linux-toradex.git/security/selinux/include/security.h, branch v3.6.1 Linux kernel for Apalis and Colibri modules switch dentry_open() to struct path, make it grab references itself 2012-07-22T20:01:29+00:00 Al Viro viro@zeniv.linux.org.uk 2012-06-26T17:58:53+00:00 765927b2d508712d320c8934db963bbe14c3fcec Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
SELinux: add default_type statements 2012-04-09T16:22:48+00:00 Eric Paris eparis@redhat.com 2012-03-20T18:35:12+00:00 eed7795d0a2c9b2e934afc088e903fa2c17b7958 Because Fedora shipped userspace based on my development tree we now have policy version 27 in the wild defining only default user, role, and range. Thus to add default_type we need a policy.28. Signed-off-by: Eric Paris <eparis@redhat.com> 
Because Fedora shipped userspace based on my development tree we now
have policy version 27 in the wild defining only default user, role, and
range.  Thus to add default_type we need a policy.28.

Signed-off-by: Eric Paris <eparis@redhat.com>
SELinux: allow default source/target selectors for user/role/range 2012-04-09T16:22:47+00:00 Eric Paris eparis@redhat.com 2012-03-20T18:35:12+00:00 aa893269de6277b44be88e25dcd5331c934c29c4 When new objects are created we have great and flexible rules to determine the type of the new object. We aren't quite as flexible or mature when it comes to determining the user, role, and range. This patch adds a new ability to specify the place a new objects user, role, and range should come from. For users and roles it can come from either the source or the target of the operation. aka for files the user can either come from the source (the running process and todays default) or it can come from the target (aka the parent directory of the new file) examples always are done with directory context: system_u:object_r:mnt_t:s0-s0:c0.c512 process context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [no rule] unconfined_u:object_r:mnt_t:s0 test_none [default user source] unconfined_u:object_r:mnt_t:s0 test_user_source [default user target] system_u:object_r:mnt_t:s0 test_user_target [default role source] unconfined_u:unconfined_r:mnt_t:s0 test_role_source [default role target] unconfined_u:object_r:mnt_t:s0 test_role_target [default range source low] unconfined_u:object_r:mnt_t:s0 test_range_source_low [default range source high] unconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high [default range source low-high] unconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high [default range target low] unconfined_u:object_r:mnt_t:s0 test_range_target_low [default range target high] unconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high [default range target low-high] unconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high Signed-off-by: Eric Paris <eparis@redhat.com> 
When new objects are created we have great and flexible rules to
determine the type of the new object.  We aren't quite as flexible or
mature when it comes to determining the user, role, and range.  This
patch adds a new ability to specify the place a new objects user, role,
and range should come from.  For users and roles it can come from either
the source or the target of the operation.  aka for files the user can
either come from the source (the running process and todays default) or
it can come from the target (aka the parent directory of the new file)

examples always are done with
directory context: system_u:object_r:mnt_t:s0-s0:c0.c512
process context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[no rule]
	unconfined_u:object_r:mnt_t:s0   test_none
[default user source]
	unconfined_u:object_r:mnt_t:s0   test_user_source
[default user target]
	system_u:object_r:mnt_t:s0       test_user_target
[default role source]
	unconfined_u:unconfined_r:mnt_t:s0 test_role_source
[default role target]
	unconfined_u:object_r:mnt_t:s0   test_role_target
[default range source low]
	unconfined_u:object_r:mnt_t:s0 test_range_source_low
[default range source high]
	unconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high
[default range source low-high]
	unconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high
[default range target low]
	unconfined_u:object_r:mnt_t:s0 test_range_target_low
[default range target high]
	unconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high
[default range target low-high]
	unconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high

Signed-off-by: Eric Paris <eparis@redhat.com>
selinux: sparse fix: fix warnings in netlink code 2011-09-09T23:56:31+00:00 James Morris jmorris@namei.org 2011-08-30T02:09:15+00:00 6a3fbe81179c85eb53054a0f4c8423ffec0276a7 Fix sparse warnings in SELinux Netlink code. Signed-off-by: James Morris <jmorris@namei.org> 
Fix sparse warnings in SELinux Netlink code.

Signed-off-by: James Morris <jmorris@namei.org>
selinux: sparse fix: eliminate warnings for selinuxfs 2011-09-09T23:56:30+00:00 James Morris jmorris@namei.org 2011-08-30T00:50:12+00:00 ad3fa08c4ff84ed87649d72e8497735c85561a3d Fixes several sparse warnings for selinuxfs.c Signed-off-by: James Morris <jmorris@namei.org> 
Fixes several sparse warnings for selinuxfs.c

Signed-off-by: James Morris <jmorris@namei.org>
selinux: sparse fix: declare selinux_disable() in security.h 2011-09-09T23:56:26+00:00 James Morris jmorris@namei.org 2011-08-17T01:17:14+00:00 58982b74832917405a483a22beede729e3175376 Sparse fix: declare selinux_disable() in security.h Signed-off-by: James Morris <jmorris@namei.org> 
Sparse fix: declare selinux_disable() in security.h

Signed-off-by: James Morris <jmorris@namei.org>
selinux: sparse fix: move selinux_complete_init 2011-09-09T23:56:26+00:00 James Morris jmorris@namei.org 2011-08-17T01:13:31+00:00 cc59a582d6081b296e481b8bc9676b5c2faad818 Sparse fix: move selinux_complete_init Signed-off-by: James Morris <jmorris@namei.org> 
Sparse fix: move selinux_complete_init

Signed-off-by: James Morris <jmorris@namei.org>
SELinux: security_read_policy should take a size_t not ssize_t 2011-04-25T14:19:02+00:00 Eric Paris eparis@redhat.com 2011-04-20T14:21:28+00:00 6b697323a78bed254ee372f71b1a6a2901bb4b7a The len should be an size_t but is a ssize_t. Easy enough fix to silence build warnings. We have no need for signed-ness. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> 
The len should be an size_t but is a ssize_t.  Easy enough fix to silence
build warnings.  We have no need for signed-ness.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
selinux: add type_transition with name extension support for selinuxfs 2011-04-01T21:13:23+00:00 Kohei Kaigai Kohei.Kaigai@eu.nec.com 2011-04-01T14:39:26+00:00 f50a3ec961f90e38c0311411179d5dfee1412192 The attached patch allows /selinux/create takes optional 4th argument to support TYPE_TRANSITION with name extension for userspace object managers. If 4th argument is not supplied, it shall perform as existing kernel. In fact, the regression test of SE-PostgreSQL works well on the patched kernel. Thanks, Signed-off-by: KaiGai Kohei <kohei.kaigai@eu.nec.com> [manually verify fuzz was not an issue, and it wasn't: eparis] Signed-off-by: Eric Paris <eparis@redhat.com> 
The attached patch allows /selinux/create takes optional 4th argument
to support TYPE_TRANSITION with name extension for userspace object
managers.
If 4th argument is not supplied, it shall perform as existing kernel.
In fact, the regression test of SE-PostgreSQL works well on the patched
kernel.

Thanks,

Signed-off-by: KaiGai Kohei <kohei.kaigai@eu.nec.com>
[manually verify fuzz was not an issue, and it wasn't: eparis]
Signed-off-by: Eric Paris <eparis@redhat.com>
SELinux: Add class support to the role_trans structure 2011-03-28T18:20:58+00:00 Harry Ciao qingtao.cao@windriver.com 2011-03-25T05:51:56+00:00 8023976cf4627d9f1d82ad468ec40e32eb87d211 If kernel policy version is >= 26, then the binary representation of the role_trans structure supports specifying the class for the current subject or the newly created object. If kernel policy version is < 26, then the class field would be default to the process class. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com> 
If kernel policy version is >= 26, then the binary representation of
the role_trans structure supports specifying the class for the current
subject or the newly created object.

If kernel policy version is < 26, then the class field would be default
to the process class.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>