[LSM-IPSec]: Corrections to LSM-IPSec Nethooks

This patch contains two corrections to the LSM-IPsec Nethooks patches
previously applied.

(1) free a security context on a failed insert via xfrm_user
interface in xfrm_add_policy.  Memory leak.

(2) change the authorization of the allocation of a security context
in a xfrm_policy or xfrm_state from both relabelfrom and relabelto
to setcontext.

Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 92e2b804c6061a9442b951b99b0d99f8067a657a..ac87a09ba83ed47dd03df3993eca7a108b33d016 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
        excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
        err = xfrm_policy_insert(p->dir, xp, excl);
        if (err) {
+               security_xfrm_policy_free(xp);
                kfree(xp);
                return err;
        }

diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 71aeb12f07c8d78cc1a2a21bbad97ce180b28576..591e98d9315a238ab0d98f81646e4087ddd9fcf8 100644 (file)
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -238,5 +238,4 @@
    S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
    S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
    S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELFROM, "relabelfrom")
-   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELTO, "relabelto")
+   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")

diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index d1d0996049e3636f271e36add8c9506eeb5b401c..d7f02edf3930c6a4226961c23995aa7e9abaa58e 100644 (file)
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -908,8 +908,7 @@
 
 #define ASSOCIATION__SENDTO                       0x00000001UL
 #define ASSOCIATION__RECVFROM                     0x00000002UL
-#define ASSOCIATION__RELABELFROM                  0x00000004UL
-#define ASSOCIATION__RELABELTO                    0x00000008UL
+#define ASSOCIATION__SETCONTEXT                   0x00000004UL
 
 #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL      0x00000001UL
 #define NETLINK_KOBJECT_UEVENT_SOCKET__READ       0x00000002UL

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index c4d87d4dca7b3cd3eea2baf0fc8bf2828cfe6d84..5b7776504e4cd7d109c55d27db2d2464d791b533 100644 (file)
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -137,15 +137,9 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_us
         * Must be permitted to relabel from default socket type (process type)
         * to specified context
         */
-       rc = avc_has_perm(tsec->sid, tsec->sid,
-                         SECCLASS_ASSOCIATION,
-                         ASSOCIATION__RELABELFROM, NULL);
-       if (rc)
-               goto out;
-
        rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
                          SECCLASS_ASSOCIATION,
-                         ASSOCIATION__RELABELTO, NULL);
+                         ASSOCIATION__SETCONTEXT, NULL);
        if (rc)
                goto out;