From 4d3d0ed60ee0d2da4c541e525c132dc374464624 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Thu, 17 Feb 2022 15:21:28 +0100 Subject: selinux: drop unnecessary NULL check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit e3489f8974e1 ("selinux: kill selinux_sb_get_mnt_opts()") introduced a NULL check on the context after a successful call to security_sid_to_context(). This is on the one hand redundant after checking for success and on the other hand insufficient on an actual NULL pointer, since the context is passed to seq_escape() leading to a call of strlen() on it. Reported by Clang analyzer: In file included from security/selinux/hooks.c:28: In file included from ./include/linux/tracehook.h:50: In file included from ./include/linux/memcontrol.h:13: In file included from ./include/linux/cgroup.h:18: ./include/linux/seq_file.h:136:25: warning: Null pointer passed as 1st argument to string length function [unix.cstring.NullArg] seq_escape_mem(m, src, strlen(src), flags, esc); ^~~~~~~~~~~ Signed-off-by: Christian Göttsche Signed-off-by: Paul Moore --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index beceb89f68d9..4af4986d3893 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1019,7 +1019,7 @@ static int show_sid(struct seq_file *m, u32 sid) rc = security_sid_to_context(&selinux_state, sid, &context, &len); if (!rc) { - bool has_comma = context && strchr(context, ','); + bool has_comma = strchr(context, ','); seq_putc(m, '='); if (has_comma) -- cgit v1.2.3 From 9691e4f9ba6c7dc6af07b8a4feba6279d76f0003 Mon Sep 17 00:00:00 2001 From: Jonas Lindner Date: Thu, 9 Jun 2022 00:36:16 +0200 Subject: selinux: fix typos in comments Signed-off-by: Jonas Lindner [PM: fixed duplicated subject line] Signed-off-by: Paul Moore --- security/selinux/hooks.c | 4 ++-- security/selinux/include/audit.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4af4986d3893..4d20a139a86d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -640,7 +640,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, * we need to skip the double mount verification. * * This does open a hole in which we will not notice if the first - * mount using this sb set explict options and a second mount using + * mount using this sb set explicit options and a second mount using * this sb does not set any security options. (The first options * will be used for both mounts) */ @@ -6795,7 +6795,7 @@ static u32 bpf_map_fmode_to_av(fmode_t fmode) } /* This function will check the file pass through unix socket or binder to see - * if it is a bpf related object. And apply correspinding checks on the bpf + * if it is a bpf related object. And apply corresponding checks on the bpf * object based on the type. The bpf maps and programs, not like other files and * socket, are using a shared anonymous inode inside the kernel as their inode. * So checking that inode cannot identify if the process have privilege to diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 1cba83d17f41..406bceb90c6c 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -18,7 +18,7 @@ /** * selinux_audit_rule_init - alloc/init an selinux audit rule structure. * @field: the field this rule refers to - * @op: the operater the rule uses + * @op: the operator the rule uses * @rulestr: the text "target" of the rule * @rule: pointer to the new rule structure returned via this * -- cgit v1.2.3 From ef54ccb61616d8293bc68220d88a8e74271141b5 Mon Sep 17 00:00:00 2001 From: Xiu Jianfeng Date: Fri, 17 Jun 2022 17:44:12 +0800 Subject: selinux: selinux_add_opt() callers free memory The selinux_add_opt() function may need to allocate memory for the mount options if none has already been allocated, but there is no need to free that memory on error as the callers handle that. Drop the existing kfree() on error to help increase consistency in the selinux_add_opt() error handling. This patch also changes selinux_add_opt() to return -EINVAL when the mount option value, @s, is NULL. It currently return -ENOMEM. Link: https://lore.kernel.org/lkml/20220611090550.135674-1-xiujianfeng@huawei.com/T/ Suggested-by: Paul Moore Signed-off-by: Xiu Jianfeng [PM: fix subject, rework commit description language] Signed-off-by: Paul Moore --- security/selinux/hooks.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'security/selinux/hooks.c') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4d20a139a86d..9d08b91e05a2 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -944,10 +944,12 @@ out: return rc; } +/* + * NOTE: the caller is resposible for freeing the memory even if on error. + */ static int selinux_add_opt(int token, const char *s, void **mnt_opts) { struct selinux_mnt_opts *opts = *mnt_opts; - bool is_alloc_opts = false; u32 *dst_sid; int rc; @@ -955,7 +957,7 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts) /* eaten and completely ignored */ return 0; if (!s) - return -ENOMEM; + return -EINVAL; if (!selinux_initialized(&selinux_state)) { pr_warn("SELinux: Unable to set superblock options before the security server is initialized\n"); @@ -967,7 +969,6 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts) if (!opts) return -ENOMEM; *mnt_opts = opts; - is_alloc_opts = true; } switch (token) { @@ -1002,10 +1003,6 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts) return rc; err: - if (is_alloc_opts) { - kfree(opts); - *mnt_opts = NULL; - } pr_warn(SEL_MOUNT_FAIL_MSG); return -EINVAL; } -- cgit v1.2.3