linux-toradex.git/security/smack, branch v3.7-rc5 Linux kernel for Apalis and Colibri modules consitify do_mount() arguments 2012-10-12T00:02:04+00:00 Al Viro viro@zeniv.linux.org.uk 2012-10-11T15:42:01+00:00 808d4e3cfdcc52b19276175464f6dbca4df13b09 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Smack: setprocattr memory leak fix 2012-09-18T16:51:06+00:00 Casey Schaufler casey@schaufler-ca.com 2012-08-22T18:44:03+00:00 46a2f3b9e99353cc63e15563e8abee71162330f7 The data structure allocations being done in prepare_creds are duplicated in smack_setprocattr. This results in the structure allocated in prepare_creds being orphaned and never freed. The duplicate code is removed from smack_setprocattr. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 
The data structure allocations being done in prepare_creds
are duplicated in smack_setprocattr. This results in the
structure allocated in prepare_creds being orphaned and
never freed. The duplicate code is removed from
smack_setprocattr.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Smack: implement revoking all rules for a subject label 2012-09-18T16:50:52+00:00 Rafal Krypa r.krypa@samsung.com 2012-07-11T15:49:30+00:00 449543b0436a9146b855aad39eab76ae4853e88d Add /smack/revoke-subject special file. Writing a SMACK label to this file will set the access to '-' for all access rules with that subject label. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com> 
Add /smack/revoke-subject special file. Writing a SMACK label to this file will
set the access to '-' for all access rules with that subject label.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Smack: remove task_wait() hook. 2012-09-18T16:50:37+00:00 Casey Schaufler casey@schaufler-ca.com 2012-08-10T00:46:38+00:00 c00bedb368ae02a066aed8a888afc286c1df2e60 On 12/20/2011 11:20 PM, Jarkko Sakkinen wrote: > Allow SIGCHLD to be passed to child process without > explicit policy. This will help to keep the access > control policy simple and easily maintainable with > complex applications that require use of multiple > security contexts. It will also help to keep them > as isolated as possible. > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com> I have a slightly different version that applies to the current smack-next tree. Allow SIGCHLD to be passed to child process without explicit policy. This will help to keep the access control policy simple and easily maintainable with complex applications that require use of multiple security contexts. It will also help to keep them as isolated as possible. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> security/smack/smack_lsm.c | 37 ++++++++----------------------------- 1 files changed, 8 insertions(+), 29 deletions(-) 
On 12/20/2011 11:20 PM, Jarkko Sakkinen wrote:
> Allow SIGCHLD to be passed to child process without
> explicit policy. This will help to keep the access
> control policy simple and easily maintainable with
> complex applications that require use of multiple
> security contexts. It will also help to keep them
> as isolated as possible.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>

I have a slightly different version that applies to the
current smack-next tree.

Allow SIGCHLD to be passed to child process without
explicit policy. This will help to keep the access
control policy simple and easily maintainable with
complex applications that require use of multiple
security contexts. It will also help to keep them
as isolated as possible.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

 security/smack/smack_lsm.c |   37 ++++++++-----------------------------
 1 files changed, 8 insertions(+), 29 deletions(-)
smack: off by one error 2012-07-30T05:04:17+00:00 Alan Cox alan@linux.intel.com 2012-07-26T21:47:11+00:00 3b9fc37280c521b086943f9aedda767f5bf3b2d3 Consider the input case of a rule that consists entirely of non space symbols followed by a \0. Say 64 + \0 In this case strlen(data) = 64 kzalloc of subject and object are 64 byte objects sscanfdata, "%s %s %s", subject, ...) will put 65 bytes into subject. Signed-off-by: Alan Cox <alan@linux.intel.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com> 
Consider the input case of a rule that consists entirely of non space
symbols followed by a \0. Say 64 + \0

In this case strlen(data) = 64
kzalloc of subject and object are 64 byte objects
sscanfdata, "%s %s %s", subject, ...)

will put 65 bytes into subject.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Smack: don't show empty rules when /smack/load or /smack/load2 is read 2012-07-13T22:49:24+00:00 Rafal Krypa r.krypa@samsung.com 2012-07-09T17:36:34+00:00 65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5 This patch removes empty rules (i.e. with access set to '-') from the rule list presented to user space. Smack by design never removes labels nor rules from its lists. Access for a rule may be set to '-' to effectively disable it. Such rules would show up in the listing generated when /smack/load or /smack/load2 is read. This may cause clutter if many rules were disabled. As a rule with access set to '-' is equivalent to no rule at all, they may be safely hidden from the listing. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Rafal Krypa <r.krypa@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 
This patch removes empty rules (i.e. with access set to '-') from the
rule list presented to user space.

Smack by design never removes labels nor rules from its lists. Access
for a rule may be set to '-' to effectively disable it. Such rules would
show up in the listing generated when /smack/load or /smack/load2 is
read. This may cause clutter if many rules were disabled.

As a rule with access set to '-' is equivalent to no rule at all, they
may be safely hidden from the listing.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Smack: user access check bounds 2012-07-13T22:49:24+00:00 Casey Schaufler casey@schaufler-ca.com 2012-06-19T02:01:36+00:00 3518721a8932b2a243f415c374aef020380efc9d Some of the bounds checking used on the /smack/access interface was lost when support for long labels was added. No kernel access checks are affected, however this is a case where /smack/access could be used incorrectly and fail to detect the error. This patch reintroduces the original checks. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 
Some of the bounds checking used on the /smack/access
interface was lost when support for long labels was
added. No kernel access checks are affected, however
this is a case where /smack/access could be used
incorrectly and fail to detect the error. This patch
reintroduces the original checks.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Smack: onlycap limits on CAP_MAC_ADMIN 2012-07-13T22:49:23+00:00 Casey Schaufler casey@schaufler-ca.com 2012-06-05T22:28:30+00:00 1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e Smack is integrated with the POSIX capabilities scheme, using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to determine if a process is allowed to ignore Smack checks or change Smack related data respectively. Smack provides an additional restriction that if an onlycap value is set by writing to /smack/onlycap only tasks with that Smack label are allowed to use CAP_MAC_OVERRIDE. This change adds CAP_MAC_ADMIN as a capability that is affected by the onlycap mechanism. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 
Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.

This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Smack: fix smack_new_inode bogosities 2012-07-13T22:49:23+00:00 Casey Schaufler casey@schaufler-ca.com 2012-05-24T00:46:58+00:00 eb982cb4cf6405b97ea1f9e1d10864981f269d46 In January of 2012 Al Viro pointed out three bits of code that he titled "new_inode_smack bogosities". This patch repairs these errors. 1. smack_sb_kern_mount() included a NULL check that is impossible. The check and NULL case are removed. 2. smack_kb_kern_mount() included pointless locking. The locking is removed. Since this is the only place that lock was used the lock is removed from the superblock_smack structure. 3. smk_fill_super() incorrectly and unnecessarily set the Smack label for the smackfs root inode. The assignment has been removed. Targeted for git://gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 
In January of 2012 Al Viro pointed out three bits of code that
he titled "new_inode_smack bogosities". This patch repairs these
errors.

1. smack_sb_kern_mount() included a NULL check that is impossible.
   The check and NULL case are removed.
2. smack_kb_kern_mount() included pointless locking. The locking is
   removed. Since this is the only place that lock was used the lock
   is removed from the superblock_smack structure.
3. smk_fill_super() incorrectly and unnecessarily set the Smack label
   for the smackfs root inode. The assignment has been removed.

Targeted for git://gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
split ->file_mmap() into ->mmap_addr()/->mmap_file() 2012-05-31T17:11:54+00:00 Al Viro viro@zeniv.linux.org.uk 2012-05-30T17:30:51+00:00 e5467859f7f79b69fc49004403009dfdba3bec53 ... i.e. file-dependent and address-dependent checks. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
... i.e. file-dependent and address-dependent checks.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>