diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
| commit | 0302e28dee643932ee7b3c112ebccdbb9f8ec32c (patch) | |
| tree | 405d4cb3f772ef069ed7f291adc4b74a4e73346e /security/tomoyo | |
| parent | 89c9fea3c8034cdb2fd745f551cde0b507fd6893 (diff) | |
| parent | 8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
IMA:
- provide ">" and "<" operators for fowner/uid/euid rules
KEYS:
- add a system blacklist keyring
- add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via keyctl()
LSM:
- harden LSM API with __ro_after_init
- add prlmit security hook, implement for SELinux
- revive security_task_alloc hook
TPM:
- implement contextual TPM command 'spaces'"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
tpm: Fix reference count to main device
tpm_tis: convert to using locality callbacks
tpm: fix handling of the TPM 2.0 event logs
tpm_crb: remove a cruft constant
keys: select CONFIG_CRYPTO when selecting DH / KDF
apparmor: Make path_max parameter readonly
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: use SHASH_DESC_ON_STACK
security/apparmor/lsm.c: set debug messages
apparmor: fix boolreturn.cocci warnings
Smack: Use GFP_KERNEL for smk_netlbl_mls().
smack: fix double free in smack_parse_opts_str()
KEYS: add SP800-56A KDF support for DH
KEYS: Keyring asymmetric key restrict method with chaining
KEYS: Restrict asymmetric key linkage using a specific keychain
KEYS: Add a lookup_restriction function for the asymmetric key type
KEYS: Add KEYCTL_RESTRICT_KEYRING
KEYS: Consistent ordering for __key_link_begin and restrict check
KEYS: Add an optional lookup_restriction hook to key_type
...
Diffstat (limited to 'security/tomoyo')
| -rw-r--r-- | security/tomoyo/file.c | 12 | ||||
| -rw-r--r-- | security/tomoyo/tomoyo.c | 22 |
2 files changed, 17 insertions, 17 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 7041a580019e..223f21ffa632 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
| @@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, const struct path *path, | |||
| 692 | { | 692 | { |
| 693 | struct tomoyo_request_info r; | 693 | struct tomoyo_request_info r; |
| 694 | struct tomoyo_obj_info obj = { | 694 | struct tomoyo_obj_info obj = { |
| 695 | .path1 = *path, | 695 | .path1 = { .mnt = path->mnt, .dentry = path->dentry }, |
| 696 | }; | 696 | }; |
| 697 | int error = -ENOMEM; | 697 | int error = -ENOMEM; |
| 698 | struct tomoyo_path_info buf; | 698 | struct tomoyo_path_info buf; |
| @@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | |||
| 740 | struct tomoyo_path_info buf; | 740 | struct tomoyo_path_info buf; |
| 741 | struct tomoyo_request_info r; | 741 | struct tomoyo_request_info r; |
| 742 | struct tomoyo_obj_info obj = { | 742 | struct tomoyo_obj_info obj = { |
| 743 | .path1 = *path, | 743 | .path1 = { .mnt = path->mnt, .dentry = path->dentry }, |
| 744 | }; | 744 | }; |
| 745 | int idx; | 745 | int idx; |
| 746 | 746 | ||
| @@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta | |||
| 786 | { | 786 | { |
| 787 | struct tomoyo_request_info r; | 787 | struct tomoyo_request_info r; |
| 788 | struct tomoyo_obj_info obj = { | 788 | struct tomoyo_obj_info obj = { |
| 789 | .path1 = *path, | 789 | .path1 = { .mnt = path->mnt, .dentry = path->dentry }, |
| 790 | }; | 790 | }; |
| 791 | int error; | 791 | int error; |
| 792 | struct tomoyo_path_info buf; | 792 | struct tomoyo_path_info buf; |
| @@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, const struct path *path, | |||
| 843 | { | 843 | { |
| 844 | struct tomoyo_request_info r; | 844 | struct tomoyo_request_info r; |
| 845 | struct tomoyo_obj_info obj = { | 845 | struct tomoyo_obj_info obj = { |
| 846 | .path1 = *path, | 846 | .path1 = { .mnt = path->mnt, .dentry = path->dentry }, |
| 847 | }; | 847 | }; |
| 848 | int error = -ENOMEM; | 848 | int error = -ENOMEM; |
| 849 | struct tomoyo_path_info buf; | 849 | struct tomoyo_path_info buf; |
| @@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, const struct path *path1, | |||
| 890 | struct tomoyo_path_info buf2; | 890 | struct tomoyo_path_info buf2; |
| 891 | struct tomoyo_request_info r; | 891 | struct tomoyo_request_info r; |
| 892 | struct tomoyo_obj_info obj = { | 892 | struct tomoyo_obj_info obj = { |
| 893 | .path1 = *path1, | 893 | .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, |
| 894 | .path2 = *path2, | 894 | .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } |
| 895 | }; | 895 | }; |
| 896 | int idx; | 896 | int idx; |
| 897 | 897 | ||
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index edc52d620f29..130b4fa4f65f 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
| @@ -165,7 +165,7 @@ static int tomoyo_path_truncate(const struct path *path) | |||
| 165 | */ | 165 | */ |
| 166 | static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) | 166 | static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) |
| 167 | { | 167 | { |
| 168 | struct path path = { parent->mnt, dentry }; | 168 | struct path path = { .mnt = parent->mnt, .dentry = dentry }; |
| 169 | return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); | 169 | return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); |
| 170 | } | 170 | } |
| 171 | 171 | ||
| @@ -181,7 +181,7 @@ static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) | |||
| 181 | static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, | 181 | static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, |
| 182 | umode_t mode) | 182 | umode_t mode) |
| 183 | { | 183 | { |
| 184 | struct path path = { parent->mnt, dentry }; | 184 | struct path path = { .mnt = parent->mnt, .dentry = dentry }; |
| 185 | return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, | 185 | return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, |
| 186 | mode & S_IALLUGO); | 186 | mode & S_IALLUGO); |
| 187 | } | 187 | } |
| @@ -196,7 +196,7 @@ static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, | |||
| 196 | */ | 196 | */ |
| 197 | static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) | 197 | static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) |
| 198 | { | 198 | { |
| 199 | struct path path = { parent->mnt, dentry }; | 199 | struct path path = { .mnt = parent->mnt, .dentry = dentry }; |
| 200 | return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); | 200 | return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); |
| 201 | } | 201 | } |
| 202 | 202 | ||
| @@ -212,7 +212,7 @@ static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) | |||
| 212 | static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, | 212 | static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, |
| 213 | const char *old_name) | 213 | const char *old_name) |
| 214 | { | 214 | { |
| 215 | struct path path = { parent->mnt, dentry }; | 215 | struct path path = { .mnt = parent->mnt, .dentry = dentry }; |
| 216 | return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); | 216 | return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); |
| 217 | } | 217 | } |
| 218 | 218 | ||
| @@ -229,7 +229,7 @@ static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, | |||
| 229 | static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, | 229 | static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, |
| 230 | umode_t mode, unsigned int dev) | 230 | umode_t mode, unsigned int dev) |
| 231 | { | 231 | { |
| 232 | struct path path = { parent->mnt, dentry }; | 232 | struct path path = { .mnt = parent->mnt, .dentry = dentry }; |
| 233 | int type = TOMOYO_TYPE_CREATE; | 233 | int type = TOMOYO_TYPE_CREATE; |
| 234 | const unsigned int perm = mode & S_IALLUGO; | 234 | const unsigned int perm = mode & S_IALLUGO; |
| 235 | 235 | ||
| @@ -268,8 +268,8 @@ static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, | |||
| 268 | static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, | 268 | static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, |
| 269 | struct dentry *new_dentry) | 269 | struct dentry *new_dentry) |
| 270 | { | 270 | { |
| 271 | struct path path1 = { new_dir->mnt, old_dentry }; | 271 | struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; |
| 272 | struct path path2 = { new_dir->mnt, new_dentry }; | 272 | struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; |
| 273 | return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); | 273 | return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); |
| 274 | } | 274 | } |
| 275 | 275 | ||
| @@ -288,8 +288,8 @@ static int tomoyo_path_rename(const struct path *old_parent, | |||
| 288 | const struct path *new_parent, | 288 | const struct path *new_parent, |
| 289 | struct dentry *new_dentry) | 289 | struct dentry *new_dentry) |
| 290 | { | 290 | { |
| 291 | struct path path1 = { old_parent->mnt, old_dentry }; | 291 | struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; |
| 292 | struct path path2 = { new_parent->mnt, new_dentry }; | 292 | struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; |
| 293 | return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); | 293 | return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); |
| 294 | } | 294 | } |
| 295 | 295 | ||
| @@ -417,7 +417,7 @@ static int tomoyo_sb_mount(const char *dev_name, const struct path *path, | |||
| 417 | */ | 417 | */ |
| 418 | static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) | 418 | static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) |
| 419 | { | 419 | { |
| 420 | struct path path = { mnt, mnt->mnt_root }; | 420 | struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; |
| 421 | return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); | 421 | return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); |
| 422 | } | 422 | } |
| 423 | 423 | ||
| @@ -496,7 +496,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, | |||
| 496 | * tomoyo_security_ops is a "struct security_operations" which is used for | 496 | * tomoyo_security_ops is a "struct security_operations" which is used for |
| 497 | * registering TOMOYO. | 497 | * registering TOMOYO. |
| 498 | */ | 498 | */ |
| 499 | static struct security_hook_list tomoyo_hooks[] = { | 499 | static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = { |
| 500 | LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank), | 500 | LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank), |
| 501 | LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), | 501 | LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), |
| 502 | LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer), | 502 | LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer), |