mirror of
https://github.com/torvalds/linux.git
synced 2024-12-25 12:21:37 +00:00
lsm/stable-6.4 PR 20230420
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmRBolwUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXMy/w//YOB9EJ7hpAGouq0Il+SyWdLQP1Bw dOaJ5Xs0zDUQJsloqLpkk83aKocHXnl2jIE0mYVhfX2tdd2odKv/qKFcSPCBx1pf STRHsDBkNfi9wldAWZ6y92WZk9l0lqwdP/sJ4TMsrJLEnkeOBwcwAA4zzPRVu+dN aJQkSCj/5hF7r7/BvpfO+78O2h3dC42L6SepHrjnc/btSZ4qW4dPMJfTD7zT6r5Y tVRD/IZ+f7cakKulnWvOIXNGR45CTdE6TiPd9mxkbA2I86wvEec6jLIYtpPoEmtU +vENXjKDAX+Af3DyIC0rZECBFoAjLR0Myi75i74Haug0nxPyPqcjDKKYpfKwYxT0 CH1LHx4rHUbUvXz4tbLuEiNEb5ZX+P5Rpklev8aijvQ/3iVjdzkg74a4QDZcHi8K 1V/uKSBcC6De3789KmwEYIQu35cXqbT5TscuK4Hf8fdHcPZGRvjps12JSkuRhrIQ B5vJ4AZ3O5CWXO9u/n9czssnQ0WHSFFy1/OEpsVgXLpYMwP4xIr0q+C3n1Efnxnp HjoqE1N8bgsV4hYzwZwX3z490Vo4V3S6cpYp40UoeiJ0bJup5WuBselOSnZozyLQ hxxNHXFY8QtwQ0Ik4rTHfttwa28DE6qF+zh6mJDdgdbLfmlBGn3EaW9cwJrCiQ6X pZ6R6SdwFdyj7Uk= =JtiD -----END PGP SIGNATURE----- Merge tag 'lsm-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm Pull lsm updates from Paul Moore: - Move the LSM hook comment blocks into security/security.c For many years the LSM hook comment blocks were located in a very odd place, include/linux/lsm_hooks.h, where they lived on their own, disconnected from both the function prototypes and definitions. In keeping with current kernel conventions, this moves all of these comment blocks to the top of the function definitions, transforming them into the kdoc format in the process. This should make it much easier to maintain these comments, which are the main source of LSM hook documentation. For the most part the comment contents were left as-is, although some glaring errors were corrected. Expect additional edits in the future as we slowly update and correct the comment blocks. This is the bulk of the diffstat. - Introduce LSM_ORDER_LAST Similar to how LSM_ORDER_FIRST is used to specify LSMs which should be ordered before "normal" LSMs, the LSM_ORDER_LAST is used to specify LSMs which should be ordered after "normal" LSMs. This is one of the prerequisites for transitioning IMA/EVM to a proper LSM. - Remove the security_old_inode_init_security() hook The security_old_inode_init_security() LSM hook only allows for a single xattr which is problematic both for LSM stacking and the IMA/EVM-as-a-LSM effort. This finishes the conversion over to the security_inode_init_security() hook and removes the single-xattr LSM hook. - Fix a reiserfs problem with security xattrs During the security_old_inode_init_security() removal work it became clear that reiserfs wasn't handling security xattrs properly so we fixed it. * tag 'lsm-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (32 commits) reiserfs: Add security prefix to xattr name in reiserfs_security_write() security: Remove security_old_inode_init_security() ocfs2: Switch to security_inode_init_security() reiserfs: Switch to security_inode_init_security() security: Remove integrity from the LSM list in Kconfig Revert "integrity: double check iint_cache was initialized" security: Introduce LSM_ORDER_LAST and set it for the integrity LSM device_cgroup: Fix typo in devcgroup_css_alloc description lsm: fix a badly named parameter in security_get_getsecurity() lsm: fix doc warnings in the LSM hook comments lsm: styling fixes to security/security.c lsm: move the remaining LSM hook comments to security/security.c lsm: move the io_uring hook comments to security/security.c lsm: move the perf hook comments to security/security.c lsm: move the bpf hook comments to security/security.c lsm: move the audit hook comments to security/security.c lsm: move the binder hook comments to security/security.c lsm: move the sysv hook comments to security/security.c lsm: move the key hook comments to security/security.c lsm: move the xfrm hook comments to security/security.c ...
This commit is contained in:
commit
08e30833f8
@ -242,6 +242,7 @@ static int ocfs2_mknod(struct mnt_idmap *idmap,
|
||||
int want_meta = 0;
|
||||
int xattr_credits = 0;
|
||||
struct ocfs2_security_xattr_info si = {
|
||||
.name = NULL,
|
||||
.enable = 1,
|
||||
};
|
||||
int did_quota_inode = 0;
|
||||
@ -1805,6 +1806,7 @@ static int ocfs2_symlink(struct mnt_idmap *idmap,
|
||||
int want_clusters = 0;
|
||||
int xattr_credits = 0;
|
||||
struct ocfs2_security_xattr_info si = {
|
||||
.name = NULL,
|
||||
.enable = 1,
|
||||
};
|
||||
int did_quota = 0, did_quota_inode = 0;
|
||||
|
@ -7259,9 +7259,21 @@ static int ocfs2_xattr_security_set(const struct xattr_handler *handler,
|
||||
static int ocfs2_initxattrs(struct inode *inode, const struct xattr *xattr_array,
|
||||
void *fs_info)
|
||||
{
|
||||
struct ocfs2_security_xattr_info *si = fs_info;
|
||||
const struct xattr *xattr;
|
||||
int err = 0;
|
||||
|
||||
if (si) {
|
||||
si->value = kmemdup(xattr_array->value, xattr_array->value_len,
|
||||
GFP_KERNEL);
|
||||
if (!si->value)
|
||||
return -ENOMEM;
|
||||
|
||||
si->name = xattr_array->name;
|
||||
si->value_len = xattr_array->value_len;
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (xattr = xattr_array; xattr->name != NULL; xattr++) {
|
||||
err = ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY,
|
||||
xattr->name, xattr->value,
|
||||
@ -7277,13 +7289,23 @@ int ocfs2_init_security_get(struct inode *inode,
|
||||
const struct qstr *qstr,
|
||||
struct ocfs2_security_xattr_info *si)
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* check whether ocfs2 support feature xattr */
|
||||
if (!ocfs2_supports_xattr(OCFS2_SB(dir->i_sb)))
|
||||
return -EOPNOTSUPP;
|
||||
if (si)
|
||||
return security_old_inode_init_security(inode, dir, qstr,
|
||||
&si->name, &si->value,
|
||||
&si->value_len);
|
||||
if (si) {
|
||||
ret = security_inode_init_security(inode, dir, qstr,
|
||||
&ocfs2_initxattrs, si);
|
||||
/*
|
||||
* security_inode_init_security() does not return -EOPNOTSUPP,
|
||||
* we have to check the xattr ourselves.
|
||||
*/
|
||||
if (!ret && !si->name)
|
||||
si->enable = 0;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
return security_inode_init_security(inode, dir, qstr,
|
||||
&ocfs2_initxattrs, NULL);
|
||||
|
@ -39,6 +39,22 @@ static bool security_list(struct dentry *dentry)
|
||||
return !IS_PRIVATE(d_inode(dentry));
|
||||
}
|
||||
|
||||
static int
|
||||
reiserfs_initxattrs(struct inode *inode, const struct xattr *xattr_array,
|
||||
void *fs_info)
|
||||
{
|
||||
struct reiserfs_security_handle *sec = fs_info;
|
||||
|
||||
sec->value = kmemdup(xattr_array->value, xattr_array->value_len,
|
||||
GFP_KERNEL);
|
||||
if (!sec->value)
|
||||
return -ENOMEM;
|
||||
|
||||
sec->name = xattr_array->name;
|
||||
sec->length = xattr_array->value_len;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Initializes the security context for a new inode and returns the number
|
||||
* of blocks needed for the transaction. If successful, reiserfs_security
|
||||
* must be released using reiserfs_security_free when the caller is done. */
|
||||
@ -56,12 +72,9 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
|
||||
if (IS_PRIVATE(dir))
|
||||
return 0;
|
||||
|
||||
error = security_old_inode_init_security(inode, dir, qstr, &sec->name,
|
||||
&sec->value, &sec->length);
|
||||
error = security_inode_init_security(inode, dir, qstr,
|
||||
&reiserfs_initxattrs, sec);
|
||||
if (error) {
|
||||
if (error == -EOPNOTSUPP)
|
||||
error = 0;
|
||||
|
||||
sec->name = NULL;
|
||||
sec->value = NULL;
|
||||
sec->length = 0;
|
||||
@ -82,11 +95,15 @@ int reiserfs_security_write(struct reiserfs_transaction_handle *th,
|
||||
struct inode *inode,
|
||||
struct reiserfs_security_handle *sec)
|
||||
{
|
||||
char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX;
|
||||
int error;
|
||||
if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX))
|
||||
|
||||
if (XATTR_SECURITY_PREFIX_LEN + strlen(sec->name) > XATTR_NAME_MAX)
|
||||
return -EINVAL;
|
||||
|
||||
error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value,
|
||||
strlcat(xattr_name, sec->name, sizeof(xattr_name));
|
||||
|
||||
error = reiserfs_xattr_set_handle(th, inode, xattr_name, sec->value,
|
||||
sec->length, XATTR_CREATE);
|
||||
if (error == -ENODATA || error == -EOPNOTSUPP)
|
||||
error = 0;
|
||||
|
@ -381,7 +381,7 @@ LSM_HOOK(int, 0, key_alloc, struct key *key, const struct cred *cred,
|
||||
LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key)
|
||||
LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,
|
||||
enum key_need_perm need_perm)
|
||||
LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **_buffer)
|
||||
LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer)
|
||||
#endif /* CONFIG_KEYS */
|
||||
|
||||
#ifdef CONFIG_AUDIT
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -336,9 +336,6 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
int security_inode_init_security_anon(struct inode *inode,
|
||||
const struct qstr *name,
|
||||
const struct inode *context_inode);
|
||||
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
const struct qstr *qstr, const char **name,
|
||||
void **value, size_t *len);
|
||||
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
|
||||
int security_inode_link(struct dentry *old_dentry, struct inode *dir,
|
||||
struct dentry *new_dentry);
|
||||
@ -778,15 +775,6 @@ static inline int security_inode_init_security_anon(struct inode *inode,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_old_inode_init_security(struct inode *inode,
|
||||
struct inode *dir,
|
||||
const struct qstr *qstr,
|
||||
const char **name,
|
||||
void **value, size_t *len)
|
||||
{
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
|
||||
static inline int security_inode_create(struct inode *dir,
|
||||
struct dentry *dentry,
|
||||
umode_t mode)
|
||||
|
@ -241,15 +241,17 @@ endchoice
|
||||
|
||||
config LSM
|
||||
string "Ordered list of enabled LSMs"
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC
|
||||
default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf"
|
||||
help
|
||||
A comma-separated list of LSMs, in initialization order.
|
||||
Any LSMs left off this list will be ignored. This can be
|
||||
controlled at boot with the "lsm=" parameter.
|
||||
Any LSMs left off this list, except for those with order
|
||||
LSM_ORDER_FIRST and LSM_ORDER_LAST, which are always enabled
|
||||
if selected in the kernel configuration, will be ignored.
|
||||
This can be controlled at boot with the "lsm=" parameter.
|
||||
|
||||
If unsure, leave this as the default.
|
||||
|
||||
|
@ -216,7 +216,7 @@ static void devcgroup_offline(struct cgroup_subsys_state *css)
|
||||
}
|
||||
|
||||
/*
|
||||
* called from kernel/cgroup.c with cgroup_lock() held.
|
||||
* called from kernel/cgroup/cgroup.c with cgroup_lock() held.
|
||||
*/
|
||||
static struct cgroup_subsys_state *
|
||||
devcgroup_css_alloc(struct cgroup_subsys_state *parent_css)
|
||||
|
@ -98,14 +98,6 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode)
|
||||
struct rb_node *node, *parent = NULL;
|
||||
struct integrity_iint_cache *iint, *test_iint;
|
||||
|
||||
/*
|
||||
* The integrity's "iint_cache" is initialized at security_init(),
|
||||
* unless it is not included in the ordered list of LSMs enabled
|
||||
* on the boot command line.
|
||||
*/
|
||||
if (!iint_cache)
|
||||
panic("%s: lsm=integrity required.\n", __func__);
|
||||
|
||||
iint = integrity_iint_find(inode);
|
||||
if (iint)
|
||||
return iint;
|
||||
@ -182,6 +174,7 @@ static int __init integrity_iintcache_init(void)
|
||||
DEFINE_LSM(integrity) = {
|
||||
.name = "integrity",
|
||||
.init = integrity_iintcache_init,
|
||||
.order = LSM_ORDER_LAST,
|
||||
};
|
||||
|
||||
|
||||
|
2730
security/security.c
2730
security/security.c
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user