From: Stephen Smalley <sds@tycho.nsa.gov>
To: Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 1/5] selinux: introduce security_context_str_to_sid
Date: Tue, 29 Sep 2015 14:02:55 -0400 [thread overview]
Message-ID: <560AD24F.9040002@tycho.nsa.gov> (raw)
In-Reply-To: <1443220459-11042-2-git-send-email-linux@rasmusvillemoes.dk>
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
> There seems to be a little confusion as to whether the scontext_len
> parameter of security_context_to_sid() includes the nul-byte or
> not. Reading security_context_to_sid_core(), it seems that the
> expectation is that it does not (both the string copying and the test
> for scontext_len being zero hint at that).
>
> Introduce the helper security_context_str_to_sid() to do the strlen()
> call and fix all callers.
>
> Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> security/selinux/hooks.c | 12 ++++--------
> security/selinux/include/security.h | 2 ++
> security/selinux/selinuxfs.c | 26 +++++++++-----------------
> security/selinux/ss/services.c | 5 +++++
> 4 files changed, 20 insertions(+), 25 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index e4369d86e588..fd50cd5ac2ec 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -674,10 +674,9 @@ static int selinux_set_mnt_opts(struct super_block *sb,
>
> if (flags[i] == SBLABEL_MNT)
> continue;
> - rc = security_context_to_sid(mount_options[i],
> - strlen(mount_options[i]), &sid, GFP_KERNEL);
> + rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
> if (rc) {
> - printk(KERN_WARNING "SELinux: security_context_to_sid"
> + printk(KERN_WARNING "SELinux: security_context_str_to_sid"
> "(%s) failed for (dev %s, type %s) errno=%d\n",
> mount_options[i], sb->s_id, name, rc);
> goto out;
> @@ -2617,15 +2616,12 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
>
> for (i = 0; i < opts.num_mnt_opts; i++) {
> u32 sid;
> - size_t len;
>
> if (flags[i] == SBLABEL_MNT)
> continue;
> - len = strlen(mount_options[i]);
> - rc = security_context_to_sid(mount_options[i], len, &sid,
> - GFP_KERNEL);
> + rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
> if (rc) {
> - printk(KERN_WARNING "SELinux: security_context_to_sid"
> + printk(KERN_WARNING "SELinux: security_context_str_to_sid"
> "(%s) failed for (dev %s, type %s) errno=%d\n",
> mount_options[i], sb->s_id, sb->s_type->name, rc);
> goto out_free_opts;
> diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
> index 6a681d26bf20..223e9fd15d66 100644
> --- a/security/selinux/include/security.h
> +++ b/security/selinux/include/security.h
> @@ -166,6 +166,8 @@ int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len);
> int security_context_to_sid(const char *scontext, u32 scontext_len,
> u32 *out_sid, gfp_t gfp);
>
> +int security_context_str_to_sid(const char *scontext, u32 *out_sid, gfp_t gfp);
> +
> int security_context_to_sid_default(const char *scontext, u32 scontext_len,
> u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 5bed7716f8ab..c02da25d7b63 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -731,13 +731,11 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
> if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
> goto out;
>
> - length = security_context_to_sid(scon, strlen(scon) + 1, &ssid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
> if (length)
> goto out;
>
> - length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
> if (length)
> goto out;
>
> @@ -819,13 +817,11 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
> objname = namebuf;
> }
>
> - length = security_context_to_sid(scon, strlen(scon) + 1, &ssid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
> if (length)
> goto out;
>
> - length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
> if (length)
> goto out;
>
> @@ -882,13 +878,11 @@ static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
> if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
> goto out;
>
> - length = security_context_to_sid(scon, strlen(scon) + 1, &ssid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
> if (length)
> goto out;
>
> - length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
> if (length)
> goto out;
>
> @@ -940,7 +934,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
> if (sscanf(buf, "%s %s", con, user) != 2)
> goto out;
>
> - length = security_context_to_sid(con, strlen(con) + 1, &sid, GFP_KERNEL);
> + length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
> if (length)
> goto out;
>
> @@ -1000,13 +994,11 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
> if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
> goto out;
>
> - length = security_context_to_sid(scon, strlen(scon) + 1, &ssid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
> if (length)
> goto out;
>
> - length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid,
> - GFP_KERNEL);
> + length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
> if (length)
> goto out;
>
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index b7df12ba61d8..c550df0e0ff1 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -1476,6 +1476,11 @@ int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid,
> sid, SECSID_NULL, gfp, 0);
> }
>
> +int security_context_str_to_sid(const char *scontext, u32 *sid, gfp_t gfp)
> +{
> + return security_context_to_sid(scontext, strlen(scontext), sid, gfp);
> +}
> +
> /**
> * security_context_to_sid_default - Obtain a SID for a given security context,
> * falling back to specified default if needed.
>
next prev parent reply other threads:[~2015-09-29 18:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-25 22:34 [PATCH 0/5] selinux: minor cleanup suggestions Rasmus Villemoes
2015-09-25 22:34 ` [PATCH 1/5] selinux: introduce security_context_str_to_sid Rasmus Villemoes
2015-09-29 18:02 ` Stephen Smalley [this message]
2015-09-30 16:28 ` Paul Moore
2015-09-25 22:34 ` [PATCH 2/5] selinux: remove pointless cast in selinux_inode_setsecurity() Rasmus Villemoes
2015-09-29 18:08 ` Stephen Smalley
2015-09-30 16:31 ` Paul Moore
2015-09-25 22:34 ` [PATCH 3/5] selinux: use kmemdup in security_sid_to_context_core() Rasmus Villemoes
2015-09-29 18:11 ` Stephen Smalley
2015-09-30 16:37 ` Paul Moore
2015-09-25 22:34 ` [PATCH 4/5] selinux: use kstrdup() in security_get_bools() Rasmus Villemoes
2015-09-29 18:12 ` Stephen Smalley
2015-09-30 16:40 ` Paul Moore
2015-09-25 22:34 ` [PATCH 5/5] selinux: use sprintf return value Rasmus Villemoes
2015-09-29 18:17 ` Stephen Smalley
2015-09-30 15:00 ` Rasmus Villemoes
2015-09-30 16:43 ` Paul Moore
2015-09-29 17:59 ` [PATCH 0/5] selinux: minor cleanup suggestions Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=560AD24F.9040002@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=paul@paul-moore.com \
--cc=selinux@tycho.nsa.gov \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.