Merge branch 'serge-next-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security

Pull security layer updates from Serge Hallyn: "This is a merge of James Morris' security-next tree from 3.14 to yesterday's master, plus four patches from Paul Moore which are in linux-next, plus one patch from Mimi" * 'serge-next-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security: ima: audit log files opened with O_DIRECT flag selinux: conditionally reschedule in hashtab_insert while loading selinux policy selinux: conditionally reschedule in mls_convert_context while loading selinux policy selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES selinux: Report permissive mode in avc: denied messages. Warning in scanf string typing Smack: Label cgroup files for systemd Smack: Verify read access on file open - v3 security: Convert use of typedef ctl_table to struct ctl_table Smack: bidirectional UDS connect check Smack: Correctly remove SMACK64TRANSMUTE attribute SMACK: Fix handling value==NULL in post setxattr bugfix patch for SMACK Smack: adds smackfs/ptrace interface Smack: unify all ptrace accesses in the smack Smack: fix the subject/object order in smack_ptrace_traceme() Minor improvement of 'smack_sb_kern_mount' smack: fix key permission verification KEYS: Move the flags representing required permission to linux/key.h
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-06-10 13:05:36 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-06-10 13:05:36 -0400
commit: fad0701eaa091beb8ce5ef2eef04b5e833617368 (patch)
tree: 788297c7b05b167599265013ef8ec473a0d367fe /security/selinux
parent: d53b47c08d8fda1892f47393de8eeab4e34b3188 (diff)
parent: f9b2a735bdddf836214b5dca74f6ca7712e5a08c (diff)
5 files changed, 21 insertions, 8 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index fc3e6628a864..a18f1fa6440b 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -444,11 +444,15 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
        avc_dump_query(ab, ad->selinux_audit_data->ssid,
                           ad->selinux_audit_data->tsid,
                           ad->selinux_audit_data->tclass);
+        if (ad->selinux_audit_data->denied) {
+                audit_log_format(ab, " permissive=%u",
+                                 ad->selinux_audit_data->result ? 0 : 1);
+        }
 }
 /* This is the slow part of avc audit with big stack footprint */
 noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
-                u32 requested, u32 audited, u32 denied,
+                u32 requested, u32 audited, u32 denied, int result,
                struct common_audit_data *a,
                unsigned flags)
 {
@@ -477,6 +481,7 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
        sad.tsid = tsid;
        sad.audited = audited;
        sad.denied = denied;
+        sad.result = result;
        a->selinux_audit_data = &sad;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2c7341dbc5d6..83d06db34d03 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2123,11 +2123,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
                new_tsec->exec_sid = 0;
                /*
-                 * Minimize confusion: if no_new_privs and a transition is
+                 * Minimize confusion: if no_new_privs or nosuid and a
-                 * explicitly requested, then fail the exec.
+                 * transition is explicitly requested, then fail the exec.
                 */
                if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
                        return -EPERM;
+                if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
+                        return -EACCES;
        } else {
                /* Check for a default transition on this program. */
                rc = security_transition_sid(old_tsec->sid, isec->sid,
@@ -2770,6 +2772,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
 static noinline int audit_inode_permission(struct inode *inode,
                                           u32 perms, u32 audited, u32 denied,
+                                           int result,
                                           unsigned flags)
 {
        struct common_audit_data ad;
@@ -2780,7 +2783,7 @@ static noinline int audit_inode_permission(struct inode *inode,
        ad.u.inode = inode;
        rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
-                            audited, denied, &ad, flags);
+                            audited, denied, result, &ad, flags);
        if (rc)
                return rc;
        return 0;
@@ -2822,7 +2825,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
        if (likely(!audited))
                return rc;
-        rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
+        rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
        if (rc2)
                return rc2;
        return rc;
@@ -5722,7 +5725,7 @@ static void selinux_key_free(struct key *k)
 static int selinux_key_permission(key_ref_t key_ref,
                                  const struct cred *cred,
-                                  key_perm_t perm)
+                                  unsigned perm)
 {
        struct key *key;
        struct key_security_struct *ksec;
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index f53ee3c58d0f..ddf8eec03f21 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -102,7 +102,7 @@ static inline u32 avc_audit_required(u32 requested,
 }
 int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
-                   u32 requested, u32 audited, u32 denied,
+                   u32 requested, u32 audited, u32 denied, int result,
                   struct common_audit_data *a,
                   unsigned flags);
@@ -137,7 +137,7 @@ static inline int avc_audit(u32 ssid, u32 tsid,
        if (likely(!audited))
                return 0;
        return slow_avc_audit(ssid, tsid, tclass,
-                              requested, audited, denied,
+                              requested, audited, denied, result,
                              a, 0);
 }
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 933e735bb185..2cc496149842 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -6,6 +6,7 @@
 #include <linux/kernel.h>
 #include <linux/slab.h>
 #include <linux/errno.h>
+#include <linux/sched.h>
 #include "hashtab.h"
 struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key),
@@ -40,6 +41,8 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum)
        u32 hvalue;
        struct hashtab_node *prev, *cur, *newnode;
+        cond_resched();
        if (!h || h->nel == HASHTAB_MAX_NODES)
                return -EINVAL;
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index c85bc1ec040c..d307b37ddc2b 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -492,6 +492,8 @@ int mls_convert_context(struct policydb *oldp,
                        rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
                        if (rc)
                                return rc;
+                        cond_resched();
                }
                ebitmap_destroy(&c->range.level[l].cat);
                c->range.level[l].cat = bitmap;
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-06-10 13:05:36 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-06-10 13:05:36 -0400
commit	fad0701eaa091beb8ce5ef2eef04b5e833617368 (patch)
tree	788297c7b05b167599265013ef8ec473a0d367fe /security/selinux
parent	d53b47c08d8fda1892f47393de8eeab4e34b3188 (diff)
parent	f9b2a735bdddf836214b5dca74f6ca7712e5a08c (diff)