diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-06 19:29:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-06 19:29:52 -0400 |
| commit | 8b70543e9af036984a52800811416b74978ae4de (patch) | |
| tree | 64e00b2d97b2398b4940667390f2bf729c3b15cc | |
| parent | 10b1eb7d8ce5635a7deb273f8291d8a0a7681de1 (diff) | |
| parent | d141136f523a3a6372d22981bdff7a8906f36fea (diff) | |
Merge tag 'selinux-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
"SELinux is back with a quiet pull request for v4.18. Three patches,
all small: two cleanups of the SELinux audit records, and one to
migrate to a newly defined type (vm_fault_t).
Everything passes our test suite, and as of about five minutes ago it
merged cleanly with your tree"
* tag 'selinux-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
audit: normalize MAC_POLICY_LOAD record
audit: normalize MAC_STATUS record
security: selinux: Change return type to vm_fault_t
| -rw-r--r-- | security/selinux/selinuxfs.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 245160373dab..c0cadbc5f85c 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -168,10 +168,12 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, | |||
| 168 | if (length) | 168 | if (length) |
| 169 | goto out; | 169 | goto out; |
| 170 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | 170 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, |
| 171 | "enforcing=%d old_enforcing=%d auid=%u ses=%u", | 171 | "enforcing=%d old_enforcing=%d auid=%u ses=%u" |
| 172 | " enabled=%d old-enabled=%d lsm=selinux res=1", | ||
| 172 | new_value, old_value, | 173 | new_value, old_value, |
| 173 | from_kuid(&init_user_ns, audit_get_loginuid(current)), | 174 | from_kuid(&init_user_ns, audit_get_loginuid(current)), |
| 174 | audit_get_sessionid(current)); | 175 | audit_get_sessionid(current), |
| 176 | selinux_enabled, selinux_enabled); | ||
| 175 | enforcing_set(state, new_value); | 177 | enforcing_set(state, new_value); |
| 176 | if (new_value) | 178 | if (new_value) |
| 177 | avc_ss_reset(state->avc, 0); | 179 | avc_ss_reset(state->avc, 0); |
| @@ -279,6 +281,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, | |||
| 279 | char *page; | 281 | char *page; |
| 280 | ssize_t length; | 282 | ssize_t length; |
| 281 | int new_value; | 283 | int new_value; |
| 284 | int enforcing; | ||
| 282 | 285 | ||
| 283 | if (count >= PAGE_SIZE) | 286 | if (count >= PAGE_SIZE) |
| 284 | return -ENOMEM; | 287 | return -ENOMEM; |
| @@ -296,13 +299,16 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, | |||
| 296 | goto out; | 299 | goto out; |
| 297 | 300 | ||
| 298 | if (new_value) { | 301 | if (new_value) { |
| 302 | enforcing = enforcing_enabled(fsi->state); | ||
| 299 | length = selinux_disable(fsi->state); | 303 | length = selinux_disable(fsi->state); |
| 300 | if (length) | 304 | if (length) |
| 301 | goto out; | 305 | goto out; |
| 302 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | 306 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, |
| 303 | "selinux=0 auid=%u ses=%u", | 307 | "enforcing=%d old_enforcing=%d auid=%u ses=%u" |
| 308 | " enabled=%d old-enabled=%d lsm=selinux res=1", | ||
| 309 | enforcing, enforcing, | ||
| 304 | from_kuid(&init_user_ns, audit_get_loginuid(current)), | 310 | from_kuid(&init_user_ns, audit_get_loginuid(current)), |
| 305 | audit_get_sessionid(current)); | 311 | audit_get_sessionid(current), 0, 1); |
| 306 | } | 312 | } |
| 307 | 313 | ||
| 308 | length = count; | 314 | length = count; |
| @@ -453,7 +459,7 @@ out: | |||
| 453 | return ret; | 459 | return ret; |
| 454 | } | 460 | } |
| 455 | 461 | ||
| 456 | static int sel_mmap_policy_fault(struct vm_fault *vmf) | 462 | static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) |
| 457 | { | 463 | { |
| 458 | struct policy_load_memory *plm = vmf->vma->vm_file->private_data; | 464 | struct policy_load_memory *plm = vmf->vma->vm_file->private_data; |
| 459 | unsigned long offset; | 465 | unsigned long offset; |
| @@ -576,7 +582,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, | |||
| 576 | 582 | ||
| 577 | out1: | 583 | out1: |
| 578 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, | 584 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, |
| 579 | "policy loaded auid=%u ses=%u", | 585 | "auid=%u ses=%u lsm=selinux res=1", |
| 580 | from_kuid(&init_user_ns, audit_get_loginuid(current)), | 586 | from_kuid(&init_user_ns, audit_get_loginuid(current)), |
| 581 | audit_get_sessionid(current)); | 587 | audit_get_sessionid(current)); |
| 582 | out: | 588 | out: |