aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-11-18 04:14:30 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2011-11-18 04:14:30 -0500
commite36d5058dbf85aacf2fadf508f275afd37c58576 (patch)
tree35f2525f2666b272028ed0e956d43d547581eeb6
parenta9098b372606a15745cdeb012de4ee91c0df82c4 (diff)
parentb85c804d5ad48f239871b95afbddd84422e06f25 (diff)
Merge branch 'for-linus' of git://git.selinuxproject.org/~jmorris/linux-security
* 'for-linus' of git://git.selinuxproject.org/~jmorris/linux-security: encrypted-keys: module build fixes encrypted-keys: fix error return code Smack: smackfs cipso seq read repair
-rw-r--r--security/keys/encrypted-keys/Makefile8
-rw-r--r--security/keys/encrypted-keys/encrypted.c2
-rw-r--r--security/keys/encrypted-keys/encrypted.h3
-rw-r--r--security/smack/smackfs.c115
4 files changed, 48 insertions, 80 deletions
diff --git a/security/keys/encrypted-keys/Makefile b/security/keys/encrypted-keys/Makefile
index 6bc7a86d1027..d6f8433250a5 100644
--- a/security/keys/encrypted-keys/Makefile
+++ b/security/keys/encrypted-keys/Makefile
@@ -2,5 +2,9 @@
2# Makefile for encrypted keys 2# Makefile for encrypted keys
3# 3#
4 4
5obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted.o ecryptfs_format.o 5obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
6obj-$(CONFIG_TRUSTED_KEYS) += masterkey_trusted.o 6
7encrypted-keys-y := encrypted.o ecryptfs_format.o
8masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o
9masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o
10encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index dcc843cb0f80..41144f71d615 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -444,7 +444,7 @@ static struct key *request_master_key(struct encrypted_key_payload *epayload,
444 goto out; 444 goto out;
445 445
446 if (IS_ERR(mkey)) { 446 if (IS_ERR(mkey)) {
447 int ret = PTR_ERR(epayload); 447 int ret = PTR_ERR(mkey);
448 448
449 if (ret == -ENOTSUPP) 449 if (ret == -ENOTSUPP)
450 pr_info("encrypted_key: key %s not supported", 450 pr_info("encrypted_key: key %s not supported",
diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h
index b6ade8945250..8136a2d44c63 100644
--- a/security/keys/encrypted-keys/encrypted.h
+++ b/security/keys/encrypted-keys/encrypted.h
@@ -2,7 +2,8 @@
2#define __ENCRYPTED_KEY_H 2#define __ENCRYPTED_KEY_H
3 3
4#define ENCRYPTED_DEBUG 0 4#define ENCRYPTED_DEBUG 0
5#ifdef CONFIG_TRUSTED_KEYS 5#if defined(CONFIG_TRUSTED_KEYS) || \
6 (defined(CONFIG_TRUSTED_KEYS_MODULE) && defined(CONFIG_ENCRYPTED_KEYS_MODULE))
6extern struct key *request_trusted_key(const char *trusted_desc, 7extern struct key *request_trusted_key(const char *trusted_desc,
7 u8 **master_key, size_t *master_keylen); 8 u8 **master_key, size_t *master_keylen);
8#else 9#else
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 6aceef518a41..5c32f36ff706 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -102,9 +102,6 @@ static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
102 102
103const char *smack_cipso_option = SMACK_CIPSO_OPTION; 103const char *smack_cipso_option = SMACK_CIPSO_OPTION;
104 104
105
106#define SEQ_READ_FINISHED ((loff_t)-1)
107
108/* 105/*
109 * Values for parsing cipso rules 106 * Values for parsing cipso rules
110 * SMK_DIGITLEN: Length of a digit field in a rule. 107 * SMK_DIGITLEN: Length of a digit field in a rule.
@@ -357,10 +354,12 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
357 354
358 rc = count; 355 rc = count;
359 /* 356 /*
357 * If this is "load" as opposed to "load-self" and a new rule
358 * it needs to get added for reporting.
360 * smk_set_access returns true if there was already a rule 359 * smk_set_access returns true if there was already a rule
361 * for the subject/object pair, and false if it was new. 360 * for the subject/object pair, and false if it was new.
362 */ 361 */
363 if (!smk_set_access(rule, rule_list, rule_lock)) { 362 if (load && !smk_set_access(rule, rule_list, rule_lock)) {
364 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); 363 smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
365 if (smlp != NULL) { 364 if (smlp != NULL) {
366 smlp->smk_rule = rule; 365 smlp->smk_rule = rule;
@@ -377,12 +376,12 @@ out:
377 return rc; 376 return rc;
378} 377}
379 378
380
381/* 379/*
382 * Seq_file read operations for /smack/load 380 * Core logic for smackfs seq list operations.
383 */ 381 */
384 382
385static void *load_seq_start(struct seq_file *s, loff_t *pos) 383static void *smk_seq_start(struct seq_file *s, loff_t *pos,
384 struct list_head *head)
386{ 385{
387 struct list_head *list; 386 struct list_head *list;
388 387
@@ -390,7 +389,7 @@ static void *load_seq_start(struct seq_file *s, loff_t *pos)
390 * This is 0 the first time through. 389 * This is 0 the first time through.
391 */ 390 */
392 if (s->index == 0) 391 if (s->index == 0)
393 s->private = &smack_rule_list; 392 s->private = head;
394 393
395 if (s->private == NULL) 394 if (s->private == NULL)
396 return NULL; 395 return NULL;
@@ -404,11 +403,12 @@ static void *load_seq_start(struct seq_file *s, loff_t *pos)
404 return list; 403 return list;
405} 404}
406 405
407static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos) 406static void *smk_seq_next(struct seq_file *s, void *v, loff_t *pos,
407 struct list_head *head)
408{ 408{
409 struct list_head *list = v; 409 struct list_head *list = v;
410 410
411 if (list_is_last(list, &smack_rule_list)) { 411 if (list_is_last(list, head)) {
412 s->private = NULL; 412 s->private = NULL;
413 return NULL; 413 return NULL;
414 } 414 }
@@ -416,6 +416,25 @@ static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos)
416 return list->next; 416 return list->next;
417} 417}
418 418
419static void smk_seq_stop(struct seq_file *s, void *v)
420{
421 /* No-op */
422}
423
424/*
425 * Seq_file read operations for /smack/load
426 */
427
428static void *load_seq_start(struct seq_file *s, loff_t *pos)
429{
430 return smk_seq_start(s, pos, &smack_rule_list);
431}
432
433static void *load_seq_next(struct seq_file *s, void *v, loff_t *pos)
434{
435 return smk_seq_next(s, v, pos, &smack_rule_list);
436}
437
419static int load_seq_show(struct seq_file *s, void *v) 438static int load_seq_show(struct seq_file *s, void *v)
420{ 439{
421 struct list_head *list = v; 440 struct list_head *list = v;
@@ -446,16 +465,11 @@ static int load_seq_show(struct seq_file *s, void *v)
446 return 0; 465 return 0;
447} 466}
448 467
449static void load_seq_stop(struct seq_file *s, void *v)
450{
451 /* No-op */
452}
453
454static const struct seq_operations load_seq_ops = { 468static const struct seq_operations load_seq_ops = {
455 .start = load_seq_start, 469 .start = load_seq_start,
456 .next = load_seq_next, 470 .next = load_seq_next,
457 .show = load_seq_show, 471 .show = load_seq_show,
458 .stop = load_seq_stop, 472 .stop = smk_seq_stop,
459}; 473};
460 474
461/** 475/**
@@ -574,28 +588,12 @@ static void smk_unlbl_ambient(char *oldambient)
574 588
575static void *cipso_seq_start(struct seq_file *s, loff_t *pos) 589static void *cipso_seq_start(struct seq_file *s, loff_t *pos)
576{ 590{
577 if (*pos == SEQ_READ_FINISHED) 591 return smk_seq_start(s, pos, &smack_known_list);
578 return NULL;
579 if (list_empty(&smack_known_list))
580 return NULL;
581
582 return smack_known_list.next;
583} 592}
584 593
585static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos) 594static void *cipso_seq_next(struct seq_file *s, void *v, loff_t *pos)
586{ 595{
587 struct list_head *list = v; 596 return smk_seq_next(s, v, pos, &smack_known_list);
588
589 /*
590 * labels with no associated cipso value wont be printed
591 * in cipso_seq_show
592 */
593 if (list_is_last(list, &smack_known_list)) {
594 *pos = SEQ_READ_FINISHED;
595 return NULL;
596 }
597
598 return list->next;
599} 597}
600 598
601/* 599/*
@@ -634,16 +632,11 @@ static int cipso_seq_show(struct seq_file *s, void *v)
634 return 0; 632 return 0;
635} 633}
636 634
637static void cipso_seq_stop(struct seq_file *s, void *v)
638{
639 /* No-op */
640}
641
642static const struct seq_operations cipso_seq_ops = { 635static const struct seq_operations cipso_seq_ops = {
643 .start = cipso_seq_start, 636 .start = cipso_seq_start,
644 .stop = cipso_seq_stop,
645 .next = cipso_seq_next, 637 .next = cipso_seq_next,
646 .show = cipso_seq_show, 638 .show = cipso_seq_show,
639 .stop = smk_seq_stop,
647}; 640};
648 641
649/** 642/**
@@ -788,23 +781,12 @@ static const struct file_operations smk_cipso_ops = {
788 781
789static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos) 782static void *netlbladdr_seq_start(struct seq_file *s, loff_t *pos)
790{ 783{
791 if (*pos == SEQ_READ_FINISHED) 784 return smk_seq_start(s, pos, &smk_netlbladdr_list);
792 return NULL;
793 if (list_empty(&smk_netlbladdr_list))
794 return NULL;
795 return smk_netlbladdr_list.next;
796} 785}
797 786
798static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos) 787static void *netlbladdr_seq_next(struct seq_file *s, void *v, loff_t *pos)
799{ 788{
800 struct list_head *list = v; 789 return smk_seq_next(s, v, pos, &smk_netlbladdr_list);
801
802 if (list_is_last(list, &smk_netlbladdr_list)) {
803 *pos = SEQ_READ_FINISHED;
804 return NULL;
805 }
806
807 return list->next;
808} 790}
809#define BEBITS (sizeof(__be32) * 8) 791#define BEBITS (sizeof(__be32) * 8)
810 792
@@ -828,16 +810,11 @@ static int netlbladdr_seq_show(struct seq_file *s, void *v)
828 return 0; 810 return 0;
829} 811}
830 812
831static void netlbladdr_seq_stop(struct seq_file *s, void *v)
832{
833 /* No-op */
834}
835
836static const struct seq_operations netlbladdr_seq_ops = { 813static const struct seq_operations netlbladdr_seq_ops = {
837 .start = netlbladdr_seq_start, 814 .start = netlbladdr_seq_start,
838 .stop = netlbladdr_seq_stop,
839 .next = netlbladdr_seq_next, 815 .next = netlbladdr_seq_next,
840 .show = netlbladdr_seq_show, 816 .show = netlbladdr_seq_show,
817 .stop = smk_seq_stop,
841}; 818};
842 819
843/** 820/**
@@ -1405,23 +1382,14 @@ static void *load_self_seq_start(struct seq_file *s, loff_t *pos)
1405{ 1382{
1406 struct task_smack *tsp = current_security(); 1383 struct task_smack *tsp = current_security();
1407 1384
1408 if (*pos == SEQ_READ_FINISHED) 1385 return smk_seq_start(s, pos, &tsp->smk_rules);
1409 return NULL;
1410 if (list_empty(&tsp->smk_rules))
1411 return NULL;
1412 return tsp->smk_rules.next;
1413} 1386}
1414 1387
1415static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) 1388static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos)
1416{ 1389{
1417 struct task_smack *tsp = current_security(); 1390 struct task_smack *tsp = current_security();
1418 struct list_head *list = v;
1419 1391
1420 if (list_is_last(list, &tsp->smk_rules)) { 1392 return smk_seq_next(s, v, pos, &tsp->smk_rules);
1421 *pos = SEQ_READ_FINISHED;
1422 return NULL;
1423 }
1424 return list->next;
1425} 1393}
1426 1394
1427static int load_self_seq_show(struct seq_file *s, void *v) 1395static int load_self_seq_show(struct seq_file *s, void *v)
@@ -1453,16 +1421,11 @@ static int load_self_seq_show(struct seq_file *s, void *v)
1453 return 0; 1421 return 0;
1454} 1422}
1455 1423
1456static void load_self_seq_stop(struct seq_file *s, void *v)
1457{
1458 /* No-op */
1459}
1460
1461static const struct seq_operations load_self_seq_ops = { 1424static const struct seq_operations load_self_seq_ops = {
1462 .start = load_self_seq_start, 1425 .start = load_self_seq_start,
1463 .next = load_self_seq_next, 1426 .next = load_self_seq_next,
1464 .show = load_self_seq_show, 1427 .show = load_self_seq_show,
1465 .stop = load_self_seq_stop, 1428 .stop = smk_seq_stop,
1466}; 1429};
1467 1430
1468 1431