- 16 11月, 2011 6 次提交
-
-
由 Stefan Berger 提交于
This patch introduces a function that runs the TPM_ContinueSelfTest() function and then polls the TPM to check whether it finished the selftest and can receive new commands. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Stefan Berger 提交于
Cleanup the tpm_continue_selftest function. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Stefan Berger 提交于
Have the tpm_get_timeouts function return an error code. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Kees Cook 提交于
Clarify the purpose of the LSM interface with some brief examples and pointers to additional documentation. Signed-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Andrew Morton 提交于
Make the security_inode_init_security() initxattrs arg const, to match the non-stubbed version of that function. Cc: James Morris <jmorris@namei.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Andy Shevchenko 提交于
Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Eric Paris <eparis@parisplace.org> Cc: James Morris <jmorris@namei.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 29 10月, 2011 1 次提交
-
-
由 Tetsuo Handa 提交于
Commit 17fcfbd9 "TOMOYO: Add interactive enforcing mode." introduced ability to query access decision using userspace programs. It was using global PID for reaching policy configuration of the process. However, use of PID returns stale policy configuration when the process's subjective credentials and objective credentials differ. Fix this problem by allowing reaching policy configuration via query id. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 23 10月, 2011 2 次提交
-
-
-
由 Tetsuo Handa 提交于
Commit f23571e8 "TOMOYO: Copy directly to userspace buffer." introduced tomoyo_flush() that flushes data to be read as soon as possible. tomoyo_select_domain() (which is called by write()) enqueues data which meant to be read by next read(), but previous read()'s read buffer's size was not cleared. As a result, since 2.6.36, sequence like char *cp = "select global-pid=1\n"; read(fd, buf1, sizeof(buf1)); write(fd, cp, strlen(cp)); read(fd, buf2, sizeof(buf2)); causes enqueued data to be flushed to buf1 rather than buf2. Fix this bug by clearing read buffer's size upon write() request. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 21 10月, 2011 1 次提交
-
-
由 Jarkko Sakkinen 提交于
Allow query access as a normal user removing the need for CAP_MAC_ADMIN. Give RW access to /smack/access for UGO. Do not import smack labels in access check. Signed-off-by: NJarkko Sakkinen <jarkko.j.sakkinen@gmail.com> Signed-off-by: NCasey Schaufler <cschaufler@cschaufler-intel.(none)>
-
- 19 10月, 2011 2 次提交
-
-
由 Tetsuo Handa 提交于
CONFIG_SECURITY_TOMOYO_MAX_{ACCEPT_ENTRY,AUDIT_LOG} introduced by commit 0e4ae0e0 "TOMOYO: Make several options configurable." were by error not used. Reported-by: NPaul Bolle <pebolle@tiscali.nl> Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Jarkko Sakkinen 提交于
Forgot to update simple_transaction_set() to take terminator character into account. Signed-off-by: NJarkko Sakkinen <jarkko.j.sakkinen@gmail.com> Signed-off-by: NCasey Schaufler <cschaufler@cschaufler-intel.(none)>
-
- 14 10月, 2011 1 次提交
-
-
由 Jarkko Sakkinen 提交于
On some build configurations PER_CLEAR_ON_SETID symbol was not found when compiling smack_lsm.c. This patch fixes the issue by explicitly doing #include <linux/personality.h>. Signed-off-by: NJarkko Sakkinen <jarkko.j.sakkinen@gmail.com> Signed-off-by: NCasey Schaufler <cschaufler@cschaufler-intel.(none)>
-
- 13 10月, 2011 7 次提交
-
-
由 Jarkko Sakkinen 提交于
Small fix for the output of access SmackFS file. Use string is instead of byte. Makes it easier to extend API if it is needed. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
-
由 Jarkko Sakkinen 提交于
Protections for domain transition: - BPRM unsafe flags - Secureexec - Clear unsafe personality bits. - Clear parent death signal Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com>
-
由 Casey Schaufler 提交于
This patch is targeted for the smack-next tree. This patch takes advantage of the recent changes for performance and points the packet labels on UDS connect at the output label of the far side. This makes getsockopt(...SO_PEERCRED...) function properly. Without this change the getsockopt does not provide any information. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Casey Schaufler 提交于
There are a number of comments in the Smack code that are either malformed or include code. This patch cleans them up. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Casey Schaufler 提交于
Al Viro pointed out that the processing of fcntl done by Smack appeared poorly designed. He was right. There are three things that required change. Most obviously, the list of commands that really imply writing is limited to those involving file locking and signal handling. The initialization if the file security blob was incomplete, requiring use of a heretofore unused LSM hook. Finally, the audit information coming from a helper masked the identity of the LSM hook. This patch corrects all three of these defects. This is targeted for the smack-next tree pending comments. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Casey Schaufler 提交于
This patch is targeted for the smack-next tree. Smack access checks suffer from two significant performance issues. In cases where there are large numbers of rules the search of the single list of rules is wasteful. Comparing the string values of the smack labels is less efficient than a numeric comparison would. These changes take advantage of the Smack label list, which maintains the mapping of Smack labels to secids and optional CIPSO labels. Because the labels are kept perpetually, an access check can be done strictly based on the address of the label in the list without ever looking at the label itself. Rather than keeping one global list of rules the rules with a particular subject label can be based off of that label list entry. The access check need never look at entries that do not use the current subject label. This requires that packets coming off the network with CIPSO direct Smack labels that have never been seen before be treated carefully. The only case where they could be delivered is where the receiving socket has an IPIN star label, so that case is explicitly addressed. On a system with 39,800 rules (200 labels in all permutations) a system with this patch runs an access speed test in 5% of the time of the old version. That should be a best case improvement. If all of the rules are associated with the same subject label and all of the accesses are for processes with that label (unlikely) the improvement is about 30%. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Jarkko Sakkinen 提交于
Adds a new file into SmackFS called 'access'. Wanted Smack permission is written into /smack/access. After that result can be read from the opened file. If access applies result contains 1 and otherwise 0. File access is protected from race conditions by using simple_transaction_get()/set() API. Fixes from the previous version: - Removed smack.h changes, refactoring left-over from previous version. - Removed #include <linux/smack.h>, refactoring left-over from previous version. Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@intel.com> Signed-off-by: NCasey Schaufler <cschaufler@cschaufler-intel.(none)>
-
- 12 10月, 2011 2 次提交
-
-
由 Tetsuo Handa 提交于
Commit 059d84db "TOMOYO: Add socket operation restriction support" and commit 731d37aa "TOMOYO: Allow domain transition without execve()." forgot to update tomoyo_domain_quota_is_ok() and tomoyo_del_acl() which results in incorrect quota counting and memory leak. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
rcu_read_lock() is sufficient for calling find_task_by_pid_ns()/find_task_by_vpid(). Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 28 9月, 2011 1 次提交
-
-
由 Tetsuo Handa 提交于
Commit bd03a3e4 "TOMOYO: Add policy namespace support." introduced policy namespace. But as of /sbin/modprobe is executed from initramfs/initrd, profiles for target domain's namespace is not defined because /sbin/tomoyo-init is not yet called. Reported-by: NJamie Nguyen <jamie@tomoyolinux.co.uk> Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 27 9月, 2011 1 次提交
-
-
- 26 9月, 2011 3 次提交
-
-
由 Tetsuo Handa 提交于
tomoyo_policy_lock mutex already protects it. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
When TOMOYO started using garbage collector at commit 847b173e "TOMOYO: Add garbage collector.", we waited for close() before kfree(). Thus, elements to be kfree()d were queued up using tomoyo_gc_list list. But it turned out that tomoyo_element_linked_by_gc() tends to choke garbage collector when certain pattern of entries are queued. Since garbage collector is no longer waiting for close() since commit 2e503bbb "TOMOYO: Fix lockdep warning.", we can remove tomoyo_gc_list list and tomoyo_element_linked_by_gc() by doing sequential processing. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Tetsuo Handa 提交于
Commit efe836ab "TOMOYO: Add built-in policy support." introduced tomoyo_load_builtin_policy() but was by error called from nowhere. Commit b22b8b9f "TOMOYO: Rename meminfo to stat and show more statistics." introduced tomoyo_update_stat() but was by error not called from tomoyo_assign_domain(). Also, mark tomoyo_io_printf() and tomoyo_path_permission() static functions, as reported by "make namespacecheck". Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 21 9月, 2011 4 次提交
-
-
由 Mimi Zohar 提交于
Now that hex2bin does error checking, on error add debugging error msg. Changelog v1 (update): - fixed definition of 'ret' - hex2bin now returns an int Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
-
由 Mimi Zohar 提交于
For each hex2bin call in encrypted keys, check that the ascii hex string is valid. On failure, return -EINVAL. Changelog v1: - hex2bin now returns an int Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
-
由 Mimi Zohar 提交于
For each hex2bin call in trusted keys, check that the ascii hex string is valid. On failure, return -EINVAL. Changelog v1: - hex2bin now returns an int Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
-
由 Mimi Zohar 提交于
hex2bin converts a hexadecimal string to its binary representation. The original version of hex2bin did not do any error checking. This patch adds error checking and returns the result. Changelog v1: - removed unpack_hex_byte() - changed return code from boolean to int Changelog: - use the new unpack_hex_byte() - add __must_check compiler option (Andy Shevchenko's suggestion) - change function API to return error checking result (based on Tetsuo Handa's initial patch) Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
-
- 19 9月, 2011 1 次提交
-
-
由 Tetsuo Handa 提交于
I got an opinion that it is difficult to use exception policy's domain transition control directives because they need to match the pathname specified to "file execute" directives. For example, if "file execute /bin/\*\-ls\-cat" is given, corresponding domain transition control directive needs to be like "no_keep_domain /bin/\*\-ls\-cat from any". If we can specify like below, it will become more convenient. file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls" file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat" file execute /bin/\*\-ls\-cat child file execute /usr/sbin/httpd <apache> exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd" In above examples, "keep" works as if keep_domain is specified, "child" works as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are specified, "<apache>" causes domain transition to <apache> domain upon successful execve() operation. Moreover, we can also allow transition to different domains based on conditions like below example. <kernel> /usr/sbin/sshd file execute /bin/bash <kernel> /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c" file execute /bin/bash <kernel> /usr/sbin/sshd //root-session task.uid=0 file execute /bin/bash <kernel> /usr/sbin/sshd //nonroot-session task.uid!=0 Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 16 9月, 2011 1 次提交
-
-
由 Stephen Rothwell 提交于
Fixes this build error: security/keys/encrypted-keys/masterkey_trusted.c: In function 'request_trusted_key': security/keys/encrypted-keys/masterkey_trusted.c:35:2: error: implicit declaration of function 'IS_ERR' Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
-
- 15 9月, 2011 7 次提交
-
-
-
由 Tetsuo Handa 提交于
Tell userland tools that this is TOMOYO 2.5. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dmitry Kasatkin 提交于
When allocating from slab, initialization is done the first time in init_once() and subsequently on free. Because evm_status was not re-initialized on free, evm_verify_hmac() skipped verifications. This patch re-initializes evm_status. Signed-off-by: NDmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
-
由 Mimi Zohar 提交于
Before permitting 'security.evm' to be updated, 'security.evm' must exist and be valid. In the case that there are no existing EVM protected xattrs, it is safe for posix acls to update the mode bits. To differentiate between no 'security.evm' xattr and no xattrs used to calculate 'security.evm', this patch defines INTEGRITY_NOXATTR. Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
-
由 Mimi Zohar 提交于
The posix xattr acls are 'system' prefixed, which normally would not affect security.evm. An interesting side affect of writing posix xattr acls is their modifying of the i_mode, which is included in security.evm. This patch updates security.evm when posix xattr acls are written. Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
-
由 Mimi Zohar 提交于
evm_protect_xattr unnecessarily validates the current security.evm integrity, before updating non-evm protected extended attributes and other file metadata. This patch limits validating the current security.evm integrity to evm protected metadata. Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
-
由 Mimi Zohar 提交于
security_inode_init_security previously returned -EOPNOTSUPP, for S_PRIVATE inodes, and relied on the callers to change it to 0. As the callers do not change the return code anymore, return 0, intead of -EOPNOTSUPP. Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
-