summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/include/apparmor.h4
-rw-r--r--security/apparmor/lsm.c20
-rw-r--r--security/apparmor/path.c2
-rw-r--r--security/capability.c27
-rw-r--r--security/commoncap.c6
-rw-r--r--security/inode.c2
-rw-r--r--security/integrity/Kconfig4
-rw-r--r--security/integrity/evm/Kconfig2
-rw-r--r--security/keys/request_key.c1
-rw-r--r--security/security.c36
-rw-r--r--security/selinux/hooks.c81
-rw-r--r--security/selinux/include/classmap.h2
-rw-r--r--security/selinux/selinuxfs.c52
-rw-r--r--security/smack/smack_lsm.c20
-rw-r--r--security/tomoyo/Kconfig1
-rw-r--r--security/tomoyo/file.c4
16 files changed, 177 insertions, 87 deletions
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 97130f88838b..e4ea62663866 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -112,9 +112,9 @@ static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
return aa_dfa_next(dfa, start, 0);
}
-static inline bool mediated_filesystem(struct inode *inode)
+static inline bool mediated_filesystem(struct dentry *dentry)
{
- return !(inode->i_sb->s_flags & MS_NOUSER);
+ return !(dentry->d_sb->s_flags & MS_NOUSER);
}
#endif /* __APPARMOR_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 65ca451a764d..107db88b1d5f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -226,7 +226,7 @@ static int common_perm_rm(int op, struct path *dir,
struct inode *inode = dentry->d_inode;
struct path_cond cond = { };
- if (!inode || !dir->mnt || !mediated_filesystem(inode))
+ if (!inode || !dir->mnt || !mediated_filesystem(dentry))
return 0;
cond.uid = inode->i_uid;
@@ -250,7 +250,7 @@ static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
{
struct path_cond cond = { current_fsuid(), mode };
- if (!dir->mnt || !mediated_filesystem(dir->dentry->d_inode))
+ if (!dir->mnt || !mediated_filesystem(dir->dentry))
return 0;
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
@@ -285,7 +285,7 @@ static int apparmor_path_truncate(struct path *path)
path->dentry->d_inode->i_mode
};
- if (!path->mnt || !mediated_filesystem(path->dentry->d_inode))
+ if (!path->mnt || !mediated_filesystem(path->dentry))
return 0;
return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
@@ -305,7 +305,7 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
struct aa_profile *profile;
int error = 0;
- if (!mediated_filesystem(old_dentry->d_inode))
+ if (!mediated_filesystem(old_dentry))
return 0;
profile = aa_current_profile();
@@ -320,7 +320,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct aa_profile *profile;
int error = 0;
- if (!mediated_filesystem(old_dentry->d_inode))
+ if (!mediated_filesystem(old_dentry))
return 0;
profile = aa_current_profile();
@@ -346,7 +346,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
static int apparmor_path_chmod(struct path *path, umode_t mode)
{
- if (!mediated_filesystem(path->dentry->d_inode))
+ if (!mediated_filesystem(path->dentry))
return 0;
return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
@@ -358,7 +358,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
path->dentry->d_inode->i_mode
};
- if (!mediated_filesystem(path->dentry->d_inode))
+ if (!mediated_filesystem(path->dentry))
return 0;
return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
@@ -366,7 +366,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
{
- if (!mediated_filesystem(dentry->d_inode))
+ if (!mediated_filesystem(dentry))
return 0;
return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry,
@@ -379,7 +379,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
struct aa_profile *profile;
int error = 0;
- if (!mediated_filesystem(file_inode(file)))
+ if (!mediated_filesystem(file->f_path.dentry))
return 0;
/* If in exec, permission is handled by bprm hooks.
@@ -432,7 +432,7 @@ static int common_file_perm(int op, struct file *file, u32 mask)
BUG_ON(!fprofile);
if (!file->f_path.mnt ||
- !mediated_filesystem(file_inode(file)))
+ !mediated_filesystem(file->f_path.dentry))
return 0;
profile = __aa_current_profile();
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 35b394a75d76..71e0e3a15b9d 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -114,7 +114,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
* security_path hooks as a deleted dentry except without an inode
* allocated.
*/
- if (d_unlinked(path->dentry) && path->dentry->d_inode &&
+ if (d_unlinked(path->dentry) && d_is_positive(path->dentry) &&
!(flags & PATH_MEDIATE_DELETED)) {
error = -ENOENT;
goto out;
diff --git a/security/capability.c b/security/capability.c
index d68c57a62bcf..070dd46f62f4 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -12,6 +12,29 @@
#include <linux/security.h>
+static int cap_binder_set_context_mgr(struct task_struct *mgr)
+{
+ return 0;
+}
+
+static int cap_binder_transaction(struct task_struct *from,
+ struct task_struct *to)
+{
+ return 0;
+}
+
+static int cap_binder_transfer_binder(struct task_struct *from,
+ struct task_struct *to)
+{
+ return 0;
+}
+
+static int cap_binder_transfer_file(struct task_struct *from,
+ struct task_struct *to, struct file *file)
+{
+ return 0;
+}
+
static int cap_syslog(int type)
{
return 0;
@@ -930,6 +953,10 @@ static void cap_audit_rule_free(void *lsmrule)
void __init security_fixup_ops(struct security_operations *ops)
{
+ set_to_cap_if_null(ops, binder_set_context_mgr);
+ set_to_cap_if_null(ops, binder_transaction);
+ set_to_cap_if_null(ops, binder_transfer_binder);
+ set_to_cap_if_null(ops, binder_transfer_file);
set_to_cap_if_null(ops, ptrace_access_check);
set_to_cap_if_null(ops, ptrace_traceme);
set_to_cap_if_null(ops, capget);
diff --git a/security/commoncap.c b/security/commoncap.c
index 2915d8503054..f66713bd7450 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -434,7 +434,6 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
*/
static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_cap)
{
- struct dentry *dentry;
int rc = 0;
struct cpu_vfs_cap_data vcaps;
@@ -446,9 +445,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
return 0;
- dentry = dget(bprm->file->f_path.dentry);
-
- rc = get_vfs_caps_from_disk(dentry, &vcaps);
+ rc = get_vfs_caps_from_disk(bprm->file->f_path.dentry, &vcaps);
if (rc < 0) {
if (rc == -EINVAL)
printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n",
@@ -464,7 +461,6 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
__func__, rc, bprm->filename);
out:
- dput(dentry);
if (rc)
bprm_clear_caps(bprm);
diff --git a/security/inode.c b/security/inode.c
index 8e7ca62078ab..131a3c49f766 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -203,7 +203,7 @@ void securityfs_remove(struct dentry *dentry)
mutex_lock(&parent->d_inode->i_mutex);
if (positive(dentry)) {
if (dentry->d_inode) {
- if (S_ISDIR(dentry->d_inode->i_mode))
+ if (d_is_dir(dentry))
simple_rmdir(parent->d_inode, dentry);
else
simple_unlink(parent->d_inode, dentry);
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index b76235ae4786..73c457bf5a4a 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -16,7 +16,7 @@ config INTEGRITY
if INTEGRITY
config INTEGRITY_SIGNATURE
- boolean "Digital signature verification using multiple keyrings"
+ bool "Digital signature verification using multiple keyrings"
depends on KEYS
default n
select SIGNATURE
@@ -30,7 +30,7 @@ config INTEGRITY_SIGNATURE
usually only added from initramfs.
config INTEGRITY_ASYMMETRIC_KEYS
- boolean "Enable asymmetric keys support"
+ bool "Enable asymmetric keys support"
depends on INTEGRITY_SIGNATURE
default n
select ASYMMETRIC_KEY_TYPE
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index df586fa00ef1..bf19723cf117 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -1,5 +1,5 @@
config EVM
- boolean "EVM support"
+ bool "EVM support"
select KEYS
select ENCRYPTED_KEYS
select CRYPTO_HMAC
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 0c7aea4dea54..486ef6fa393b 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -414,6 +414,7 @@ link_check_failed:
link_prealloc_failed:
mutex_unlock(&user->cons_lock);
+ key_put(key);
kleave(" = %d [prelink]", ret);
return ret;
diff --git a/security/security.c b/security/security.c
index 18b35c63fc0c..e81d5bbe7363 100644
--- a/security/security.c
+++ b/security/security.c
@@ -135,6 +135,29 @@ int __init register_security(struct security_operations *ops)
/* Security operations */
+int security_binder_set_context_mgr(struct task_struct *mgr)
+{
+ return security_ops->binder_set_context_mgr(mgr);
+}
+
+int security_binder_transaction(struct task_struct *from,
+ struct task_struct *to)
+{
+ return security_ops->binder_transaction(from, to);
+}
+
+int security_binder_transfer_binder(struct task_struct *from,
+ struct task_struct *to)
+{
+ return security_ops->binder_transfer_binder(from, to);
+}
+
+int security_binder_transfer_file(struct task_struct *from,
+ struct task_struct *to, struct file *file)
+{
+ return security_ops->binder_transfer_file(from, to, file);
+}
+
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
#ifdef CONFIG_SECURITY_YAMA_STACKED
@@ -726,16 +749,15 @@ static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
return prot | PROT_EXEC;
/*
* ditto if it's not on noexec mount, except that on !MMU we need
- * BDI_CAP_EXEC_MMAP (== VM_MAYEXEC) in this case
+ * NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case
*/
if (!(file->f_path.mnt->mnt_flags & MNT_NOEXEC)) {
#ifndef CONFIG_MMU
- unsigned long caps = 0;
- struct address_space *mapping = file->f_mapping;
- if (mapping && mapping->backing_dev_info)
- caps = mapping->backing_dev_info->capabilities;
- if (!(caps & BDI_CAP_EXEC_MAP))
- return prot;
+ if (file->f_op->mmap_capabilities) {
+ unsigned caps = file->f_op->mmap_capabilities(file);
+ if (!(caps & NOMMU_MAP_EXEC))
+ return prot;
+ }
#endif
return prot | PROT_EXEC;
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 87a915656eab..4d1a54190388 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1799,7 +1799,7 @@ static inline int may_rename(struct inode *old_dir,
old_dsec = old_dir->i_security;
old_isec = old_dentry->d_inode->i_security;
- old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
+ old_is_dir = d_is_dir(old_dentry);
new_dsec = new_dir->i_security;
ad.type = LSM_AUDIT_DATA_DENTRY;
@@ -1822,14 +1822,14 @@ static inline int may_rename(struct inode *old_dir,
ad.u.dentry = new_dentry;
av = DIR__ADD_NAME | DIR__SEARCH;
- if (new_dentry->d_inode)
+ if (d_is_positive(new_dentry))
av |= DIR__REMOVE_NAME;
rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
if (rc)
return rc;
- if (new_dentry->d_inode) {
+ if (d_is_positive(new_dentry)) {
new_isec = new_dentry->d_inode->i_security;
- new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
+ new_is_dir = d_is_dir(new_dentry);
rc = avc_has_perm(sid, new_isec->sid,
new_isec->sclass,
(new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
@@ -1920,6 +1920,74 @@ static inline u32 open_file_to_av(struct file *file)
/* Hook functions begin here. */
+static int selinux_binder_set_context_mgr(struct task_struct *mgr)
+{
+ u32 mysid = current_sid();
+ u32 mgrsid = task_sid(mgr);
+
+ return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER,
+ BINDER__SET_CONTEXT_MGR, NULL);
+}
+
+static int selinux_binder_transaction(struct task_struct *from,
+ struct task_struct *to)
+{
+ u32 mysid = current_sid();
+ u32 fromsid = task_sid(from);
+ u32 tosid = task_sid(to);
+ int rc;
+
+ if (mysid != fromsid) {
+ rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER,
+ BINDER__IMPERSONATE, NULL);
+ if (rc)
+ return rc;
+ }
+
+ return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
+ NULL);
+}
+
+static int selinux_binder_transfer_binder(struct task_struct *from,
+ struct task_struct *to)
+{
+ u32 fromsid = task_sid(from);
+ u32 tosid = task_sid(to);
+
+ return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
+ NULL);
+}
+
+static int selinux_binder_transfer_file(struct task_struct *from,
+ struct task_struct *to,
+ struct file *file)
+{
+ u32 sid = task_sid(to);
+ struct file_security_struct *fsec = file->f_security;
+ struct inode *inode = file->f_path.dentry->d_inode;
+ struct inode_security_struct *isec = inode->i_security;
+ struct common_audit_data ad;
+ int rc;
+
+ ad.type = LSM_AUDIT_DATA_PATH;
+ ad.u.path = file->f_path;
+
+ if (sid != fsec->sid) {
+ rc = avc_has_perm(sid, fsec->sid,
+ SECCLASS_FD,
+ FD__USE,
+ &ad);
+ if (rc)
+ return rc;
+ }
+
+ if (unlikely(IS_PRIVATE(inode)))
+ return 0;
+
+ return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
+ &ad);
+}
+
static int selinux_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
@@ -5797,6 +5865,11 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
static struct security_operations selinux_ops = {
.name = "selinux",
+ .binder_set_context_mgr = selinux_binder_set_context_mgr,
+ .binder_transaction = selinux_binder_transaction,
+ .binder_transfer_binder = selinux_binder_transfer_binder,
+ .binder_transfer_file = selinux_binder_transfer_file,
+
.ptrace_access_check = selinux_ptrace_access_check,
.ptrace_traceme = selinux_ptrace_traceme,
.capget = selinux_capget,
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index be491a74c1ed..eccd61b3de8a 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -151,5 +151,7 @@ struct security_class_mapping secclass_map[] = {
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
{ "tun_socket",
{ COMMON_SOCK_PERMS, "attach_queue", NULL } },
+ { "binder", { "impersonate", "call", "set_context_mgr", "transfer",
+ NULL } },
{ NULL }
};
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 33db1ad4fd10..1684bcc78b34 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1195,30 +1195,8 @@ static const struct file_operations sel_commit_bools_ops = {
static void sel_remove_entries(struct dentry *de)
{
- struct list_head *node;
-
- spin_lock(&de->d_lock);
- node = de->d_subdirs.next;
- while (node != &de->d_subdirs) {
- struct dentry *d = list_entry(node, struct dentry, d_child);
-
- spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED);
- list_del_init(node);
-
- if (d->d_inode) {
- dget_dlock(d);
- spin_unlock(&de->d_lock);
- spin_unlock(&d->d_lock);
- d_delete(d);
- simple_unlink(de->d_inode, d);
- dput(d);
- spin_lock(&de->d_lock);
- } else
- spin_unlock(&d->d_lock);
- node = de->d_subdirs.next;
- }
-
- spin_unlock(&de->d_lock);
+ d_genocide(de);
+ shrink_dcache_parent(de);
}
#define BOOL_DIR_NAME "booleans"
@@ -1668,37 +1646,13 @@ static int sel_make_class_dir_entries(char *classname, int index,
return rc;
}
-static void sel_remove_classes(void)
-{
- struct list_head *class_node;
-
- list_for_each(class_node, &class_dir->d_subdirs) {
- struct dentry *class_subdir = list_entry(class_node,
- struct dentry, d_child);
- struct list_head *class_subdir_node;
-
- list_for_each(class_subdir_node, &class_subdir->d_subdirs) {
- struct dentry *d = list_entry(class_subdir_node,
- struct dentry, d_child);
-
- if (d->d_inode)
- if (d->d_inode->i_mode & S_IFDIR)
- sel_remove_entries(d);
- }
-
- sel_remove_entries(class_subdir);
- }
-
- sel_remove_entries(class_dir);
-}
-
static int sel_make_classes(void)
{
int rc, nclasses, i;
char **classes;
/* delete any existing entries */
- sel_remove_classes();
+ sel_remove_entries(class_dir);
rc = security_get_classes(&classes, &nclasses);
if (rc)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index a0ccce4e46f8..c934311812f1 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -855,7 +855,7 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
rc = smk_curacc(isp, MAY_WRITE, &ad);
rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
- if (rc == 0 && new_dentry->d_inode != NULL) {
+ if (rc == 0 && d_is_positive(new_dentry)) {
isp = smk_of_inode(new_dentry->d_inode);
smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
rc = smk_curacc(isp, MAY_WRITE, &ad);
@@ -961,7 +961,7 @@ static int smack_inode_rename(struct inode *old_inode,
rc = smk_curacc(isp, MAY_READWRITE, &ad);
rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
- if (rc == 0 && new_dentry->d_inode != NULL) {
+ if (rc == 0 && d_is_positive(new_dentry)) {
isp = smk_of_inode(new_dentry->d_inode);
smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
rc = smk_curacc(isp, MAY_READWRITE, &ad);
@@ -3818,6 +3818,18 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
}
#endif /* CONFIG_IPV6 */
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+ /*
+ * If there is a secmark use it rather than the CIPSO label.
+ * If there is no secmark fall back to CIPSO.
+ * The secmark is assumed to reflect policy better.
+ */
+ if (skb && skb->secmark != 0) {
+ skp = smack_from_secid(skb->secmark);
+ goto access_check;
+ }
+#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
+
netlbl_secattr_init(&secattr);
rc = netlbl_skbuff_getattr(skb, family, &secattr);
if (rc == 0)
@@ -3826,6 +3838,10 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
skp = &smack_known_huh;
netlbl_secattr_destroy(&secattr);
+#ifdef CONFIG_SECURITY_SMACK_NETFILTER
+access_check:
+#endif
+
#ifdef CONFIG_AUDIT
smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ad.a.u.net->family = family;
diff --git a/security/tomoyo/Kconfig b/security/tomoyo/Kconfig
index 8eb779b9d77f..604e718d68d3 100644
--- a/security/tomoyo/Kconfig
+++ b/security/tomoyo/Kconfig
@@ -5,6 +5,7 @@ config SECURITY_TOMOYO
select SECURITYFS
select SECURITY_PATH
select SECURITY_NETWORK
+ select SRCU
default n
help
This selects TOMOYO Linux, pathname-based access control.
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 400390790745..c151a1869597 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -905,11 +905,9 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
!tomoyo_get_realpath(&buf2, path2))
goto out;
switch (operation) {
- struct dentry *dentry;
case TOMOYO_TYPE_RENAME:
case TOMOYO_TYPE_LINK:
- dentry = path1->dentry;
- if (!dentry->d_inode || !S_ISDIR(dentry->d_inode->i_mode))
+ if (!d_is_dir(path1->dentry))
break;
/* fall through */
case TOMOYO_TYPE_PIVOT_ROOT: