From 74d85dbec88016a13ab6d24ea0f63817f6554dbd Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 13 Oct 2010 17:50:31 -0400 Subject: [PATCH] --- yaml --- r: 211685 b: refs/heads/master c: 845ca30fe9691f1bab7cfbf30b6d11c944eb4abd h: refs/heads/master i: 211683: b328356a508dcbc4677b3b7370eb7f3988ea346b v: v3 --- [refs] | 2 +- trunk/security/selinux/selinuxfs.c | 44 ++++++++++++++++++++++++++++ trunk/security/selinux/ss/services.c | 2 +- 3 files changed, 46 insertions(+), 2 deletions(-) diff --git a/[refs] b/[refs] index 9615db054cf7..5de60898bd13 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: cee74f47a6baba0ac457e87687fdcf0abd599f0a +refs/heads/master: 845ca30fe9691f1bab7cfbf30b6d11c944eb4abd diff --git a/trunk/security/selinux/selinuxfs.c b/trunk/security/selinux/selinuxfs.c index 8eb102c72606..87e0556bae70 100644 --- a/trunk/security/selinux/selinuxfs.c +++ b/trunk/security/selinux/selinuxfs.c @@ -439,9 +439,53 @@ static ssize_t sel_read_policy(struct file *filp, char __user *buf, return ret; } +static int sel_mmap_policy_fault(struct vm_area_struct *vma, + struct vm_fault *vmf) +{ + struct policy_load_memory *plm = vma->vm_file->private_data; + unsigned long offset; + struct page *page; + + if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) + return VM_FAULT_SIGBUS; + + offset = vmf->pgoff << PAGE_SHIFT; + if (offset >= roundup(plm->len, PAGE_SIZE)) + return VM_FAULT_SIGBUS; + + page = vmalloc_to_page(plm->data + offset); + get_page(page); + + vmf->page = page; + + return 0; +} + +static struct vm_operations_struct sel_mmap_policy_ops = { + .fault = sel_mmap_policy_fault, + .page_mkwrite = sel_mmap_policy_fault, +}; + +int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) +{ + if (vma->vm_flags & VM_SHARED) { + /* do not allow mprotect to make mapping writable */ + vma->vm_flags &= ~VM_MAYWRITE; + + if (vma->vm_flags & VM_WRITE) + return -EACCES; + } + + vma->vm_flags |= VM_RESERVED; + vma->vm_ops = &sel_mmap_policy_ops; + + return 0; +} + static const struct file_operations sel_policy_ops = { .open = sel_open_policy, .read = sel_read_policy, + .mmap = sel_mmap_policy, .release = sel_release_policy, }; diff --git a/trunk/security/selinux/ss/services.c b/trunk/security/selinux/ss/services.c index 7565d16aac31..3a1739b33b78 100644 --- a/trunk/security/selinux/ss/services.c +++ b/trunk/security/selinux/ss/services.c @@ -3169,7 +3169,7 @@ int security_read_policy(void **data, ssize_t *len) *len = security_policydb_len(); - *data = vmalloc(*len); + *data = vmalloc_user(*len); if (!*data) return -ENOMEM;