Memprotect support patch from Stephen Smalley.

This commit is contained in:
Chris PeBenito 2007-06-19 13:02:26 +00:00
parent d139413c64
commit 41337aa8b9
5 changed files with 36 additions and 1 deletions

View File

@ -1,3 +1,4 @@
- Memprotect support patch from Stephen Smalley.
- Add logging_send_audit_msgs() interface and deprecate - Add logging_send_audit_msgs() interface and deprecate
send_audit_msgs_pattern(). send_audit_msgs_pattern().
- Openct updates patch from Dan Walsh. - Openct updates patch from Dan Walsh.

View File

@ -648,3 +648,8 @@ inherits socket
node_bind node_bind
name_connect name_connect
} }
class memprotect
{
mmap_zero
}

View File

@ -97,4 +97,6 @@ class context # userspace
class dccp_socket class dccp_socket
class memprotect
# FLASK # FLASK

View File

@ -1254,3 +1254,26 @@ interface(`domain_unconfined',`
typeattribute $1 can_change_object_identity; typeattribute $1 can_change_object_identity;
typeattribute $1 set_curr_context; typeattribute $1 set_curr_context;
') ')
########################################
## <summary>
## Ability to mmap a low area of the address space,
## as configured by /proc/sys/kernel/mmap_min_addr.
## Preventing such mappings helps protect against
## exploiting null deref bugs in the kernel.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to mmap low memory.
## </summary>
## </param>
#
interface(`domain_mmap_low',`
gen_require(`
attribute mmap_low_domain_type;
')
allow $1 self:memprotect mmap_zero;
typeattribute $1 mmap_low_domain_type;
')

View File

@ -1,5 +1,5 @@
policy_module(domain,1.3.0) policy_module(domain,1.3.1)
######################################## ########################################
# #
@ -15,6 +15,10 @@ neverallow domain ~domain:process { transition dyntransition };
# Domains that are unconfined # Domains that are unconfined
attribute unconfined_domain_type; attribute unconfined_domain_type;
# Domains that can mmap low memory.
attribute mmap_low_domain_type;
neverallow { domain -mmap_low_domain_type } self:memprotect mmap_zero;
# Domains that can set their current context # Domains that can set their current context
# (perform dynamic transitions) # (perform dynamic transitions)
attribute set_curr_context; attribute set_curr_context;