Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into next (37babe4e) · Commits · e / devices / android_kernel_fairphone_FP4

fs/gfs2/glops.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -13,6 +13,7 @@
		#include <linux/gfs2_ondisk.h>
		#include <linux/bio.h>
		#include <linux/posix_acl.h>
		#include <linux/security.h>

		#include "gfs2.h"
		#include "incore.h"
		@@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags)
		if (ip) {
		set_bit(GIF_INVALID, &ip->i_flags);
		forget_all_cached_acls(&ip->i_inode);
		security_inode_invalidate_secctx(&ip->i_inode);
		gfs2_dir_hash_inval(ip);
		}
		}

include/linux/audit.h

+4 −4

Original line number	Diff line number	Diff line
		@@ -137,7 +137,7 @@ extern void __audit_getname(struct filename *name);
		extern void __audit_inode(struct filename name, const struct dentry dentry,
		unsigned int flags);
		extern void __audit_file(const struct file *);
		extern void __audit_inode_child(const struct inode *parent,
		extern void __audit_inode_child(struct inode *parent,
		const struct dentry *dentry,
		const unsigned char type);
		extern void __audit_seccomp(unsigned long syscall, long signr, int code);
		@@ -202,7 +202,7 @@ static inline void audit_inode_parent_hidden(struct filename *name,
		__audit_inode(name, dentry,
		AUDIT_INODE_PARENT \| AUDIT_INODE_HIDDEN);
		}
		static inline void audit_inode_child(const struct inode *parent,
		static inline void audit_inode_child(struct inode *parent,
		const struct dentry *dentry,
		const unsigned char type) {
		if (unlikely(!audit_dummy_context()))
		@@ -359,7 +359,7 @@ static inline void __audit_inode(struct filename *name,
		const struct dentry *dentry,
		unsigned int flags)
		{ }
		static inline void __audit_inode_child(const struct inode *parent,
		static inline void __audit_inode_child(struct inode *parent,
		const struct dentry *dentry,
		const unsigned char type)
		{ }
		@@ -373,7 +373,7 @@ static inline void audit_file(struct file *file)
		static inline void audit_inode_parent_hidden(struct filename *name,
		const struct dentry *dentry)
		{ }
		static inline void audit_inode_child(const struct inode *parent,
		static inline void audit_inode_child(struct inode *parent,
		const struct dentry *dentry,
		const unsigned char type)
		{ }

include/linux/lsm_hooks.h

+8 −2

Original line number	Diff line number	Diff line
		@@ -1261,6 +1261,10 @@
		* audit_rule_init.
		* @rule contains the allocated rule
		*
		* @inode_invalidate_secctx:
		* Notify the security module that it must revalidate the security context
		* of an inode.
		*
		* @inode_notifysecctx:
		* Notify the security module of what the security context of an inode
		* should be. Initializes the incore security context managed by the
		@@ -1413,14 +1417,14 @@ union security_list_options {
		int (inode_removexattr)(struct dentry dentry, const char *name);
		int (inode_need_killpriv)(struct dentry dentry);
		int (inode_killpriv)(struct dentry dentry);
		int (inode_getsecurity)(const struct inode inode, const char *name,
		int (inode_getsecurity)(struct inode inode, const char *name,
		void **buffer, bool alloc);
		int (inode_setsecurity)(struct inode inode, const char *name,
		const void *value, size_t size,
		int flags);
		int (inode_listsecurity)(struct inode inode, char *buffer,
		size_t buffer_size);
		void (inode_getsecid)(const struct inode inode, u32 *secid);
		void (inode_getsecid)(struct inode inode, u32 *secid);

		int (file_permission)(struct file file, int mask);
		int (file_alloc_security)(struct file file);
		@@ -1516,6 +1520,7 @@ union security_list_options {
		int (secctx_to_secid)(const char secdata, u32 seclen, u32 *secid);
		void (release_secctx)(char secdata, u32 seclen);

		void (inode_invalidate_secctx)(struct inode inode);
		int (inode_notifysecctx)(struct inode inode, void *ctx, u32 ctxlen);
		int (inode_setsecctx)(struct dentry dentry, void *ctx, u32 ctxlen);
		int (inode_getsecctx)(struct inode inode, void *ctx, u32 ctxlen);
		@@ -1757,6 +1762,7 @@ struct security_hook_heads {
		struct list_head secid_to_secctx;
		struct list_head secctx_to_secid;
		struct list_head release_secctx;
		struct list_head inode_invalidate_secctx;
		struct list_head inode_notifysecctx;
		struct list_head inode_setsecctx;
		struct list_head inode_getsecctx;

include/linux/security.h

+9 −4

Original line number	Diff line number	Diff line
		@@ -270,10 +270,10 @@ int security_inode_listxattr(struct dentry *dentry);
		int security_inode_removexattr(struct dentry dentry, const char name);
		int security_inode_need_killpriv(struct dentry *dentry);
		int security_inode_killpriv(struct dentry *dentry);
		int security_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc);
		int security_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc);
		int security_inode_setsecurity(struct inode inode, const char name, const void *value, size_t size, int flags);
		int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size);
		void security_inode_getsecid(const struct inode inode, u32 secid);
		void security_inode_getsecid(struct inode inode, u32 secid);
		int security_file_permission(struct file *file, int mask);
		int security_file_alloc(struct file *file);
		void security_file_free(struct file *file);
		@@ -353,6 +353,7 @@ int security_secid_to_secctx(u32 secid, char *secdata, u32 seclen);
		int security_secctx_to_secid(const char secdata, u32 seclen, u32 secid);
		void security_release_secctx(char *secdata, u32 seclen);

		void security_inode_invalidate_secctx(struct inode *inode);
		int security_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen);
		int security_inode_setsecctx(struct dentry dentry, void ctx, u32 ctxlen);
		int security_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen);
		@@ -719,7 +720,7 @@ static inline int security_inode_killpriv(struct dentry *dentry)
		return cap_inode_killpriv(dentry);
		}

		static inline int security_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc)
		static inline int security_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc)
		{
		return -EOPNOTSUPP;
		}
		@@ -734,7 +735,7 @@ static inline int security_inode_listsecurity(struct inode inode, char buffer,
		return 0;
		}

		static inline void security_inode_getsecid(const struct inode inode, u32 secid)
		static inline void security_inode_getsecid(struct inode inode, u32 secid)
		{
		*secid = 0;
		}
		@@ -1093,6 +1094,10 @@ static inline void security_release_secctx(char *secdata, u32 seclen)
		{
		}

		static inline void security_inode_invalidate_secctx(struct inode *inode)
		{
		}

		static inline int security_inode_notifysecctx(struct inode inode, void ctx, u32 ctxlen)
		{
		return -EOPNOTSUPP;

kernel/audit.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1722,7 +1722,7 @@ static inline int audit_copy_fcaps(struct audit_names *name,

		/* Copy inode data into an audit_names. */
		void audit_copy_inode(struct audit_names name, const struct dentry dentry,
		const struct inode *inode)
		struct inode *inode)
		{
		name->ino = inode->i_ino;
		name->dev = inode->i_sb->s_dev;