[GIT PULL] security subsystem updates for v4.13

James Morris jmorris at namei.org
Mon Jul 3 23:33:31 UTC 2017


Hi Linus,

- This update includes a major update for AppArmor. From JJ: 

" * several bug fixes and cleanups
  * the patch to add symlink support to securityfs that was floated on
    the list earlier and the apparmorfs changes that make use of
    securityfs symlinks
  * it introduces the domain labeling base code that Ubuntu has been
    carrying for several years, with several cleanups applied. And it
    converts the current mediation over to using the domain labeling
    base, which brings domain stacking support with it. This finally
    will bring the base upstream code in line with Ubuntu and provide a
    base to upstream the new feature work that Ubuntu carries.

  This request does not contain any of the newer apparmor mediation
  features/controls (mount, signals, network, keys, ...) that Ubuntu is
  currently carrying, all of which will be RFC'd on top of this.  "

- Notable also is the Infiniband work in SELinux, and the new file:map 
permission.  From Paul:

" While we're down to 21 patches for v4.13 (it was 31 for v4.12), the
  diffstat jumps up tremendously with over 2k of line changes.  Almost  
  all of these changes are the SELinux/IB work done by Daniel Jurgens;
  some other noteworthy changes include a NFS v4.2 labeling fix, a new
  file:map permission, and reporting of policy capabilities on policy
  load.  "

There's also now genfscon labeling support for tracefs, which was lost in 
v4.1 with the separation from debugfs.

- Smack incorporates a safer socket check in file_receive, and adds a 
cap_capable call in privilege check.

- TPM as usual has a bunch of fixes and enhancements.

- Multiple calls to security_add_hooks() can now be made for the same LSM, 
to allow LSMs to have hook declarations across multiple files.

- IMA now supports different "ima_appraise=" modes (eg. log, fix) from the 
  boot command line.

Please pull!


---

The following changes since commit e0f3e8f14da868047c524a0cf11e08b95fd1b008:

  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux (2017-07-03 15:39:36 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

Andy Shevchenko (1):
      tpm/st33zp24: Switch to devm_acpi_dev_add_driver_gpios()

Ben Hutchings (1):
      IMA: Correct Kconfig dependencies for hash selection

Bryan Freed (1):
      tpm: Apply a sane minimum adapterlimit value for retransmission.

Casey Schaufler (2):
      Smack: Safer check for a socket in file_receive
      Smack: Use cap_capable in privilege check

Dan Carpenter (1):
      apparmor: Fix error cod in __aa_fs_profile_mkdir()

Daniel Jurgens (9):
      IB/core: IB cache enhancements to support Infiniband security
      IB/core: Enforce PKey security on QPs
      selinux lsm IB/core: Implement LSM notification system
      IB/core: Enforce security on management datagrams
      selinux: Create policydb version for Infiniband support
      selinux: Allocate and free infiniband security hooks
      selinux: Implement Infiniband PKey "Access" access vector
      selinux: Add IB Port SMP access vector
      selinux: Add a cache for quicker retreival of PKey SIDs

Eric Richter (1):
      IMA: update IMA policy documentation to include pcr= option

Florian Westphal (2):
      smack: use pernet operations for hook registration
      selinux: use pernet operations for hook registration

Geert Uytterhoeven (1):
      security: Grammar s/allocates/allocated/

Geliang Tang (1):
      ima: use memdup_user_nul

Gustavo A. R. Silva (1):
      tpm/tpm_atmel: remove unnecessary NULL check

James Morris (4):
      Sync to mainline for security submaintainers to work against
      Merge branch 'smack-for-4.13' of git://github.com/cschaufler/smack-next into next
      Merge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/selinux into next
      Merge tag 'seccomp-next' of git://git.kernel.org/.../kees/linux into next

Jarkko Sakkinen (3):
      tpm: fix byte order related arithmetic inconsistency in tpm_getcap()
      tpm, tpm_infineon: remove useless snprintf() calls
      tpm: remove struct tpm_pcrextend_in

Jason Gunthorpe (3):
      tpm_tis: Fix IRQ autoprobing when using platform_device
      tpm_tis: Use platform_get_irq
      tpm_tis: Consolidate the platform and acpi probe flow

Jeff Vander Stoep (1):
      selinux: enable genfscon labeling for tracefs

John Johansen (59):
      apparmor: move file context into file.h
      apparmor: make internal lib fn skipn_spaces available to the rest of apparmor
      apparmor: allow profiles to provide info to disconnected paths
      apparmor: Move path lookup to using preallocated buffers
      securityfs: add the ability to support symlinks
      apparmor: move to per loaddata files, instead of replicating in profiles
      apparmor: use macro template to simplify profile seq_files
      apparmor: use macro template to simplify namespace seq_files
      apparmor: add custom apparmorfs that will be used by policy namespace files
      apparmor: rename apparmor file fns and data to indicate use
      apparmor: allow specifying an already created dir to create ns entries in
      apparmor: convert from securityfs to apparmorfs for policy ns files
      apparmor: move permissions into their own file to be more easily shared
      apparmor: rework perm mapping to a slightly broader set
      apparmor: provide finer control over policy management
      apparmor: add policy revision file interface
      apparmor: add mkdir/rmdir interface to manage policy namespaces
      apparmor: add label data availability to the feature set
      apparmor: speed up transactional queries
      apparmor: add fn to test if profile supports a given mediation class
      apparmor: add gerneric permissions struct and support fns
      apparmor: switch from file_perms to aa_perms
      apparmor: add profile permission query ability
      apparmor: provide information about path buffer size at boot
      apparmor: cleanup __find_child()
      apparmor: add namespace lookup fns()
      apparmor: fix policy load/remove semantics
      apparmor: fix apparmor_query data
      apparmor: fix display of ns name
      apparmor: move bprm_committing_creds/committed_creds to lsm.c
      apparmor: convert to profile block critical sections
      apparmor: share profile name on replacement
      apparmor: refactor updating profiles to the newest parent
      apparmor: cleanup remove unused and not fully implemented profile rename
      apparmor: convert aa_change_XXX bool parameters to flags
      apparmor: cleanup rename XXX_file_context() to XXX_file_ctx()
      apparmor: revalidate files during exec
      apparmor: add the base fns() for domain labels
      apparmor: switch from profiles to using labels on contexts
      apparmor: switch getprocattr to using label_print fns()
      apparmor: update query interface to support label queries
      apparmor: move capability checks to using labels
      apparmor: move resource checks to using labels
      apparmor: add cross check permission helper macros
      apparmor: move ptrace checks to using labels
      apparmor: allow ptrace checks to be finer grained than just capability
      apparmor: move aa_file_perm() to use labels
      apparmor: update aa_audit_file() to use labels
      apparmor: refactor path name lookup and permission checks around labels
      apparmor: move path_link mediation to using labels
      apparmor: rework file permission to cache file access in file->ctx
      apparmor: mediate files when they are received
      apparmor: support v7 transition format compatible with label_parse
      apparmor: move exec domain mediation to using labels
      apparmor: move change_hat mediation to using labels
      apparmor: move change_profile mediation to using labels
      apparmor: add domain label stacking info to apparmorfs
      apparmor: add stacked domain labels interface
      apparmor: export that basic profile namespaces are supported

Junil Lee (1):
      selinux: use kmem_cache for ebitmap

Kees Cook (3):
      seccomp: Clean up core dump logic
      seccomp: Adjust selftests to avoid double-join
      seccomp: Switch from atomic_t to recount_t

Laura Abbott (1):
      ima: Add cgroups2 to the defaults list

Markus Elfring (4):
      selinux: Return directly after a failed memory allocation in policydb_index()
      selinux: Return an error code only as a constant in sidtab_insert()
      apparmorfs: Combine two function calls into one in aa_fs_seq_raw_abi_show()
      apparmorfs: Use seq_putc() in two functions

Matthias Kaehlcke (1):
      selinux: Remove redundant check for unknown labeling behavior

Mickaël Salaün (1):
      LSM: Enable multiple calls to security_add_hooks() for the same LSM

Mimi Zohar (4):
      ima: extend the "ima_policy" boot command line to support multiple policies
      ima: define a set of appraisal rules requiring file signatures
      ima: define Kconfig IMA_APPRAISE_BOOTPARAM option
      ima: define is_ima_appraise_enabled()

Peter Huewe (1):
      tpm, tpmrm: Mark tpmrm_write as static

Roberto Sassu (7):
      tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header
      tpm: move endianness conversion of ordinals to tpm_input_header
      tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()
      ima: introduce ima_parse_buf()
      ima: use ima_parse_buf() to parse measurements headers
      ima: use ima_parse_buf() to parse template data
      ima: fix get_binary_runtime_size()

Scott Mayhew (1):
      security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior

Stefan Berger (4):
      tpm: vtpm_proxy: Suppress error logging when in closed state
      tpm: Introduce flag TPM_TRANSMIT_RAW
      tpm: vtpm_proxy: Implement request_locality function.
      tpm: vtpm_proxy: Prevent userspace from sending driver command

Stephen Rothwell (1):
      apparmor: put back designators in struct initialisers

Stephen Smalley (4):
      selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checks
      selinux: add a map permission check for mmap
      selinux: do not check open permission on sockets
      selinux: log policy capability state when a policy is loaded

Tetsuo Handa (1):
      selinux: Use task_alloc hook rather than task_create hook

Thiago Jung Bauermann (3):
      integrity: Small code improvements
      ima: Simplify policy_func_show.
      ima: Log the same audit cause whenever a file has no signature

Thomas Schneider (1):
      security/apparmor: Use POSIX-compatible "printf '%s'"

Tycho Andersen (1):
      ima: fix up #endif comments

 Documentation/ABI/testing/ima_policy            |    8 +-
 Documentation/admin-guide/kernel-parameters.txt |   21 +-
 drivers/char/tpm/st33zp24/i2c.c                 |    3 +-
 drivers/char/tpm/st33zp24/spi.c                 |    3 +-
 drivers/char/tpm/tpm-interface.c                |  118 +-
 drivers/char/tpm/tpm-sysfs.c                    |    6 +-
 drivers/char/tpm/tpm.h                          |   22 +-
 drivers/char/tpm/tpm2-cmd.c                     |    2 +-
 drivers/char/tpm/tpm_atmel.c                    |   12 +-
 drivers/char/tpm/tpm_i2c_infineon.c             |   76 +-
 drivers/char/tpm/tpm_infineon.c                 |    8 +-
 drivers/char/tpm/tpm_tis.c                      |  175 +--
 drivers/char/tpm/tpm_vtpm_proxy.c               |   69 +
 drivers/char/tpm/tpmrm-dev.c                    |    2 +-
 drivers/infiniband/core/Makefile                |    3 +-
 drivers/infiniband/core/cache.c                 |   43 +-
 drivers/infiniband/core/core_priv.h             |  115 ++
 drivers/infiniband/core/device.c                |   86 +
 drivers/infiniband/core/mad.c                   |   52 +-
 drivers/infiniband/core/security.c              |  705 ++++++++
 drivers/infiniband/core/uverbs_cmd.c            |   15 +-
 drivers/infiniband/core/verbs.c                 |   27 +-
 fs/nfs/super.c                                  |   17 +-
 include/linux/ima.h                             |    6 +
 include/linux/lsm_audit.h                       |   15 +
 include/linux/lsm_hooks.h                       |   39 +-
 include/linux/security.h                        |   70 +-
 include/rdma/ib_mad.h                           |    4 +
 include/rdma/ib_verbs.h                         |   49 +
 include/uapi/linux/magic.h                      |    2 +
 include/uapi/linux/vtpm_proxy.h                 |    4 +
 kernel/seccomp.c                                |   16 +-
 security/Kconfig                                |   11 +-
 security/apparmor/Makefile                      |    8 +-
 security/apparmor/apparmorfs.c                  | 1672 +++++++++++++++----
 security/apparmor/audit.c                       |   27 +-
 security/apparmor/capability.c                  |   61 +-
 security/apparmor/context.c                     |   87 +-
 security/apparmor/domain.c                      | 1393 ++++++++++-----
 security/apparmor/file.c                        |  517 ++++--
 security/apparmor/include/apparmor.h            |    6 +-
 security/apparmor/include/apparmorfs.h          |   67 +-
 security/apparmor/include/audit.h               |   17 +-
 security/apparmor/include/capability.h          |    8 +-
 security/apparmor/include/context.h             |  201 ++-
 security/apparmor/include/domain.h              |   13 +-
 security/apparmor/include/file.h                |  114 +-
 security/apparmor/include/ipc.h                 |   16 +-
 security/apparmor/include/label.h               |  441 +++++
 security/apparmor/include/lib.h                 |  120 ++-
 security/apparmor/include/path.h                |    7 +-
 security/apparmor/include/perms.h               |  155 ++
 security/apparmor/include/policy.h              |  131 +-
 security/apparmor/include/policy_ns.h           |   21 +
 security/apparmor/include/policy_unpack.h       |   68 +-
 security/apparmor/include/procattr.h            |    8 +-
 security/apparmor/include/resource.h            |    6 +-
 security/apparmor/ipc.c                         |  140 +-
 security/apparmor/label.c                       | 2120 +++++++++++++++++++++++
 security/apparmor/lib.c                         |  368 ++++-
 security/apparmor/lsm.c                         |  245 ++-
 security/apparmor/path.c                        |  130 +-
 security/apparmor/policy.c                      |  392 +++--
 security/apparmor/policy_ns.c                   |   80 +-
 security/apparmor/policy_unpack.c               |   96 +-
 security/apparmor/procattr.c                    |   71 +-
 security/apparmor/resource.c                    |  116 +-
 security/inode.c                                |  144 ++-
 security/integrity/digsig_asymmetric.c          |    4 +-
 security/integrity/iint.c                       |    2 +-
 security/integrity/ima/Kconfig                  |   16 +-
 security/integrity/ima/ima.h                    |   31 +-
 security/integrity/ima/ima_appraise.c           |   16 +-
 security/integrity/ima/ima_fs.c                 |   13 +-
 security/integrity/ima/ima_policy.c             |  106 +-
 security/integrity/ima/ima_queue.c              |    2 +-
 security/integrity/ima/ima_template.c           |  124 +-
 security/integrity/ima/ima_template_lib.c       |   61 +
 security/integrity/ima/ima_template_lib.h       |    6 +
 security/integrity/integrity.h                  |    7 +-
 security/lsm_audit.c                            |   16 +
 security/security.c                             |   74 +-
 security/selinux/Makefile                       |    2 +-
 security/selinux/hooks.c                        |  212 ++-
 security/selinux/ibpkey.c                       |  245 +++
 security/selinux/include/classmap.h             |    6 +-
 security/selinux/include/ibpkey.h               |   31 +
 security/selinux/include/objsec.h               |   11 +
 security/selinux/include/security.h             |    9 +-
 security/selinux/selinuxfs.c                    |   15 +-
 security/selinux/ss/ebitmap.c                   |   26 +-
 security/selinux/ss/ebitmap.h                   |    3 +
 security/selinux/ss/policydb.c                  |  127 ++-
 security/selinux/ss/policydb.h                  |   27 +-
 security/selinux/ss/services.c                  |  108 ++
 security/selinux/ss/sidtab.c                    |   27 +-
 security/smack/smack.h                          |    2 +-
 security/smack/smack_access.c                   |   19 +-
 security/smack/smack_lsm.c                      |    2 +-
 security/smack/smack_netfilter.c                |   26 +-
 tools/testing/selftests/seccomp/seccomp_bpf.c   |   51 +-
 101 files changed, 9902 insertions(+), 2395 deletions(-)
 create mode 100644 drivers/infiniband/core/security.c
 create mode 100644 security/apparmor/include/label.h
 create mode 100644 security/apparmor/include/perms.h
 create mode 100644 security/apparmor/label.c
 create mode 100644 security/selinux/ibpkey.c
 create mode 100644 security/selinux/include/ibpkey.h


More information about the Linux-security-module-archive mailing list