Commit 68df1baf authored Jul 28, 2023 by Kefeng Wang Committed by Andrew Morton Aug 21, 2023

selinux: use vma_is_initial_stack() and vma_is_initial_heap()

Use the helpers to simplify code.

Link: https://lkml.kernel.org/r/20230728050043.59880-4-wangkefeng.wang@huawei.com


Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: "Christian König" <christian.koenig@amd.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: David Airlie <airlied@gmail.com>
Cc: Felix Kuehling <felix.kuehling@amd.com>
Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent f7992bfa

security/selinux/hooks.c

+2 −5

Original line number	Diff line number	Diff line
		@@ -3762,13 +3762,10 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
		if (default_noexec &&
		(prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
		int rc = 0;
		if (vma->vm_start >= vma->vm_mm->start_brk &&
		vma->vm_end <= vma->vm_mm->brk) {
		if (vma_is_initial_heap(vma)) {
		rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
		PROCESS__EXECHEAP, NULL);
		} else if (!vma->vm_file &&
		((vma->vm_start <= vma->vm_mm->start_stack &&
		vma->vm_end >= vma->vm_mm->start_stack) \|\|
		} else if (!vma->vm_file && (vma_is_initial_stack(vma) \|\|
		vma_is_stack_for_current(vma))) {
		rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
		PROCESS__EXECSTACK, NULL);