Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.0 2015-01-25T17:17:57Z 2015-01-25T17:17:57Z Stephen Smalley sds@tycho.nsa.gov 2015-01-21T15:54:10Z urn:sha1:79af73079d753b2d04e46f7445716d3b5f914dbd Add security hooks to the binder and implement the hooks for SELinux. The security hooks enable security modules such as SELinux to implement controls over binder IPC. The security hooks include support for controlling what process can become the binder context manager (binder_set_context_mgr), controlling the ability of a process to invoke a binder transaction/IPC to another process (binder_transaction), controlling the ability of a process to transfer a binder reference to another process (binder_transfer_binder), and controlling the ability of a process to transfer an open file to another process (binder_transfer_file). These hooks have been included in the Android kernel trees since Android 4.3. (Updated to reflect upstream relocation and changes to the binder driver, changes to the LSM audit data structures, coding style cleanups, and to add inline documentation for the hooks). Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Nick Kralevich <nnk@google.com> Acked-by: Jeffrey Vander Stoep <jeffv@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-10-12T14:13:55Z Linus Torvalds torvalds@linux-foundation.org 2014-10-12T14:13:55Z urn:sha1:5e40d331bd72447197f26525f21711c4a265b6a6 Pull security subsystem updates from James Morris. Mostly ima, selinux, smack and key handling updates. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits) integrity: do zero padding of the key id KEYS: output last portion of fingerprint in /proc/keys KEYS: strip 'id:' from ca_keyid KEYS: use swapped SKID for performing partial matching KEYS: Restore partial ID matching functionality for asymmetric keys X.509: If available, use the raw subjKeyId to form the key description KEYS: handle error code encoded in pointer selinux: normalize audit log formatting selinux: cleanup error reporting in selinux_nlmsg_perm() KEYS: Check hex2bin()'s return when generating an asymmetric key ID ima: detect violations for mmaped files ima: fix race condition on ima_rdwr_violation_check and process_measurement ima: added ima_policy_flag variable ima: return an error code from ima_add_boot_aggregate() ima: provide 'ima_appraise=log' kernel option ima: move keyring initialization to ima_init() PKCS#7: Handle PKCS#7 messages that contain no X.509 certs PKCS#7: Better handling of unsupported crypto KEYS: Overhaul key identification when searching for asymmetric keys KEYS: Implement binary asymmetric key ID handling ... 2014-09-09T20:01:36Z Jeff Layton jlayton@primarydata.com 2014-08-22T15:27:32Z urn:sha1:e0b93eddfe17dcb7d644eb5d6ad02a86fc41a977 security_file_set_fowner always returns 0, so make it f_setown and __f_setown void return functions and fix up the error handling in the callers. Cc: linux-security-module@vger.kernel.org Signed-off-by: Jeff Layton <jlayton@primarydata.com> Reviewed-by: Christoph Hellwig <hch@lst.de> 2014-09-02T13:07:55Z Mark Rustad mark.d.rustad@intel.com 2014-08-28T11:43:09Z urn:sha1:fbff66108352d19b5cffa7dce26d7638c9dd4d70 Renaming an unused formal parameter in the static inline function security_inode_init_security eliminates many W=2 warnings. Signed-off-by: Mark Rustad <mark.d.rustad@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2014-07-29T15:31:46Z James Morris james.l.morris@oracle.com 2014-07-29T15:31:46Z urn:sha1:167225b775d47954d702db4743f9d918aabab0a8 2014-07-28T14:46:07Z Paul Moore pmoore@redhat.com 2014-07-28T14:42:48Z urn:sha1:2873ead7e46694910ac49c3a8ee0f54956f96e0c This reverts commit 4da6daf4d3df5a977e4623963f141a627fd2efce. Unfortunately, the commit in question caused problems with Bluetooth devices, specifically it caused them to get caught in the newly created BUG_ON() check. The AF_ALG problem still exists, but will be addressed in a future patch. Cc: stable@vger.kernel.org Signed-off-by: Paul Moore <pmoore@redhat.com> 2014-07-25T18:47:45Z Kees Cook keescook@chromium.org 2014-02-25T18:28:04Z urn:sha1:13752fe2d7f2d41c2fd92a5d1b1c6e38c4de0c05 In order to validate the contents of firmware being loaded, there must be a hook to evaluate any loaded firmware that wasn't built into the kernel itself. Without this, there is a risk that a root user could load malicious firmware designed to mount an attack against kernel memory (e.g. via DMA). Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Takashi Iwai <tiwai@suse.de> 2014-07-16T17:05:51Z James Morris james.l.morris@oracle.com 2014-07-16T17:05:51Z urn:sha1:b6b8a371f5541c2b839caba84fede693f3fcc43d 2014-07-10T14:17:48Z Paul Moore pmoore@redhat.com 2014-07-10T14:17:48Z urn:sha1:4da6daf4d3df5a977e4623963f141a627fd2efce The sock_graft() hook has special handling for AF_INET, AF_INET, and AF_UNIX sockets as those address families have special hooks which label the sock before it is attached its associated socket. Unfortunately, the sock_graft() hook was missing a default approach to labeling sockets which meant that any other address family which made use of connections or the accept() syscall would find the returned socket to be in an "unlabeled" state. This was recently demonstrated by the kcrypto/AF_ALG subsystem and the newly released cryptsetup package (cryptsetup v1.6.5 and later). This patch preserves the special handling in selinux_sock_graft(), but adds a default behavior - setting the sock's label equal to the associated socket - which resolves the problem with AF_ALG and presumably any other address family which makes use of accept(). Cc: stable@vger.kernel.org Signed-off-by: Paul Moore <pmoore@redhat.com> Tested-by: Milan Broz <gmazyland@gmail.com> 2014-06-24T08:46:07Z James Morris james.l.morris@oracle.com 2014-06-24T08:46:07Z urn:sha1:f01387d2693813eb5271a3448e6a082322c7d75d