Revision tags: v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48 |
|
#
70d91dc9 |
| 18-Aug-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: set next pointer before attaching to list
Set the next pointer in filename_trans_read_helper() before attaching the new node under construction to the list, otherwise garbage would be deref
selinux: set next pointer before attaching to list
Set the next pointer in filename_trans_read_helper() before attaching the new node under construction to the list, otherwise garbage would be dereferenced on subsequent failure during cleanup in the out goto label.
Cc: <stable@vger.kernel.org> Fixes: 430059024389 ("selinux: implement new format of filename transitions") Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.1.46, v6.1.45, v6.1.44 |
|
#
dee15375 |
| 07-Aug-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: avoid implicit conversions in policydb code
Use the identical type for local variables, e.g. loop counters.
Declare members of struct policydb_compat_info unsigned to consistently use unsi
selinux: avoid implicit conversions in policydb code
Use the identical type for local variables, e.g. loop counters.
Declare members of struct policydb_compat_info unsigned to consistently use unsigned iterators. They hold read-only non-negative numbers in the global variable policydb_compat.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
817199e0 |
| 07-Aug-2023 |
Paul Moore <paul@paul-moore.com> |
selinux: revert SECINITSID_INIT support
This commit reverts 5b0eea835d4e ("selinux: introduce an initial SID for early boot processes") as it was found to cause problems on distros with old SELinux
selinux: revert SECINITSID_INIT support
This commit reverts 5b0eea835d4e ("selinux: introduce an initial SID for early boot processes") as it was found to cause problems on distros with old SELinux userspace tools/libraries, specifically Ubuntu 16.04.
Hopefully we will be able to re-add this functionality at a later date, but let's revert this for now to help ensure a stable and backwards compatible SELinux tree.
Link: https://lore.kernel.org/selinux/87edkseqf8.fsf@mail.lhotse Acked-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
2b86e04b |
| 07-Aug-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: use GFP_KERNEL while reading binary policy
Use GFP_KERNEL instead of GFP_ATOMIC while reading a binary policy in sens_read() and cat_read(), similar to surrounding code.
Signed-off-by: Chr
selinux: use GFP_KERNEL while reading binary policy
Use GFP_KERNEL instead of GFP_ATOMIC while reading a binary policy in sens_read() and cat_read(), similar to surrounding code.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.1.43 |
|
#
f01dd590 |
| 28-Jul-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: move debug functions into debug configuration
avtab_hash_eval() and hashtab_stat() are only used in policydb.c when the configuration SECURITY_SELINUX_DEBUG is enabled.
Move the function d
selinux: move debug functions into debug configuration
avtab_hash_eval() and hashtab_stat() are only used in policydb.c when the configuration SECURITY_SELINUX_DEBUG is enabled.
Move the function definitions under that configuration as well and provide empty definitions in case SECURITY_SELINUX_DEBUG is disabled, to avoid using #ifdef in the callers.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.1.42, v6.1.41, v6.1.40, v6.1.39 |
|
#
55a0e738 |
| 18-Jul-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: introduce SECURITY_SELINUX_DEBUG configuration
The policy database code contains several debug output statements related to hashtable utilization. Those are guarded by the macro DEBUG_HASH
selinux: introduce SECURITY_SELINUX_DEBUG configuration
The policy database code contains several debug output statements related to hashtable utilization. Those are guarded by the macro DEBUG_HASHES, which is neither documented nor set anywhere.
Introduce a new Kconfig configuration guarding this and potential other future debugging related code. Disable the setting by default.
Suggested-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: fixed line lengths in the help text] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
0fe53224 |
| 19-Jul-2023 |
Stephen Smalley <stephen.smalley.work@gmail.com> |
selinux: update my email address
Update my email address; MAINTAINERS was updated some time ago.
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul
selinux: update my email address
Update my email address; MAINTAINERS was updated some time ago.
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
e5faa839 |
| 18-Jul-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: add missing newlines in pr_err() statements
The kernel print statements do not append an implicit newline to format strings.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM:
selinux: add missing newlines in pr_err() statements
The kernel print statements do not append an implicit newline to format strings.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35 |
|
#
5b0eea83 |
| 20-Jun-2023 |
Ondrej Mosnacek <omosnace@redhat.com> |
selinux: introduce an initial SID for early boot processes
Currently, SELinux doesn't allow distinguishing between kernel threads and userspace processes that are started before the policy is first
selinux: introduce an initial SID for early boot processes
Currently, SELinux doesn't allow distinguishing between kernel threads and userspace processes that are started before the policy is first loaded - both get the label corresponding to the kernel SID. The only way a process that persists from early boot can get a meaningful label is by doing a voluntary dyntransition or re-executing itself.
Reusing the kernel label for userspace processes is problematic for several reasons: 1. The kernel is considered to be a privileged domain and generally needs to have a wide range of permissions allowed to work correctly, which prevents the policy writer from effectively hardening against early boot processes that might remain running unintentionally after the policy is loaded (they represent a potential extra attack surface that should be mitigated). 2. Despite the kernel being treated as a privileged domain, the policy writer may want to impose certain special limitations on kernel threads that may conflict with the requirements of intentional early boot processes. For example, it is a good hardening practice to limit what executables the kernel can execute as usermode helpers and to confine the resulting usermode helper processes. However, a (legitimate) process surviving from early boot may need to execute a different set of executables. 3. As currently implemented, overlayfs remembers the security context of the process that created an overlayfs mount and uses it to bound subsequent operations on files using this context. If an overlayfs mount is created before the SELinux policy is loaded, these "mounter" checks are made against the kernel context, which may clash with restrictions on the kernel domain (see 2.).
To resolve this, introduce a new initial SID (reusing the slot of the former "init" initial SID) that will be assigned to any userspace process started before the policy is first loaded. This is easy to do, as we can simply label any process that goes through the bprm_creds_for_exec LSM hook with the new init-SID instead of propagating the kernel SID from the parent.
To provide backwards compatibility for existing policies that are unaware of this new semantic of the "init" initial SID, introduce a new policy capability "userspace_initial_context" and set the "init" SID to the same context as the "kernel" SID unless this capability is set by the policy.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28 |
|
#
8bfbd046 |
| 11-May-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: deprecated fs ocon
The object context type `fs`, not to be confused with the well used object context type `fscon`, was introduced in the initial git commit 1da177e4c3f4 ("Linux-2.6.12-rc2"
selinux: deprecated fs ocon
The object context type `fs`, not to be confused with the well used object context type `fscon`, was introduced in the initial git commit 1da177e4c3f4 ("Linux-2.6.12-rc2") but never actually used since.
The paper "A Security Policy Configuration for the Security-Enhanced Linux" [1] mentions it under `7.2 File System Contexts` but also states:
Currently, this configuration is unused.
The policy statement defining such object contexts is `fscon`, e.g.:
fscon 2 3 gen_context(system_u:object_r:conA_t,s0) \ gen_context(system_u:object_r:conB_t,s0)
It is not documented at selinuxproject.org or in the SELinux notebook and not supported by the Reference Policy buildsystem - the statement is not properly sorted - and thus not used in the Reference or Fedora Policy.
Print a warning message at policy load for each such object context:
SELinux: void and deprecated fs ocon 02:03
This topic was initially highlighted by Nicolas Iooss [2].
[1]: https://media.defense.gov/2021/Jul/29/2002815735/-1/-1/0/SELINUX-SECURITY-POLICY-CONFIGURATION-REPORT.PDF [2]: https://lore.kernel.org/selinux/CAJfZ7=mP2eJaq2BfO3y0VnwUJaY2cS2p=HZMN71z1pKjzaT0Eg@mail.gmail.com/
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: tweaked deprecation comment, description line wrapping] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.1.27, v6.1.26, v6.3 |
|
#
4158cb60 |
| 20-Apr-2023 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: declare read-only data arrays const
The array of mount tokens in only used in match_opt_prefix() and never modified.
The array of symtab names is never modified and only used in the DEBUG_
selinux: declare read-only data arrays const
The array of mount tokens in only used in match_opt_prefix() and never modified.
The array of symtab names is never modified and only used in the DEBUG_HASHES configuration as output.
The array of files for the SElinux filesystem sub-directory `ss` is similar to the other `struct tree_descr` usages only read from to construct the containing entries.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v6.1.25, v6.1.24, v6.1.23, v6.1.22, v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13, v6.2, v6.1.12, v6.1.11, v6.1.10, v6.1.9, v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12, v6.0.11, v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77, v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3, v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69, v5.15.68, v5.15.67, v5.15.66, v5.15.65, v5.15.64, v5.15.63, v5.15.62, v5.15.61, v5.15.60, v5.15.59, v5.19, v5.15.58, v5.15.57, v5.15.56, v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50, v5.15.49, v5.15.48, v5.15.47, v5.15.46, v5.15.45, v5.15.44, v5.15.43, v5.15.42, v5.18, v5.15.41, v5.15.40, v5.15.39, v5.15.38 |
|
#
ded34574 |
| 02-May-2022 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: declare data arrays const
The arrays for the policy capability names, the initial sid identifiers and the class and permission names are not changed at runtime. Declare them const to avoid
selinux: declare data arrays const
The arrays for the policy capability names, the initial sid identifiers and the class and permission names are not changed at runtime. Declare them const to avoid accidental modification.
Do not override the classmap and the initial sid list in the build time script genheaders.
Check flose(3) is successful in genheaders.c, otherwise the written data might be corrupted or incomplete.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: manual merge due to fuzz, minor style tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
ede17552 |
| 02-May-2022 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: resolve checkpatch errors
Reported by checkpatch:
security/selinux/nlmsgtab.c --------------------------- ERROR: that open brace { should be on the previous line #29: FILE:
selinux: resolve checkpatch errors
Reported by checkpatch:
security/selinux/nlmsgtab.c --------------------------- ERROR: that open brace { should be on the previous line #29: FILE: security/selinux/nlmsgtab.c:29: +static const struct nlmsg_perm nlmsg_route_perms[] = +{
ERROR: that open brace { should be on the previous line #97: FILE: security/selinux/nlmsgtab.c:97: +static const struct nlmsg_perm nlmsg_tcpdiag_perms[] = +{
ERROR: that open brace { should be on the previous line #105: FILE: security/selinux/nlmsgtab.c:105: +static const struct nlmsg_perm nlmsg_xfrm_perms[] = +{
ERROR: that open brace { should be on the previous line #134: FILE: security/selinux/nlmsgtab.c:134: +static const struct nlmsg_perm nlmsg_audit_perms[] = +{
security/selinux/ss/policydb.c ------------------------------ ERROR: that open brace { should be on the previous line #318: FILE: security/selinux/ss/policydb.c:318: +static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = +{
ERROR: that open brace { should be on the previous line #674: FILE: security/selinux/ss/policydb.c:674: +static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = +{
ERROR: that open brace { should be on the previous line #1643: FILE: security/selinux/ss/policydb.c:1643: +static int (*read_f[SYM_NUM]) (struct policydb *p, struct symtab *s, void *fp) = +{
ERROR: that open brace { should be on the previous line #3246: FILE: security/selinux/ss/policydb.c:3246: + void *datap) = +{
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v5.15.37, v5.15.36, v5.15.35, v5.15.34, v5.15.33, v5.15.32, v5.15.31, v5.17, v5.15.30, v5.15.29, v5.15.28, v5.15.27, v5.15.26, v5.15.25, v5.15.24, v5.15.23, v5.15.22, v5.15.21, v5.15.20, v5.15.19, v5.15.18, v5.15.17 |
|
#
b5e68162 |
| 25-Jan-2022 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: drop unused macro
The macro _DEBUG_HASHES is nowhere used. The configuration DEBUG_HASHES enables debugging of the SELinux hash tables, but the with an underscore prefixed macro definition
selinux: drop unused macro
The macro _DEBUG_HASHES is nowhere used. The configuration DEBUG_HASHES enables debugging of the SELinux hash tables, but the with an underscore prefixed macro definition has no direct impact or any documentation.
Reported by clang [-Wunused-macros]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
d3b1161f |
| 25-Jan-2022 |
Christian Göttsche <cgzones@googlemail.com> |
selinux: declare name parameter of hash_eval const
String literals are passed as second argument to hash_eval(). Also the parameter is already declared const in the DEBUG_HASHES configuration.
Repo
selinux: declare name parameter of hash_eval const
String literals are passed as second argument to hash_eval(). Also the parameter is already declared const in the DEBUG_HASHES configuration.
Reported by clang [-Wwrite-strings]:
security/selinux/ss/policydb.c:1881:26: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers hash_eval(&p->range_tr, rangetr); ^~~~~~~~~ security/selinux/ss/policydb.c:707:55: note: passing argument to parameter 'hash_name' here static inline void hash_eval(struct hashtab *h, char *hash_name) ^ security/selinux/ss/policydb.c:2099:32: error: passing 'const char [11]' to parameter of type 'char *' discards qualifiers hash_eval(&p->filename_trans, filenametr); ^~~~~~~~~~~~ security/selinux/ss/policydb.c:707:55: note: passing argument to parameter 'hash_name' here static inline void hash_eval(struct hashtab *h, char *hash_name) ^
Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: line wrapping in description] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v5.4.173, v5.15.16, v5.15.15, v5.16, v5.15.10, v5.15.9, v5.15.8, v5.15.7, v5.15.6, v5.15.5, v5.15.4, v5.15.3, v5.15.2, v5.15.1, v5.15, v5.14.14, v5.14.13, v5.14.12, v5.14.11, v5.14.10, v5.14.9, v5.14.8, v5.14.7, v5.14.6, v5.10.67, v5.10.66, v5.14.5, v5.14.4, v5.10.65, v5.14.3, v5.10.64, v5.14.2, v5.10.63, v5.14.1, v5.10.62, v5.14, v5.10.61, v5.10.60 |
|
#
4c156084 |
| 28-Jul-2021 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
selinux: correct the return value when loads initial sids
It should not return 0 when SID 0 is assigned to isids. This patch fixes it.
Cc: stable@vger.kernel.org Fixes: e3e0b582c321a ("selinux: rem
selinux: correct the return value when loads initial sids
It should not return 0 when SID 0 is assigned to isids. This patch fixes it.
Cc: stable@vger.kernel.org Fixes: e3e0b582c321a ("selinux: remove unused initial SIDs and improve handling") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> [PM: remove changelog from description] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v5.10.53, v5.10.52, v5.10.51, v5.10.50, v5.10.49, v5.13, v5.10.46, v5.10.43, v5.10.42, v5.10.41, v5.10.40, v5.10.39, v5.4.119, v5.10.36, v5.10.35, v5.10.34, v5.4.116, v5.10.33 |
|
#
fd781f45 |
| 28-Apr-2021 |
Jiapeng Chong <jiapeng.chong@linux.alibaba.com> |
selinux: Remove redundant assignment to rc
Variable rc is set to '-EINVAL' but this value is never read as it is overwritten or not used later on, hence it is a redundant assignment and can be remov
selinux: Remove redundant assignment to rc
Variable rc is set to '-EINVAL' but this value is never read as it is overwritten or not used later on, hence it is a redundant assignment and can be removed.
Cleans up the following clang-analyzer warning:
security/selinux/ss/services.c:2103:3: warning: Value stored to 'rc' is never read [clang-analyzer-deadcode.DeadStores].
security/selinux/ss/services.c:2079:2: warning: Value stored to 'rc' is never read [clang-analyzer-deadcode.DeadStores].
security/selinux/ss/services.c:2071:2: warning: Value stored to 'rc' is never read [clang-analyzer-deadcode.DeadStores].
security/selinux/ss/services.c:2062:2: warning: Value stored to 'rc' is never read [clang-analyzer-deadcode.DeadStores].
security/selinux/ss/policydb.c:2592:3: warning: Value stored to 'rc' is never read [clang-analyzer-deadcode.DeadStores].
Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
f4984f60 |
| 28-Jul-2021 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
selinux: correct the return value when loads initial sids
commit 4c156084daa8ee70978e4b150b5eb5fc7b1f15be upstream.
It should not return 0 when SID 0 is assigned to isids. This patch fixes it.
Cc:
selinux: correct the return value when loads initial sids
commit 4c156084daa8ee70978e4b150b5eb5fc7b1f15be upstream.
It should not return 0 when SID 0 is assigned to isids. This patch fixes it.
Cc: stable@vger.kernel.org Fixes: e3e0b582c321a ("selinux: remove unused initial SIDs and improve handling") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> [PM: remove changelog from description] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v5.12, v5.10.32, v5.10.31, v5.10.30, v5.10.27, v5.10.26, v5.10.25, v5.10.24, v5.10.23, v5.10.22, v5.10.21, v5.10.20, v5.10.19, v5.4.101, v5.10.18, v5.10.17, v5.11, v5.10.16, v5.10.15, v5.10.14, v5.10, v5.8.17, v5.8.16, v5.8.15, v5.9, v5.8.14, v5.8.13, v5.8.12, v5.8.11, v5.8.10, v5.8.9, v5.8.8, v5.8.7, v5.8.6, v5.4.62, v5.8.5, v5.8.4, v5.4.61, v5.8.3, v5.4.60, v5.8.2, v5.4.59, v5.8.1, v5.4.58, v5.4.57, v5.4.56, v5.8, v5.7.12, v5.4.55, v5.7.11, v5.4.54, v5.7.10, v5.4.53, v5.4.52, v5.7.9 |
|
#
24def7bb |
| 09-Jul-2020 |
Ondrej Mosnacek <omosnace@redhat.com> |
selinux: prepare for inlining of hashtab functions
Refactor searching and inserting into hashtabs to pave the way for converting hashtab_search() and hashtab_insert() to inline functions in the next
selinux: prepare for inlining of hashtab functions
Refactor searching and inserting into hashtabs to pave the way for converting hashtab_search() and hashtab_insert() to inline functions in the next patch. This will avoid indirect calls and allow the compiler to better optimize individual callers, leading to a significant performance improvement.
In order to avoid the indirect calls, the key hashing and comparison callbacks need to be extracted from the hashtab struct and passed directly to hashtab_search()/_insert() by the callers so that the callback address is always known at compile time. The kernel's rhashtable library (<linux/rhashtable*.h>) does the same thing.
This of course makes the hashtab functions slightly easier to misuse by passing a wrong callback set, but unfortunately there is no better way to implement a hash table that is both generic and efficient in C. This patch tries to somewhat mitigate this by only calling the hashtab functions in the same file where the corresponding callbacks are defined (wrapping them into more specialized functions as needed).
Note that this patch doesn't bring any benefit without also moving the definitions of hashtab_search() and -_insert() to the header file, which is done in a follow-up patch for easier review of the hashtab.c changes in this patch.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v5.7.8, v5.4.51 |
|
#
237389e3 |
| 08-Jul-2020 |
Ondrej Mosnacek <omosnace@redhat.com> |
selinux: specialize symtab insert and search functions
This encapsulates symtab a little better and will help with further refactoring later.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Ac
selinux: specialize symtab insert and search functions
This encapsulates symtab a little better and will help with further refactoring later.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v5.4.50, v5.7.7, v5.4.49, v5.7.6, v5.7.5, v5.4.48, v5.7.4 |
|
#
7383c0f9 |
| 17-Jun-2020 |
Stephen Smalley <stephen.smalley.work@gmail.com> |
selinux: log error messages on required process class / permissions
In general SELinux no longer treats undefined object classes or permissions in the policy as a fatal error, instead handling them
selinux: log error messages on required process class / permissions
In general SELinux no longer treats undefined object classes or permissions in the policy as a fatal error, instead handling them in accordance with handle_unknown. However, the process class and process transition and dyntransition permissions are still required to be defined due to dependencies on these definitions for default labeling behaviors, role and range transitions in older policy versions that lack an explicit class field, and role allow checking. Log error messages in these cases since otherwise the policy load will fail silently with no indication to the user as to the underlying cause. While here, fix the checking for process transition / dyntransition so that omitting either permission is handled as an error; both are needed in order to ensure that role allow checking is consistently applied.
Reported-by: bauen1 <j2468h@googlemail.com> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
Revision tags: v5.7.3, v5.4.47, v5.4.46, v5.7.2, v5.4.45, v5.7.1, v5.4.44, v5.7, v5.4.43, v5.4.42, v5.4.41, v5.4.40, v5.4.39, v5.4.38, v5.4.37, v5.4.36 |
|
#
03414a49 |
| 28-Apr-2020 |
Ondrej Mosnacek <omosnace@redhat.com> |
selinux: do not allocate hashtabs dynamically
It is simpler to allocate them statically in the corresponding structure, avoiding unnecessary kmalloc() calls and pointer dereferencing.
Signed-off-by
selinux: do not allocate hashtabs dynamically
It is simpler to allocate them statically in the corresponding structure, avoiding unnecessary kmalloc() calls and pointer dereferencing.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> [PM: manual merging required in policydb.c] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
46619b44 |
| 01-May-2020 |
Ondrej Mosnacek <omosnace@redhat.com> |
selinux: fix return value on error in policydb_read()
The value of rc is still zero from the last assignment when the error path is taken. Fix it by setting it to -ENOMEM before the hashtab_create()
selinux: fix return value on error in policydb_read()
The value of rc is still zero from the last assignment when the error path is taken. Fix it by setting it to -ENOMEM before the hashtab_create() call.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: e67b2ec9f617 ("selinux: store role transitions in a hash table") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
3348bd33 |
| 28-Apr-2020 |
Ondrej Mosnacek <omosnace@redhat.com> |
selinux: simplify range_write()
No need to traverse the hashtab to count its elements, hashtab already tracks it for us.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moo
selinux: simplify range_write()
No need to traverse the hashtab to count its elements, hashtab already tracks it for us.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
4c09f8b6 |
| 29-Apr-2020 |
Wei Yongjun <weiyongjun1@huawei.com> |
selinux: fix error return code in policydb_read()
Fix to return negative error code -ENOMEM from the kvcalloc() error handling case instead of 0, as done elsewhere in this function.
Fixes: acdf52d9
selinux: fix error return code in policydb_read()
Fix to return negative error code -ENOMEM from the kvcalloc() error handling case instead of 0, as done elsewhere in this function.
Fixes: acdf52d97f82 ("selinux: convert to kvmalloc") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|