Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 (30bc9456) · Commits · e / devices / android_kernel_samsung_smdk4412

security/Kconfig

+6 −4

Original line number	Original line	Diff line number	Diff line
	@@ -113,10 +113,12 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
	from userspace allocation. Keeping a user from writing to low pages		from userspace allocation. Keeping a user from writing to low pages
	can help reduce the impact of kernel NULL pointer bugs.		can help reduce the impact of kernel NULL pointer bugs.

	For most users with lots of address space a value of 65536 is		For most ia64, ppc64 and x86 users with lots of address space
	reasonable and should cause no problems. Programs which use vm86		a value of 65536 is reasonable and should cause no problems.
	functionality would either need additional permissions from either		On arm and other archs it should not be higher than 32768.
	the LSM or the capabilities module or have this protection disabled.		Programs which use vm86 functionality would either need additional
			permissions from either the LSM or the capabilities module or have
			this protection disabled.

	This value can be changed after boot using the		This value can be changed after boot using the
	/proc/sys/vm/mmap_min_addr tunable.		/proc/sys/vm/mmap_min_addr tunable.

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -267,7 +267,7 @@ static int get_file_caps(struct linux_binprm *bprm)
	rc = cap_from_disk(&vcaps, bprm, rc);		rc = cap_from_disk(&vcaps, bprm, rc);
	if (rc)		if (rc)
	printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",		printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
	__FUNCTION__, rc, bprm->filename);		__func__, rc, bprm->filename);

	out:		out:
	dput(dentry);		dput(dentry);
	@@ -302,7 +302,7 @@ int cap_bprm_set_security (struct linux_binprm *bprm)
	ret = get_file_caps(bprm);		ret = get_file_caps(bprm);
	if (ret)		if (ret)
	printk(KERN_NOTICE "%s: get_file_caps returned %d for %s\n",		printk(KERN_NOTICE "%s: get_file_caps returned %d for %s\n",
	__FUNCTION__, ret, bprm->filename);		__func__, ret, bprm->filename);

	/* To support inheritance of root-permissions and suid-root		/* To support inheritance of root-permissions and suid-root
	* executables under compatibility mode, we raise all three		* executables under compatibility mode, we raise all three

+4 −4

Original line number	Original line	Diff line number	Diff line
	@@ -22,16 +22,16 @@ void no_printk(const char *fmt, ...)

	#ifdef __KDEBUG		#ifdef __KDEBUG
	#define kenter(FMT, ...) \		#define kenter(FMT, ...) \
	printk(KERN_DEBUG "==> %s("FMT")\n", __FUNCTION__, ##__VA_ARGS__)		printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
	#define kleave(FMT, ...) \		#define kleave(FMT, ...) \
	printk(KERN_DEBUG "<== %s()"FMT"\n", __FUNCTION__, ##__VA_ARGS__)		printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
	#define kdebug(FMT, ...) \		#define kdebug(FMT, ...) \
	printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__)		printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__)
	#else		#else
	#define kenter(FMT, ...) \		#define kenter(FMT, ...) \
	no_printk(KERN_DEBUG "==> %s("FMT")\n", __FUNCTION__, ##__VA_ARGS__)		no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
	#define kleave(FMT, ...) \		#define kleave(FMT, ...) \
	no_printk(KERN_DEBUG "<== %s()"FMT"\n", __FUNCTION__, ##__VA_ARGS__)		no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
	#define kdebug(FMT, ...) \		#define kdebug(FMT, ...) \
	no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__)		no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__)
	#endif		#endif

+1 −1

+4 −4

Original line number	Original line	Diff line number	Diff line
	@@ -57,7 +57,7 @@ int __init security_init(void)

	if (verify(&dummy_security_ops)) {		if (verify(&dummy_security_ops)) {
	printk(KERN_ERR "%s could not verify "		printk(KERN_ERR "%s could not verify "
	"dummy_security_ops structure.\n", __FUNCTION__);		"dummy_security_ops structure.\n", __func__);
	return -EIO;		return -EIO;
	}		}

	@@ -82,7 +82,7 @@ int register_security(struct security_operations *ops)
	{		{
	if (verify(ops)) {		if (verify(ops)) {
	printk(KERN_DEBUG "%s could not verify "		printk(KERN_DEBUG "%s could not verify "
	"security_operations structure.\n", __FUNCTION__);		"security_operations structure.\n", __func__);
	return -EINVAL;		return -EINVAL;
	}		}

	@@ -110,13 +110,13 @@ int mod_reg_security(const char name, struct security_operations ops)
	{		{
	if (verify(ops)) {		if (verify(ops)) {
	printk(KERN_INFO "%s could not verify "		printk(KERN_INFO "%s could not verify "
	"security operations.\n", __FUNCTION__);		"security operations.\n", __func__);
	return -EINVAL;		return -EINVAL;
	}		}

	if (ops == security_ops) {		if (ops == security_ops) {
	printk(KERN_INFO "%s security operations "		printk(KERN_INFO "%s security operations "
	"already registered.\n", __FUNCTION__);		"already registered.\n", __func__);
	return -EINVAL;		return -EINVAL;
	}		}