Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: SELinux: Remove security_get_policycaps() security: allow Kconfig to set default mmap_min_addr protection
2025-01-03 14:43:17 +00:00 · 2008-02-06 10:48:34 -08:00 · 2008-02-06 10:48:34 -08:00 · 8ed5de58cf
commit 8ed5de58cf
parent 2dd550b90b 394c675397
4 changed files with 21 additions and 35 deletions
--- a/security/Kconfig
+++ b/security/Kconfig
@ -104,6 +104,24 @@ config SECURITY_ROOTPLUG
 	  
 	  If you are unsure how to answer this question, answer N.

+config SECURITY_DEFAULT_MMAP_MIN_ADDR
+        int "Low address space to protect from user allocation"
+        depends on SECURITY
+        default 0
+        help
+	  This is the portion of low virtual memory which should be protected
+	  from userspace allocation.  Keeping a user from writing to low pages
+	  can help reduce the impact of kernel NULL pointer bugs.
+
+	  For most users with lots of address space a value of 65536 is
+	  reasonable and should cause no problems.  Programs which use vm86
+	  functionality would either need additional permissions from either
+	  the LSM or the capabilities module or have this protection disabled.
+
+	  This value can be changed after boot using the
+	  /proc/sys/vm/mmap_min_addr tunable.
+
+
 source security/selinux/Kconfig
 source security/smack/Kconfig

--- a/security/security.c
+++ b/security/security.c
@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
 extern void security_fixup_ops(struct security_operations *ops);

 struct security_operations *security_ops;	/* Initialized to NULL */
-unsigned long mmap_min_addr;		/* 0 means no protection */
+
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;

 static inline int verify(struct security_operations *ops)
 {
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@ -107,7 +107,6 @@ int security_get_classes(char ***classes, int *nclasses);
 int security_get_permissions(char *class, char ***perms, int *nperms);
 int security_get_reject_unknown(void);
 int security_get_allow_unknown(void);
-int security_get_policycaps(int *len, int **values);

 #define SECURITY_FS_USE_XATTR		1 /* use xattr */
 #define SECURITY_FS_USE_TRANS		2 /* use transition SIDs, e.g. devpts/tmpfs */
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@ -2245,39 +2245,6 @@ int security_get_allow_unknown(void)
 	return policydb.allow_unknown;
 }

-/**
- * security_get_policycaps - Query the loaded policy for its capabilities
- * @len: the number of capability bits
- * @values: the capability bit array
- *
- * Description:
- * Get an array of the policy capabilities in @values where each entry in
- * @values is either true (1) or false (0) depending the policy's support of
- * that feature.  The policy capabilities are defined by the
- * POLICYDB_CAPABILITY_* enums.  The size of the array is stored in @len and it
- * is up to the caller to free the array in @values.  Returns zero on success,
- * negative values on failure.
- *
- */
-int security_get_policycaps(int *len, int **values)
-{
-	int rc = -ENOMEM;
-	unsigned int iter;
-
-	POLICY_RDLOCK;
-
-	*values = kcalloc(POLICYDB_CAPABILITY_MAX, sizeof(int), GFP_ATOMIC);
-	if (*values == NULL)
-		goto out;
-	for (iter = 0; iter < POLICYDB_CAPABILITY_MAX; iter++)
-		(*values)[iter] = ebitmap_get_bit(&policydb.policycaps, iter);
-	*len = POLICYDB_CAPABILITY_MAX;
-
-out:
-	POLICY_RDUNLOCK;
-	return rc;
-}
-
 /**
 * security_policycap_supported - Check for a specific policy capability
 * @req_cap: capability