)]}' { "log": [ { "commit": "2ff6fa8fafd6fa94029fa0558a6b85956930f1f5", "tree": "b9e12bb9ef1a92c68bb459ae82fa4e76629bcfca", "parents": [ "b8aa09fd880eb4c2881b9f3c8a8d09c0404cd4eb" ], "author": { "name": "Thomas Meyer", "email": "thomas@m3y3r.de", "time": "Thu Nov 17 23:43:40 2011 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Dec 19 11:23:56 2011 +1100" }, "message": "selinux: Casting (void *) value returned by kmalloc is useless\n\nThe semantic patch that makes this change is available\nin scripts/coccinelle/api/alloc/drop_kmalloc_cast.cocci.\n\nSigned-off-by: Thomas Meyer \u003cthomas@m3y3r.de\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7b98a5857c3fa86cb0a7e5f893643491a8b5b425", "tree": "9e8b83d35a9c70f2c02853de808184871df3aba9", "parents": [ "0ff53f5ddbaebeac1c2735125901275acc1fecc6" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:52:32 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:32 2011 -0700" }, "message": "selinux: sparse fix: fix several warnings in the security server code\n\nFix several sparse warnings in the SELinux security server code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6a3fbe81179c85eb53054a0f4c8423ffec0276a7", "tree": "b281fee66a005236bbdedf5f22eeacc37669ba4a", "parents": [ "ad3fa08c4ff84ed87649d72e8497735c85561a3d" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Aug 30 12:09:15 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:31 2011 -0700" }, "message": "selinux: sparse fix: fix warnings in netlink code\n\nFix sparse warnings in SELinux Netlink code.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cc59a582d6081b296e481b8bc9676b5c2faad818", "tree": "5ed00269cea7ffef573c78e854a6369a32842437", "parents": [ "56a4ca996181b94b30e6b46509dc28e4ca3cc3f8" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Aug 17 11:13:31 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Sep 09 16:56:26 2011 -0700" }, "message": "selinux: sparse fix: move selinux_complete_init\n\nSparse fix: move selinux_complete_init\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "82c21bfab41a77bc01affe21bea9727d776774a7", "tree": "b0c5850be07c7f6d747df389f8f15780887da630", "parents": [ "87a0874cf19f1bc9bd25bd7d053a0ea25ccf8373" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Mon Aug 01 11:10:33 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Aug 01 17:58:33 2011 -0700" }, "message": "doc: Update the email address for Paul Moore in various source files\n\nMy @hp.com will no longer be valid starting August 5, 2011 so an update is\nnecessary. My new email address is employer independent so we don\u0027t have\nto worry about doing this again any time soon.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "82b88bb24e28dd4fb4bec30e75412f41326130f0", "tree": "61b1d0eb6ae6059e879571517a0f36bcffdabf34", "parents": [ "60b8b1de0dd2bf246f0e074d287bb3f0bc42a755", "ded509880f6a0213b09f8ae7bef84acb16eaccbf" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 15 09:41:48 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jun 15 09:41:48 2011 +1000" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n" }, { "commit": "ded509880f6a0213b09f8ae7bef84acb16eaccbf", "tree": "ac8819a1b23a13b0f04ca34ab2983040c9d66e99", "parents": [ "0f7e4c33eb2c40b1e9cc24d2eab6de5921bc619c" ], "author": { "name": "Roy.Li", "email": "rongqing.li@windriver.com", "time": "Fri May 20 10:38:06 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jun 14 12:58:51 2011 -0400" }, "message": "SELinux: skip file_name_trans_write() when policy downgraded.\n\nWhen policy version is less than POLICYDB_VERSION_FILENAME_TRANS,\nskip file_name_trans_write().\n\nSigned-off-by: Roy.Li \u003crongqing.li@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "f01e1af445fac107e91d62a2d59dd535f633810b", "tree": "f5da7e4162f0a6f4bb50e4cb41f6a06c672f66b0", "parents": [ "bc9bc72e2f9bb07384c00604d1a40d0b5f62be6c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue May 24 13:48:51 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 26 18:13:57 2011 -0700" }, "message": "selinux: don\u0027t pass in NULL avd to avc_has_perm_noaudit\n\nRight now security_get_user_sids() will pass in a NULL avd pointer to\navc_has_perm_noaudit(), which then forces that function to have a dummy\nentry for that case and just generally test it.\n\nDon\u0027t do it. The normal callers all pass a real avd pointer, and this\nhelper function is incredibly hot. So don\u0027t make avc_has_perm_noaudit()\ndo conditional stuff that isn\u0027t needed for the common case.\n\nThis also avoids some duplicated stack space.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ea77f7a2e8561012cf100c530170f12351c3b53e", "tree": "7302ac1064f4e364aadda84020a176804fb86e22", "parents": [ "7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e", "61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 26 17:20:14 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 26 17:20:14 2011 -0400" }, "message": "Merge commit \u0027v2.6.39\u0027 into 20110526\n\nConflicts:\n\tlib/flex_array.c\n\tsecurity/selinux/avc.c\n\tsecurity/selinux/hooks.c\n\tsecurity/selinux/ss/policydb.c\n\tsecurity/smack/smack_lsm.c\n" }, { "commit": "b7b57551bbda1390959207f79f2038aa7adb72ae", "tree": "d591a08e7e45615b51d8b5ee1634a29920f62c3f", "parents": [ "434d42cfd05a7cc452457a81d2029540cba12150", "7a627e3b9a2bd0f06945bbe64bcf403e788ecf6e" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue May 24 23:20:19 2011 +1000" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n\nConflicts:\n\tlib/flex_array.c\n\tsecurity/selinux/avc.c\n\tsecurity/selinux/hooks.c\n\tsecurity/selinux/ss/policydb.c\n\tsecurity/smack/smack_lsm.c\n\nManually resolve conflicts.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ca7d12000895ae5dfef8b8ff2648a0d50abd397c", "tree": "259fb1e473ef6129b9fa5faf771c9e811ab572c4", "parents": [ "411f05f123cbd7f8aa1edcae86970755a6e2a9d9", "93826c092c385549c04af184fbebd43f36995c69" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 13 09:52:16 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri May 13 09:52:16 2011 +1000" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n" }, { "commit": "93826c092c385549c04af184fbebd43f36995c69", "tree": "20f77a85a74a24ed3418da8818e12b439f70fc81", "parents": [ "bf69d41d198138e3c601e9a6645f4f1369aff7e0" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 14:46:59 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 12 16:02:42 2011 -0400" }, "message": "SELinux: delete debugging printks from filename_trans rule processing\n\nThe filename_trans rule processing has some printk(KERN_ERR ) messages\nwhich were intended as debug aids in creating the code but weren\u0027t removed\nbefore it was submitted. Remove them.\n\nReported-by: Paul Bolle \u003cpebolle@tiscali.nl\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6f239284542bae297d27355d06afbb8df23c5db9", "tree": "b0ba42fb54cd05178c61584e0913be38a57f0384", "parents": [ "609cfda586c7fe3e5d1a02c51edb587506294167", "bf69d41d198138e3c601e9a6645f4f1369aff7e0" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 04 11:59:34 2011 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed May 04 11:59:34 2011 +1000" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.infradead.org/users/eparis/selinux into for-linus\n" }, { "commit": "5d30b10bd68df007e7ae21e77d1e0ce184b53040", "tree": "61d97a80d0fac7c6dfd97db7040fedd75771adda", "parents": [ "cb1e922fa104bb0bb3aa5fc6ca7f7e070f3b55e9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:55:52 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 16:12:47 2011 -0400" }, "message": "flex_array: flex_array_prealloc takes a number of elements, not an end\n\nChange flex_array_prealloc to take the number of elements for which space\nshould be allocated instead of the last (inclusive) element. Users\nand documentation are updated accordingly. flex_arrays got introduced before\nthey had users. When folks started using it, they ended up needing a\ndifferent API than was coded up originally. This swaps over to the API that\nfolks apparently need.\n\nBased-on-patch-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nTested-by: Chris Richards \u003cgizmo@giz-works.com\u003e\nAcked-by: Dave Hansen \u003cdave@linux.vnet.ibm.com\u003e\nCc: stable@kernel.org [2.6.38+]\n" }, { "commit": "5a3ea8782c63d3501cb764c176f153c0d9a400e1", "tree": "3ff57105c8c3f3ad696b29511d1cf69f434caeab", "parents": [ "562abf624175e3f8487b7f064e516805e437e597" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:55:52 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:56:06 2011 -0400" }, "message": "flex_array: flex_array_prealloc takes a number of elements, not an end\n\nChange flex_array_prealloc to take the number of elements for which space\nshould be allocated instead of the last (inclusive) element. Users\nand documentation are updated accordingly. flex_arrays got introduced before\nthey had users. When folks started using it, they ended up needing a\ndifferent API than was coded up originally. This swaps over to the API that\nfolks apparently need.\n\nBased-on-patch-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nTested-by: Chris Richards \u003cgizmo@giz-works.com\u003e\nAcked-by: Dave Hansen \u003cdave@linux.vnet.ibm.com\u003e\nCc: stable@kernel.org [2.6.38+]\n" }, { "commit": "2463c26d50adc282d19317013ba0ff473823ca47", "tree": "e92438150bb380c0dc0867b00f1ae89f73646b2a", "parents": [ "3f058ef7787e1b48720622346de9a5317aeb749a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:53 2011 -0400" }, "message": "SELinux: put name based create rules in a hashtable\n\nTo shorten the list we need to run if filename trans rules exist for the type\nof the given parent directory I put them in a hashtable. Given the policy we\nare expecting to use in Fedora this takes the worst case list run from about\n5,000 entries to 17.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3f058ef7787e1b48720622346de9a5317aeb749a", "tree": "3cfdfa068b6eae4716f3be7d02f44bbd15e64573", "parents": [ "be30b16d43f4781406de0c08c96501dae4cc5a77" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:52 2011 -0400" }, "message": "SELinux: generic hashtab entry counter\n\nInstead of a hashtab entry counter function only useful for range\ntransition rules make a function generic for any hashtable to use.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "be30b16d43f4781406de0c08c96501dae4cc5a77", "tree": "957792a2eae5f16a87b79f4ca8aa434b6fa9c7de", "parents": [ "03a4c0182a156547edd5f2717c1702590fe36bbf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:52 2011 -0400" }, "message": "SELinux: calculate and print hashtab stats with a generic function\n\nWe have custom debug functions like rangetr_hash_eval and symtab_hash_eval\nwhich do the same thing. Just create a generic function that takes the name\nof the hash table as an argument instead of having custom functions.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "03a4c0182a156547edd5f2717c1702590fe36bbf", "tree": "c4585fab7c37d4eb2cc46e93c925e7c2a5e7b1a2", "parents": [ "2667991f60e67d28c495b8967aaabf84b4ccd560" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:21 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:52 2011 -0400" }, "message": "SELinux: skip filename trans rules if ttype does not match parent dir\n\nRight now we walk to filename trans rule list for every inode that is\ncreated. First passes at policy using this facility creates around 5000\nfilename trans rules. Running a list of 5000 entries every time is a bad\nidea. This patch adds a new ebitmap to policy which has a bit set for each\nttype that has at least 1 filename trans rule. Thus when an inode is\ncreated we can quickly determine if any rules exist for this parent\ndirectory type and can skip the list if we know there is definitely no\nrelevant entry.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2667991f60e67d28c495b8967aaabf84b4ccd560", "tree": "893c006121f2be1b44e270fc5b43d8f94435dc81", "parents": [ "4742600cf536c0c115b6f769eda82ee377d199c9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:20 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:51 2011 -0400" }, "message": "SELinux: rename filename_compute_type argument to *type instead of *con\n\nfilename_compute_type() takes as arguments the numeric value of the type of\nthe subject and target. It does not take a context. Thus the names are\nmisleading. Fix the argument names.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4742600cf536c0c115b6f769eda82ee377d199c9", "tree": "599922c770c628c3d484ee7460fe1fc361c3c509", "parents": [ "92f4250901476fcadc4f52ace36e453c61f5591d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:11:20 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 28 15:15:51 2011 -0400" }, "message": "SELinux: fix comment to state filename_compute_type takes an objname not a qstr\n\nfilename_compute_type used to take a qstr, but it now takes just a name.\nFix the comments to indicate it is an objname, not a qstr.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6b697323a78bed254ee372f71b1a6a2901bb4b7a", "tree": "ef1282bd99f549074253b33deeb6436809566ad4", "parents": [ "a35c6c8368d88deae6890205e73ed330b6df1db7" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 20 10:21:28 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 25 10:19:02 2011 -0400" }, "message": "SELinux: security_read_policy should take a size_t not ssize_t\n\nThe len should be an size_t but is a ssize_t. Easy enough fix to silence\nbuild warnings. We have no need for signed-ness.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "425b473de5372cad6fffc6b98a758ed8e3fc70ce", "tree": "532811d99d68d2ba58bc111b33a959ddb8a1a1e2", "parents": [ "1214eac73f798bccabc6adb55e7b2d787527c13c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 14:46:59 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Apr 20 11:45:14 2011 -0400" }, "message": "SELinux: delete debugging printks from filename_trans rule processing\n\nThe filename_trans rule processing has some printk(KERN_ERR ) messages\nwhich were intended as debug aids in creating the code but weren\u0027t removed\nbefore it was submitted. Remove them.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1214eac73f798bccabc6adb55e7b2d787527c13c", "tree": "4b379622da0d56be88d7ea87af558ef719317c7d", "parents": [ "eba71de2cb7c02c5ae4f2ad3656343da71bc4661" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Thu Apr 07 14:12:57 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 12:00:26 2011 -0400" }, "message": "Initialize policydb.process_class eariler.\n\nInitialize policydb.process_class once all symtabs read from policy image,\nso that it could be used to setup the role_trans.tclass field when a lower\nversion policy.X is loaded.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "eba71de2cb7c02c5ae4f2ad3656343da71bc4661", "tree": "3eb37c447b2023c86d2c2cadc7b84656c134b646", "parents": [ "f50a3ec961f90e38c0311411179d5dfee1412192" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Mar 25 10:13:43 2011 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 07 12:00:12 2011 -0400" }, "message": "selinux: Fix regression for Xorg\n\nCommit 6f5317e730505d5cbc851c435a2dfe3d5a21d343 introduced a bug in the\nhandling of userspace object classes that is causing breakage for Xorg\nwhen XSELinux is enabled. Fix the bug by changing map_class() to return\nSECCLASS_NULL when the class cannot be mapped to a kernel object class.\n\nReported-by: \"Justin P. Mattock\" \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f50a3ec961f90e38c0311411179d5dfee1412192", "tree": "600b7909964cd116af1252ecabb5b1415c01d7a0", "parents": [ "6bde95ce33e1c2ac9b5cb3d814722105131090ec" ], "author": { "name": "Kohei Kaigai", "email": "Kohei.Kaigai@eu.nec.com", "time": "Fri Apr 01 15:39:26 2011 +0100" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 01 17:13:23 2011 -0400" }, "message": "selinux: add type_transition with name extension support for selinuxfs\n\nThe attached patch allows /selinux/create takes optional 4th argument\nto support TYPE_TRANSITION with name extension for userspace object\nmanagers.\nIf 4th argument is not supplied, it shall perform as existing kernel.\nIn fact, the regression test of SE-PostgreSQL works well on the patched\nkernel.\n\nThanks,\n\nSigned-off-by: KaiGai Kohei \u003ckohei.kaigai@eu.nec.com\u003e\n[manually verify fuzz was not an issue, and it wasn\u0027t: eparis]\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "25985edcedea6396277003854657b5f3cb31a628", "tree": "f026e810210a2ee7290caeb737c23cb6472b7c38", "parents": [ "6aba74f2791287ec407e0f92487a725a25908067" ], "author": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Wed Mar 30 22:57:33 2011 -0300" }, "committer": { "name": "Lucas De Marchi", "email": "lucas.demarchi@profusion.mobi", "time": "Thu Mar 31 11:26:23 2011 -0300" }, "message": "Fix common misspellings\n\nFixes generated by \u0027codespell\u0027 and manually reviewed.\n\nSigned-off-by: Lucas De Marchi \u003clucas.demarchi@profusion.mobi\u003e\n" }, { "commit": "85cd6da53a8073d3f4503f56e4ea6cddccbb1c7f", "tree": "9c71a1426c09767e7470fea2c244c9ebd3ec4d8c", "parents": [ "036a98263a30930a329e7bb184d5e77f27358e40" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Fri Mar 25 10:13:43 2011 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 29 10:26:30 2011 +1100" }, "message": "selinux: Fix regression for Xorg\n\nCommit 6f5317e730505d5cbc851c435a2dfe3d5a21d343 introduced a bug in the\nhandling of userspace object classes that is causing breakage for Xorg\nwhen XSELinux is enabled. Fix the bug by changing map_class() to return\nSECCLASS_NULL when the class cannot be mapped to a kernel object class.\n\nReported-by: \"Justin P. Mattock\" \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c900ff323d761753a56d8d6a67b034ceee277b6e", "tree": "0294cfb5904eec80cf8e84004d46cb8734b714e7", "parents": [ "63a312ca55d09a3f6526919df495fff1073c88f4" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Fri Mar 25 13:52:00 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 28 14:21:05 2011 -0400" }, "message": "SELinux: Write class field in role_trans_write.\n\nIf kernel policy version is \u003e\u003d 26, then write the class field of the\nrole_trans structure into the binary reprensentation.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "63a312ca55d09a3f6526919df495fff1073c88f4", "tree": "43fe9a17837fff6bc71e789dbb8fa0f8d03d01aa", "parents": [ "8023976cf4627d9f1d82ad468ec40e32eb87d211" ], "author": { "name": "Harry Ciao", "email": "harrytaurus200@hotmail.com", "time": "Fri Mar 25 13:51:58 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 28 14:21:01 2011 -0400" }, "message": "SELinux: Compute role in newcontext for all classes\n\nApply role_transition rules for all kinds of classes.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8023976cf4627d9f1d82ad468ec40e32eb87d211", "tree": "82af1157ffbb00be2a8d2357a8c2fd88826233b1", "parents": [ "fe3fa43039d47ee4e22caf460b79b62a14937f79" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Fri Mar 25 13:51:56 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Mar 28 14:20:58 2011 -0400" }, "message": "SELinux: Add class support to the role_trans structure\n\nIf kernel policy version is \u003e\u003d 26, then the binary representation of\nthe role_trans structure supports specifying the class for the current\nsubject or the newly created object.\n\nIf kernel policy version is \u003c 26, then the class field would be default\nto the process class.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "fe3fa43039d47ee4e22caf460b79b62a14937f79", "tree": "9eab8d00f1227b9fe0959f32a62d892ed35803ba", "parents": [ "ee009e4a0d4555ed522a631bae9896399674f064", "026eb167ae77244458fa4b4b9fc171209c079ba7" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 11:38:10 2011 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/eparis/selinux into next\n" }, { "commit": "1cc26bada9f6807814806db2f0d78792eecdac71", "tree": "5509b5139db04af6c13db0a580c84116a4a54039", "parents": [ "eae61f3c829439f8f9121b5cd48a14be04df451f", "214d93b02c4fe93638ad268613c9702a81ed9192" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 10:55:06 2011 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 08 10:55:06 2011 +1100" }, "message": "Merge branch \u0027master\u0027; commit \u0027v2.6.38-rc7\u0027 into next\n" }, { "commit": "6f5317e730505d5cbc851c435a2dfe3d5a21d343", "tree": "02088cf519a00db5c6fbdb2cc8776402413eb662", "parents": [ "4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad" ], "author": { "name": "Harry Ciao", "email": "qingtao.cao@windriver.com", "time": "Wed Mar 02 13:32:33 2011 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Mar 03 15:19:43 2011 -0500" }, "message": "SELinux: Socket retains creator role and MLS attribute\n\nThe socket SID would be computed on creation and no longer inherit\nits creator\u0027s SID by default. Socket may have a different type but\nneeds to retain the creator\u0027s role and MLS attribute in order not\nto break labeled networking and network access control.\n\nThe kernel value for a class would be used to determine if the class\nif one of socket classes. If security_compute_sid is called from\nuserspace the policy value for a class would be mapped to the relevant\nkernel value first.\n\nSigned-off-by: Harry Ciao \u003cqingtao.cao@windriver.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n" }, { "commit": "652bb9b0d6ce007f37c098947b2cc0c45efa3f66", "tree": "7bf76f04a1fcaa401761a9a734b94682e2ac8b8c", "parents": [ "2a7dba391e5628ad665ce84ef9a6648da541ebab" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:05:40 2011 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Feb 01 11:12:30 2011 -0500" }, "message": "SELinux: Use dentry name in new object labeling\n\nCurrently SELinux has rules which label new objects according to 3 criteria.\nThe label of the process creating the object, the label of the parent\ndirectory, and the type of object (reg, dir, char, block, etc.) This patch\nadds a 4th criteria, the dentry name, thus we can distinguish between\ncreating a file in an etc_t directory called shadow and one called motd.\n\nThere is no file globbing, regex parsing, or anything mystical. Either the\npolicy exactly (strcmp) matches the dentry name of the object or it doesn\u0027t.\nThis patch has no changes from today if policy does not implement the new\nrules.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3ac285ff23cd6e1bc402b6db836521bce006eb89", "tree": "449a7788ba52f3ac0cb7a5ae6a467934163745c2", "parents": [ "e5cce6c13c25d9ac56955a3ae2fd562719848172" ], "author": { "name": "Davidlohr Bueso", "email": "dave@gnu.org", "time": "Fri Jan 21 12:28:04 2011 -0300" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 11:35:47 2011 +1100" }, "message": "selinux: return -ENOMEM when memory allocation fails\n\nReturn -ENOMEM when memory allocation fails in cond_init_bool_indexes,\ncorrectly propagating error code to caller.\n\nSigned-off-by: Davidlohr Bueso \u003cdave@gnu.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ced3b93018a9633447ddeb12a96f25e08154cbe7", "tree": "3d227ef6d2630c35127f8f25c123b1c4a0a4ad1f", "parents": [ "7898e1f8e9eb1bee88c92d636e0ab93f2cbe31c6" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Wed Jan 19 17:21:44 2011 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 24 10:36:11 2011 +1100" }, "message": "security:selinux: kill unused MAX_AVTAB_HASH_MASK and ebitmap_startbit\n\nKill unused MAX_AVTAB_HASH_MASK and ebitmap_startbit.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "73ff5fc0a86b28b77e02a6963b388d1dbfa0a263", "tree": "7b84f738078e6b96f6b35805c8b6c4fa699968ed", "parents": [ "415103f9932d45f7927f4b17e3a9a13834cdb9a1" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Dec 07 16:17:28 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Dec 07 16:44:01 2010 -0500" }, "message": "selinux: cache sidtab_context_to_sid results\n\nsidtab_context_to_sid takes up a large share of time when creating large\nnumbers of new inodes (~30-40% in oprofile runs). This patch implements a\ncache of 3 entries which is checked before we do a full context_to_sid lookup.\nOn one system this showed over a x3 improvement in the number of inodes that\ncould be created per second and around a 20% improvement on another system.\n\nAny time we look up the same context string sucessivly (imagine ls -lZ) we\nshould hit this cache hot. A cache miss should have a relatively minor affect\non performance next to doing the full table search.\n\nAll operations on the cache are done COMPLETELY lockless. We know that all\nstruct sidtab_node objects created will never be deleted until a new policy is\nloaded thus we never have to worry about a pointer being dereferenced. Since\nwe also know that pointer assignment is atomic we know that the cache will\nalways have valid pointers. Given this information we implement a FIFO cache\nin an array of 3 pointers. Every result (whether a cache hit or table lookup)\nwill be places in the 0 spot of the cache and the rest of the entries moved\ndown one spot. The 3rd entry will be lost.\n\nRaces are possible and are even likely to happen. Lets assume that 4 tasks\nare hitting sidtab_context_to_sid. The first task checks against the first\nentry in the cache and it is a miss. Now lets assume a second task updates\nthe cache with a new entry. This will push the first entry back to the second\nspot. Now the first task might check against the second entry (which it\nalready checked) and will miss again. Now say some third task updates the\ncache and push the second entry to the third spot. The first task my check\nthe third entry (for the third time!) and again have a miss. At which point\nit will just do a full table lookup. No big deal!\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1d9bc6dc5b6b9cc9299739f0245ce4841f066b92", "tree": "aa1fe241ebdd6fb74ae468c1cf301dff4315db49", "parents": [ "ac76c05becb6beedbb458d0827d3deaa6f479a72" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 29 15:47:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:58 2010 -0500" }, "message": "SELinux: merge policydb_index_classes and policydb_index_others\n\nWe duplicate functionality in policydb_index_classes() and\npolicydb_index_others(). This patch merges those functions just to make it\nclear there is nothing special happening here.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ac76c05becb6beedbb458d0827d3deaa6f479a72", "tree": "255276b52f7b031671ae5948b39d7c92e50ba420", "parents": [ "23bdecb000c806cf4ec52764499a600f7200d7a9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 29 15:47:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:58 2010 -0500" }, "message": "selinux: convert part of the sym_val_to_name array to use flex_array\n\nThe sym_val_to_name type array can be quite large as it grows linearly with\nthe number of types. With known policies having over 5k types these\nallocations are growing large enough that they are likely to fail. Convert\nthose to flex_array so no allocation is larger than PAGE_SIZE\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "23bdecb000c806cf4ec52764499a600f7200d7a9", "tree": "f13a523f6bec22c5e7ec58ea02a4988aefe7c8ac", "parents": [ "c41ab6a1b9028de33e74101cb0aae13098a56fdb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 29 15:47:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "selinux: convert type_val_to_struct to flex_array\n\nIn rawhide type_val_to_struct will allocate 26848 bytes, an order 3\nallocations. While this hasn\u0027t been seen to fail it isn\u0027t outside the\nrealm of possibiliy on systems with severe memory fragmentation. Convert\nto flex_array so no allocation will ever be bigger than PAGE_SIZE.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "7ae9f23cbd3ef9daff7f768da4bfd4c56b19300d", "tree": "8a92d6d1f05268c27f0e37d5684e947c6111d89e", "parents": [ "4b02b524487622ce1cf472123899520b583f47dc" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 23 11:40:09 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "selinux: rework security_netlbl_secattr_to_sid\n\nsecurity_netlbl_secattr_to_sid is difficult to follow, especially the\nreturn codes. Try to make the function obvious.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4b02b524487622ce1cf472123899520b583f47dc", "tree": "58802e2968852cb1eb0f8f6303fbfaf3d85ecc53", "parents": [ "b77a493b1dc8010245feeac001e5c7ed0988678f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 23 11:40:08 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:57 2010 -0500" }, "message": "SELinux: standardize return code handling in selinuxfs.c\n\nselinuxfs.c has lots of different standards on how to handle return paths on\nerror. For the most part transition to\n\n\trc\u003derrno\n\tif (failure)\n\t\tgoto out;\n[...]\nout:\n\tcleanup()\n\treturn rc;\n\nInstead of doing cleanup mid function, or having multiple returns or other\noptions. This doesn\u0027t do that for every function, but most of the complex\nfunctions which have cleanup routines on error.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "9398c7f794078dc1768cc061b3da8cdd59f179a5", "tree": "16e665d3bf7160e2da67b236b27a6bf87a73d5e2", "parents": [ "e8a7e48bb248a1196484d3f8afa53bded2b24e71" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 23 11:40:08 2010 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 30 17:28:56 2010 -0500" }, "message": "SELinux: standardize return code handling in policydb.c\n\npolicydb.c has lots of different standards on how to handle return paths on\nerror. For the most part transition to\n\n\trc\u003derrno\n\tif (failure)\n\t\tgoto out;\n[...]\nout:\n\tcleanup()\n\treturn rc;\n\nInstead of doing cleanup mid function, or having multiple returns or other\noptions. This doesn\u0027t do that for every function, but most of the complex\nfunctions which have cleanup routines on error.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "f0d3d9894e43fc68d47948e2c6f03e32da88b799", "tree": "685f386b1f114a29c6db8d5f2f947620b4df0285", "parents": [ "ff660c80d00b52287f1f67ee6c115dc0057bcdde" ], "author": { "name": "Stephen Rothwell", "email": "sfr@canb.auug.org.au", "time": "Wed Oct 20 16:08:00 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:13:01 2010 +1100" }, "message": "selinux: include vmalloc.h for vmalloc_user\n\nInclude vmalloc.h for vmalloc_user (fixes ppc build warning).\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "845ca30fe9691f1bab7cfbf30b6d11c944eb4abd", "tree": "eabf2b17957c2214375f870387eaab6c43d9e931", "parents": [ "cee74f47a6baba0ac457e87687fdcf0abd599f0a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:31 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:59 2010 +1100" }, "message": "selinux: implement mmap on /selinux/policy\n\n/selinux/policy allows a user to copy the policy back out of the kernel.\nThis patch allows userspace to actually mmap that file and use it directly.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cee74f47a6baba0ac457e87687fdcf0abd599f0a", "tree": "3d9fdb073050664e62d9cdb6c28112090cd138da", "parents": [ "00d85c83ac52e2c1a66397f1abc589f80c543425" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:25 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:58 2010 +1100" }, "message": "SELinux: allow userspace to read policy back out of the kernel\n\nThere is interest in being able to see what the actual policy is that was\nloaded into the kernel. The patch creates a new selinuxfs file\n/selinux/policy which can be read by userspace. The actual policy that is\nloaded into the kernel will be written back out to userspace.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "00d85c83ac52e2c1a66397f1abc589f80c543425", "tree": "86f297ed90f988d46e6bb8c56a60fbc3b3eb8d66", "parents": [ "4419aae1f4f380a3fba0f4f12ffbbbdf3f267c51" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:19 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:57 2010 +1100" }, "message": "SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE\n\nAVTAB_MAX_SIZE was a define which was supposed to be used in userspace to\ndefine a maximally sized avtab when userspace wasn\u0027t sure how big of a table\nit needed. It doesn\u0027t make sense in the kernel since we always know our table\nsizes. The only place it is used we have a more appropiately named define\ncalled AVTAB_MAX_HASH_BUCKETS, use that instead.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4419aae1f4f380a3fba0f4f12ffbbbdf3f267c51", "tree": "e2f7e4850dc84768f6dd66e38a1454b8e3574714", "parents": [ "b28efd54d9d5c8005a29cd8782335beb9daaa32d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 17:50:14 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:56 2010 +1100" }, "message": "SELinux: deterministic ordering of range transition rules\n\nRange transition rules are placed in the hash table in an (almost)\narbitrary order. This patch inserts them in a fixed order to make policy\nretrival more predictable.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d5630b9d276bd389299ffea620b7c340ab19bcf5", "tree": "4e97cadf12518fb107f9e7140fa94343bd6643f5", "parents": [ "2606fd1fa5710205b23ee859563502aa18362447" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Oct 13 16:24:48 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:50 2010 +1100" }, "message": "security: secid_to_secctx returns len when data is NULL\n\nWith the (long ago) interface change to have the secid_to_secctx functions\ndo the string allocation instead of having the caller do the allocation we\nlost the ability to query the security server for the length of the\nupcoming string. The SECMARK code would like to allocate a netlink skb\nwith enough length to hold the string but it is just too unclean to do the\nstring allocation twice or to do the allocation the first time and hold\nonto the string and slen. This patch adds the ability to call\nsecurity_secid_to_secctx() with a NULL data pointer and it will just set\nthe slen pointer.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "36f7f28416c97dbb725154930066d115b4447e17", "tree": "c09aed0142158c6fda679bab87012144e5a60372", "parents": [ "8b0c543e5cb1e47a54d3ea791b8a03b9c8a715db" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Sep 30 11:49:55 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:41 2010 +1100" }, "message": "selinux: fix up style problem on /selinux/status\n\nThis patch fixes up coding-style problem at this commit:\n\n 4f27a7d49789b04404eca26ccde5f527231d01d5\n selinux: fast status update interface (/selinux/status)\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "60272da0341e9eaa136e1dc072bfef72c995d851", "tree": "9441606f03330f1e2951ff0613d8059f90a353ec", "parents": [ "ceba72a68d17ee36ef24a71b80dde39ee934ece8" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Wed Sep 15 20:14:53 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:39 2010 +1100" }, "message": "selinux: really fix dependency causing parallel compile failure.\n\nWhile the previous change to the selinux Makefile reduced the window\nsignificantly for this failure, it is still possible to see a compile\nfailure where cpp starts processing selinux files before the auto\ngenerated flask.h file is completed. This is easily reproduced by\nadding the following temporary change to expose the issue everytime:\n\n- cmd_flask \u003d scripts/selinux/genheaders/genheaders ...\n+ cmd_flask \u003d sleep 30 ; scripts/selinux/genheaders/genheaders ...\n\nThis failure happens because the creation of the object files in the ss\nsubdir also depends on flask.h. So simply incorporate them into the\nparent Makefile, as the ss/Makefile really doesn\u0027t do anything unique.\n\nWith this change, compiling of all selinux files is dependent on\ncompletion of the header file generation, and this test case with\nthe \"sleep 30\" now confirms it is functioning as expected.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "119041672592d1890d89dd8f194bd0919d801dc8", "tree": "b994abb42446b8637f072194c57359fd80d52a97", "parents": [ "4b04a7cfc5ccb573ca3752429c81d37f8dd2f7c6" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Tue Sep 14 18:28:39 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:36 2010 +1100" }, "message": "selinux: fast status update interface (/selinux/status)\n\nThis patch provides a new /selinux/status entry which allows applications\nread-only mmap(2).\nThis region reflects selinux_kernel_status structure in kernel space.\n struct selinux_kernel_status\n {\n u32 length; /* length of this structure */\n u32 sequence; /* sequence number of seqlock logic */\n u32 enforcing; /* current setting of enforcing mode */\n u32 policyload; /* times of policy reloaded */\n u32 deny_unknown; /* current setting of deny_unknown */\n };\n\nWhen userspace object manager caches access control decisions provided\nby SELinux, it needs to invalidate the cache on policy reload and setenforce\nto keep consistency.\nHowever, the applications need to check the kernel state for each accesses\non userspace avc, or launch a background worker process.\nIn heuristic, frequency of invalidation is much less than frequency of\nmaking access control decision, so it is annoying to invoke a system call\nto check we don\u0027t need to invalidate the userspace cache.\nIf we can use a background worker thread, it allows to receive invalidation\nmessages from the kernel. But it requires us an invasive coding toward the\nbase application in some cases; E.g, when we provide a feature performing\nwith SELinux as a plugin module, it is unwelcome manner to launch its own\nworker thread from the module.\n\nIf we could map /selinux/status to process memory space, application can\nknow updates of selinux status; policy reload or setenforce.\n\nA typical application checks selinux_kernel_status::sequence when it tries\nto reference userspace avc. If it was changed from the last time when it\nchecked userspace avc, it means something was updated in the kernel space.\nThen, the application can reset userspace avc or update current enforcing\nmode, without any system call invocations.\nThis sequence number is updated according to the seqlock logic, so we need\nto wait for a while if it is odd number.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n--\n security/selinux/include/security.h | 21 ++++++\n security/selinux/selinuxfs.c | 56 +++++++++++++++\n security/selinux/ss/Makefile | 2 +-\n security/selinux/ss/services.c | 3 +\n security/selinux/ss/status.c | 129 +++++++++++++++++++++++++++++++++++\n 5 files changed, 210 insertions(+), 1 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "daa6d83a2863c28197b0c7dabfdf1e0606760b78", "tree": "0c1198f796847274aeead46e791bb8c84451bfd2", "parents": [ "68eda8f59081c74a51d037cc29893bd7c9b3c2d8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Aug 03 15:26:05 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Oct 21 10:12:33 2010 +1100" }, "message": "selinux: type_bounds_sanity_check has a meaningless variable declaration\n\ntype is not used at all, stop declaring and assigning it.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6371dcd36f649d9d07823f31400618155a20dde1", "tree": "a08c4ed2ec77225abbfcc099e78ae8d643429787", "parents": [ "016d825fe02cd20fd8803ca37a1e6d428fe878f6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jul 29 23:02:34 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:38:39 2010 +1000" }, "message": "selinux: convert the policy type_attr_map to flex_array\n\nCurrent selinux policy can have over 3000 types. The type_attr_map in\npolicy is an array sized by the number of types times sizeof(struct ebitmap)\n(12 on x86_64). Basic math tells us the array is going to be of length\n3000 x 12 \u003d 36,000 bytes. The largest \u0027safe\u0027 allocation on a long running\nsystem is 16k. Most of the time a 32k allocation will work. But on long\nrunning systems a 64k allocation (what we need) can fail quite regularly.\nIn order to deal with this I am converting the type_attr_map to use\nflex_arrays. Let the library code deal with breaking this into PAGE_SIZE\npieces.\n\n-v2\nrework some of the if(!obj) BUG() to be BUG_ON(!obj)\ndrop flex_array_put() calls and just use a _get() object directly\n\n-v3\nmake apply to James\u0027 tree (drop the policydb_write changes)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "692a8a231b212dfc68f612956d63f34abf098e0f", "tree": "4af3c03535ebc49e38c3c0c8f67061adbdf44c72", "parents": [ "d1b43547e56b163bc5c622243c47d8a13626175b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:51:03 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:06 2010 +1000" }, "message": "SELinux: break ocontext reading into a separate function\n\nMove the reading of ocontext type data out of policydb_read() in a separate\nfunction ocontext_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d1b43547e56b163bc5c622243c47d8a13626175b", "tree": "29b2ddd50b3a0c6fe4dcf5f78c55c8698cd11679", "parents": [ "9a7982793c3aee6ce86d8e7e15306215257329f2" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 21 12:50:57 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:05 2010 +1000" }, "message": "SELinux: move genfs read to a separate function\n\nmove genfs read functionality out of policydb_read() and into a new\nfunction called genfs_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9a7982793c3aee6ce86d8e7e15306215257329f2", "tree": "4d85f6f7a57260cefd938dca7593aabf9c02a59c", "parents": [ "338437f6a09861cdf76e1396ed5fa6dee9c7cabe" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:57:39 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in symtab_init()\n\nhashtab_create() only returns NULL on allocation failures to -ENOMEM is\nappropriate here.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "338437f6a09861cdf76e1396ed5fa6dee9c7cabe", "tree": "e693392adf370b81af129b326bba45bf43f03862", "parents": [ "38184c522249dc377366d4edc41dc500c2c3bb9e" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:56:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:04 2010 +1000" }, "message": "selinux: fix error codes in cond_read_bool()\n\nThe original code always returned -1 (-EPERM) on error. The new code\nreturns either -ENOMEM, or -EINVAL or it propagates the error codes from\nlower level functions next_entry() or hashtab_insert().\n\nnext_entry() returns -EINVAL.\nhashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "38184c522249dc377366d4edc41dc500c2c3bb9e", "tree": "10c87bf5fdaea233a7842a79f04459792e1b5ba1", "parents": [ "fc5c126e4733e6fb3080d3d822ca63226e74fc84" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:55:01 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:03 2010 +1000" }, "message": "selinux: fix error codes in cond_policydb_init()\n\nIt\u0027s better to propagate the error code from avtab_init() instead of\nreturning -1 (-EPERM). It turns out that avtab_init() never fails so\nthis patch doesn\u0027t change how the code runs but it\u0027s still a clean up.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "fc5c126e4733e6fb3080d3d822ca63226e74fc84", "tree": "3320c22b66107c984ac0cf07c365420df42a4977", "parents": [ "9d623b17a740d5a85c12108cdc71c64fb15484fc" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:53:46 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_node()\n\nOriginally cond_read_node() returned -1 (-EPERM) on errors which was\nincorrect. Now it either propagates the error codes from lower level\nfunctions next_entry() or cond_read_av_list() or it returns -ENOMEM or\n-EINVAL.\n\nnext_entry() returns -EINVAL.\ncond_read_av_list() returns -EINVAL or -ENOMEM.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d623b17a740d5a85c12108cdc71c64fb15484fc", "tree": "15434839a75f9c46c53a201520c6c859fad3c74b", "parents": [ "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:52:19 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:02 2010 +1000" }, "message": "selinux: fix error codes in cond_read_av_list()\n\nAfter this patch cond_read_av_list() no longer returns -1 for any\nerrors. It just propagates error code back from lower levels. Those can\neither be -EINVAL or -ENOMEM.\n\nI also modified cond_insertf() since cond_read_av_list() passes that as a\nfunction pointer to avtab_read_item(). It isn\u0027t used anywhere else.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2", "tree": "cf41e959668f5a9ec7a5d75059df864133569c91", "parents": [ "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:51:40 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: propagate error codes in cond_read_list()\n\nThese are passed back when the security module gets loaded.\n\nThe original code always returned -1 (-EPERM) on error but after this\npatch it can return -EINVAL, or -ENOMEM or propagate the error code from\ncond_read_node(). cond_read_node() still returns -1 all the time, but I\nfix that in a later patch.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9e0bd4cba4460bff64fb07cfb07849cdfd4d325a", "tree": "feebec6167012e461d286c02ae45348ad0b2d3a1", "parents": [ "dce3a3d2ee038d230323fe06b061dbaace6b8f94" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Sat Jun 12 20:50:35 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:35:01 2010 +1000" }, "message": "selinux: cleanup return codes in avtab_read_item()\n\nThe avtab_read_item() function tends to return -1 as a default error\ncode which is wrong (-1 means -EPERM). I modified it to return\nappropriate error codes which is -EINVAL or the error code from\nnext_entry() or insertf().\n\nnext_entry() returns -EINVAL.\ninsertf() is a function pointer to either avtab_insert() or\ncond_insertf().\navtab_insert() returns -EINVAL, -ENOMEM, and -EEXIST.\ncond_insertf() currently returns -1, but I will fix it in a later patch.\n\nThere is code in avtab_read() which translates the -1 returns from\navtab_read_item() to -EINVAL. The translation is no longer needed, so I\nremoved it.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nAcked-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9ee0c823c18119914283358b35a1c3ebb14c2f90", "tree": "6e29e71f1c9c7ae65d92a15a3b3220ae1d173407", "parents": [ "d2f8b2348f3406652ee00ee7221441bd36fe0195" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jun 11 12:37:05 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Aug 02 15:34:30 2010 +1000" }, "message": "SELinux: seperate range transition rules to a seperate function\n\nMove the range transition rule to a separate function, range_read(), rather\nthan doing it all in policydb_read()\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b3139bbc52762268769e7af842aade0e64372433", "tree": "eae65d208fdbeaefd9bdc9c6877d8eb18e617bf6", "parents": [ "9e4b50e93786d00c703f16ed46e6a4029c0dfdd1" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Fri May 14 21:30:30 2010 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon May 17 09:00:27 2010 +1000" }, "message": "security/selinux/ss: Use kstrdup\n\nUse kstrdup when the goal of an allocation is copy a string into the\nallocated region.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@@\nexpression from,to;\nexpression flag,E1,E2;\nstatement S;\n@@\n\n- to \u003d kmalloc(strlen(from) + 1,flag);\n+ to \u003d kstrdup(from, flag);\n ... when !\u003d \\(from \u003d E1 \\| to \u003d E1 \\)\n if (to\u003d\u003dNULL || ...) S\n ... when !\u003d \\(from \u003d E2 \\| to \u003d E2 \\)\n- strcpy(to, from);\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "a200005038955057063fc8ea82129ebc785df41c", "tree": "712fdedac2d15290cdbe7b8adc02cce844fde9f0", "parents": [ "6f262d8e1acb7b1605b811700326163fa707d355" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 20 10:29:42 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Apr 21 08:58:49 2010 +1000" }, "message": "SELinux: return error codes on policy load failure\n\npolicy load failure always return EINVAL even if the failure was for some\nother reason (usually ENOMEM). This patch passes error codes back up the\nstack where they will make their way to userspace. This might help in\ndebugging future problems with policy load.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c1a7368a6f0b18b10fdec87972da680ebdf03794", "tree": "17a8d306fe2332093e0e11e5fbb03199df011037", "parents": [ "e2902eb79fdea3c3bf679a8f15f3432b393cb2c0" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Fri Apr 09 19:30:29 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Apr 09 15:13:48 2010 +1000" }, "message": "Security: Fix coding style in security/\n\nFix coding style in security/\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "77c160e7798b4141a0705c734397a9236bb0e726", "tree": "e163a4f3fac4fa6f6419d95bcdf78e842d510089", "parents": [ "a19c5bbefb37ebe22fb42bd3861a8d3b2a2652a1" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Mar 15 10:42:11 2010 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 16 08:31:02 2010 +1100" }, "message": "SELinux: Reduce max avtab size to avoid page allocation failures\n\nReduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2\nallocation rather than an order 4 allocation on x86_64. This\naddresses reports of page allocation failures:\nhttp://marc.info/?l\u003dselinux\u0026m\u003d126757230625867\u0026w\u003d2\nhttps://bugzilla.redhat.com/show_bug.cgi?id\u003d570433\n\nReported-by: Russell Coker \u003crussell@coker.com.au\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c43a7523470dc2d9947fa114a0b54317975d4c04", "tree": "30a72ed1e9079f19b814263197761820f57c39ce", "parents": [ "eaa5eec739637f32f8733d528ff0b94fd62b1214", "634a539e16bd7a1ba31c3f832baa725565cc9f96" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 09 12:46:47 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Mar 09 12:46:47 2010 +1100" }, "message": "Merge branch \u0027next-queue\u0027 into next\n" }, { "commit": "634a539e16bd7a1ba31c3f832baa725565cc9f96", "tree": "cdc26f167c3a2764fecdf3427b2303d28bf05671", "parents": [ "c8563473c1259f5686ceb918c548c80132089f79" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Thu Mar 04 21:59:03 2010 -0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 08 09:33:53 2010 +1100" }, "message": "selinux: const strings in tables\n\nSeveral places strings tables are used that should be declared\nconst.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dbba541f9d9bd2c200041bc1b37c59dbaf9beb75", "tree": "1f359b8f354759296d625f783ea32f4de9bfb399", "parents": [ "31637b55b09753de9d5e24afc3a1d7fbdb2108d8" ], "author": { "name": "wzt.wzt@gmail.com", "email": "wzt.wzt@gmail.com", "time": "Tue Mar 02 17:03:43 2010 +0800" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Mar 03 09:22:16 2010 +1100" }, "message": "Selinux: Remove unused headers slab.h in selinux/ss/symtab.c\n\nslab.h is unused in symtab.c, so remove it.\n\nSigned-off-by: Zhitong Wang \u003czhitong.wangzt@alibaba-inc.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b4ccebdd37ff70d349321a198f416ba737a5e833", "tree": "275d717070346722c3aacd8355fb4f743216e03b", "parents": [ "30ff056c42c665b9ea535d8515890857ae382540", "ef57471a73b67a7b65fd8708fd55c77cb7c619af" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 01 09:36:31 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Mar 01 09:36:31 2010 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "c36f74e67fa12202dbcb4ad92c5ac844f9d36b98", "tree": "13cf4be470470b32ce348202ab4ba6a342c39ed9", "parents": [ "baac35c4155a8aa826c70acee6553368ca5243a2" ], "author": { "name": "Joshua Roys", "email": "joshua.roys@gtri.gatech.edu", "time": "Wed Feb 24 18:52:44 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 25 17:49:20 2010 +1100" }, "message": "netlabel: fix export of SELinux categories \u003e 127\n\nThis fixes corrupted CIPSO packets when SELinux categories greater than 127\nare used. The bug occured on the second (and later) loops through the\nwhile; the inner for loop through the ebitmap-\u003emaps array used the same\nindex as the NetLabel catmap-\u003ebitmap array, even though the NetLabel bitmap\nis twice as long as the SELinux bitmap.\n\nSigned-off-by: Joshua Roys \u003cjoshua.roys@gtri.gatech.edu\u003e\nAcked-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2ae3ba39389b51d8502123de0a59374bec899c4d", "tree": "54c552fa9fa6c17b769f6aca3fd438e542b504a4", "parents": [ "170800088666963de1111d62fb503889c8c82eda" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Wed Feb 17 08:49:41 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Feb 22 08:27:41 2010 +1100" }, "message": "selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()\n\nThis patch revert the commit of 7d52a155e38d5a165759dbbee656455861bf7801\nwhich removed a part of type_attribute_bounds_av as a dead code.\nHowever, at that time, we didn\u0027t find out the target side boundary allows\nto handle some of pseudo /proc/\u003cpid\u003e/* entries with its process\u0027s security\ncontext well.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n--\n security/selinux/ss/services.c | 43 ++++++++++++++++++++++++++++++++++++---\n 1 files changed, 39 insertions(+), 4 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2da5d31bc72d0a36dc16af7f5d5baa4f86df9c76", "tree": "9d5bd3cc7d9e5b1beecc954bb5337af8454d352d", "parents": [ "97d6931ead3e89a764cdaa3ad0924037367f0d34" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 16 17:29:06 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Feb 16 17:29:06 2010 +1100" }, "message": "security: fix a couple of sparse warnings\n\nFix a couple of sparse warnings for callers of\ncontext_struct_to_string, which takes a *u32, not an *int.\n\nThese cases are harmless as the values are not used.\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\n" }, { "commit": "0719aaf5ead7555b7b7a4a080ebf2826a871384e", "tree": "19c0b16b1013d84a8b8092737d38e60f3dd7e939", "parents": [ "42596eafdd75257a640f64701b9b07090bcd84b0" ], "author": { "name": "Guido Trentalancia", "email": "guido@trentalancia.com", "time": "Wed Feb 03 16:40:20 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 09:06:36 2010 +1100" }, "message": "selinux: allow MLS-\u003enon-MLS and vice versa upon policy reload\n\nAllow runtime switching between different policy types (e.g. from a MLS/MCS\npolicy to a non-MLS/non-MCS policy or viceversa).\n\nSigned-off-by: Guido Trentalancia \u003cguido@trentalancia.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "42596eafdd75257a640f64701b9b07090bcd84b0", "tree": "d5c4eb801d70ddd00a7a03814833d99cabf38962", "parents": [ "b6cac5a30b325e14cda425670bb3568d3cad0aa8" ], "author": { "name": "Guido Trentalancia", "email": "guido@trentalancia.com", "time": "Wed Feb 03 17:06:01 2010 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 04 08:48:17 2010 +1100" }, "message": "selinux: load the initial SIDs upon every policy load\n\nAlways load the initial SIDs, even in the case of a policy\nreload and not just at the initial policy load. This comes\nparticularly handy after the introduction of a recent\npatch for enabling runtime switching between different\npolicy types, although this patch is in theory independent\nfrom that feature.\n\nSigned-off-by: Guido Trentalancia \u003cguido@trentalancia.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "7d52a155e38d5a165759dbbee656455861bf7801", "tree": "7b071cde283e98465744b5abb2c6140b9b6afcda", "parents": [ "2f3e82d694d3d7a2db019db1bb63385fbc1066f3" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jan 21 15:00:15 2010 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 25 08:31:38 2010 +1100" }, "message": "selinux: remove dead code in type_attribute_bounds_av()\n\nThis patch removes dead code in type_attribute_bounds_av().\n\nDue to the historical reason, the type boundary feature is delivered\nfrom hierarchical types in libsepol, it has supported boundary features\nboth of subject type (domain; in most cases) and target type.\n\nHowever, we don\u0027t have any actual use cases in bounded target types,\nand it tended to make conceptual confusion.\nSo, this patch removes the dead code to apply boundary checks on the\ntarget types. I makes clear the TYPEBOUNDS restricts privileges of\na certain domain bounded to any other domain.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n--\n security/selinux/ss/services.c | 43 +++------------------------------------\n 1 files changed, 4 insertions(+), 39 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2f3e82d694d3d7a2db019db1bb63385fbc1066f3", "tree": "9d99a883eb2ab097a3ff1ee4e1c9bf2fa851d832", "parents": [ "2457552d1e6f3183cd93f81c49a8da5fe8bb0e42" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jan 07 15:55:16 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 25 08:29:05 2010 +1100" }, "message": "selinux: convert range transition list to a hashtab\n\nPer https://bugzilla.redhat.com/show_bug.cgi?id\u003d548145\nthere are sufficient range transition rules in modern (Fedora) policy to\nmake mls_compute_sid a significant factor on the shmem file setup path\ndue to the length of the range_tr list. Replace the simple range_tr\nlist with a hashtab inside the security server to help mitigate this\nproblem.\n\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2457552d1e6f3183cd93f81c49a8da5fe8bb0e42", "tree": "7ca46caa910012d75617700e4083b3657053cb31", "parents": [ "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "6ccf80eb15ccaca4d3f1ab5162b9ded5eecd9971" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:56:22 2010 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "19439d05b88dafc4e55d9ffce84ccc27cf8b2bcc", "tree": "e529e1bbba49f30684c3b88a67df1d62ba3e11b1", "parents": [ "8d9525048c74786205b99f3fcd05a839721edfb7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Jan 14 17:28:10 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 18 09:54:26 2010 +1100" }, "message": "selinux: change the handling of unknown classes\n\nIf allow_unknown\u003d\u003ddeny, SELinux treats an undefined kernel security\nclass as an error condition rather than as a typical permission denial\nand thus does not allow permissions on undefined classes even when in\npermissive mode. Change the SELinux logic so that this case is handled\nas a typical permission denial, subject to the usual permissive mode and\npermissive domain handling.\n\nAlso drop the \u0027requested\u0027 argument from security_compute_av() and\nhelpers as it is a legacy of the original security server interface and\nis unused.\n\nChanges:\n- Handle permissive domains consistently by moving up the test for a\npermissive domain.\n- Make security_compute_av_user() consistent with security_compute_av();\nthe only difference now is that security_compute_av() performs mapping\nbetween the kernel-private class and permission indices and the policy\nvalues. In the userspace case, this mapping is handled by libselinux.\n- Moved avd_init inside the policy lock.\n\nBased in part on a patch by Paul Moore \u003cpaul.moore@hp.com\u003e.\n\nReported-by: Andrew Worsley \u003camworsley@gmail.com\u003e\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "08e3daff217059c84c360cc71212686e0a7995af", "tree": "ac2dd60ab2309a82b72e57f15fef72401f5102d1", "parents": [ "937bf6133b21b16965f75223085f4314ae32b8eb" ], "author": { "name": "Amerigo Wang", "email": "amwang@redhat.com", "time": "Thu Dec 03 03:48:28 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 08 14:58:11 2009 +1100" }, "message": "selinux: remove a useless return\n\nThe last return is unreachable, remove the \u0027return\u0027\nin default, let it fall through.\n\nSigned-off-by: WANG Cong \u003camwang@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9f59f90bf57cff8be07faddc608c400b6e7c5d05", "tree": "621e4fa6dae193b3427913a1945eee473f47b153", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Sun Dec 06 10:16:51 2009 +0100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Dec 08 14:57:54 2009 +1100" }, "message": "security/selinux/ss: correct size computation\n\nThe size argument to kcalloc should be the size of desired structure,\nnot the pointer to it.\n\nThe semantic patch that makes this change is as follows:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@expression@\nexpression *x;\n@@\n\nx \u003d\n \u003c+...\n-sizeof(x)\n+sizeof(*x)\n...+\u003e// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d014d043869cdc591f3a33243d3481fa4479c2d0", "tree": "63626829498e647ba058a1ce06419fe7e4d5f97d", "parents": [ "6ec22f9b037fc0c2e00ddb7023fad279c365324d", "6070d81eb5f2d4943223c96e7609a53cdc984364" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Mon Dec 07 18:36:35 2009 +0100" }, "message": "Merge branch \u0027for-next\u0027 into for-linus\n\nConflicts:\n\n\tkernel/irq/chip.c\n" }, { "commit": "af901ca181d92aac3a7dc265144a9081a86d8f39", "tree": "380054af22521144fbe1364c3bcd55ad24c9bde4", "parents": [ "972b94ffb90ea6d20c589d9a47215df103388ddd" ], "author": { "name": "André Goddard Rosa", "email": "andre.goddard@gmail.com", "time": "Sat Nov 14 13:09:05 2009 -0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Fri Dec 04 15:39:55 2009 +0100" }, "message": "tree-wide: fix assorted typos all over the place\n\nThat is \"success\", \"unknown\", \"through\", \"performance\", \"[re|un]mapping\"\n, \"access\", \"default\", \"reasonable\", \"[con]currently\", \"temperature\"\n, \"channel\", \"[un]used\", \"application\", \"example\",\"hierarchy\", \"therefore\"\n, \"[over|under]flow\", \"contiguous\", \"threshold\", \"enough\" and others.\n\nSigned-off-by: André Goddard Rosa \u003candre.goddard@gmail.com\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "0bce95279909aa4cc401a2e3140b4295ca22e72a", "tree": "5b98e4ebe7ef30fa1edf627c79501c531b346a8b", "parents": [ "c4a5af54c8ef277a59189fc9358e190f3c1b8206" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Nov 23 16:47:23 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 24 14:30:49 2009 +1100" }, "message": "SELinux: print denials for buggy kernel with unknown perms\n\nHistorically we\u0027ve seen cases where permissions are requested for classes\nwhere they do not exist. In particular we have seen CIFS forget to set\ni_mode to indicate it is a directory so when we later check something like\nremove_name we have problems since it wasn\u0027t defined in tclass file. This\nused to result in a avc which included the permission 0x2000 or something.\nCurrently the kernel will deny the operations (good thing) but will not\nprint ANY information (bad thing). First the auditdeny field is no\nextended to include unknown permissions. After that is fixed the logic in\navc_dump_query to output this information isn\u0027t right since it will remove\nthe permission from the av and print the phrase \"\u003cNULL\u003e\". This takes us\nback to the behavior before the classmap rewrite.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b7f3008ad1d795935551e4dd810b0255a7bfa3c9", "tree": "1933b20fd16d30f6f9b3043ee6a66f0ddedb4009", "parents": [ "825332e4ff1373c55d931b49408df7ec2298f71e" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Oct 19 10:08:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Oct 20 09:22:07 2009 +0900" }, "message": "SELinux: fix locking issue introduced with c6d3aaa4e35c71a3\n\nEnsure that we release the policy read lock on all exit paths from\nsecurity_compute_av.\n\nSigned-off-by: Stephen D. Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e", "tree": "c2f579e6fcc5bee6659527db7ccfb661acfe196c", "parents": [ "8753f6bec352392b52ed9b5e290afb34379f4612" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Thu Oct 01 14:48:23 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:46 2009 +1100" }, "message": "selinux: drop remapping of netlink classes\n\nDrop remapping of netlink classes and bypass of permission checking\nbased on netlink message type for policy version \u003c 18. This removes\ncompatibility code introduced when the original single netlink\nsecurity class used for all netlink sockets was split into\nfiner-grained netlink classes based on netlink protocol and when\npermission checking was added based on netlink message type in Linux\n2.6.8. The only known distribution that shipped with SELinux and\npolicy \u003c 18 was Fedora Core 2, which was EOL\u0027d on 2005-04-11.\n\nGiven that the remapping code was never updated to address the\naddition of newer netlink classes, that the corresponding userland\nsupport was dropped in 2005, and that the assumptions made by the\nremapping code about the fixed ordering among netlink classes in the\npolicy may be violated in the future due to the dynamic class/perm\ndiscovery support, we should drop this compatibility code now.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8753f6bec352392b52ed9b5e290afb34379f4612", "tree": "b5f381be9f56125309bfbfcaa73d68e08c309747", "parents": [ "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:41:02 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:44 2009 +1100" }, "message": "selinux: generate flask headers during kernel build\n\nAdd a simple utility (scripts/selinux/genheaders) and invoke it to\ngenerate the kernel-private class and permission indices in flask.h\nand av_permissions.h automatically during the kernel build from the\nsecurity class mapping definitions in classmap.h. Adding new kernel\nclasses and permissions can then be done just by adding them to classmap.h.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c6d3aaa4e35c71a32a86ececacd4eea7ecfc316c", "tree": "1a5475b4370655a22670fd6eb35e54d8b131b362", "parents": [ "23acb98de5a4109a60b5fe3f0439389218b039d7" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Wed Sep 30 13:37:50 2009 -0400" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 07 21:56:42 2009 +1100" }, "message": "selinux: dynamic class/perm discovery\n\nModify SELinux to dynamically discover class and permission values\nupon policy load, based on the dynamic object class/perm discovery\nlogic from libselinux. A mapping is created between kernel-private\nclass and permission indices used outside the security server and the\npolicy values used within the security server.\n\nThe mappings are only applied upon kernel-internal computations;\nsimilar mappings for the private indices of userspace object managers\nis handled on a per-object manager basis by the userspace AVC. The\ninterfaces for compute_av and transition_sid are split for kernel\nvs. userspace; the userspace functions are distinguished by a _user\nsuffix.\n\nThe kernel-private class indices are no longer tied to the policy\nvalues and thus do not need to skip indices for userspace classes;\nthus the kernel class index values are compressed. The flask.h\ndefinitions were regenerated by deleting the userspace classes from\nrefpolicy\u0027s definitions and then regenerating the headers. Going\nforward, we can just maintain the flask.h, av_permissions.h, and\nclassmap.h definitions separately from policy as they are no longer\ntied to the policy values. The next patch introduces a utility to\nautomate generation of flask.h and av_permissions.h from the\nclassmap.h definitions.\n\nThe older kernel class and permission string tables are removed and\nreplaced by a single security class mapping table that is walked at\npolicy load to generate the mapping. The old kernel class validation\nlogic is completely replaced by the mapping logic.\n\nThe handle unknown logic is reworked. reject_unknown\u003d1 is handled\nwhen the mappings are computed at policy load time, similar to the old\nhandling by the class validation logic. allow_unknown\u003d1 is handled\nwhen computing and mapping decisions - if the permission was not able\nto be mapped (i.e. undefined, mapped to zero), then it is\nautomatically added to the allowed vector. If the class was not able\nto be mapped (i.e. undefined, mapped to zero), then all permissions\nare allowed for it if allow_unknown\u003d1.\n\navc_audit leverages the new security class mapping table to lookup the\nclass and permission names from the kernel-private indices.\n\nThe mdp program is updated to use the new table when generating the\nclass definitions and allow rules for a minimal boot policy for the\nkernel. It should be noted that this policy will not include any\nuserspace classes, nor will its policy index values for the kernel\nclasses correspond with the ones in refpolicy (they will instead match\nthe kernel-private indices).\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d905163c5b23f6d8511971e06081a1b525e8a0bd", "tree": "f76918c1be802ec068d37763466f5518efdb690e", "parents": [ "44c2d9bdd7022ca7d240d5adc009296fc1c6ce08", "0732f87761dbe417cb6e084b712d07e879e876ef" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 08:20:55 2009 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 08:20:55 2009 +1000" }, "message": "Merge branch \u0027master\u0027 into next\n" }, { "commit": "44c2d9bdd7022ca7d240d5adc009296fc1c6ce08", "tree": "33115ee8d7e167d2a26558c2af8e0edfdca099d5", "parents": [ "caabbdc07df4249f2ed516b2c3e2d6b0973bcbb3" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jun 18 17:26:13 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Jun 19 00:12:28 2009 +1000" }, "message": "Add audit messages on type boundary violations\n\nThe attached patch adds support to generate audit messages on two cases.\n\nThe first one is a case when a multi-thread process tries to switch its\nperforming security context using setcon(3), but new security context is\nnot bounded by the old one.\n\n type\u003dSELINUX_ERR msg\u003daudit(1245311998.599:17): \\\n op\u003dsecurity_bounded_transition result\u003ddenied \\\n oldcontext\u003dsystem_u:system_r:httpd_t:s0 \\\n newcontext\u003dsystem_u:system_r:guest_webapp_t:s0\n\nThe other one is a case when security_compute_av() masked any permissions\ndue to the type boundary violation.\n\n type\u003dSELINUX_ERR msg\u003daudit(1245312836.035:32):\t\\\n op\u003dsecurity_compute_av reason\u003dbounds \\\n scontext\u003dsystem_u:object_r:user_webapp_t:s0 \\\n tcontext\u003dsystem_u:object_r:shadow_t:s0:c0 \\\n tclass\u003dfile perms\u003dgetattr,open\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "caabbdc07df4249f2ed516b2c3e2d6b0973bcbb3", "tree": "73e59a2c516edb4620b4e734eb7167651c466360", "parents": [ "991ec02cdca33b03a132a0cacfe6f0aa0be9aa8d" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Thu Jun 18 17:30:07 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Jun 18 21:53:44 2009 +1000" }, "message": "cleanup in ss/services.c\n\nIt is a cleanup patch to cut down a line within 80 columns.\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\n--\n security/selinux/ss/services.c | 6 +++---\n 1 files changed, 3 insertions(+), 3 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "8a6f83afd0c5355db6d11394a798e94950306239", "tree": "f7cb84de87f67eeba0dd68681907696f8a5774d1", "parents": [ "c31f403de62415c738ddc9e673cf8e722c82f861" ], "author": { "name": "KaiGai Kohei", "email": "kaigai@ak.jp.nec.com", "time": "Wed Apr 01 10:07:57 2009 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Apr 02 09:23:45 2009 +1100" }, "message": "Permissive domain in userspace object manager\n\nThis patch enables applications to handle permissive domain correctly.\n\nSince the v2.6.26 kernel, SELinux has supported an idea of permissive\ndomain which allows certain processes to work as if permissive mode,\neven if the global setting is enforcing mode.\nHowever, we don\u0027t have an application program interface to inform\nwhat domains are permissive one, and what domains are not.\nIt means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL\nand so on) cannot handle permissive domain correctly.\n\nThis patch add the sixth field (flags) on the reply of the /selinux/access\ninterface which is used to make an access control decision from userspace.\nIf the first bit of the flags field is positive, it means the required\naccess control decision is on permissive domain, so application should\nallow any required actions, as the kernel doing.\n\nThis patch also has a side benefit. The av_decision.flags is set at\ncontext_struct_compute_av(). It enables to check required permissions\nwithout read_lock(\u0026policy_rwlock).\n\nSigned-off-by: KaiGai Kohei \u003ckaigai@ak.jp.nec.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n--\n security/selinux/avc.c | 2 +-\n security/selinux/include/security.h | 4 +++-\n security/selinux/selinuxfs.c | 4 ++--\n security/selinux/ss/services.c | 30 +++++-------------------------\n 4 files changed, 11 insertions(+), 29 deletions(-)\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f1c6381a6e337adcecf84be2a838bd9e610e2365", "tree": "a6e0857db27a38b0976fb422836f9443241b4b61", "parents": [ "21193dcd1f3570ddfd8a04f4465e484c1f94252f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Feb 12 14:50:54 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Feb 14 09:23:08 2009 +1100" }, "message": "SELinux: remove unused av.decided field\n\nIt appears there was an intention to have the security server only decide\ncertain permissions and leave other for later as some sort of a portential\nperformance win. We are currently always deciding all 32 bits of\npermissions and this is a useless couple of branches and wasted space.\nThis patch completely drops the av.decided concept.\n\nThis in a 17% reduction in the time spent in avc_has_perm_noaudit\nbased on oprofile sampling of a tbench benchmark.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "ac8cc0fa5395fe2278e305a4cbed48e90d88d878", "tree": "515f577bfddd054ee4373228be7c974dfb8133af", "parents": [ "238c6d54830c624f34ac9cf123ac04aebfca5013", "3699c53c485bf0168e6500d0ed18bf931584dd7c" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 07 09:58:22 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 07 09:58:22 2009 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "76f7ba35d4b5219fcc4cb072134c020ec77d030d", "tree": "971ec5f913a688d98e9be2a04b0c675adcc4166b", "parents": [ "14eaddc967b16017d4a1a24d2be6c28ecbe06ed8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jan 02 17:40:06 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Jan 05 19:19:55 2009 +1100" }, "message": "SELinux: shrink sizeof av_inhert selinux_class_perm and context\n\nI started playing with pahole today and decided to put it against the\nselinux structures. Found we could save a little bit of space on x86_64\n(and no harm on i686) just reorganizing some structs.\n\nObject size changes:\nav_inherit: 24 -\u003e 16\nselinux_class_perm: 48 -\u003e 40\ncontext: 80 -\u003e 72\n\nAdmittedly there aren\u0027t many of av_inherit or selinux_class_perm\u0027s in\nthe kernel (33 and 1 respectively) But the change to the size of struct\ncontext reverberate out a bit. I can get some hard number if they are\nneeded, but I don\u0027t see why they would be. We do change which cacheline\ncontext-\u003elen and context-\u003estr would be on, but I don\u0027t see that as a\nproblem since we are clearly going to have to load both if the context\nis to be of any value. I\u0027ve run with the patch and don\u0027t seem to be\nhaving any problems.\n\nAn example of what\u0027s going on using struct av_inherit would be:\n\nform: to:\nstruct av_inherit {\t\t\tstruct av_inherit {\n\tu16 tclass;\t\t\t\tconst char **common_pts;\n\tconst char **common_pts;\t\tu32 common_base;\n\tu32 common_base;\t\t\tu16 tclass;\n};\n\n(notice all I did was move u16 tclass to the end of the struct instead\nof the beginning)\n\nMemory layout before the change:\nstruct av_inherit {\n\tu16 tclass; /* 2 */\n\t/* 6 bytes hole */\n\tconst char** common_pts; /* 8 */\n\tu32 common_base; /* 4 */\n\t/* 4 byes padding */\n\n\t/* size: 24, cachelines: 1 */\n\t/* sum members: 14, holes: 1, sum holes: 6 */\n\t/* padding: 4 */\n};\n\nMemory layout after the change:\nstruct av_inherit {\n\tconst char ** common_pts; /* 8 */\n\tu32 common_base; /* 4 */\n\tu16 tclass; /* 2 */\n\t/* 2 bytes padding */\n\n\t/* size: 16, cachelines: 1 */\n\t/* sum members: 14, holes: 0, sum holes: 0 */\n\t/* padding: 2 */\n};\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5af75d8d58d0f9f7b7c0515b35786b22892d5f12", "tree": "65707c5309133a33140c39145ae91b7c1679a877", "parents": [ "36c4f1b18c8a7d0adb4085e7f531860b837bb6b0" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 16 05:59:26 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:42 2009 -0500" }, "message": "audit: validate comparison operations, store them in sane form\n\nDon\u0027t store the field-\u003eop in the messy (and very inconvenient for e.g.\naudit_comparator()) form; translate to dense set of values and do full\nvalidation of userland-submitted value while we are at it.\n\n-\u003eaudit_init_rule() and -\u003eaudit_match_rule() get new values now; in-tree\ninstances updated.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0da939b0058742ad2d8580b7db6b966d0fc72252", "tree": "47cb109fdf97135191bff5db4e3bfc905136bf8b", "parents": [ "4bdec11f560b8f405a011288a50e65b1a81b3654", "d91d40799165b0c84c97e7c71fb8039494ff07dc" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 11 09:26:14 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Oct 11 09:26:14 2008 +1100" }, "message": "Merge branch \u0027master\u0027 of git://git.infradead.org/users/pcmoore/lblnet-2.6_next into next\n" } ], "next": "8d75899d033617316e06296b7c0729612f56aba0" }