Merge branch 'for-4.12/asus' into for-linus

1 files changed, 12 insertions, 8 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9bc12bcddc2c..0c2ac318aa7f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -28,7 +28,8 @@
 #include <linux/kernel.h>
 #include <linux/tracehook.h>
 #include <linux/errno.h>
-#include <linux/sched.h>
+#include <linux/sched/signal.h>
+#include <linux/sched/task.h>
 #include <linux/lsm_hooks.h>
 #include <linux/xattr.h>
 #include <linux/capability.h>
@@ -480,12 +481,13 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
                 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
                 /* Special handling. Genfs but also in-core setxattr handler */
                 !strcmp(sb->s_type->name, "sysfs") ||
-                !strcmp(sb->s_type->name, "cgroup") ||
-                !strcmp(sb->s_type->name, "cgroup2") ||
                 !strcmp(sb->s_type->name, "pstore") ||
                 !strcmp(sb->s_type->name, "debugfs") ||
                 !strcmp(sb->s_type->name, "tracefs") ||
-                !strcmp(sb->s_type->name, "rootfs");
+                !strcmp(sb->s_type->name, "rootfs") ||
+                (selinux_policycap_cgroupseclabel &&
+                 (!strcmp(sb->s_type->name, "cgroup") ||
+                  !strcmp(sb->s_type->name, "cgroup2")));
 }
 
 static int sb_finish_set_opts(struct super_block *sb)
@@ -1401,7 +1403,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
                         return SECCLASS_KCM_SOCKET;
                 case PF_QIPCRTR:
                         return SECCLASS_QIPCRTR_SOCKET;
-#if PF_MAX > 43
+                case PF_SMC:
+                        return SECCLASS_SMC_SOCKET;
+#if PF_MAX > 44
 #error New address family defined, please update this function.
 #endif
                 }
@@ -2397,8 +2401,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
 
                 /* Make sure that anyone attempting to ptrace over a task that
                  * changes its SID has the appropriate permit */
-                if (bprm->unsafe &
-                    (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
+                if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
                         u32 ptsid = ptrace_parent_sid();
                         if (ptsid != 0) {
                                 rc = avc_has_perm(ptsid, new_tsec->sid,
@@ -4363,7 +4366,8 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 
                         inet_get_local_port_range(sock_net(sk), &low, &high);
 
-                        if (snum < max(PROT_SOCK, low) || snum > high) {
+                        if (snum < max(inet_prot_sock(sock_net(sk)), low) ||
+                            snum > high) {
                                 err = sel_netport_sid(sk->sk_protocol,
                                                       snum, &sid);
                                 if (err)