selinux: add __randomize_layout to selinux_audit_data

Randomize the layout of struct selinux_audit_data as suggested in [1],
since it contains a pointer to struct selinux_state, an already
randomized strucure.

[1]: https://github.com/KSPP/linux/issues/188

Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 2b372f98f2d7c97248e1c0eeba0915213124b5b4..5525b94fd2664f3631eb26e9facfc5310e854b45 100644 (file)
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -53,7 +53,7 @@ struct selinux_audit_data {
        u32 denied;
        int result;
        struct selinux_state *state;
-};
+} __randomize_layout;
 
 /*
  * AVC operations