[PATCH] selinux_sb_copy_data() should not require a whole page
[linux-2.6.git] / security / selinux / hooks.c
index 87302a4..6be2738 100644 (file)
@@ -68,6 +68,7 @@
 #include <linux/personality.h>
 #include <linux/sysctl.h>
 #include <linux/audit.h>
+#include <linux/string.h>
 
 #include "avc.h"
 #include "objsec.h"
@@ -1658,9 +1659,8 @@ static int selinux_bprm_secureexec (struct linux_binprm *bprm)
 
 static void selinux_bprm_free_security(struct linux_binprm *bprm)
 {
-       struct bprm_security_struct *bsec = bprm->security;
+       kfree(bprm->security);
        bprm->security = NULL;
-       kfree(bsec);
 }
 
 extern struct vfsmount *selinuxfs_mount;
@@ -1944,7 +1944,7 @@ static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void
                }
        } while (*in_end++);
 
-       copy_page(in_save, nosec_save);
+       strcpy(in_save, nosec_save);
        free_page((unsigned long)nosec_save);
 out:
        return rc;
@@ -2477,6 +2477,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                prot = reqprot;
 
 #ifndef CONFIG_PPC32
+       if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
+          (vma->vm_start >= vma->vm_mm->start_brk &&
+           vma->vm_end <= vma->vm_mm->brk)) {
+               /*
+                * We are making an executable mapping in the brk region.
+                * This has an additional execheap check.
+                */
+               rc = task_has_perm(current, current, PROCESS__EXECHEAP);
+               if (rc)
+                       return rc;
+       }
        if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
                /*
                 * We are making executable a file mapping that has
@@ -2488,6 +2499,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                if (rc)
                        return rc;
        }
+       if (!vma->vm_file && (prot & PROT_EXEC) &&
+               vma->vm_start <= vma->vm_mm->start_stack &&
+               vma->vm_end >= vma->vm_mm->start_stack) {
+               /* Attempt to make the process stack executable.
+                * This has an additional execstack check.
+                */
+               rc = task_has_perm(current, current, PROCESS__EXECSTACK);
+               if (rc)
+                       return rc;
+       }
 #endif
 
        return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);