Merge branch 'linux-linaro-lsk-v4.4-android' of git://git.linaro.org/kernel/linux-linaro-stable.git

* linux-linaro-lsk-v4.4-android: (660 commits) ANDROID: keychord: Check for write data size ANDROID: sdcardfs: Set num in extension_details during make_item ANDROID: sdcardfs: Hold i_mutex for i_size_write BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck64-XTS BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck128-XTS BACKPORT, FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS FROMGIT: crypto: speck - export common helpers BACKPORT, FROMGIT: crypto: speck - add support for the Speck block cipher UPSTREAM: ANDROID: binder: synchronize_rcu() when using POLLFREE. f2fs: updates on v4.16-rc1 BACKPORT: tee: shm: Potential NULL dereference calling tee_shm_register() BACKPORT: tee: shm: don't put_page on null shm->pages BACKPORT: tee: shm: make function __tee_shm_alloc static BACKPORT: tee: optee: check type of registered shared memory BACKPORT: tee: add start argument to shm_register callback BACKPORT: tee: optee: fix header dependencies BACKPORT: tee: shm: inline tee_shm_get_id() BACKPORT: tee: use reference counting for tee_context BACKPORT: tee: optee: enable dynamic SHM support BACKPORT: tee: optee: add optee-specific shared pool implementation ... Conflicts: drivers/irqchip/Kconfig drivers/media/i2c/tc35874x.c drivers/media/v4l2-core/v4l2-compat-ioctl32.c drivers/usb/gadget/function/f_fs.c fs/f2fs/node.c Change-Id: Icecd73a515821b536fa3d81ea91b63d9b3699916
author: Tao Huang <huangtao@rock-chips.com> 2018-03-09 19:10:14 +0800
committer: Tao Huang <huangtao@rock-chips.com> 2018-03-09 19:10:14 +0800
commit: 3430c68a3392feaf989ed276a09e57963ed62619 (patch)
tree: aba845aa51d491466af22a5dd60d583121486335 /security
parent: b8856eb8db049ab7fe1813b0281b6698caf6d68c (diff)
parent: 6aa8d8c0cd18d30d4a80367222eca75a0c2591ff (diff)
3 files changed, 28 insertions, 26 deletions
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index ce295c0c1da0..e44e844c8ec4 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -141,23 +141,22 @@ static int valid_ecryptfs_desc(const char *ecryptfs_desc)
  */
 static int valid_master_desc(const char *new_desc, const char *orig_desc)
 {
-	if (!memcmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) {
-		if (strlen(new_desc) == KEY_TRUSTED_PREFIX_LEN)
-			goto out;
-		if (orig_desc)
-			if (memcmp(new_desc, orig_desc, KEY_TRUSTED_PREFIX_LEN))
-				goto out;
-	} else if (!memcmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) {
-		if (strlen(new_desc) == KEY_USER_PREFIX_LEN)
-			goto out;
-		if (orig_desc)
-			if (memcmp(new_desc, orig_desc, KEY_USER_PREFIX_LEN))
-				goto out;
-	} else
-		goto out;
+	int prefix_len;
+
+	if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))
+		prefix_len = KEY_TRUSTED_PREFIX_LEN;
+	else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))
+		prefix_len = KEY_USER_PREFIX_LEN;
+	else
+		return -EINVAL;
+
+	if (!new_desc[prefix_len])
+		return -EINVAL;
+
+	if (orig_desc && strncmp(new_desc, orig_desc, prefix_len))
+		return -EINVAL;
+
 	return 0;
-out:
-	return -EINVAL;
 }
 
 /*
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 34427384605d..be68992a28cb 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4066,6 +4066,8 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
 	struct lsm_network_audit net = {0,};
 	u32 tsid = task_sid(task);
 
+	if (!sksec)
+		return -EFAULT;
 	if (sksec->sid == SECINITSID_KERNEL)
 		return 0;
 
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index ebb5eb3c318c..db7eff3573a9 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -860,6 +860,9 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
 	int index;
 	int rc;
 
+	if (!ss_initialized)
+		return 0;
+
 	read_lock(&policy_rwlock);
 
 	rc = -EINVAL;
@@ -1406,27 +1409,25 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
 	if (!scontext_len)
 		return -EINVAL;
 
+	/* Copy the string to allow changes and ensure a NUL terminator */
+	scontext2 = kmemdup_nul(scontext, scontext_len, gfp_flags);
+	if (!scontext2)
+		return -ENOMEM;
+
 	if (!ss_initialized) {
 		int i;
 
 		for (i = 1; i < SECINITSID_NUM; i++) {
-			if (!strcmp(initial_sid_to_string[i], scontext)) {
+			if (!strcmp(initial_sid_to_string[i], scontext2)) {
 				*sid = i;
-				return 0;
+				goto out;
 			}
 		}
 		*sid = SECINITSID_KERNEL;
-		return 0;
+		goto out;
 	}
 	*sid = SECSID_NULL;
 
-	/* Copy the string so that we can modify the copy as we parse it. */
-	scontext2 = kmalloc(scontext_len + 1, gfp_flags);
-	if (!scontext2)
-		return -ENOMEM;
-	memcpy(scontext2, scontext, scontext_len);
-	scontext2[scontext_len] = 0;
-
 	if (force) {
 		/* Save another copy for storing in uninterpreted form */
 		rc = -ENOMEM;
author	Tao Huang <huangtao@rock-chips.com>	2018-03-09 19:10:14 +0800
committer	Tao Huang <huangtao@rock-chips.com>	2018-03-09 19:10:14 +0800
commit	3430c68a3392feaf989ed276a09e57963ed62619 (patch)
tree	aba845aa51d491466af22a5dd60d583121486335 /security
parent	b8856eb8db049ab7fe1813b0281b6698caf6d68c (diff)
parent	6aa8d8c0cd18d30d4a80367222eca75a0c2591ff (diff)