Merge tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore: "A relatively quiet period for SELinux, 11 patches with only two/three having any substantive changes. These noteworthy changes include another tweak to the NNP/nosuid handling, per-file labeling for cgroups, and an object class fix for AF_UNIX/SOCK_RAW sockets; the rest of the changes are minor tweaks or administrative updates (Stephen's email update explains the file explosion in the diffstat). Everything passes the selinux-testsuite" [ Also a couple of small patches from the security tree from Tetsuo Handa for Tomoyo and LSM cleanup. The separation of security policy updates wasn't all that clean - Linus ] * tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: constify nf_hook_ops selinux: allow per-file labeling for cgroupfs lsm_audit: update my email address selinux: update my email address MAINTAINERS: update the NetLabel and Labeled Networking information selinux: use GFP_NOWAIT in the AVC kmem_caches selinux: Generalize support for NNP/nosuid SELinux domain transitions selinux: genheaders should fail if too many permissions are defined selinux: update the selinux info in MAINTAINERS credits: update Paul Moore's info selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets tomoyo: Update URLs in Documentation/admin-guide/LSM/tomoyo.rst LSM: Remove security_task_create() hook.
author: Linus Torvalds <torvalds@linux-foundation.org> 2017-09-12 16:21:00 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-09-12 16:21:00 -0400
commit: 7f85565a3f7194b966de71926471d69788b6b9c3 (patch)
tree: 95f93ab1d18dc1121cd5ec71309c7e6cb4dedc7b
parent: 680352bda57e3dbf21cddf6a5e23aff7e294fb31 (diff)
parent: 0c3014f22dec0e1d14c8298551bfb6434638bdd9 (diff)
36 files changed, 117 insertions, 104 deletions
diff --git a/CREDITS b/CREDITS
index 0d2d60de5a25..9fbd2c77b546 100644
--- a/CREDITS
+++ b/CREDITS
@@ -2606,11 +2606,9 @@ E: tmolina@cablespeed.com
 D: bug fixes, documentation, minor hackery
 N: Paul Moore
-E: paul.moore@hp.com
+E: paul@paul-moore.com
-D: NetLabel author
+W: http://www.paul-moore.com
-S: Hewlett-Packard
+D: NetLabel, SELinux, audit
-S: 110 Spit Brook Road
-S: Nashua, NH 03062
 N: James Morris
 E: jmorris@namei.org
diff --git a/Documentation/admin-guide/LSM/tomoyo.rst b/Documentation/admin-guide/LSM/tomoyo.rst
index a5947218fa64..e2d6b6e15082 100644
--- a/Documentation/admin-guide/LSM/tomoyo.rst
+++ b/Documentation/admin-guide/LSM/tomoyo.rst
@@ -9,8 +9,8 @@ TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
 LiveCD-based tutorials are available at
-http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/
+http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html
-http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/
+http://tomoyo.sourceforge.jp/1.8/centos6-live.html
 Though these tutorials use non-LSM version of TOMOYO, they are useful for you
 to know what TOMOYO is.
@@ -21,35 +21,35 @@ How to enable TOMOYO?
 Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
 kernel's command line.
-Please see http://tomoyo.sourceforge.jp/2.3/ for details.
+Please see http://tomoyo.osdn.jp/2.5/ for details.
 Where is documentation?
 =======================
 User <-> Kernel interface documentation is available at
-http://tomoyo.sourceforge.jp/2.3/policy-reference.html .
+http://tomoyo.osdn.jp/2.5/policy-specification/index.html .
 Materials we prepared for seminars and symposiums are available at
-http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
+http://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
 Below lists are chosen from three aspects.
 What is TOMOYO?
  TOMOYO Linux Overview
-    http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf
+    http://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf
  TOMOYO Linux: pragmatic and manageable security for Linux
-    http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
+    http://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
  TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
-    http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
+    http://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
 What can TOMOYO do?
  Deep inside TOMOYO Linux
-    http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
+    http://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
  The role of "pathname based access control" in security.
-    http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf
+    http://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf
 History of TOMOYO?
  Realities of Mainlining
-    http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf
+    http://osdn.jp/projects/tomoyo/docs/lfj2008.pdf
 What is future plan?
 ====================
@@ -60,6 +60,6 @@ multiple LSM modules at the same time. We feel sorry that you have to give up
 SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
 We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
-version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ .
+version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ .
 LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
 to port non-LSM version's functionalities to LSM versions.
diff --git a/MAINTAINERS b/MAINTAINERS
index fbb269415f06..e57a4eaec077 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9298,15 +9298,6 @@ F:	net/*/netfilter/
 F:      net/netfilter/
 F:      net/bridge/br_netfilter*.c
-NETLABEL
-M:      Paul Moore <paul@paul-moore.com>
-W:      http://netlabel.sf.net
-L:      netdev@vger.kernel.org
-S:      Maintained
-F:      Documentation/netlabel/
-F:      include/net/netlabel.h
-F:      net/netlabel/
 NETROM NETWORK LAYER
 M:      Ralf Baechle <ralf@linux-mips.org>
 L:      linux-hams@vger.kernel.org
@@ -9434,10 +9425,23 @@ F:	net/ipv6/
 F:      include/net/ip*
 F:      arch/x86/net/*
-NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK)
+NETWORKING [LABELED] (NetLabel, Labeled IPsec, SECMARK)
 M:      Paul Moore <paul@paul-moore.com>
+W:      https://github.com/netlabel
 L:      netdev@vger.kernel.org
+L:      linux-security-module@vger.kernel.org
 S:      Maintained
+F:      Documentation/netlabel/
+F:      include/net/calipso.h
+F:      include/net/cipso_ipv4.h
+F:      include/net/netlabel.h
+F:      include/uapi/linux/netfilter/xt_SECMARK.h
+F:      include/uapi/linux/netfilter/xt_CONNSECMARK.h
+F:      net/netlabel/
+F:      net/ipv4/cipso_ipv4.c
+F:      net/ipv6/calipso.c
+F:      net/netfilter/xt_CONNSECMARK.c
+F:      net/netfilter/xt_SECMARK.c
 NETWORKING [TLS]
 M:      Ilya Lesokhin <ilyal@mellanox.com>
@@ -12023,8 +12027,9 @@ M:	Paul Moore <paul@paul-moore.com>
 M:      Stephen Smalley <sds@tycho.nsa.gov>
 M:      Eric Paris <eparis@parisplace.org>
 L:      selinux@tycho.nsa.gov (moderated for non-subscribers)
-W:      http://selinuxproject.org
+W:      https://selinuxproject.org
-T:      git git://git.infradead.org/users/pcmoore/selinux
+W:      https://github.com/SELinuxProject
+T:      git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
 S:      Supported
 F:      include/linux/selinux*
 F:      security/selinux/
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 22b5d4e687ce..d1c2901f1542 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -4,7 +4,7 @@
 *
 * Author : Etienne BASSET  <etienne.basset@ensta.org>
 *
- * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * All credits to : Stephen Smalley, <sds@tycho.nsa.gov>
 * All BUGS to : Etienne BASSET  <etienne.basset@ensta.org>
 */
 #ifndef _LSM_COMMON_LOGGING_
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d1c7bef25691..c9258124e417 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -528,11 +528,6 @@
 *
 * Security hooks for task operations.
 *
- * @task_create:
- *      Check permission before creating a child process.  See the clone(2)
- *      manual page for definitions of the @clone_flags.
- *      @clone_flags contains the flags indicating what should be shared.
- *      Return 0 if permission is granted.
 * @task_alloc:
 *      @task task being allocated.
 *      @clone_flags contains the flags indicating what should be shared.
@@ -1505,7 +1500,6 @@ union security_list_options {
        int (*file_receive)(struct file *file);
        int (*file_open)(struct file *file, const struct cred *cred);
-        int (*task_create)(unsigned long clone_flags);
        int (*task_alloc)(struct task_struct *task, unsigned long clone_flags);
        void (*task_free)(struct task_struct *task);
        int (*cred_alloc_blank)(struct cred *cred, gfp_t gfp);
@@ -1779,7 +1773,6 @@ struct security_hook_heads {
        struct list_head file_send_sigiotask;
        struct list_head file_receive;
        struct list_head file_open;
-        struct list_head task_create;
        struct list_head task_alloc;
        struct list_head task_free;
        struct list_head cred_alloc_blank;
diff --git a/include/linux/security.h b/include/linux/security.h
index 707b524874d8..ce6265960d6c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -318,7 +318,6 @@ int security_file_send_sigiotask(struct task_struct *tsk,
                                 struct fown_struct *fown, int sig);
 int security_file_receive(struct file *file);
 int security_file_open(struct file *file, const struct cred *cred);
-int security_task_create(unsigned long clone_flags);
 int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
 void security_task_free(struct task_struct *task);
 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
@@ -880,11 +879,6 @@ static inline int security_file_open(struct file *file,
        return 0;
 }
-static inline int security_task_create(unsigned long clone_flags)
-{
-        return 0;
-}
 static inline int security_task_alloc(struct task_struct *task,
                                      unsigned long clone_flags)
 {
diff --git a/kernel/fork.c b/kernel/fork.c
index 6f1b0af00bda..10646182440f 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1569,10 +1569,6 @@ static __latent_entropy struct task_struct *copy_process(
                        return ERR_PTR(-EINVAL);
        }
-        retval = security_task_create(clone_flags);
-        if (retval)
-                goto fork_out;
        retval = -ENOMEM;
        p = dup_task_struct(current, node);
        if (!p)
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 6a24569c3578..672b069dcfea 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -129,11 +129,16 @@ int main(int argc, char *argv[])
        for (i = 0; secclass_map[i].name; i++) {
                struct security_class_mapping *map = &secclass_map[i];
                for (j = 0; map->perms[j]; j++) {
+                        if (j >= 32) {
+                                fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
+                                        map->name, map->perms[j]);
+                                exit(5);
+                        }
                        fprintf(fout, "#define %s__%s", map->name,
                                map->perms[j]);
                        for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
                                fprintf(fout, " ");
-                        fprintf(fout, "0x%08xUL\n", (1<<j));
+                        fprintf(fout, "0x%08xU\n", (1<<j));
                }
        }
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 28d4c3a528ab..67703dbe29ea 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -2,7 +2,7 @@
 * common LSM auditing functions
 *
 * Based on code written for SELinux by :
- *                      Stephen Smalley, <sds@epoch.ncsc.mil>
+ *                      Stephen Smalley, <sds@tycho.nsa.gov>
 *                      James Morris <jmorris@redhat.com>
 * Author : Etienne Basset, <etienne.basset@ensta.org>
 *
diff --git a/security/security.c b/security/security.c
index afc34f46c6c5..4bf0f571b4ef 100644
--- a/security/security.c
+++ b/security/security.c
@@ -974,11 +974,6 @@ int security_file_open(struct file *file, const struct cred *cred)
        return fsnotify_perm(file, MAY_OPEN);
 }
-int security_task_create(unsigned long clone_flags)
-{
-        return call_int_hook(task_create, 0, clone_flags);
-}
 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
 {
        return call_int_hook(task_alloc, 0, task, clone_flags);
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 4b4293194aee..2380b8d72cec 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the kernel access vector cache (AVC).
 *
- * Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Authors:  Stephen Smalley, <sds@tycho.nsa.gov>
 *           James Morris <jmorris@redhat.com>
 *
 * Update:   KaiGai, Kohei <kaigai@ak.jp.nec.com>
@@ -346,27 +346,26 @@ static struct avc_xperms_decision_node
        struct avc_xperms_decision_node *xpd_node;
        struct extended_perms_decision *xpd;
-        xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep,
+        xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
-                                GFP_ATOMIC | __GFP_NOMEMALLOC);
        if (!xpd_node)
                return NULL;
        xpd = &xpd_node->xpd;
        if (which & XPERMS_ALLOWED) {
                xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
-                                                GFP_ATOMIC | __GFP_NOMEMALLOC);
+                                                GFP_NOWAIT);
                if (!xpd->allowed)
                        goto error;
        }
        if (which & XPERMS_AUDITALLOW) {
                xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
-                                                GFP_ATOMIC | __GFP_NOMEMALLOC);
+                                                GFP_NOWAIT);
                if (!xpd->auditallow)
                        goto error;
        }
        if (which & XPERMS_DONTAUDIT) {
                xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
-                                                GFP_ATOMIC | __GFP_NOMEMALLOC);
+                                                GFP_NOWAIT);
                if (!xpd->dontaudit)
                        goto error;
        }
@@ -394,8 +393,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
 {
        struct avc_xperms_node *xp_node;
-        xp_node = kmem_cache_zalloc(avc_xperms_cachep,
+        xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
-                                GFP_ATOMIC|__GFP_NOMEMALLOC);
        if (!xp_node)
                return xp_node;
        INIT_LIST_HEAD(&xp_node->xpd_head);
@@ -548,7 +546,7 @@ static struct avc_node *avc_alloc_node(void)
 {
        struct avc_node *node;
-        node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC);
+        node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
        if (!node)
                goto out;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ad3b0f53ede0..f5d304736852 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3,7 +3,7 @@
 *
 *  This file contains the SELinux hook function implementations.
 *
- *  Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
+ *  Authors:  Stephen Smalley, <sds@tycho.nsa.gov>
 *            Chris Vance, <cvance@nai.com>
 *            Wayne Salamon, <wsalamon@nai.com>
 *            James Morris <jmorris@redhat.com>
@@ -815,7 +815,9 @@ static int selinux_set_mnt_opts(struct super_block *sb,
        if (!strcmp(sb->s_type->name, "debugfs") ||
            !strcmp(sb->s_type->name, "tracefs") ||
            !strcmp(sb->s_type->name, "sysfs") ||
-            !strcmp(sb->s_type->name, "pstore"))
+            !strcmp(sb->s_type->name, "pstore") ||
+            !strcmp(sb->s_type->name, "cgroup") ||
+            !strcmp(sb->s_type->name, "cgroup2"))
                sbsec->flags |= SE_SBGENFS;
        if (!sbsec->behavior) {
@@ -1303,6 +1305,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
                case SOCK_SEQPACKET:
                        return SECCLASS_UNIX_STREAM_SOCKET;
                case SOCK_DGRAM:
+                case SOCK_RAW:
                        return SECCLASS_UNIX_DGRAM_SOCKET;
                }
                break;
@@ -2317,6 +2320,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
        int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
        int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
        int rc;
+        u32 av;
        if (!nnp && !nosuid)
                return 0; /* neither NNP nor nosuid */
@@ -2325,24 +2329,40 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
                return 0; /* No change in credentials */
        /*
-         * The only transitions we permit under NNP or nosuid
+         * If the policy enables the nnp_nosuid_transition policy capability,
-         * are transitions to bounded SIDs, i.e. SIDs that are
+         * then we permit transitions under NNP or nosuid if the
-         * guaranteed to only be allowed a subset of the permissions
+         * policy allows the corresponding permission between
-         * of the current SID.
+         * the old and new contexts.
         */
-        rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
+        if (selinux_policycap_nnp_nosuid_transition) {
-        if (rc) {
+                av = 0;
-                /*
-                 * On failure, preserve the errno values for NNP vs nosuid.
-                 * NNP:  Operation not permitted for caller.
-                 * nosuid:  Permission denied to file.
-                 */
                if (nnp)
-                        return -EPERM;
+                        av |= PROCESS2__NNP_TRANSITION;
-                else
+                if (nosuid)
-                        return -EACCES;
+                        av |= PROCESS2__NOSUID_TRANSITION;
+                rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
+                                  SECCLASS_PROCESS2, av, NULL);
+                if (!rc)
+                        return 0;
        }
-        return 0;
+        /*
+         * We also permit NNP or nosuid transitions to bounded SIDs,
+         * i.e. SIDs that are guaranteed to only be allowed a subset
+         * of the permissions of the current SID.
+         */
+        rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
+        if (!rc)
+                return 0;
+        /*
+         * On failure, preserve the errno values for NNP vs nosuid.
+         * NNP:  Operation not permitted for caller.
+         * nosuid:  Permission denied to file.
+         */
+        if (nnp)
+                return -EPERM;
+        return -EACCES;
 }
 static int selinux_bprm_set_creds(struct linux_binprm *bprm)
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 0999df03af8b..a5004e9de11a 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -1,7 +1,7 @@
 /*
 * Access vector cache interface for object managers.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SELINUX_AVC_H_
 #define _SELINUX_AVC_H_
diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h
index d5c328452df0..37d57dadd476 100644
--- a/security/selinux/include/avc_ss.h
+++ b/security/selinux/include/avc_ss.h
@@ -1,7 +1,7 @@
 /*
 * Access vector cache interface for the security server.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SELINUX_AVC_SS_H_
 #define _SELINUX_AVC_SS_H_
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index b9fe3434b036..35ffb29a69cb 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -48,6 +48,8 @@ struct security_class_mapping secclass_map[] = {
            "setrlimit", "rlimitinh", "dyntransition", "setcurrent",
            "execmem", "execstack", "execheap", "setkeycreate",
            "setsockcreate", "getrlimit", NULL } },
+        { "process2",
+          { "nnp_transition", "nosuid_transition", NULL } },
        { "system",
          { "ipc_info", "syslog_read", "syslog_mod",
            "syslog_console", "module_request", "module_load", NULL } },
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 6ebc61e370ff..1649cd18eb0b 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -3,7 +3,7 @@
 *
 *  This file contains the SELinux security data structures for kernel objects.
 *
- *  Author(s):  Stephen Smalley, <sds@epoch.ncsc.mil>
+ *  Author(s):  Stephen Smalley, <sds@tycho.nsa.gov>
 *              Chris Vance, <cvance@nai.com>
 *              Wayne Salamon, <wsalamon@nai.com>
 *              James Morris <jmorris@redhat.com>
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index e91f08c16c0b..28dfb2f93e4d 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -1,7 +1,7 @@
 /*
 * Security server interface.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 *
 */
@@ -73,6 +73,7 @@ enum {
        POLICYDB_CAPABILITY_EXTSOCKCLASS,
        POLICYDB_CAPABILITY_ALWAYSNETWORK,
        POLICYDB_CAPABILITY_CGROUPSECLABEL,
+        POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
        __POLICYDB_CAPABILITY_MAX
 };
 #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
@@ -84,6 +85,7 @@ extern int selinux_policycap_openperm;
 extern int selinux_policycap_extsockclass;
 extern int selinux_policycap_alwaysnetwork;
 extern int selinux_policycap_cgroupseclabel;
+extern int selinux_policycap_nnp_nosuid_transition;
 /*
 * type_datum properties
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 3628d3a868b6..2c3c7d010d8a 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the access vector table type.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index d946c9dc3c9c..725853cadc42 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -5,7 +5,7 @@
 * table is used to represent the type enforcement
 * tables.
 *
- *  Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ *  Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
diff --git a/security/selinux/ss/constraint.h b/security/selinux/ss/constraint.h
index 96fd947c494b..33ae2aec4f36 100644
--- a/security/selinux/ss/constraint.h
+++ b/security/selinux/ss/constraint.h
@@ -10,7 +10,7 @@
 * process from labeling an object with a different user
 * identity.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SS_CONSTRAINT_H_
 #define _SS_CONSTRAINT_H_
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h
index 212e3479a0d9..a2c0f37c42ae 100644
--- a/security/selinux/ss/context.h
+++ b/security/selinux/ss/context.h
@@ -10,7 +10,7 @@
 * security server and can be changed without affecting
 * clients of the security server.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SS_CONTEXT_H_
 #define _SS_CONTEXT_H_
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index ad38299164c3..fc28149a4f2e 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the extensible bitmap type.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /*
 * Updated: Hewlett-Packard <paul@paul-moore.com>
diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
index 6d5a9ac4251f..da1325dda550 100644
--- a/security/selinux/ss/ebitmap.h
+++ b/security/selinux/ss/ebitmap.h
@@ -9,7 +9,7 @@
 * an explicitly specified starting bit position within
 * the total bitmap.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SS_EBITMAP_H_
 #define _SS_EBITMAP_H_
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 3858706a29fb..686c3917064c 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the hash table type.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #include <linux/kernel.h>
 #include <linux/slab.h>
diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
index 953872cd84ab..009fb5e06172 100644
--- a/security/selinux/ss/hashtab.h
+++ b/security/selinux/ss/hashtab.h
@@ -5,7 +5,7 @@
 * functions for hash computation and key comparison are
 * provided by the creator of the table.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SS_HASHTAB_H_
 #define _SS_HASHTAB_H_
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index e1088842232c..d9dc34f4fade 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the multi-level security (MLS) policy.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /*
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index e4369e3e6366..0f0a1d65b2ce 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -1,7 +1,7 @@
 /*
 * Multi-level security (MLS) policy operations.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /*
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
diff --git a/security/selinux/ss/mls_types.h b/security/selinux/ss/mls_types.h
index e93648774137..47f3702cd596 100644
--- a/security/selinux/ss/mls_types.h
+++ b/security/selinux/ss/mls_types.h
@@ -1,7 +1,7 @@
 /*
 * Type definitions for the multi-level security (MLS) policy.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /*
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index aa6500abb178..6e8c8056d7ad 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the policy database.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /*
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 5d23eed35fa7..215f8f30ac5a 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -2,7 +2,7 @@
 * A policy database (policydb) specifies the
 * configuration data for the security policy.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 /*
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2f02fa67ec2e..e4a1c0dc561a 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the security services.
 *
- * Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Authors : Stephen Smalley, <sds@tycho.nsa.gov>
 *           James Morris <jmorris@redhat.com>
 *
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
@@ -76,7 +76,8 @@ char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
        "open_perms",
        "extended_socket_class",
        "always_check_network",
-        "cgroup_seclabel"
+        "cgroup_seclabel",
+        "nnp_nosuid_transition"
 };
 int selinux_policycap_netpeer;
@@ -84,6 +85,7 @@ int selinux_policycap_openperm;
 int selinux_policycap_extsockclass;
 int selinux_policycap_alwaysnetwork;
 int selinux_policycap_cgroupseclabel;
+int selinux_policycap_nnp_nosuid_transition;
 static DEFINE_RWLOCK(policy_rwlock);
@@ -2009,6 +2011,9 @@ static void security_load_policycaps(void)
        selinux_policycap_cgroupseclabel =
                ebitmap_get_bit(&policydb.policycaps,
                                POLICYDB_CAPABILITY_CGROUPSECLABEL);
+        selinux_policycap_nnp_nosuid_transition =
+                ebitmap_get_bit(&policydb.policycaps,
+                                POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION);
        for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
                pr_info("SELinux:  policy capability %s=%d\n",
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 6abcd8729ec3..3d9fa9556b4f 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -1,7 +1,7 @@
 /*
 * Implementation of the security services.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SS_SERVICES_H_
 #define _SS_SERVICES_H_
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index c5f436b15d19..6ae08efc5ae7 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the SID table type.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #include <linux/kernel.h>
 #include <linux/slab.h>
diff --git a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h
index 84dc154d9389..de5d0ea583d2 100644
--- a/security/selinux/ss/sidtab.h
+++ b/security/selinux/ss/sidtab.h
@@ -2,7 +2,7 @@
 * A security identifier table (sidtab) is a hash table
 * of security context structures indexed by SID value.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SS_SIDTAB_H_
 #define _SS_SIDTAB_H_
diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c
index 160326ee99e5..d1a6745849a7 100644
--- a/security/selinux/ss/symtab.c
+++ b/security/selinux/ss/symtab.c
@@ -1,7 +1,7 @@
 /*
 * Implementation of the symbol table type.
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #include <linux/kernel.h>
 #include <linux/string.h>
diff --git a/security/selinux/ss/symtab.h b/security/selinux/ss/symtab.h
index ca422b42fbc0..0bc12d587d3a 100644
--- a/security/selinux/ss/symtab.h
+++ b/security/selinux/ss/symtab.h
@@ -4,7 +4,7 @@
 * is arbitrary.  The symbol table type is implemented
 * using the hash table type (hashtab).
 *
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 */
 #ifndef _SS_SYMTAB_H_
 #define _SS_SYMTAB_H_
author	Linus Torvalds <torvalds@linux-foundation.org>	2017-09-12 16:21:00 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-09-12 16:21:00 -0400
commit	7f85565a3f7194b966de71926471d69788b6b9c3 (patch)
tree	95f93ab1d18dc1121cd5ec71309c7e6cb4dedc7b
parent	680352bda57e3dbf21cddf6a5e23aff7e294fb31 (diff)
parent	0c3014f22dec0e1d14c8298551bfb6434638bdd9 (diff)