diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-05-03 11:50:52 -0400 |
| commit | 0302e28dee643932ee7b3c112ebccdbb9f8ec32c (patch) | |
| tree | 405d4cb3f772ef069ed7f291adc4b74a4e73346e /security/selinux/nlmsgtab.c | |
| parent | 89c9fea3c8034cdb2fd745f551cde0b507fd6893 (diff) | |
| parent | 8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
IMA:
- provide ">" and "<" operators for fowner/uid/euid rules
KEYS:
- add a system blacklist keyring
- add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via keyctl()
LSM:
- harden LSM API with __ro_after_init
- add prlmit security hook, implement for SELinux
- revive security_task_alloc hook
TPM:
- implement contextual TPM command 'spaces'"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
tpm: Fix reference count to main device
tpm_tis: convert to using locality callbacks
tpm: fix handling of the TPM 2.0 event logs
tpm_crb: remove a cruft constant
keys: select CONFIG_CRYPTO when selecting DH / KDF
apparmor: Make path_max parameter readonly
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: use SHASH_DESC_ON_STACK
security/apparmor/lsm.c: set debug messages
apparmor: fix boolreturn.cocci warnings
Smack: Use GFP_KERNEL for smk_netlbl_mls().
smack: fix double free in smack_parse_opts_str()
KEYS: add SP800-56A KDF support for DH
KEYS: Keyring asymmetric key restrict method with chaining
KEYS: Restrict asymmetric key linkage using a specific keychain
KEYS: Add a lookup_restriction function for the asymmetric key type
KEYS: Add KEYCTL_RESTRICT_KEYRING
KEYS: Consistent ordering for __key_link_begin and restrict check
KEYS: Add an optional lookup_restriction hook to key_type
...
Diffstat (limited to 'security/selinux/nlmsgtab.c')
| -rw-r--r-- | security/selinux/nlmsgtab.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 8e67bb4c9cab..5aeaf30b7a13 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
| @@ -28,7 +28,7 @@ struct nlmsg_perm { | |||
| 28 | u32 perm; | 28 | u32 perm; |
| 29 | }; | 29 | }; |
| 30 | 30 | ||
| 31 | static struct nlmsg_perm nlmsg_route_perms[] = | 31 | static const struct nlmsg_perm nlmsg_route_perms[] = |
| 32 | { | 32 | { |
| 33 | { RTM_NEWLINK, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | 33 | { RTM_NEWLINK, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, |
| 34 | { RTM_DELLINK, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | 34 | { RTM_DELLINK, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, |
| @@ -81,7 +81,7 @@ static struct nlmsg_perm nlmsg_route_perms[] = | |||
| 81 | { RTM_GETSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ }, | 81 | { RTM_GETSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ }, |
| 82 | }; | 82 | }; |
| 83 | 83 | ||
| 84 | static struct nlmsg_perm nlmsg_tcpdiag_perms[] = | 84 | static const struct nlmsg_perm nlmsg_tcpdiag_perms[] = |
| 85 | { | 85 | { |
| 86 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | 86 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, |
| 87 | { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | 87 | { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, |
| @@ -89,7 +89,7 @@ static struct nlmsg_perm nlmsg_tcpdiag_perms[] = | |||
| 89 | { SOCK_DESTROY, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE }, | 89 | { SOCK_DESTROY, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE }, |
| 90 | }; | 90 | }; |
| 91 | 91 | ||
| 92 | static struct nlmsg_perm nlmsg_xfrm_perms[] = | 92 | static const struct nlmsg_perm nlmsg_xfrm_perms[] = |
| 93 | { | 93 | { |
| 94 | { XFRM_MSG_NEWSA, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, | 94 | { XFRM_MSG_NEWSA, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, |
| 95 | { XFRM_MSG_DELSA, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, | 95 | { XFRM_MSG_DELSA, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, |
| @@ -116,7 +116,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] = | |||
| 116 | { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ }, | 116 | { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ }, |
| 117 | }; | 117 | }; |
| 118 | 118 | ||
| 119 | static struct nlmsg_perm nlmsg_audit_perms[] = | 119 | static const struct nlmsg_perm nlmsg_audit_perms[] = |
| 120 | { | 120 | { |
| 121 | { AUDIT_GET, NETLINK_AUDIT_SOCKET__NLMSG_READ }, | 121 | { AUDIT_GET, NETLINK_AUDIT_SOCKET__NLMSG_READ }, |
| 122 | { AUDIT_SET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, | 122 | { AUDIT_SET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, |
| @@ -137,7 +137,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] = | |||
| 137 | }; | 137 | }; |
| 138 | 138 | ||
| 139 | 139 | ||
| 140 | static int nlmsg_perm(u16 nlmsg_type, u32 *perm, struct nlmsg_perm *tab, size_t tabsize) | 140 | static int nlmsg_perm(u16 nlmsg_type, u32 *perm, const struct nlmsg_perm *tab, size_t tabsize) |
| 141 | { | 141 | { |
| 142 | int i, err = -EINVAL; | 142 | int i, err = -EINVAL; |
| 143 | 143 | ||