<feed xmlns='http://www.w3.org/2005/Atom'>
<title>litmus2008.git/security/selinux/include, branch master</title>
<subtitle>[ARCHIVE] Old LITMUS^RT 2008 version (for reference).</subtitle>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/'/>
<entry>
<title>SELinux: policy selectable handling of unknown classes and perms</title>
<updated>2007-10-16T22:59:33+00:00</updated>
<author>
<name>Eric Paris</name>
<email>eparis@redhat.com</email>
</author>
<published>2007-09-21T18:37:10+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=3f12070e27b4a213d62607d2bff139793089a77d'/>
<id>3f12070e27b4a213d62607d2bff139793089a77d</id>
<content type='text'>
Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes.  The three choices for the
policy flags are

0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access

The policy's choice is exported through 2 booleans in
selinuxfs.  /selinux/deny_unknown and /selinux/reject_unknown.

Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Acked-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes.  The three choices for the
policy flags are

0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access

The policy's choice is exported through 2 booleans in
selinuxfs.  /selinux/deny_unknown and /selinux/reject_unknown.

Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Acked-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>SELinux: Improve read/write performance</title>
<updated>2007-10-16T22:59:31+00:00</updated>
<author>
<name>Yuichi Nakamura</name>
<email>ynakam@hitachisoft.jp</email>
</author>
<published>2007-09-14T00:27:07+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=788e7dd4c22e6f41b3a118fd8c291f831f6fddbb'/>
<id>788e7dd4c22e6f41b3a118fd8c291f831f6fddbb</id>
<content type='text'>
It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check.  A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.

(see http://marc.info/?l=selinux&amp;m=118972995207740&amp;w=2)

Signed-off-by: Yuichi Nakamura&lt;ynakam@hitachisoft.jp&gt;
Acked-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It reduces the selinux overhead on read/write by only revalidating
permissions in selinux_file_permission if the task or inode labels have
changed or the policy has changed since the open-time check.  A new LSM
hook, security_dentry_open, is added to capture the necessary state at open
time to allow this optimization.

(see http://marc.info/?l=selinux&amp;m=118972995207740&amp;w=2)

Signed-off-by: Yuichi Nakamura&lt;ynakam@hitachisoft.jp&gt;
Acked-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>security: Protection for exploiting null dereference using mmap</title>
<updated>2007-07-12T02:52:29+00:00</updated>
<author>
<name>Eric Paris</name>
<email>eparis@redhat.com</email>
</author>
<published>2007-06-28T19:55:21+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=ed0321895182ffb6ecf210e066d87911b270d587'/>
<id>ed0321895182ffb6ecf210e066d87911b270d587</id>
<content type='text'>
Add a new security check on mmap operations to see if the user is attempting
to mmap to low area of the address space.  The amount of space protected is
indicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to
0, preserving existing behavior.

This patch uses a new SELinux security class "memprotect."  Policy already
contains a number of allow rules like a_t self:process * (unconfined_t being
one of them) which mean that putting this check in the process class (its
best current fit) would make it useless as all user processes, which we also
want to protect against, would be allowed. By taking the memprotect name of
the new class it will also make it possible for us to move some of the other
memory protect permissions out of 'process' and into the new class next time
we bump the policy version number (which I also think is a good future idea)

Acked-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Acked-by: Chris Wright &lt;chrisw@sous-sol.org&gt;
Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add a new security check on mmap operations to see if the user is attempting
to mmap to low area of the address space.  The amount of space protected is
indicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to
0, preserving existing behavior.

This patch uses a new SELinux security class "memprotect."  Policy already
contains a number of allow rules like a_t self:process * (unconfined_t being
one of them) which mean that putting this check in the process class (its
best current fit) would make it useless as all user processes, which we also
want to protect against, would be allowed. By taking the memprotect name of
the new class it will also make it possible for us to move some of the other
memory protect permissions out of 'process' and into the new class next time
we bump the policy version number (which I also think is a good future idea)

Acked-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Acked-by: Chris Wright &lt;chrisw@sous-sol.org&gt;
Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>SELinux: allow preemption between transition permission checks</title>
<updated>2007-07-12T02:52:25+00:00</updated>
<author>
<name>Stephen Smalley</name>
<email>sds@tycho.nsa.gov</email>
</author>
<published>2007-06-07T19:34:10+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518'/>
<id>2c3c05dbcbc7b9d71549fe0e2b249f10f5a66518</id>
<content type='text'>
In security_get_user_sids, move the transition permission checks
outside of the section holding the policy rdlock, and use the AVC to
perform the checks, calling cond_resched after each one.  These
changes should allow preemption between the individual checks and
enable caching of the results.  It may however increase the overall
time spent in the function in some cases, particularly in the cache
miss case.

The long term fix will be to take much of this logic to userspace by
exporting additional state via selinuxfs, and ultimately deprecating
and eliminating this interface from the kernel.

Tested-by: Ingo Molnar &lt;mingo@elte.hu&gt;
Signed-off-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In security_get_user_sids, move the transition permission checks
outside of the section holding the policy rdlock, and use the AVC to
perform the checks, calling cond_resched after each one.  These
changes should allow preemption between the individual checks and
enable caching of the results.  It may however increase the overall
time spent in the function in some cases, particularly in the cache
miss case.

The long term fix will be to take much of this logic to userspace by
exporting additional state via selinuxfs, and ultimately deprecating
and eliminating this interface from the kernel.

Tested-by: Ingo Molnar &lt;mingo@elte.hu&gt;
Signed-off-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>selinux: add selinuxfs structure for object class discovery</title>
<updated>2007-07-12T02:52:20+00:00</updated>
<author>
<name>Christopher J. PeBenito</name>
<email>cpebenito@tresys.com</email>
</author>
<published>2007-05-23T13:12:09+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=e47c8fc582a2c9f3cba059e543c4a056cd6bf8c4'/>
<id>e47c8fc582a2c9f3cba059e543c4a056cd6bf8c4</id>
<content type='text'>
The structure is as follows (relative to selinuxfs root):

/class/file/index
/class/file/perms/read
/class/file/perms/write
...

Each class is allocated 33 inodes, 1 for the class index and 32 for
permissions.  Relative to SEL_CLASS_INO_OFFSET, the inode of the index file
DIV 33 is the class number.  The inode of the permission file % 33 is the
index of the permission for that class.

Signed-off-by: Christopher J. PeBenito &lt;cpebenito@tresys.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The structure is as follows (relative to selinuxfs root):

/class/file/index
/class/file/perms/read
/class/file/perms/write
...

Each class is allocated 33 inodes, 1 for the class index and 32 for
permissions.  Relative to SEL_CLASS_INO_OFFSET, the inode of the index file
DIV 33 is the class number.  The inode of the permission file % 33 is the
index of the permission for that class.

Signed-off-by: Christopher J. PeBenito &lt;cpebenito@tresys.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>selinux: add support for querying object classes and permissions from the running policy</title>
<updated>2007-07-12T02:52:15+00:00</updated>
<author>
<name>Christopher J. PeBenito</name>
<email>cpebenito@tresys.com</email>
</author>
<published>2007-05-23T13:12:06+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=55fcf09b3fe4325c9395ebbb0322a547a157ebc7'/>
<id>55fcf09b3fe4325c9395ebbb0322a547a157ebc7</id>
<content type='text'>
Add support to the SELinux security server for obtaining a list of classes,
and for obtaining a list of permissions for a specified class.

Signed-off-by: Christopher J. PeBenito &lt;cpebenito@tresys.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add support to the SELinux security server for obtaining a list of classes,
and for obtaining a list of permissions for a specified class.

Signed-off-by: Christopher J. PeBenito &lt;cpebenito@tresys.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>selinux: export initial SID contexts via selinuxfs</title>
<updated>2007-04-26T05:36:00+00:00</updated>
<author>
<name>James Carter</name>
<email>jwcart2@tycho.nsa.gov</email>
</author>
<published>2007-04-04T14:11:29+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=f0ee2e467ffa68c3122128b704c1540ee294b748'/>
<id>f0ee2e467ffa68c3122128b704c1540ee294b748</id>
<content type='text'>
Make the initial SID contexts accessible to userspace via selinuxfs.
An initial use of this support will be to make the unlabeled context
available to libselinux for use for invalidated userspace SIDs.

Signed-off-by: James Carter &lt;jwcart2@tycho.nsa.gov&gt;
Acked-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Make the initial SID contexts accessible to userspace via selinuxfs.
An initial use of this support will be to make the unlabeled context
available to libselinux for use for invalidated userspace SIDs.

Signed-off-by: James Carter &lt;jwcart2@tycho.nsa.gov&gt;
Acked-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>selinux: remove userland security class and permission definitions</title>
<updated>2007-04-26T05:35:58+00:00</updated>
<author>
<name>Stephen Smalley</name>
<email>sds@tycho.nsa.gov</email>
</author>
<published>2007-03-26T17:36:26+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=a764ae4b0781fac75f9657bc737c37ae59888389'/>
<id>a764ae4b0781fac75f9657bc737c37ae59888389</id>
<content type='text'>
Remove userland security class and permission definitions from the kernel
as the kernel only needs to use and validate its own class and permission
definitions and userland definitions may change.

Signed-off-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Remove userland security class and permission definitions from the kernel
as the kernel only needs to use and validate its own class and permission
definitions and userland definitions may change.

Signed-off-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>SELinux: move security_skb_extlbl_sid() out of the security server</title>
<updated>2007-04-26T05:35:56+00:00</updated>
<author>
<name>Paul Moore</name>
<email>paul.moore@hp.com</email>
</author>
<published>2007-03-01T19:35:22+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=4f6a993f96a256e83b9be7612f958c7bc4ca9f00'/>
<id>4f6a993f96a256e83b9be7612f958c7bc4ca9f00</id>
<content type='text'>
As suggested, move the security_skb_extlbl_sid() function out of the security
server and into the SELinux hooks file.

Signed-off-by: Paul Moore &lt;paul.moore@hp.com&gt;
Acked-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As suggested, move the security_skb_extlbl_sid() function out of the security
server and into the SELinux hooks file.

Signed-off-by: Paul Moore &lt;paul.moore@hp.com&gt;
Acked-by:  Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>SELinux: rename selinux_netlabel.h to netlabel.h</title>
<updated>2007-04-26T05:35:50+00:00</updated>
<author>
<name>Paul Moore</name>
<email>paul.moore@hp.com</email>
</author>
<published>2007-02-28T20:14:23+00:00</published>
<link rel='alternate' type='text/html' href='http://rtsrv.cs.unc.edu/cgit/cgit.cgi/litmus2008.git/commit/?id=c60475bf35fc5fa10198df89187ab148527e72f7'/>
<id>c60475bf35fc5fa10198df89187ab148527e72f7</id>
<content type='text'>
In the beginning I named the file selinux_netlabel.h to avoid potential
namespace colisions.  However, over time I have realized that there are several
other similar cases of multiple header files with the same name so I'm changing
the name to something which better fits with existing naming conventions.

Signed-off-by: Paul Moore &lt;paul.moore@hp.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In the beginning I named the file selinux_netlabel.h to avoid potential
namespace colisions.  However, over time I have realized that there are several
other similar cases of multiple header files with the same name so I'm changing
the name to something which better fits with existing naming conventions.

Signed-off-by: Paul Moore &lt;paul.moore@hp.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
