selinux: randomize layout of key structures

Randomize the layout of key selinux data structures.
Initially this is applied to the selinux_state, selinux_ss,
policydb, and task_security_struct data structures.

NB To test/use this mechanism, one must install the
necessary build-time dependencies, e.g. gcc-plugin-devel on Fedora,
and enable CONFIG_GCC_PLUGIN_RANDSTRUCT in the kernel configuration.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Kees Cook <keescook@chromium.org>
[PM: double semi-colon fixed]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index a4a86cbcfb0aca894d4113eb54671e0faafeedad..330b7b6d44e0af0406840770bf5d4f2030ad4752 100644 (file)
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -35,7 +35,7 @@ struct task_security_struct {
        u32 create_sid;         /* fscreate SID */
        u32 keycreate_sid;      /* keycreate SID */
        u32 sockcreate_sid;     /* fscreate SID */
-};
+} __randomize_layout;
 
 enum label_initialized {
        LABEL_INVALID,          /* invalid or not initialized */

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index af623f03922ce3cd8e67ce9ee6335760bba6b477..ecdd610e6449f466da61f9c4819d481b3df96d7f 100644 (file)
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -110,7 +110,7 @@ struct selinux_state {
        bool policycap[__POLICYDB_CAPABILITY_MAX];
        struct selinux_avc *avc;
        struct selinux_ss *ss;
-};
+} __randomize_layout;
 
 void selinux_ss_init(struct selinux_ss **ss);
 void selinux_avc_init(struct selinux_avc **avc);

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index bc56b14e22166fde69031d187d6151643e6e1f9e..69b24191fa383102076c66fba5b25c28a646155f 100644 (file)
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -307,7 +307,7 @@ struct policydb {
 
        u16 process_class;
        u32 process_trans_perms;
-};
+} __randomize_layout;
 
 extern void policydb_destroy(struct policydb *p);
 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);

diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index fc40640a972577cb271f2b917decef403825acef..c5896f39e8f628cd57c922665bca108fe1199a71 100644 (file)
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -31,7 +31,7 @@ struct selinux_ss {
        struct selinux_map map;
        struct page *status_page;
        struct mutex status_lock;
-};
+} __randomize_layout;
 
 void services_compute_xperms_drivers(struct extended_perms *xperms,
                                struct avtab_node *node);