Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
98de59bf
Commit
98de59bf
authored
May 30, 2012
by
Al Viro
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
take calculation of final prot in security_mmap_file() into a helper
Signed-off-by:
Al Viro
<
viro@zeniv.linux.org.uk
>
parent
9ac4ed4b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
28 additions
and
18 deletions
+28
-18
security/security.c
security/security.c
+28
-18
No files found.
security/security.c
View file @
98de59bf
...
@@ -660,36 +660,46 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
...
@@ -660,36 +660,46 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
return
security_ops
->
file_ioctl
(
file
,
cmd
,
arg
);
return
security_ops
->
file_ioctl
(
file
,
cmd
,
arg
);
}
}
int
security_mmap_file
(
struct
file
*
file
,
unsigned
long
prot
,
static
inline
unsigned
long
mmap_prot
(
struct
file
*
file
,
unsigned
long
prot
)
unsigned
long
flags
)
{
{
unsigned
long
reqprot
=
prot
;
int
ret
;
/*
/*
* Does the application expect PROT_READ to imply PROT_EXEC?
* Does we have PROT_READ and does the application expect
*
* it to imply PROT_EXEC? If not, nothing to talk about...
* (the exception is when the underlying filesystem is noexec
* mounted, in which case we dont add PROT_EXEC.)
*/
*/
if
(
!
(
reqprot
&
PROT_READ
)
)
if
(
(
prot
&
(
PROT_READ
|
PROT_EXEC
))
!=
PROT_READ
)
goto
ou
t
;
return
pro
t
;
if
(
!
(
current
->
personality
&
READ_IMPLIES_EXEC
))
if
(
!
(
current
->
personality
&
READ_IMPLIES_EXEC
))
goto
out
;
return
prot
;
if
(
!
file
)
{
/*
prot
|=
PROT_EXEC
;
* if that's an anonymous mapping, let it.
}
else
if
(
!
(
file
->
f_path
.
mnt
->
mnt_flags
&
MNT_NOEXEC
))
{
*/
if
(
!
file
)
return
prot
|
PROT_EXEC
;
/*
* ditto if it's not on noexec mount, except that on !MMU we need
* BDI_CAP_EXEC_MMAP (== VM_MAYEXEC) in this case
*/
if
(
!
(
file
->
f_path
.
mnt
->
mnt_flags
&
MNT_NOEXEC
))
{
#ifndef CONFIG_MMU
#ifndef CONFIG_MMU
unsigned
long
caps
=
0
;
unsigned
long
caps
=
0
;
struct
address_space
*
mapping
=
file
->
f_mapping
;
struct
address_space
*
mapping
=
file
->
f_mapping
;
if
(
mapping
&&
mapping
->
backing_dev_info
)
if
(
mapping
&&
mapping
->
backing_dev_info
)
caps
=
mapping
->
backing_dev_info
->
capabilities
;
caps
=
mapping
->
backing_dev_info
->
capabilities
;
if
(
!
(
caps
&
BDI_CAP_EXEC_MAP
))
if
(
!
(
caps
&
BDI_CAP_EXEC_MAP
))
goto
ou
t
;
return
pro
t
;
#endif
#endif
prot
|=
PROT_EXEC
;
return
prot
|
PROT_EXEC
;
}
}
out:
/* anything on noexec mount won't get PROT_EXEC */
ret
=
security_ops
->
mmap_file
(
file
,
reqprot
,
prot
,
flags
);
return
prot
;
}
int
security_mmap_file
(
struct
file
*
file
,
unsigned
long
prot
,
unsigned
long
flags
)
{
int
ret
;
ret
=
security_ops
->
mmap_file
(
file
,
prot
,
mmap_prot
(
file
,
prot
),
flags
);
if
(
ret
)
if
(
ret
)
return
ret
;
return
ret
;
return
ima_file_mmap
(
file
,
prot
);
return
ima_file_mmap
(
file
,
prot
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment