thu, 20 Apr 2023 11:05:55 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3CDA4C3E for ; Thu, 20 Apr 2023 08:05:53 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id u3so6974264ejj.12 for ; Thu, 20 Apr 2023 08:05:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1682003152; x=1684595152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yn6I9/njhMxdU7VzCxBwfVe8IAelAP6oEreCcSg+PUE=; b=PdPQcZUv0pQNul7gNcPlkjwX0K/bm9xLrNzqhL/MYnS5TB4Rj0PrXJ1LyXeXep1GsO F0dUX9cVM5KDtRN34HgVUBxytKxciij24OG7Vp2dIykK4YoO1c58L1NAs7Vchi4/VNkL 3xPVz3abc957ovJj+Bs+7alFaVWvIJteXOYtH3LzT3WsskmF023UMFYVTPJGLO8dpYb6 tlAQ9MMnz7pCW7V8PQfJN0U5jGhXeWgrxFIGtGKj4V5YyH3K5MYGE18e9S87S+CMUN3B JqMCgEoxfB0I9S2IAs7f9HL2MrZb3h4C514U/YP+hzmRoBBYwjJCFEvaGgEYcfVgneID 9BqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682003152; x=1684595152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yn6I9/njhMxdU7VzCxBwfVe8IAelAP6oEreCcSg+PUE=; b=G0KfqDaZxHYVWDvnkk480cSdMS4/LW5aeXzr/ApJiB3dEdSksJ8SrYhZlmaxxnJeIz L+wJPIOgPcLLvX3323AKGQuDHWd9Mg8tiKKS7v8hE3zPZMkHUTo8IXlzImEPSdz5YmAx 9/GaGm7TX6oBd8vWFoXQO+y5q8j51FpvdA8W9owJtGrFOn55oDEBNYySmBKtseVtfnQm QJVWch5fFdpD6X4ZxF/Z8WUfzHoSXqUrXcaffhkt4ybBKPar4CBNWUyQhbV/2fMhaqaz Go2ncv24JLXvBk+i4NCea5iWp2woJkLJQbNZy3i5zMCJwA05CHu5dd0oyBOY7oYIuQ+o VfUQ== X-Gm-Message-State: AAQBX9dK0T4ixOT36FtAaMW3ZcA5X8omB1rKNnAxYP+bsKCi0mMFJPs0 uTOgi5bAD9LqtYQ/rss+dpg= X-Google-Smtp-Source: AKy350aBYwHrDZi2XEUTLMhTf4k3AuDT2sL+HOzMlTm2U5dvv7saGU5nFsDISj2f/Ac1czhPwcv8ug== X-Received: by 2002:a17:906:4808:b0:94f:b5c:a254 with SMTP id w8-20020a170906480800b0094f0b5ca254mr2023186ejq.49.1682003152154; Thu, 20 Apr 2023 08:05:52 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-119-201-251.95.119.pool.telefonica.de. [95.119.201.251]) by smtp.gmail.com with ESMTPSA id jo2-20020a170906f6c200b009538cc79241sm827430ejb.56.2023.04.20.08.05.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Apr 2023 08:05:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org Subject: [PATCH 4/6] selinux: drop return at end of void function avc_insert() Date: Thu, 20 Apr 2023 17:05:01 +0200 Message-Id: <20230420150503.22227-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230420150503.22227-1-cgzones@googlemail.com> References: <20230420150503.22227-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Commit 539813e4184a ("selinux: stop returning node from avc_insert()") converted the return value of avc_insert() to void but left the now unnecessary trailing return statement. Improves: 539813e4184a ("selinux: stop returning node from avc_insert()") Signed-off-by: Christian Göttsche --- security/selinux/avc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 6bc65830e1a9..1074db66e5ff 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -642,7 +642,6 @@ static void avc_insert(u32 ssid, u32 tsid, u16 tclass, hlist_add_head_rcu(&node->list, head); found: spin_unlock_irqrestore(lock, flag); - return; } /** From patchwork Thu Apr 20 15:05:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13218909 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6C59C77B76 for ; Thu, 20 Apr 2023 15:05:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233899AbjDTPF5 (ORCPT ); Thu, 20 Apr 2023 11:05:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232600AbjDTPF4 (ORCPT ); Thu, 20 Apr 2023 11:05:56 -0400 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C3644EEC for ; Thu, 20 Apr 2023 08:05:54 -0700 (PDT) Received: by mail-ej1-x62c.google.com with SMTP id dx24so6994032ejb.11 for ; Thu, 20 Apr 2023 08:05:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1682003153; x=1684595153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iEIzYI2DzFkL7r+Yzqs6NW5tgIgkJmurMydT/G55GYc=; b=mDmBnAl+YHFj32Xnfd6fh7HEjG6nWd9BWBooCNWsBNgSUJumOUFZIrNcElQ9Ah8zxf mg4ODHZh0ojUIZSyUGY371dLSfdF4g04c+0E92kh/Cwknls9s2jQgMSUcB9r0jMuVTAR eqy0oIfpM0eodpoKWsJVusNqK/IA5l8UJV9JaBeKZgX+ocEbQpdbyxkFA2QqvqPaPQT7 ivW2++vVfOUIoWE9Gux8PMcMOI1IZYAqkoscG14QWwApvGKDdP/TYZMAx/4Y3xbBwo1S LiNn5upxdd9I2wkKEI2pEBxEpULNjzmEGQ3U5zfprmLAnsfNACnEPHRVtyHoj8hh54CO QTuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682003153; x=1684595153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iEIzYI2DzFkL7r+Yzqs6NW5tgIgkJmurMydT/G55GYc=; b=N+ASc/OWINnMVa43QwDqeO9Oe8SLb/5C+AA+xw+67RhZwqczD6hlBR9YFuSwWtwY4h Pi+7SsM6j6wVlyytKB3qMVL2K8cZi4IkZMHdNgsAmC6nwzAe13DJ7IMlBD2nCUovnQaf aTevBkt/DXRsrmJULSazR5erTs6e6xdHzvgLpgTr2ptBVC+0YzKTsOtcNdK9F1rAbFL7 hYulW2OJRG7ZQqZjCCoGw0HjQXp+bva3lXLdGrjmkIQGmtBIPrhABsKex2PukSBxglbe XR9FLr0PemCAAH8dLxjsZ+Wf45pN5obm+PpF8/9GEE1U2Q+Vce8PCf0bhKH75Qv1NP2D tttg== X-Gm-Message-State: AAQBX9cWvH2f3c0vACVF6HiN0njXdjx005RLTXSxMJxVbF3S7jHfBCqy nJsLQUzdCrk7jnbIE2s81nrttPb50xA= X-Google-Smtp-Source: AKy350Z1VQp7oWhFKsLfQtu1HzLbYAQja8brBagP8NpxrVnBK42HXMo4e9YO7eVeehJKh2kVCE4MhQ== X-Received: by 2002:a17:907:96a1:b0:94a:937a:58f1 with SMTP id hd33-20020a17090796a100b0094a937a58f1mr2652641ejc.1.1682003152725; Thu, 20 Apr 2023 08:05:52 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-119-201-251.95.119.pool.telefonica.de. [95.119.201.251]) by smtp.gmail.com with ESMTPSA id jo2-20020a170906f6c200b009538cc79241sm827430ejb.56.2023.04.20.08.05.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Apr 2023 08:05:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org Subject: [PATCH 5/6] selinux: retain const qualifier on string literal in avtab_hash_eval() Date: Thu, 20 Apr 2023 17:05:02 +0200 Message-Id: <20230420150503.22227-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230420150503.22227-1-cgzones@googlemail.com> References: <20230420150503.22227-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The second parameter `tag` of avtab_hash_eval() is only used for printing. In policydb_index() it is called with a string literal: avtab_hash_eval(&p->te_avtab, "rules"); Signed-off-by: Christian Göttsche --- security/selinux/ss/avtab.c | 2 +- security/selinux/ss/avtab.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 8480ec6c6e75..6766edc0fe68 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -354,7 +354,7 @@ int avtab_alloc_dup(struct avtab *new, const struct avtab *orig) return avtab_alloc_common(new, orig->nslot); } -void avtab_hash_eval(struct avtab *h, char *tag) +void avtab_hash_eval(struct avtab *h, const char *tag) { int i, chain_len, slots_used, max_chain_len; unsigned long long chain2_len_sum; diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index d3ebea8d146f..d6742fd9c560 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -92,7 +92,7 @@ int avtab_alloc(struct avtab *, u32); int avtab_alloc_dup(struct avtab *new, const struct avtab *orig); struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k); void avtab_destroy(struct avtab *h); -void avtab_hash_eval(struct avtab *h, char *tag); +void avtab_hash_eval(struct avtab *h, const char *tag); struct policydb; int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, From patchwork Thu Apr 20 15:05:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13218910 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD042C77B73 for ; Thu, 20 Apr 2023 15:05:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233921AbjDTPF6 (ORCPT ); Thu, 20 Apr 2023 11:05:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233814AbjDTPF5 (ORCPT ); Thu, 20 Apr 2023 11:05:57 -0400 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CA7C4ECE for ; Thu, 20 Apr 2023 08:05:55 -0700 (PDT) Received: by mail-ej1-x62e.google.com with SMTP id ud9so7071052ejc.7 for ; Thu, 20 Apr 2023 08:05:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1682003153; x=1684595153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ZBYB6+ftJqpoofpF5FogMXzFAY0MQEJD+6bC/hiVxUo=; b=SW+Yh7vtZ/B3boOwwTMy5dWCY2QoX7nYN4n3dMXLLoL47wTPN3CfpaH2S4LJHyA6bs ZoicbAprFcU1+FbT/T5DwCGJEd4GxvAJAzVxGGALGrcOZHyXXuWIHNyiJ166sgZ8a1wo rDJm3AcN1ZfMl/lvyKFluQpLUsIY+vORVSNJsVrYnsU5clmRQkdgwEZ0iV7bDMrqhUSe UFDFcNdEtrX/VWUFhLARexxKVD/wMFgdgefYDVeBzBlTsMaWhpJQId635o1mN2FEAsUw 3YPOB8sjzqRycRN83THFm3bZJWAdp5T1lJrnMPM2tHSnK0BzVjyVayMMyFDsi3WhcsCb pDqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682003153; x=1684595153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZBYB6+ftJqpoofpF5FogMXzFAY0MQEJD+6bC/hiVxUo=; b=Uuoi+BTBdV94kVndj9SubSUsuIu70OMjv1CuNcV2nEwZI7DHV9JwRF59Y4UT5MYong zV6u2R/F56tnkKVHVFHbsANtff16MAJrmKwtxTZxCBEpSSFvViR63naXjwWWSk8mgYpu nMbCzkFn7TvqNKtDtlewt6X1hU7F7k1Sb43CHTtrATobSgY7+pRV1YgKXSCu/lsE8AH1 ylYzK8LSov7Jq/PV337pIymctRS8eWZJUeDJme0qG+hxNAqXtTrLcDSFsD+cyO+Zz4t1 MVWMHZDLEtCTJnwW9AYWiTRBNcNL2Zu/orZMhI8IPpxvUDiFfJOFMarXX+ipzSE0F3ik o8Dw== X-Gm-Message-State: AAQBX9fYF6ekxoT4O5SXz5rwezseEDdxChC9jPsDMaUKlABAgta4VA9R lQeOu/A16+n4X678NU2c5nE= X-Google-Smtp-Source: AKy350bvp2suvaEezeNfXjDQ579mMA1vKPPnf2tQsxGTjARkM0M+mA8cYZ251Re4cwS/Iyj4cWjLcg== X-Received: by 2002:a17:907:20cf:b0:8b1:3467:d71b with SMTP id qq15-20020a17090720cf00b008b13467d71bmr1848320ejb.48.1682003153492; Thu, 20 Apr 2023 08:05:53 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-119-201-251.95.119.pool.telefonica.de. [95.119.201.251]) by smtp.gmail.com with ESMTPSA id jo2-20020a170906f6c200b009538cc79241sm827430ejb.56.2023.04.20.08.05.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Apr 2023 08:05:53 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org Subject: [PATCH 6/6] selinux: declare read-only data arrays const Date: Thu, 20 Apr 2023 17:05:03 +0200 Message-Id: <20230420150503.22227-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230420150503.22227-1-cgzones@googlemail.com> References: <20230420150503.22227-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The array of mount tokens in only used in match_opt_prefix() and never modified. The array of symtab names is never modified and only used in the DEBUG_HASHES configuration as output. The array of files for the SElinux filesystem sub-directory `ss` is similar to the other `struct tree_descr` usages only read from to construct the containing entries. Signed-off-by: Christian Göttsche --- security/selinux/hooks.c | 2 +- security/selinux/selinuxfs.c | 2 +- security/selinux/ss/policydb.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c49ce2044a17..99ded60a6b91 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -357,7 +357,7 @@ enum { }; #define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg} -static struct { +static const struct { const char *name; int len; int opt; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 7cc7e2f0272b..bad1f6b685fd 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1649,7 +1649,7 @@ static int sel_make_ss_files(struct dentry *dir) struct super_block *sb = dir->d_sb; struct selinux_fs_info *fsi = sb->s_fs_info; int i; - static struct tree_descr files[] = { + static const struct tree_descr files[] = { { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, }; diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index adcfb63b3550..97c0074f9312 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -42,7 +42,7 @@ #include "services.h" #ifdef DEBUG_HASHES -static const char *symtab_name[SYM_NUM] = { +static const char *const symtab_name[SYM_NUM] = { "common prefixes", "classes", "roles",