Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e22619a2 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull security subsystem updates from James Morris:
 "The main change in this kernel is Casey's generalized LSM stacking
  work, which removes the hard-coding of Capabilities and Yama stacking,
  allowing multiple arbitrary "small" LSMs to be stacked with a default
  monolithic module (e.g.  SELinux, Smack, AppArmor).

  See
        https://lwn.net/Articles/636056/

  This will allow smaller, simpler LSMs to be incorporated into the
  mainline kernel and arbitrarily stacked by users.  Also, this is a
  useful cleanup of the LSM code in its own right"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)
  tpm, tpm_crb: fix le64_to_cpu conversions in crb_acpi_add()
  vTPM: set virtual device before passing to ibmvtpm_reset_crq
  tpm_ibmvtpm: remove unneccessary message level.
  ima: update builtin policies
  ima: extend "mask" policy matching support
  ima: add support for new "euid" policy condition
  ima: fix ima_show_template_data_ascii()
  Smack: freeing an error pointer in smk_write_revoke_subj()
  selinux: fix setting of security labels on NFS
  selinux: Remove unused permission definitions
  selinux: enable genfscon labeling for sysfs and pstore files
  selinux: enable per-file labeling for debugfs files.
  selinux: update netlink socket classes
  signals: don't abuse __flush_signals() in selinux_bprm_committed_creds()
  selinux: Print 'sclass' as string when unrecognized netlink message occurs
  Smack: allow multiple labels in onlycap
  Smack: fix seq operations in smackfs
  ima: pass iint to ima_add_violation()
  ima: wrap event related data to the new ima_event_data structure
  integrity: add validity checks for 'path' parameter
  ...
parents 78c10e55 b3bddffd

Documentation/ABI/testing/ima_policy

+19 −7
Original line number Diff line number Diff line
@@ -20,17 +20,19 @@ Description: 
		action: measure | dont_measure | appraise | dont_appraise | audit

		condition:= base | lsm  [option]

			base:	[[func=] [mask=] [fsmagic=] [fsuuid=] [uid=]

				 [fowner]]

				[euid=] [fowner=]]

			lsm:	[[subj_user=] [subj_role=] [subj_type=]

				 [obj_user=] [obj_role=] [obj_type=]]

			option:	[[appraise_type=]] [permit_directio]



		base: 	func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]

				[FIRMWARE_CHECK]

			mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]

			mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND]

			       [[^]MAY_EXEC]

			fsmagic:= hex value

			fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)

			uid:= decimal value

			euid:= decimal value

			fowner:=decimal value

		lsm:  	are LSM specific

		option:	appraise_type:= [imasig]
@@ -49,11 +51,25 @@ Description: 
			dont_measure fsmagic=0x01021994

			dont_appraise fsmagic=0x01021994

			# RAMFS_MAGIC

			dont_measure fsmagic=0x858458f6

			dont_appraise fsmagic=0x858458f6

			# DEVPTS_SUPER_MAGIC

			dont_measure fsmagic=0x1cd1

			dont_appraise fsmagic=0x1cd1

			# BINFMTFS_MAGIC

			dont_measure fsmagic=0x42494e4d

			dont_appraise fsmagic=0x42494e4d

			# SECURITYFS_MAGIC

			dont_measure fsmagic=0x73636673

			dont_appraise fsmagic=0x73636673

			# SELINUX_MAGIC

			dont_measure fsmagic=0xf97cff8c

			dont_appraise fsmagic=0xf97cff8c

			# CGROUP_SUPER_MAGIC

			dont_measure fsmagic=0x27e0eb

			dont_appraise fsmagic=0x27e0eb

			# NSFS_MAGIC

			dont_measure fsmagic=0x6e736673

			dont_appraise fsmagic=0x6e736673



			measure func=BPRM_CHECK

			measure func=FILE_MMAP mask=MAY_EXEC
@@ -70,10 +86,6 @@ Description: 
		Examples of LSM specific definitions:



		SELinux:

			# SELINUX_MAGIC

			dont_measure fsmagic=0xf97cff8c

			dont_appraise fsmagic=0xf97cff8c



			dont_measure obj_type=var_log_t

			dont_appraise obj_type=var_log_t

			dont_measure obj_type=auditd_log_t

Documentation/kernel-parameters.txt

+10 −2
Original line number Diff line number Diff line
@@ -1413,7 +1413,15 @@ bytes respectively. Such letter suffixes can also be entirely omitted. 
			The list of supported hash algorithms is defined

			in crypto/hash_info.h.



	ima_tcb		[IMA]

	ima_policy=	[IMA]

			The builtin measurement policy to load during IMA

			setup.  Specyfing "tcb" as the value, measures all

			programs exec'd, files mmap'd for exec, and all files

			opened with the read mode bit set by either the

			effective uid (euid=0) or uid=0.

			Format: "tcb"



	ima_tcb		[IMA] Deprecated.  Use ima_policy= instead.

			Load a policy which meets the needs of the Trusted

			Computing Base.  This means IMA will measure all

			programs exec'd, files mmap'd for exec, and all files
@@ -1421,7 +1429,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. 


	ima_template=   [IMA]

			Select one of defined IMA measurements template formats.

			Formats: { "ima" | "ima-ng" }

			Formats: { "ima" | "ima-ng" | "ima-sig" }

			Default: "ima-ng"



	ima_template_fmt=

Documentation/security/Smack.txt

+3 −3
Original line number Diff line number Diff line
@@ -206,11 +206,11 @@ netlabel 
	label. The format accepted on write is:

		"%d.%d.%d.%d label" or "%d.%d.%d.%d/%d label".

onlycap

	This contains the label processes must have for CAP_MAC_ADMIN

	This contains labels processes must have for CAP_MAC_ADMIN

	and CAP_MAC_OVERRIDE to be effective. If this file is empty

	these capabilities are effective at for processes with any

	label. The value is set by writing the desired label to the

	file or cleared by writing "-" to the file.

	label. The values are set by writing the desired labels, separated

	by spaces, to the file or cleared by writing "-" to the file.

ptrace

	This is used to define the current ptrace policy

	0 - default: this is the policy that relies on Smack access rules.

crypto/asymmetric_keys/asymmetric_keys.h

+3 −0
Original line number Diff line number Diff line
@@ -11,6 +11,9 @@ 


extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id);



extern int __asymmetric_key_hex_to_key_id(const char *id,

					  struct asymmetric_key_id *match_id,

					  size_t hexlen);

static inline

const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)

{

crypto/asymmetric_keys/asymmetric_type.c

+14 −6
Original line number Diff line number Diff line
@@ -104,6 +104,15 @@ static bool asymmetric_match_key_ids( 
	return false;

}



/* helper function can be called directly with pre-allocated memory */

inline int __asymmetric_key_hex_to_key_id(const char *id,

				   struct asymmetric_key_id *match_id,

				   size_t hexlen)

{

	match_id->len = hexlen;

	return hex2bin(match_id->data, id, hexlen);

}



/**

 * asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.

 * @id: The ID as a hex string.
@@ -111,21 +120,20 @@ static bool asymmetric_match_key_ids( 
struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id)

{

	struct asymmetric_key_id *match_id;

	size_t hexlen;

	size_t asciihexlen;

	int ret;



	if (!*id)

		return ERR_PTR(-EINVAL);

	hexlen = strlen(id);

	if (hexlen & 1)

	asciihexlen = strlen(id);

	if (asciihexlen & 1)

		return ERR_PTR(-EINVAL);



	match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2,

	match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2,

			   GFP_KERNEL);

	if (!match_id)

		return ERR_PTR(-ENOMEM);

	match_id->len = hexlen / 2;

	ret = hex2bin(match_id->data, id, hexlen / 2);

	ret = __asymmetric_key_hex_to_key_id(id, match_id, asciihexlen / 2);

	if (ret < 0) {

		kfree(match_id);

		return ERR_PTR(-EINVAL);