Merge tag 'char-misc-3.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char / misc patches from Greg KH:
 "Here's the big char/misc driver update for 3.20-rc1.

  Lots of little things in here, all described in the changelog.
  Nothing major or unusual, except maybe the binder selinux stuff, which
  was all acked by the proper selinux people and they thought it best to
  come through this tree.

  All of this has been in linux-next with no reported issues for a while"

* tag 'char-misc-3.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (90 commits)
  coresight: fix function etm_writel_cp14() parameter order
  coresight-etm: remove check for unknown Kconfig macro
  coresight: fixing CPU hwid lookup in device tree
  coresight: remove the unnecessary function coresight_is_bit_set()
  coresight: fix the debug AMBA bus name
  coresight: remove the extra spaces
  coresight: fix the link between orphan connection and newly added device
  coresight: remove the unnecessary replicator property
  coresight: fix the replicator subtype value
  pdfdocs: Fix 'make pdfdocs' failure for 'uio-howto.tmpl'
  mcb: Fix error path of mcb_pci_probe
  virtio/console: verify device has config space
  ti-st: clean up data types (fix harmless memory corruption)
  mei: me: release hw from reset only during the reset flow
  mei: mask interrupt set bit on clean reset bit
  extcon: max77693: Constify struct regmap_config
  extcon: adc-jack: Release IIO channel on driver remove
  extcon: Remove duplicated include from extcon-class.c
  Drivers: hv: vmbus: hv_process_timer_expiration() can be static
  Drivers: hv: vmbus: serialize Offer and Rescind offer
  ...

2 files changed, 75 insertions, 0 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 87a915656eab..29c39e0b03ed 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1920,6 +1920,74 @@ static inline u32 open_file_to_av(struct file *file)
 
 /* Hook functions begin here. */
 
+static int selinux_binder_set_context_mgr(struct task_struct *mgr)
+{
+        u32 mysid = current_sid();
+        u32 mgrsid = task_sid(mgr);
+
+        return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER,
+                            BINDER__SET_CONTEXT_MGR, NULL);
+}
+
+static int selinux_binder_transaction(struct task_struct *from,
+                                      struct task_struct *to)
+{
+        u32 mysid = current_sid();
+        u32 fromsid = task_sid(from);
+        u32 tosid = task_sid(to);
+        int rc;
+
+        if (mysid != fromsid) {
+                rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER,
+                                  BINDER__IMPERSONATE, NULL);
+                if (rc)
+                        return rc;
+        }
+
+        return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
+                            NULL);
+}
+
+static int selinux_binder_transfer_binder(struct task_struct *from,
+                                          struct task_struct *to)
+{
+        u32 fromsid = task_sid(from);
+        u32 tosid = task_sid(to);
+
+        return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
+                            NULL);
+}
+
+static int selinux_binder_transfer_file(struct task_struct *from,
+                                        struct task_struct *to,
+                                        struct file *file)
+{
+        u32 sid = task_sid(to);
+        struct file_security_struct *fsec = file->f_security;
+        struct inode *inode = file->f_path.dentry->d_inode;
+        struct inode_security_struct *isec = inode->i_security;
+        struct common_audit_data ad;
+        int rc;
+
+        ad.type = LSM_AUDIT_DATA_PATH;
+        ad.u.path = file->f_path;
+
+        if (sid != fsec->sid) {
+                rc = avc_has_perm(sid, fsec->sid,
+                                  SECCLASS_FD,
+                                  FD__USE,
+                                  &ad);
+                if (rc)
+                        return rc;
+        }
+
+        if (unlikely(IS_PRIVATE(inode)))
+                return 0;
+
+        return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
+                            &ad);
+}
+
 static int selinux_ptrace_access_check(struct task_struct *child,
                                      unsigned int mode)
 {
@@ -5797,6 +5865,11 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
 static struct security_operations selinux_ops = {
         .name =                         "selinux",
 
+        .binder_set_context_mgr =       selinux_binder_set_context_mgr,
+        .binder_transaction =           selinux_binder_transaction,
+        .binder_transfer_binder =       selinux_binder_transfer_binder,
+        .binder_transfer_file =         selinux_binder_transfer_file,
+
         .ptrace_access_check =          selinux_ptrace_access_check,
         .ptrace_traceme =               selinux_ptrace_traceme,
         .capget =                       selinux_capget,
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index be491a74c1ed..eccd61b3de8a 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -151,5 +151,7 @@ struct security_class_mapping secclass_map[] = {
         { "kernel_service", { "use_as_override", "create_files_as", NULL } },
         { "tun_socket",
           { COMMON_SOCK_PERMS, "attach_queue", NULL } },
+        { "binder", { "impersonate", "call", "set_context_mgr", "transfer",
+                      NULL } },
         { NULL }
   };