Unnamed repository; edit this file 'description' to name the repository. https://gitea.privatedns.org/xavi/android_kernel_m2note/atom?h=ng-7.1.2 2019-07-06T10:01:26+00:00 2019-07-06T10:01:26+00:00 Stephen Smalley sds@tycho.nsa.gov 2015-06-04T20:22:16+00:00 urn:sha1:09158c4b40bb58b4297c1cf81ca612a14cbfc569 Update the set of SELinux netlink socket class definitions to match the set of netlink protocols implemented by the kernel. The ip_queue implementation for the NETLINK_FIREWALL and NETLINK_IP6_FW protocols was removed in d16cf20e2f2f13411eece7f7fb72c17d141c4a84, so we can remove the corresponding class definitions as this is dead code. Add new classes for NETLINK_ISCSI, NETLINK_FIB_LOOKUP, NETLINK_CONNECTOR, NETLINK_NETFILTER, NETLINK_GENERIC, NETLINK_SCSITRANSPORT, NETLINK_RDMA, and NETLINK_CRYPTO so that we can distinguish among sockets created for each of these protocols. This change does not define the finer-grained nlsmsg_read/write permissions or map specific nlmsg_type values to those permissions in the SELinux nlmsgtab; if finer-grained control of these sockets is desired/required, that can be added as a follow-on change. We do not define a SELinux class for NETLINK_ECRYPTFS as the implementation was removed in 624ae5284516870657505103ada531c64dba2a9a. Change-Id: Ic233c39d4271544a3a63f9fa64c855a44fc08705 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> 2019-07-06T10:01:16+00:00 Stephen Smalley sds@tycho.nsa.gov 2015-06-04T20:22:17+00:00 urn:sha1:6c9d3b1942bd295f3696b73d90e67ba7864279b5 Remove unused permission definitions from SELinux. Many of these were only ever used in pre-mainline versions of SELinux, prior to Linux 2.6.0. Some of them were used in the legacy network or compat_net=1 checks that were disabled by default in Linux 2.6.18 and fully removed in Linux 2.6.30. Permissions never used in mainline Linux: file swapon filesystem transition tcp_socket { connectto newconn acceptfrom } node enforce_dest unix_stream_socket { newconn acceptfrom } Legacy network checks, removed in 2.6.30: socket { recv_msg send_msg } node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } Change-Id: I976d81760be7a800d696afb9ffc6c7a5dafa5c69 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com> 2019-07-06T10:00:57+00:00 Paul Moore pmoore@redhat.com 2013-07-23T21:38:38+00:00 urn:sha1:ee8db9563d00e91bf3a2ce0e5f6152609bdf02ea The xfrm_state_alloc_security() LSM hook implementation is really a multiplexed hook with two different behaviors depending on the arguments passed to it by the caller. This patch splits the LSM hook implementation into two new hook implementations, which match the LSM hooks in the rest of the kernel: * xfrm_state_alloc * xfrm_state_alloc_acquire Also included in this patch are the necessary changes to the SELinux code; no other LSMs are affected. Change-Id: I455e3b62cc439127b735aa0b0a5183b98919255e Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com> 2019-07-06T10:00:41+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2013-07-24T20:44:02+00:00 urn:sha1:35e3f05d39c3bd0e4d96410ac6a996b5657da15c Since everybody sets kstrdup()ed constant string to "struct xattr"->name but nobody modifies "struct xattr"->name , we can omit kstrdup() and its failure checking by constifying ->name member of "struct xattr". Change-Id: I84a47af13e3c77b394218cc12ac8901d87b0fd69 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Joel Becker <jlbec@evilplan.org> [ocfs2] Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Reviewed-by: Paul Moore <paul@paul-moore.com> Tested-by: Paul Moore <paul@paul-moore.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2019-07-06T10:00:29+00:00 Eric Paris eparis@redhat.com 2012-08-24T19:58:45+00:00 urn:sha1:3025d5eb549110beca11ed40de9215d0e696d72f We check if the fsname is proc and if so set the proc superblock security struct flag. We then check if the flag is set and use the string 'proc' for the fsname instead of just using the fsname. What's the point? It's always proc... Get rid of the useless conditional. Change-Id: Ic4cd1d3507ae5ab3346746d391070e3c899da59c Signed-off-by: Eric Paris <eparis@redhat.com> 2019-07-06T10:00:16+00:00 Linus Torvalds torvalds@linux-foundation.org 2013-10-04T21:05:38+00:00 urn:sha1:5e7ad5cca99c473489c4d7b5c7c18e043fa4096f Now avc_audit() has no more users with that parameter. Remove it. Change-Id: Ie9a1565b1d1ea0a4a8d17e0174094ff40bd6e904 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2019-07-06T09:59:56+00:00 Linus Torvalds torvalds@linux-foundation.org 2013-10-04T19:54:11+00:00 urn:sha1:e280406f29cda6c390bb7cf9091572a1fc13c2ba Every single user passes in '0'. I think we had non-zero users back in some stone age when selinux_inode_permission() was implemented in terms of inode_has_perm(), but that complicated case got split up into a totally separate code-path so that we could optimize the much simpler special cases. See commit 2e33405785d3 ("SELinux: delay initialization of audit data in selinux_inode_permission") for example. Change-Id: I9f17bfe7c581c16b2b1b66630c649d72a08738ae Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2019-07-06T09:58:28+00:00 David Howells dhowells@redhat.com 2013-06-13T22:37:55+00:00 urn:sha1:578061a4297c09bf314e87240318db64f7854535 Create a file_path_has_perm() function that is like path_has_perm() but instead takes a file struct that is the source of both the path and the inode (rather than getting the inode from the dentry in the path). This is then used where appropriate. This will be useful for situations like unionmount where it will be possible to have an apparently-negative dentry (eg. a fallthrough) that is open with the file struct pointing to an inode on the lower fs. Change-Id: I1a8a8600834be737b724f1f94b8f5ab90cc62b76 Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2019-07-06T09:58:09+00:00 Paul Moore pmoore@redhat.com 2013-07-23T21:38:38+00:00 urn:sha1:333d35b1dfafbfb0e6df37517d9665b5bd6aad8e When the BUG() macro is disabled at compile time it can cause some problems in the SELinux netnode code: invalid return codes and uninitialized variables. This patch fixes this by making sure we take some corrective action after the BUG() macro. Change-Id: I48a98b7d9834b1bea73e13dafbb32f1ac5bd3fab Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com> 2019-07-06T09:57:57+00:00 Paul Moore pmoore@redhat.com 2013-12-03T16:36:11+00:00 urn:sha1:10de62e822f4717f116540f6d9563c145933dbd8 In selinux_netlbl_skbuff_setsid() we leverage a cached NetLabel secattr whenever possible. However, we never check to ensure that the desired SID matches the cached NetLabel secattr. This patch checks the SID against the secattr before use and only uses the cached secattr when the SID values match. Change-Id: I25332c6fe00da1e1317c1de56386fa78fd8bb3f9 Signed-off-by: Paul Moore <pmoore@redhat.com>