Skip to content

Commit

Permalink
Merge branch 'master' of git://git.infradead.org/users/eparis/selinux…
Browse files Browse the repository at this point in the history 
… into for-linus

Conflicts:
	lib/flex_array.c
	security/selinux/avc.c
	security/selinux/hooks.c
	security/selinux/ss/policydb.c
	security/smack/smack_lsm.c

Manually resolve conflicts.

Signed-off-by: James Morris <[email protected]>
  • Loading branch information
James Morris committed May 24, 2011
2 parents 434d42c + 7a627e3 commit b7b5755
Show file tree
Hide file tree
Showing 14 changed files with 398 additions and 220 deletions.
3 changes: 2 additions & 1 deletion MAINTAINERS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5592,10 +5592,11 @@ M: James Morris <[email protected]>
M: Eric Paris <[email protected]>
L: [email protected] (subscribers-only, general discussion)
W: http://selinuxproject.org
T: git git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git
T: git git://git.infradead.org/users/eparis/selinux.git
S: Supported
F: include/linux/selinux*
F: security/selinux/
F: scripts/selinux/

APPARMOR SECURITY MODULE
M: John Johansen <[email protected]>
Expand Down
11 changes: 6 additions & 5 deletions include/linux/lsm_audit.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,21 @@
/* Auxiliary data to use in generating the audit record. */
struct common_audit_data {
char type;
#define LSM_AUDIT_DATA_FS 1
#define LSM_AUDIT_DATA_PATH 1
#define LSM_AUDIT_DATA_NET 2
#define LSM_AUDIT_DATA_CAP 3
#define LSM_AUDIT_DATA_IPC 4
#define LSM_AUDIT_DATA_TASK 5
#define LSM_AUDIT_DATA_KEY 6
#define LSM_AUDIT_DATA_NONE 7
#define LSM_AUDIT_DATA_KMOD 8
#define LSM_AUDIT_DATA_INODE 9
#define LSM_AUDIT_DATA_DENTRY 10
struct task_struct *tsk;
union {
struct {
struct path path;
struct inode *inode;
} fs;
struct path path;
struct dentry *dentry;
struct inode *inode;
struct {
int netif;
struct sock *sk;
Expand Down
26 changes: 20 additions & 6 deletions lib/flex_array.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,11 @@ struct flex_array *flex_array_alloc(int element_size, unsigned int total,
gfp_t flags)
{
struct flex_array *ret;
int max_size = FLEX_ARRAY_NR_BASE_PTRS *
FLEX_ARRAY_ELEMENTS_PER_PART(element_size);
int max_size = 0;

if (element_size)
max_size = FLEX_ARRAY_NR_BASE_PTRS *
FLEX_ARRAY_ELEMENTS_PER_PART(element_size);

/* max_size will end up 0 if element_size > PAGE_SIZE */
if (total > max_size)
Expand Down Expand Up @@ -183,15 +186,18 @@ __fa_get_part(struct flex_array *fa, int part_nr, gfp_t flags)
int flex_array_put(struct flex_array *fa, unsigned int element_nr, void *src,
gfp_t flags)
{
int part_nr = fa_element_to_part_nr(fa, element_nr);
int part_nr;
struct flex_array_part *part;
void *dst;

if (element_nr >= fa->total_nr_elements)
return -ENOSPC;
if (!fa->element_size)
return 0;
if (elements_fit_in_base(fa))
part = (struct flex_array_part *)&fa->parts[0];
else {
part_nr = fa_element_to_part_nr(fa, element_nr);
part = __fa_get_part(fa, part_nr, flags);
if (!part)
return -ENOMEM;
Expand All @@ -211,15 +217,18 @@ EXPORT_SYMBOL(flex_array_put);
*/
int flex_array_clear(struct flex_array *fa, unsigned int element_nr)
{
int part_nr = fa_element_to_part_nr(fa, element_nr);
int part_nr;
struct flex_array_part *part;
void *dst;

if (element_nr >= fa->total_nr_elements)
return -ENOSPC;
if (!fa->element_size)
return 0;
if (elements_fit_in_base(fa))
part = (struct flex_array_part *)&fa->parts[0];
else {
part_nr = fa_element_to_part_nr(fa, element_nr);
part = fa->parts[part_nr];
if (!part)
return -EINVAL;
Expand Down Expand Up @@ -264,6 +273,8 @@ int flex_array_prealloc(struct flex_array *fa, unsigned int start,

if (end >= fa->total_nr_elements)
return -ENOSPC;
if (!fa->element_size)
return 0;
if (elements_fit_in_base(fa))
return 0;
start_part = fa_element_to_part_nr(fa, start);
Expand Down Expand Up @@ -291,14 +302,17 @@ EXPORT_SYMBOL(flex_array_prealloc);
*/
void *flex_array_get(struct flex_array *fa, unsigned int element_nr)
{
int part_nr = fa_element_to_part_nr(fa, element_nr);
int part_nr;
struct flex_array_part *part;

if (!fa->element_size)
return NULL;
if (element_nr >= fa->total_nr_elements)
return NULL;
if (elements_fit_in_base(fa))
part = (struct flex_array_part *)&fa->parts[0];
else {
part_nr = fa_element_to_part_nr(fa, element_nr);
part = fa->parts[part_nr];
if (!part)
return NULL;
Expand Down Expand Up @@ -353,7 +367,7 @@ int flex_array_shrink(struct flex_array *fa)
int part_nr;
int ret = 0;

if (!fa->total_nr_elements)
if (!fa->total_nr_elements || !fa->element_size)
return 0;
if (elements_fit_in_base(fa))
return ret;
Expand Down
59 changes: 36 additions & 23 deletions security/lsm_audit.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,6 @@ static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
static void dump_common_audit_data(struct audit_buffer *ab,
struct common_audit_data *a)
{
struct inode *inode = NULL;
struct task_struct *tsk = current;

if (a->tsk)
Expand All @@ -229,33 +228,47 @@ static void dump_common_audit_data(struct audit_buffer *ab,
case LSM_AUDIT_DATA_CAP:
audit_log_format(ab, " capability=%d ", a->u.cap);
break;
case LSM_AUDIT_DATA_FS:
if (a->u.fs.path.dentry) {
struct dentry *dentry = a->u.fs.path.dentry;
if (a->u.fs.path.mnt) {
audit_log_d_path(ab, "path=", &a->u.fs.path);
} else {
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab,
dentry->d_name.name);
}
inode = dentry->d_inode;
} else if (a->u.fs.inode) {
struct dentry *dentry;
inode = a->u.fs.inode;
dentry = d_find_alias(inode);
if (dentry) {
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab,
dentry->d_name.name);
dput(dentry);
}
}
case LSM_AUDIT_DATA_PATH: {
struct inode *inode;

audit_log_d_path(ab, "path=", &a->u.path);

inode = a->u.path.dentry->d_inode;
if (inode)
audit_log_format(ab, " dev=%s ino=%lu",
inode->i_sb->s_id,
inode->i_ino);
break;
}
case LSM_AUDIT_DATA_DENTRY: {
struct inode *inode;

audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, a->u.dentry->d_name.name);

inode = a->u.dentry->d_inode;
if (inode)
audit_log_format(ab, " dev=%s ino=%lu",
inode->i_sb->s_id,
inode->i_ino);
break;
}
case LSM_AUDIT_DATA_INODE: {
struct dentry *dentry;
struct inode *inode;

inode = a->u.inode;
dentry = d_find_alias(inode);
if (dentry) {
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab,
dentry->d_name.name);
dput(dentry);
}
audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id,
inode->i_ino);
break;
}
case LSM_AUDIT_DATA_TASK:
tsk = a->u.tsk;
if (tsk && tsk->pid) {
Expand Down
2 changes: 1 addition & 1 deletion security/selinux/avc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,7 +526,7 @@ int avc_audit(u32 ssid, u32 tsid,
* during retry. However this is logically just as if the operation
* happened a little later.
*/
if ((a->type == LSM_AUDIT_DATA_FS) &&
if ((a->type == LSM_AUDIT_DATA_INODE) &&
(flags & IPERM_FLAG_RCU))
return -ECHILD;

Expand Down
Loading

0 comments on commit b7b5755

Please sign in to comment.