Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c54dcd8e authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of... 

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  selinux: Fix an uninitialized variable BUG/panic in selinux_secattr_to_sid()
  selinux: use default proc sid on symlinks
  file capabilities: uninline cap_safe_nice
  Update selinux info in MAINTAINERS and Kconfig help text
  SELinux: add gitignore file for mdp script
  SELinux: add boundary support and thread context assignment
  securityfs: do not depend on CONFIG_SECURITY
  selinux: add support for installing a dummy policy (v2)
  security: add/fix security kernel-doc
  selinux: Unify for- and while-loop style
  selinux: conditional expression type validation was off-by-one
  smack: limit privilege by label
  SELinux: Fix a potentially uninitialised variable in SELinux hooks
  SELinux: trivial, remove unneeded local variable
  SELinux: Trivial minor fixes that change C null character style
  make selinux_write_opts() static
parents b11ce8a2 9ac684fc

Documentation/DocBook/kernel-api.tmpl

+1 −0
Original line number Diff line number Diff line
@@ -283,6 +283,7 @@ X!Earch/x86/kernel/mca_32.c 
  <chapter id="security">

     <title>Security Framework</title>

!Isecurity/security.c

!Esecurity/inode.c

  </chapter>



  <chapter id="audit">

Documentation/SELinux.txt

0 → 100644
+27 −0
Original line number Diff line number Diff line 
If you want to use SELinux, chances are you will want

to use the distro-provided policies, or install the

latest reference policy release from

	http://oss.tresys.com/projects/refpolicy



However, if you want to install a dummy policy for

testing, you can do using 'mdp' provided under

scripts/selinux.  Note that this requires the selinux

userspace to be installed - in particular you will

need checkpolicy to compile a kernel, and setfiles and

fixfiles to label the filesystem.



	1. Compile the kernel with selinux enabled.

	2. Type 'make' to compile mdp.

	3. Make sure that you are not running with

	   SELinux enabled and a real policy.  If

	   you are, reboot with selinux disabled

	   before continuing.

	4. Run install_policy.sh:

		cd scripts/selinux

		sh install_policy.sh



Step 4 will create a new dummy policy valid for your

kernel, with a single selinux user, role, and type.

It will compile the policy, will set your SELINUXTYPE to

dummy in /etc/selinux/config, install the compiled policy

as 'dummy', and relabel your filesystem.

MAINTAINERS

+3 −2
Original line number Diff line number Diff line
@@ -3650,7 +3650,8 @@ P: Eric Paris 
M:	eparis@parisplace.org

L:	linux-kernel@vger.kernel.org (kernel issues)

L: 	selinux@tycho.nsa.gov (subscribers-only, general discussion)

W:	http://www.nsa.gov/selinux

W:	http://selinuxproject.org

T:	git kernel.org:pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git

S:	Supported



SENSABLE PHANTOM

drivers/char/tpm/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ menuconfig TCG_TPM 
	tristate "TPM Hardware Support"

	depends on HAS_IOMEM

	depends on EXPERIMENTAL

	select SECURITYFS

	---help---

	  If you have a TPM security chip in your system, which

	  implements the Trusted Computing Group's specification,

include/linux/security.h

+30 −24
Original line number Diff line number Diff line
@@ -1560,11 +1560,6 @@ struct security_operations { 
extern int security_init(void);

extern int security_module_enable(struct security_operations *ops);

extern int register_security(struct security_operations *ops);

extern struct dentry *securityfs_create_file(const char *name, mode_t mode,

					     struct dentry *parent, void *data,

					     const struct file_operations *fops);

extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);

extern void securityfs_remove(struct dentry *dentry);



/* Security operations */

int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
@@ -2424,25 +2419,6 @@ static inline int security_netlink_recv(struct sk_buff *skb, int cap) 
	return cap_netlink_recv(skb, cap);

}



static inline struct dentry *securityfs_create_dir(const char *name,

					struct dentry *parent)

{

	return ERR_PTR(-ENODEV);

}



static inline struct dentry *securityfs_create_file(const char *name,

						mode_t mode,

						struct dentry *parent,

						void *data,

						const struct file_operations *fops)

{

	return ERR_PTR(-ENODEV);

}



static inline void securityfs_remove(struct dentry *dentry)

{

}



static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)

{

	return -EOPNOTSUPP;
@@ -2806,5 +2782,35 @@ static inline void security_audit_rule_free(void *lsmrule) 
#endif /* CONFIG_SECURITY */

#endif /* CONFIG_AUDIT */



#ifdef CONFIG_SECURITYFS



extern struct dentry *securityfs_create_file(const char *name, mode_t mode,

					     struct dentry *parent, void *data,

					     const struct file_operations *fops);

extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);

extern void securityfs_remove(struct dentry *dentry);



#else /* CONFIG_SECURITYFS */



static inline struct dentry *securityfs_create_dir(const char *name,

						   struct dentry *parent)

{

	return ERR_PTR(-ENODEV);

}



static inline struct dentry *securityfs_create_file(const char *name,

						    mode_t mode,

						    struct dentry *parent,

						    void *data,

						    const struct file_operations *fops)

{

	return ERR_PTR(-ENODEV);

}



static inline void securityfs_remove(struct dentry *dentry)

{}



#endif



#endif /* ! __LINUX_SECURITY_H */