Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (30 commits)
TOMOYO: Add recursive directory matching operator support.
remove CONFIG_SECURITY_FILE_CAPABILITIES compile option
SELinux: print denials for buggy kernel with unknown perms
Silence the existing API for capability version compatibility check.
LSM: Move security_path_chmod()/security_path_chown() to after mutex_lock().
SELinux: header generation may hit infinite loop
selinux: Fix warnings
security: report the module name to security_module_request
Config option to set a default LSM
sysctl: require CAP_SYS_RAWIO to set mmap_min_addr
tpm: autoload tpm_tis based on system PnP IDs
tpm_tis: TPM_STS_DATA_EXPECT workaround
define convenient securebits masks for prctl users (v2)
tpm: fix header for modular build
tomoyo: improve hash bucket dispersion
tpm add default function definitions
LSM: imbed ima calls in the security hooks
SELinux: add .gitignore files for dynamic classes
security: remove root_plug
SELinux: fix locking issue introduced with c6d3aaa4e3
...
This commit is contained in:
Linus Torvalds
commit
83fdbfbfe6
55 changed files with 1094 additions and 2194 deletions
|
|
@ -330,6 +330,7 @@ unifdef-y += scc.h
|
|||
unifdef-y += sched.h
|
||||
unifdef-y += screen_info.h
|
||||
unifdef-y += sdla.h
|
||||
unifdef-y += securebits.h
|
||||
unifdef-y += selinux_netlink.h
|
||||
unifdef-y += sem.h
|
||||
unifdef-y += serial_core.h
|
||||
|
|
|
|||
|
|
@ -92,9 +92,7 @@ struct vfs_cap_data {
|
|||
#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
|
||||
#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
|
||||
|
||||
#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
|
||||
extern int file_caps_enabled;
|
||||
#endif
|
||||
|
||||
typedef struct kernel_cap_struct {
|
||||
__u32 cap[_KERNEL_CAPABILITY_U32S];
|
||||
|
|
|
|||
|
|
@ -83,16 +83,12 @@ extern struct group_info init_groups;
|
|||
#define INIT_IDS
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
|
||||
/*
|
||||
* Because of the reduced scope of CAP_SETPCAP when filesystem
|
||||
* capabilities are in effect, it is safe to allow CAP_SETPCAP to
|
||||
* be available in the default configuration.
|
||||
*/
|
||||
# define CAP_INIT_BSET CAP_FULL_SET
|
||||
#else
|
||||
# define CAP_INIT_BSET CAP_INIT_EFF_SET
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_TREE_PREEMPT_RCU
|
||||
#define INIT_TASK_RCU_PREEMPT(tsk) \
|
||||
|
|
|
|||
|
|
@ -26,14 +26,15 @@
|
|||
|
||||
/* Auxiliary data to use in generating the audit record. */
|
||||
struct common_audit_data {
|
||||
char type;
|
||||
#define LSM_AUDIT_DATA_FS 1
|
||||
#define LSM_AUDIT_DATA_NET 2
|
||||
#define LSM_AUDIT_DATA_CAP 3
|
||||
#define LSM_AUDIT_DATA_IPC 4
|
||||
#define LSM_AUDIT_DATA_TASK 5
|
||||
#define LSM_AUDIT_DATA_KEY 6
|
||||
#define LSM_AUDIT_NO_AUDIT 7
|
||||
char type;
|
||||
#define LSM_AUDIT_DATA_FS 1
|
||||
#define LSM_AUDIT_DATA_NET 2
|
||||
#define LSM_AUDIT_DATA_CAP 3
|
||||
#define LSM_AUDIT_DATA_IPC 4
|
||||
#define LSM_AUDIT_DATA_TASK 5
|
||||
#define LSM_AUDIT_DATA_KEY 6
|
||||
#define LSM_AUDIT_NO_AUDIT 7
|
||||
#define LSM_AUDIT_DATA_KMOD 8
|
||||
struct task_struct *tsk;
|
||||
union {
|
||||
struct {
|
||||
|
|
@ -66,6 +67,7 @@ struct common_audit_data {
|
|||
char *key_desc;
|
||||
} key_struct;
|
||||
#endif
|
||||
char *kmod_name;
|
||||
} u;
|
||||
/* this union contains LSM specific data */
|
||||
union {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,15 @@
|
|||
#ifndef _LINUX_SECUREBITS_H
|
||||
#define _LINUX_SECUREBITS_H 1
|
||||
|
||||
/* Each securesetting is implemented using two bits. One bit specifies
|
||||
whether the setting is on or off. The other bit specify whether the
|
||||
setting is locked or not. A setting which is locked cannot be
|
||||
changed from user-level. */
|
||||
#define issecure_mask(X) (1 << (X))
|
||||
#ifdef __KERNEL__
|
||||
#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
|
||||
#endif
|
||||
|
||||
#define SECUREBITS_DEFAULT 0x00000000
|
||||
|
||||
/* When set UID 0 has no special privileges. When unset, we support
|
||||
|
|
@ -12,6 +21,9 @@
|
|||
#define SECURE_NOROOT 0
|
||||
#define SECURE_NOROOT_LOCKED 1 /* make bit-0 immutable */
|
||||
|
||||
#define SECBIT_NOROOT (issecure_mask(SECURE_NOROOT))
|
||||
#define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED))
|
||||
|
||||
/* When set, setuid to/from uid 0 does not trigger capability-"fixup".
|
||||
When unset, to provide compatiblility with old programs relying on
|
||||
set*uid to gain/lose privilege, transitions to/from uid 0 cause
|
||||
|
|
@ -19,6 +31,10 @@
|
|||
#define SECURE_NO_SETUID_FIXUP 2
|
||||
#define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */
|
||||
|
||||
#define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP))
|
||||
#define SECBIT_NO_SETUID_FIXUP_LOCKED \
|
||||
(issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED))
|
||||
|
||||
/* When set, a process can retain its capabilities even after
|
||||
transitioning to a non-root user (the set-uid fixup suppressed by
|
||||
bit 2). Bit-4 is cleared when a process calls exec(); setting both
|
||||
|
|
@ -27,12 +43,8 @@
|
|||
#define SECURE_KEEP_CAPS 4
|
||||
#define SECURE_KEEP_CAPS_LOCKED 5 /* make bit-4 immutable */
|
||||
|
||||
/* Each securesetting is implemented using two bits. One bit specifies
|
||||
whether the setting is on or off. The other bit specify whether the
|
||||
setting is locked or not. A setting which is locked cannot be
|
||||
changed from user-level. */
|
||||
#define issecure_mask(X) (1 << (X))
|
||||
#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
|
||||
#define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS))
|
||||
#define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED))
|
||||
|
||||
#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
|
||||
issecure_mask(SECURE_NO_SETUID_FIXUP) | \
|
||||
|
|
|
|||
|
|
@ -447,6 +447,22 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
* @new_dir contains the path structure for parent of the new link.
|
||||
* @new_dentry contains the dentry structure of the new link.
|
||||
* Return 0 if permission is granted.
|
||||
* @path_chmod:
|
||||
* Check for permission to change DAC's permission of a file or directory.
|
||||
* @dentry contains the dentry structure.
|
||||
* @mnt contains the vfsmnt structure.
|
||||
* @mode contains DAC's mode.
|
||||
* Return 0 if permission is granted.
|
||||
* @path_chown:
|
||||
* Check for permission to change owner/group of a file or directory.
|
||||
* @path contains the path structure.
|
||||
* @uid contains new owner's ID.
|
||||
* @gid contains new group's ID.
|
||||
* Return 0 if permission is granted.
|
||||
* @path_chroot:
|
||||
* Check for permission to change root directory.
|
||||
* @path contains the path structure.
|
||||
* Return 0 if permission is granted.
|
||||
* @inode_readlink:
|
||||
* Check the permission to read the symbolic link.
|
||||
* @dentry contains the dentry structure for the file link.
|
||||
|
|
@ -690,6 +706,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
|||
* @kernel_module_request:
|
||||
* Ability to trigger the kernel to automatically upcall to userspace for
|
||||
* userspace to load a kernel module with the given name.
|
||||
* @kmod_name name of the module requested by the kernel
|
||||
* Return 0 if successful.
|
||||
* @task_setuid:
|
||||
* Check permission before setting one or more of the user identity
|
||||
|
|
@ -1488,6 +1505,10 @@ struct security_operations {
|
|||
struct dentry *new_dentry);
|
||||
int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
|
||||
struct path *new_dir, struct dentry *new_dentry);
|
||||
int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt,
|
||||
mode_t mode);
|
||||
int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
|
||||
int (*path_chroot) (struct path *path);
|
||||
#endif
|
||||
|
||||
int (*inode_alloc_security) (struct inode *inode);
|
||||
|
|
@ -1557,7 +1578,7 @@ struct security_operations {
|
|||
void (*cred_transfer)(struct cred *new, const struct cred *old);
|
||||
int (*kernel_act_as)(struct cred *new, u32 secid);
|
||||
int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
|
||||
int (*kernel_module_request)(void);
|
||||
int (*kernel_module_request)(char *kmod_name);
|
||||
int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
|
||||
int (*task_fix_setuid) (struct cred *new, const struct cred *old,
|
||||
int flags);
|
||||
|
|
@ -1822,7 +1843,7 @@ void security_commit_creds(struct cred *new, const struct cred *old);
|
|||
void security_transfer_creds(struct cred *new, const struct cred *old);
|
||||
int security_kernel_act_as(struct cred *new, u32 secid);
|
||||
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
|
||||
int security_kernel_module_request(void);
|
||||
int security_kernel_module_request(char *kmod_name);
|
||||
int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
|
||||
int security_task_fix_setuid(struct cred *new, const struct cred *old,
|
||||
int flags);
|
||||
|
|
@ -2387,7 +2408,7 @@ static inline int security_kernel_create_files_as(struct cred *cred,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_kernel_module_request(void)
|
||||
static inline int security_kernel_module_request(char *kmod_name)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -2952,6 +2973,10 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
|
|||
struct dentry *new_dentry);
|
||||
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
|
||||
struct path *new_dir, struct dentry *new_dentry);
|
||||
int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
|
||||
mode_t mode);
|
||||
int security_path_chown(struct path *path, uid_t uid, gid_t gid);
|
||||
int security_path_chroot(struct path *path);
|
||||
#else /* CONFIG_SECURITY_PATH */
|
||||
static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
|
||||
{
|
||||
|
|
@ -3001,6 +3026,23 @@ static inline int security_path_rename(struct path *old_dir,
|
|||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_path_chmod(struct dentry *dentry,
|
||||
struct vfsmount *mnt,
|
||||
mode_t mode)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_path_chroot(struct path *path)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_SECURITY_PATH */
|
||||
|
||||
#ifdef CONFIG_KEYS
|
||||
|
|
|
|||
|
|
@ -27,9 +27,16 @@
|
|||
*/
|
||||
#define TPM_ANY_NUM 0xFFFF
|
||||
|
||||
#if defined(CONFIG_TCG_TPM)
|
||||
#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
|
||||
|
||||
extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf);
|
||||
extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash);
|
||||
#else
|
||||
static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) {
|
||||
return -ENODEV;
|
||||
}
|
||||
static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) {
|
||||
return -ENODEV;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue