diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/encrypted-keys/Makefile | 8 | ||||
-rw-r--r-- | security/keys/encrypted-keys/encrypted.c | 2 | ||||
-rw-r--r-- | security/keys/encrypted-keys/encrypted.h | 3 | ||||
-rw-r--r-- | security/keys/user_defined.c | 3 | ||||
-rw-r--r-- | security/smack/smackfs.c | 115 |
5 files changed, 50 insertions, 81 deletions
diff --git a/security/keys/encrypted-keys/Makefile b/security/keys/encrypted-keys/Makefile index 6bc7a86d102..d6f8433250a 100644 --- a/security/keys/encrypted-keys/Makefile +++ b/security/keys/encrypted-keys/Makefile @@ -2,5 +2,9 @@ # Makefile for encrypted keys # -obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted.o ecryptfs_format.o -obj-$(CONFIG_TRUSTED_KEYS) += masterkey_trusted.o +obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o + +encrypted-keys-y := encrypted.o ecryptfs_format.o +masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o +masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o +encrypted-keys-y += $(masterkey-y) $(masterkey-m-m) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index dcc843cb0f8..41144f71d61 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -444,7 +444,7 @@ static struct key *request_master_key(struct encrypted_key_payload *epayload, goto out; if (IS_ERR(mkey)) { - int ret = PTR_ERR(epayload); + int ret = PTR_ERR(mkey); if (ret == -ENOTSUPP) pr_info("encrypted_key: key %s not supported", diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h index b6ade894525..8136a2d44c6 100644 --- a/security/keys/encrypted-keys/encrypted.h +++ b/security/keys/encrypted-keys/encrypted.h @@ -2,7 +2,8 @@ #define __ENCRYPTED_KEY_H #define ENCRYPTED_DEBUG 0 -#ifdef CONFIG_TRUSTED_KEYS +#if defined(CONFIG_TRUSTED_KEYS) || \ + (defined(CONFIG_TRUSTED_KEYS_MODULE) && defined(CONFIG_ENCRYPTED_KEYS_MODULE)) extern struct key *request_trusted_key(const char *trusted_desc, u8 **master_key, size_t *master_keylen); #else diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 5b366d7af3c..69ff52c08e9 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -102,7 +102,8 @@ int user_update(struct key *key, const void *data, size_t datalen) key->expiry = 0; } - kfree_rcu(zap, rcu); + if (zap) + kfree_rcu(zap, rcu); error: return ret; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 6aceef518a4..5c32f36ff70 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -102,9 +102,6 @@ static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT; const char *smack_cipso_option = SMACK_CIPSO_OPTION; - -#define SEQ_READ_FINISHED ((loff_t)-1) - /* * Values for parsing cipso rules * SMK_DIGITLEN: Length of a digit field in a rule. @@ -357,10 +354,12 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf, rc = count; /* + * If this is "load" as opposed to "load-self" and a new rule + * it needs to get added for reporting. * smk_set_access returns true if there was already a rule * for the subject/object pair, and false if it was new. */ - if (!smk_set_access(rule, rule_list, rule_lock)) { + if (load && !smk_set_access(rule, rule_list, rule_lock)) { smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); if (smlp != NULL) { smlp->smk_rule = rule; @@ -377,12 +376,12 @@ out: return rc; } - /* - * Seq_file read operations for /smack/load + * Core logic for smackfs seq list operations. */ -static void *load_seq_start(struct seq_file *s, loff_t *pos) +static void *smk_seq_start(struct seq_file *s, loff_t *pos, + struct list_head *head) { struct list_head *list; @@ -390,7 +389,7 @@ static void *load_seq_start(struct seq_file *s, loff_t *pos) * This is 0 the first time through. */ if (s->index == 0) - s->private = &smack_rule_list; + s->private = head; if (s->private == NULL) return NULL; @@ -404,11 +403,12 @@ static void *load_seq_start(struct seq_file *s, loff_t *pos) return list; } -static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) +static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos, + struct list_head *head) { struct list_head *list = v; - if (list_is_last(list, &smack_rule_list)) { + if (list_is_last(list, head)) { s->private = NULL; return NULL; } @@ -416,6 +416,25 @@ static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) return list->next; } +static void smk_seq_stop(struct seq_file *s, void *v) +{ + /* No-op */ +} + +/* + * Seq_file read operations for /smack/load + */ + +static void *load_seq_start(struct seq_file *s, loff_t *pos) +{ + return smk_seq_start(s, pos, &smack_rule_list); +} + +static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) +{ + return smk_seq_next(s, v, pos, &smack_rule_list); +} + static int load_seq_show(struct seq_file *s, void *v) { struct list_head *list = v; @@ -446,16 +465,11 @@ static int load_seq_show(struct seq_file *s, void *v) return 0; } -static void load_seq_stop(struct seq_file *s, void *v) -{ - /* No-op */ -} - static const struct seq_operations load_seq_ops = { .start = load_seq_start, .next = load_seq_next, .show = load_seq_show, - .stop = load_seq_stop, + .stop = smk_seq_stop, }; /** @@ -574,28 +588,12 @@ static void smk_unlbl_ambient(char *oldambient) static void *cipso_seq_start(struct seq_file *s, loff_t *pos) { - if (*pos == SEQ_READ_FINISHED) - return NULL; - if (list_empty(&smack_known_list)) - return NULL; - - return smack_known_list.next; + return smk_seq_start(s, pos, &smack_known_list); } static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct list_head *list = v; - - /* - * labels with no associated cipso value wont be printed - * in cipso_seq_show - */ - if (list_is_last(list, &smack_known_list)) { - *pos = SEQ_READ_FINISHED; - return NULL; - } - - return list->next; + return smk_seq_next(s, v, pos, &smack_known_list); } /* @@ -634,16 +632,11 @@ static int cipso_seq_show(struct seq_file *s, void *v) return 0; } -static void cipso_seq_stop(struct seq_file *s, void *v) -{ - /* No-op */ -} - static const struct seq_operations cipso_seq_ops = { .start = cipso_seq_start, - .stop = cipso_seq_stop, .next = cipso_seq_next, .show = cipso_seq_show, + .stop = smk_seq_stop, }; /** @@ -788,23 +781,12 @@ static const struct file_operations smk_cipso_ops = { static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) { - if (*pos == SEQ_READ_FINISHED) - return NULL; - if (list_empty(&smk_netlbladdr_list)) - return NULL; - return smk_netlbladdr_list.next; + return smk_seq_start(s, pos, &smk_netlbladdr_list); } static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct list_head *list = v; - - if (list_is_last(list, &smk_netlbladdr_list)) { - *pos = SEQ_READ_FINISHED; - return NULL; - } - - return list->next; + return smk_seq_next(s, v, pos, &smk_netlbladdr_list); } #define BEBITS (sizeof(__be32) * 8) @@ -828,16 +810,11 @@ static int netlbladdr_seq_show(struct seq_file *s, void *v) return 0; } -static void netlbladdr_seq_stop(struct seq_file *s, void *v) -{ - /* No-op */ -} - static const struct seq_operations netlbladdr_seq_ops = { .start = netlbladdr_seq_start, - .stop = netlbladdr_seq_stop, .next = netlbladdr_seq_next, .show = netlbladdr_seq_show, + .stop = smk_seq_stop, }; /** @@ -1405,23 +1382,14 @@ static void *load_self_seq_start(struct seq_file *s, loff_t *pos) { struct task_smack *tsp = current_security(); - if (*pos == SEQ_READ_FINISHED) - return NULL; - if (list_empty(&tsp->smk_rules)) - return NULL; - return tsp->smk_rules.next; + return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { struct task_smack *tsp = current_security(); - struct list_head *list = v; - if (list_is_last(list, &tsp->smk_rules)) { - *pos = SEQ_READ_FINISHED; - return NULL; - } - return list->next; + return smk_seq_next(s, v, pos, &tsp->smk_rules); } static int load_self_seq_show(struct seq_file *s, void *v) @@ -1453,16 +1421,11 @@ static int load_self_seq_show(struct seq_file *s, void *v) return 0; } -static void load_self_seq_stop(struct seq_file *s, void *v) -{ - /* No-op */ -} - static const struct seq_operations load_self_seq_ops = { .start = load_self_seq_start, .next = load_self_seq_next, .show = load_self_seq_show, - .stop = load_self_seq_stop, + .stop = smk_seq_stop, }; |