Unnamed repository; edit this file 'description' to name the repository. https://gitea.privatedns.org/xavi/android_kernel_m2note/atom?h=ng-7.1.2 2019-07-06T10:01:26+00:00 2019-07-06T10:01:26+00:00 Stephen Smalley sds@tycho.nsa.gov 2015-06-04T20:22:16+00:00 urn:sha1:09158c4b40bb58b4297c1cf81ca612a14cbfc569 Update the set of SELinux netlink socket class definitions to match the set of netlink protocols implemented by the kernel. The ip_queue implementation for the NETLINK_FIREWALL and NETLINK_IP6_FW protocols was removed in d16cf20e2f2f13411eece7f7fb72c17d141c4a84, so we can remove the corresponding class definitions as this is dead code. Add new classes for NETLINK_ISCSI, NETLINK_FIB_LOOKUP, NETLINK_CONNECTOR, NETLINK_NETFILTER, NETLINK_GENERIC, NETLINK_SCSITRANSPORT, NETLINK_RDMA, and NETLINK_CRYPTO so that we can distinguish among sockets created for each of these protocols. This change does not define the finer-grained nlsmsg_read/write permissions or map specific nlmsg_type values to those permissions in the SELinux nlmsgtab; if finer-grained control of these sockets is desired/required, that can be added as a follow-on change. We do not define a SELinux class for NETLINK_ECRYPTFS as the implementation was removed in 624ae5284516870657505103ada531c64dba2a9a. Change-Id: Ic233c39d4271544a3a63f9fa64c855a44fc08705 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> 2019-07-06T10:00:57+00:00 Paul Moore pmoore@redhat.com 2013-07-23T21:38:38+00:00 urn:sha1:ee8db9563d00e91bf3a2ce0e5f6152609bdf02ea The xfrm_state_alloc_security() LSM hook implementation is really a multiplexed hook with two different behaviors depending on the arguments passed to it by the caller. This patch splits the LSM hook implementation into two new hook implementations, which match the LSM hooks in the rest of the kernel: * xfrm_state_alloc * xfrm_state_alloc_acquire Also included in this patch are the necessary changes to the SELinux code; no other LSMs are affected. Change-Id: I455e3b62cc439127b735aa0b0a5183b98919255e Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com> 2019-07-06T10:00:41+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2013-07-24T20:44:02+00:00 urn:sha1:35e3f05d39c3bd0e4d96410ac6a996b5657da15c Since everybody sets kstrdup()ed constant string to "struct xattr"->name but nobody modifies "struct xattr"->name , we can omit kstrdup() and its failure checking by constifying ->name member of "struct xattr". Change-Id: I84a47af13e3c77b394218cc12ac8901d87b0fd69 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Joel Becker <jlbec@evilplan.org> [ocfs2] Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Reviewed-by: Paul Moore <paul@paul-moore.com> Tested-by: Paul Moore <paul@paul-moore.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2019-07-06T10:00:29+00:00 Eric Paris eparis@redhat.com 2012-08-24T19:58:45+00:00 urn:sha1:3025d5eb549110beca11ed40de9215d0e696d72f We check if the fsname is proc and if so set the proc superblock security struct flag. We then check if the flag is set and use the string 'proc' for the fsname instead of just using the fsname. What's the point? It's always proc... Get rid of the useless conditional. Change-Id: Ic4cd1d3507ae5ab3346746d391070e3c899da59c Signed-off-by: Eric Paris <eparis@redhat.com> 2019-07-06T10:00:16+00:00 Linus Torvalds torvalds@linux-foundation.org 2013-10-04T21:05:38+00:00 urn:sha1:5e7ad5cca99c473489c4d7b5c7c18e043fa4096f Now avc_audit() has no more users with that parameter. Remove it. Change-Id: Ie9a1565b1d1ea0a4a8d17e0174094ff40bd6e904 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2019-07-06T09:59:56+00:00 Linus Torvalds torvalds@linux-foundation.org 2013-10-04T19:54:11+00:00 urn:sha1:e280406f29cda6c390bb7cf9091572a1fc13c2ba Every single user passes in '0'. I think we had non-zero users back in some stone age when selinux_inode_permission() was implemented in terms of inode_has_perm(), but that complicated case got split up into a totally separate code-path so that we could optimize the much simpler special cases. See commit 2e33405785d3 ("SELinux: delay initialization of audit data in selinux_inode_permission") for example. Change-Id: I9f17bfe7c581c16b2b1b66630c649d72a08738ae Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2019-07-06T09:58:28+00:00 David Howells dhowells@redhat.com 2013-06-13T22:37:55+00:00 urn:sha1:578061a4297c09bf314e87240318db64f7854535 Create a file_path_has_perm() function that is like path_has_perm() but instead takes a file struct that is the source of both the path and the inode (rather than getting the inode from the dentry in the path). This is then used where appropriate. This will be useful for situations like unionmount where it will be possible to have an apparently-negative dentry (eg. a fallthrough) that is open with the file struct pointing to an inode on the lower fs. Change-Id: I1a8a8600834be737b724f1f94b8f5ab90cc62b76 Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2019-07-06T09:57:03+00:00 Richard Guy Briggs rgb@redhat.com 2014-11-12T19:01:34+00:00 urn:sha1:33e7716f0675760244385e317daf5665c48b926a Convert WARN_ONCE() to printk() in selinux_nlmsg_perm(). After conversion from audit_log() in commit e173fb26, WARN_ONCE() was deemed too alarmist, so switch it to printk(). Change-Id: Ibe5bc4715db1de8aca55a3014955b942798d165a Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: Changed to printk(WARNING) so we catch all of the different invalid netlink messages. In Richard's defense, he brought this point up earlier, but I didn't understand his point at the time.] Signed-off-by: Paul Moore <pmoore@redhat.com> 2019-07-06T09:55:58+00:00 Jeff Vander Stoep jeffv@google.com 2017-02-21T00:03:21+00:00 urn:sha1:84e818d35b6347786ecd1b9b432a993a25fe7228 Test: Marlin kernel builds and boots. Tracefs labels specified in genfscon are correctly applied. Bug: 35248779 Change-Id: Ia59e572e774a48bec6e9da0c365f29d9987907ce Signed-off-by: Jeff Vander Stoep <jeffv@google.com> 2019-07-06T09:55:42+00:00 Alexander Potapenko glider@google.com 2017-03-06T18:46:14+00:00 urn:sha1:3019784a9e0a01544c030c9a25d164ce9f1c3f26 [ Upstream commit e2f586bd83177d22072b275edd4b8b872daba924 ] KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in selinux_socket_bind(): ================================================================== BUG: KMSAN: use of unitialized memory inter: 0 CPU: 3 PID: 1074 Comm: packet2 Tainted: G B 4.8.0-rc6+ #1916 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 0000000000000000 ffff8800882ffb08 ffffffff825759c8 ffff8800882ffa48 ffffffff818bf551 ffffffff85bab870 0000000000000092 ffffffff85bab550 0000000000000000 0000000000000092 00000000bb0009bb 0000000000000002 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [<ffffffff825759c8>] dump_stack+0x238/0x290 lib/dump_stack.c:51 [<ffffffff818bdee6>] kmsan_report+0x276/0x2e0 mm/kmsan/kmsan.c:1008 [<ffffffff818bf0fb>] __msan_warning+0x5b/0xb0 mm/kmsan/kmsan_instr.c:424 [<ffffffff822dae71>] selinux_socket_bind+0xf41/0x1080 security/selinux/hooks.c:4288 [<ffffffff8229357c>] security_socket_bind+0x1ec/0x240 security/security.c:1240 [<ffffffff84265d98>] SYSC_bind+0x358/0x5f0 net/socket.c:1366 [<ffffffff84265a22>] SyS_bind+0x82/0xa0 net/socket.c:1356 [<ffffffff81005678>] do_syscall_64+0x58/0x70 arch/x86/entry/common.c:292 [<ffffffff8518217c>] entry_SYSCALL64_slow_path+0x25/0x25 arch/x86/entry/entry_64.o:? chained origin: 00000000ba6009bb [<ffffffff810bb7a7>] save_stack_trace+0x27/0x50 arch/x86/kernel/stacktrace.c:67 [< inline >] kmsan_save_stack_with_flags mm/kmsan/kmsan.c:322 [< inline >] kmsan_save_stack mm/kmsan/kmsan.c:337 [<ffffffff818bd2b8>] kmsan_internal_chain_origin+0x118/0x1e0 mm/kmsan/kmsan.c:530 [<ffffffff818bf033>] __msan_set_alloca_origin4+0xc3/0x130 mm/kmsan/kmsan_instr.c:380 [<ffffffff84265b69>] SYSC_bind+0x129/0x5f0 net/socket.c:1356 [<ffffffff84265a22>] SyS_bind+0x82/0xa0 net/socket.c:1356 [<ffffffff81005678>] do_syscall_64+0x58/0x70 arch/x86/entry/common.c:292 [<ffffffff8518217c>] return_from_SYSCALL_64+0x0/0x6a arch/x86/entry/entry_64.o:? origin description: ----address@SYSC_bind (origin=00000000b8c00900) ================================================================== (the line numbers are relative to 4.8-rc6, but the bug persists upstream) , when I run the following program as root: ======================================================= #include <string.h> #include <sys/socket.h> #include <netinet/in.h> int main(int argc, char *argv[]) { struct sockaddr addr; int size = 0; if (argc > 1) { size = atoi(argv[1]); } memset(&addr, 0, sizeof(addr)); int fd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP); bind(fd, &addr, size); return 0; } ======================================================= (for different values of |size| other error reports are printed). This happens because bind() unconditionally copies |size| bytes of |addr| to the kernel, leaving the rest uninitialized. Then security_socket_bind() reads the IP address bytes, including the uninitialized ones, to determine the port, or e.g. pass them further to sel_netnode_find(), which uses them to calculate a hash. Change-Id: If398c0e3f4960b7ca768cc48dcf40f26b874a64e Signed-off-by: Alexander Potapenko <glider@google.com> Acked-by: Eric Dumazet <edumazet@google.com> [PM: fixed some whitespace damage] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>