- 02 8月, 2010 18 次提交
-
-
由 Eric Paris 提交于
Move the reading of ocontext type data out of policydb_read() in a separate function ocontext_read() Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric Paris 提交于
move genfs read functionality out of policydb_read() and into a new function called genfs_read() Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dan Carpenter 提交于
hashtab_create() only returns NULL on allocation failures to -ENOMEM is appropriate here. Signed-off-by: NDan Carpenter <error27@gmail.com> Acked-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dan Carpenter 提交于
The original code always returned -1 (-EPERM) on error. The new code returns either -ENOMEM, or -EINVAL or it propagates the error codes from lower level functions next_entry() or hashtab_insert(). next_entry() returns -EINVAL. hashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM. Signed-off-by: NDan Carpenter <error27@gmail.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dan Carpenter 提交于
It's better to propagate the error code from avtab_init() instead of returning -1 (-EPERM). It turns out that avtab_init() never fails so this patch doesn't change how the code runs but it's still a clean up. Signed-off-by: NDan Carpenter <error27@gmail.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dan Carpenter 提交于
Originally cond_read_node() returned -1 (-EPERM) on errors which was incorrect. Now it either propagates the error codes from lower level functions next_entry() or cond_read_av_list() or it returns -ENOMEM or -EINVAL. next_entry() returns -EINVAL. cond_read_av_list() returns -EINVAL or -ENOMEM. Signed-off-by: NDan Carpenter <error27@gmail.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dan Carpenter 提交于
After this patch cond_read_av_list() no longer returns -1 for any errors. It just propagates error code back from lower levels. Those can either be -EINVAL or -ENOMEM. I also modified cond_insertf() since cond_read_av_list() passes that as a function pointer to avtab_read_item(). It isn't used anywhere else. Signed-off-by: NDan Carpenter <error27@gmail.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dan Carpenter 提交于
These are passed back when the security module gets loaded. The original code always returned -1 (-EPERM) on error but after this patch it can return -EINVAL, or -ENOMEM or propagate the error code from cond_read_node(). cond_read_node() still returns -1 all the time, but I fix that in a later patch. Signed-off-by: NDan Carpenter <error27@gmail.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Dan Carpenter 提交于
The avtab_read_item() function tends to return -1 as a default error code which is wrong (-1 means -EPERM). I modified it to return appropriate error codes which is -EINVAL or the error code from next_entry() or insertf(). next_entry() returns -EINVAL. insertf() is a function pointer to either avtab_insert() or cond_insertf(). avtab_insert() returns -EINVAL, -ENOMEM, and -EEXIST. cond_insertf() currently returns -1, but I will fix it in a later patch. There is code in avtab_read() which translates the -1 returns from avtab_read_item() to -EINVAL. The translation is no longer needed, so I removed it. Signed-off-by: NDan Carpenter <error27@gmail.com> Acked-by: NStephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Arnd Bergmann 提交于
The default for llseek will change to no_llseek, so selinuxfs needs to add explicit .llseek assignments. Since we're dealing with regular files from a VFS perspective, use generic_file_llseek. Signed-off-by: NArnd Bergmann <arnd@arndb.de> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Mimi Zohar 提交于
Make the security extended attributes names global. Updated to move the remaining Smack xattrs. Signed-off-by: NMimi Zohar <zohar@us.ibm.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
There were a number of places using the following code pattern: struct cred *cred = current_cred(); struct task_security_struct *tsec = cred->security; ... which were simplified to the following: struct task_security_struct *tsec = current_security(); Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
At present, the socket related access controls use a mix of inode and socket labels; while there should be no practical difference (they _should_ always be the same), it makes the code more confusing. This patch attempts to convert all of the socket related access control points (with the exception of some of the inode/fd based controls) to use the socket's own label. In the process, I also converted the socket_has_perm() function to take a 'sock' argument instead of a 'socket' since that was adding a bit more overhead in some cases. Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
The sk_alloc_security() and sk_free_security() functions were only being called by the selinux_sk_alloc_security() and selinux_sk_free_security() functions so we just move the guts of the alloc/free routines to the callers and eliminate a layer of indirection. Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
Consolidate the basic sockcreate_sid logic into a single helper function which allows us to do some cleanups in the related code. Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul Moore 提交于
Correct a problem where we weren't setting the peer label correctly on the client end of a pair of connected UNIX sockets. Signed-off-by: NPaul Moore <paul.moore@hp.com> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Eric Paris 提交于
Move the range transition rule to a separate function, range_read(), rather than doing it all in policydb_read() Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 Paul E. McKenney 提交于
Remove all rcu head inits. We don't care about the RCU head state before passing it to call_rcu() anyway. Only leave the "on_stack" variants so debugobjects can keep track of objects on stack. Signed-off-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: NJames Morris <jmorris@namei.org> Cc: Eric Paris <eparis@parisplace.org> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 22 5月, 2010 1 次提交
-
-
由 Al Viro 提交于
... kill their private list, while we are at it Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 17 5月, 2010 1 次提交
-
-
由 Julia Lawall 提交于
Use kstrdup when the goal of an allocation is copy a string into the allocated region. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression from,to; expression flag,E1,E2; statement S; @@ - to = kmalloc(strlen(from) + 1,flag); + to = kstrdup(from, flag); ... when != \(from = E1 \| to = E1 \) if (to==NULL || ...) S ... when != \(from = E2 \| to = E2 \) - strcpy(to, from); // </smpl> Signed-off-by: NJulia Lawall <julia@diku.dk> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 29 4月, 2010 1 次提交
-
-
由 Stephen Smalley 提交于
On Tue, 2010-04-27 at 11:47 -0700, David Miller wrote: > From: "Tom \"spot\" Callaway" <tcallawa@redhat.com> > Date: Tue, 27 Apr 2010 14:20:21 -0400 > > > [root@apollo ~]$ cat /proc/2174/maps > > 00010000-00014000 r-xp 00000000 fd:00 15466577 > > /sbin/mingetty > > 00022000-00024000 rwxp 00002000 fd:00 15466577 > > /sbin/mingetty > > 00024000-00046000 rwxp 00000000 00:00 0 > > [heap] > > SELINUX probably barfs on the executable heap, the PLT is in the HEAP > just like powerpc32 and that's why VM_DATA_DEFAULT_FLAGS has to set > both executable and writable. > > You also can't remove the CONFIG_PPC32 ifdefs in selinux, since > because of the VM_DATA_DEFAULT_FLAGS setting used still in that arch, > the heap will always have executable permission, just like sparc does. > You have to support those binaries forever, whether you like it or not. > > Let's just replace the CONFIG_PPC32 ifdef in SELINUX with CONFIG_PPC32 > || CONFIG_SPARC as in Tom's original patch and let's be done with > this. > > In fact I would go through all the arch/ header files and check the > VM_DATA_DEFAULT_FLAGS settings and add the necessary new ifdefs to the > SELINUX code so that other platforms don't have the pain of having to > go through this process too. To avoid maintaining per-arch ifdefs, it seems that we could just directly use (VM_DATA_DEFAULT_FLAGS & VM_EXEC) as the basis for deciding whether to enable or disable these checks. VM_DATA_DEFAULT_FLAGS isn't constant on some architectures but instead depends on current->personality, but we want this applied uniformly. So we'll just use the initial task state to determine whether or not to enable these checks. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Acked-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 28 4月, 2010 1 次提交
-
-
由 Eric Paris 提交于
Most of the LSM common audit work uses LSM_AUDIT_DATA_* for the naming. This was not so for LSM_AUDIT_NO_AUDIT which means the generic initializer cannot be used. This patch just renames the flag so the generic initializer can be used. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 21 4月, 2010 1 次提交
-
-
由 Eric Paris 提交于
policy load failure always return EINVAL even if the failure was for some other reason (usually ENOMEM). This patch passes error codes back up the stack where they will make their way to userspace. This might help in debugging future problems with policy load. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 15 4月, 2010 1 次提交
-
-
由 Stephen Smalley 提交于
Reduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2 allocation rather than an order 4 allocation on x86_64. This addresses reports of page allocation failures: http://marc.info/?l=selinux&m=126757230625867&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=570433Reported-by: NRussell Coker <russell@coker.com.au> Signed-off-by: NStephen D. Smalley <sds@tycho.nsa.gov> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 09 4月, 2010 1 次提交
-
-
由 wzt.wzt@gmail.com 提交于
Fix coding style in security/ Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 08 4月, 2010 1 次提交
-
-
由 Eric Paris 提交于
trying to grep everything that messes with a sk_security_struct isn't easy since we don't always call it sksec. Just rename everything sksec. Signed-off-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 30 3月, 2010 1 次提交
-
-
由 Tejun Heo 提交于
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_*.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). * x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: NTejun Heo <tj@kernel.org> Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
-
- 16 3月, 2010 1 次提交
-
-
由 Stephen Smalley 提交于
Reduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2 allocation rather than an order 4 allocation on x86_64. This addresses reports of page allocation failures: http://marc.info/?l=selinux&m=126757230625867&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=570433Reported-by: NRussell Coker <russell@coker.com.au> Signed-off-by: NStephen D. Smalley <sds@tycho.nsa.gov> Acked-by: NEric Paris <eparis@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 08 3月, 2010 1 次提交
-
-
由 Stephen Hemminger 提交于
Several places strings tables are used that should be declared const. Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 04 3月, 2010 1 次提交
-
-
由 wzt.wzt@gmail.com 提交于
skbuff.h is already included by netlink.h, so remove it. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 03 3月, 2010 2 次提交
-
-
由 wzt.wzt@gmail.com 提交于
slab.h is unused in symtab.c, so remove it. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
由 wzt.wzt@gmail.com 提交于
list.h is unused in netlink.c, so remove it. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 26 2月, 2010 1 次提交
-
-
由 David Howells 提交于
Make selinux_kernel_create_files_as() return an error when it gets one, rather than unconditionally returning 0. Without this, cachefiles doesn't return an error if the SELinux policy doesn't let it create files with the label of the directory at the base of the cache. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 25 2月, 2010 1 次提交
-
-
由 Joshua Roys 提交于
This fixes corrupted CIPSO packets when SELinux categories greater than 127 are used. The bug occured on the second (and later) loops through the while; the inner for loop through the ebitmap->maps array used the same index as the NetLabel catmap->bitmap array, even though the NetLabel bitmap is twice as long as the SELinux bitmap. Signed-off-by: NJoshua Roys <joshua.roys@gtri.gatech.edu> Acked-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 24 2月, 2010 1 次提交
-
-
由 wzt.wzt@gmail.com 提交于
Enhance the security framework to support resetting the active security module. This eliminates the need for direct use of the security_ops and default_security_ops variables outside of security.c, so make security_ops and default_security_ops static. Also remove the secondary_ops variable as a cleanup since there is no use for that. secondary_ops was originally used by SELinux to call the "secondary" security module (capability or dummy), but that was replaced by direct calls to capability and the only remaining use is to save and restore the original security ops pointer value if SELinux is disabled by early userspace based on /etc/selinux/config. Further, if we support this directly in the security framework, then we can just use &default_security_ops for this purpose since that is now available. Signed-off-by: NZhitong Wang <zhitong.wangzt@alibaba-inc.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 22 2月, 2010 1 次提交
-
-
由 KaiGai Kohei 提交于
This patch revert the commit of 7d52a155 which removed a part of type_attribute_bounds_av as a dead code. However, at that time, we didn't find out the target side boundary allows to handle some of pseudo /proc/<pid>/* entries with its process's security context well. Signed-off-by: NKaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> -- security/selinux/ss/services.c | 43 ++++++++++++++++++++++++++++++++++++--- 1 files changed, 39 insertions(+), 4 deletions(-) Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 16 2月, 2010 1 次提交
-
-
由 James Morris 提交于
Fix a couple of sparse warnings for callers of context_struct_to_string, which takes a *u32, not an *int. These cases are harmless as the values are not used. Signed-off-by: NJames Morris <jmorris@namei.org> Acked-by: NKaiGai Kohei <kaigai@ak.jp.nec.com>
-
- 09 2月, 2010 1 次提交
-
-
由 Xiaotian Feng 提交于
In sel_make_bools, kernel allocates memory for bool_pending_names[i] with security_get_bools. So if we just free bool_pending_names, those memories for bool_pending_names[i] will be leaked. This patch resolves dozens of following kmemleak report after resuming from suspend: unreferenced object 0xffff88022e4c7380 (size 32): comm "init", pid 1, jiffies 4294677173 backtrace: [<ffffffff810f76b5>] create_object+0x1a2/0x2a9 [<ffffffff810f78bb>] kmemleak_alloc+0x26/0x4b [<ffffffff810ef3eb>] __kmalloc+0x18f/0x1b8 [<ffffffff811cd511>] security_get_bools+0xd7/0x16f [<ffffffff811c48c0>] sel_write_load+0x12e/0x62b [<ffffffff810f9a39>] vfs_write+0xae/0x10b [<ffffffff810f9b56>] sys_write+0x4a/0x6e [<ffffffff81011b82>] system_call_fastpath+0x16/0x1b [<ffffffffffffffff>] 0xffffffffffffffff Signed-off-by: NXiaotian Feng <dfeng@redhat.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-
- 05 2月, 2010 1 次提交
-
-
由 Justin P. Mattock 提交于
Signed-off-by: NJustin P. Mattock <justinmattock@gmail.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 04 2月, 2010 1 次提交
-
-
由 Kees Cook 提交于
Right now the syslog "type" action are just raw numbers which makes the source difficult to follow. This patch replaces the raw numbers with defined constants for some level of sanity. Signed-off-by: NKees Cook <kees.cook@canonical.com> Acked-by: NJohn Johansen <john.johansen@canonical.com> Acked-by: NSerge Hallyn <serue@us.ibm.com> Signed-off-by: NJames Morris <jmorris@namei.org>
-