Commit f1c921fb authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux 

Pull selinux updates from Paul Moore:

 - Add support for measuring the SELinux state and policy capabilities
   using IMA.

 - A handful of SELinux/NFS patches to compare the SELinux state of one
   mount with a set of mount options. Olga goes into more detail in the
   patch descriptions, but this is important as it allows more
   flexibility when using NFS and SELinux context mounts.

 - Properly differentiate between the subjective and objective LSM
   credentials; including support for the SELinux and Smack. My clumsy
   attempt at a proper fix for AppArmor didn't quite pass muster so John
   is working on a proper AppArmor patch, in the meantime this set of
   patches shouldn't change the behavior of AppArmor in any way. This
   change explains the bulk of the diffstat beyond security/.

 - Fix a problem where we were not properly terminating the permission
   list for two SELinux object classes.

* tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: add proper NULL termination to the secclass_map permissions
  smack: differentiate between subjective and objective task credentials
  selinux: clarify task subjective and objective credentials
  lsm: separate security_task_getsecid() into subjective and objective variants
  nfs: account for selinux security context when deciding to share superblock
  nfs: remove unneeded null check in nfs_fill_super()
  lsm,selinux: add new hook to compare new mount to an existing mount
  selinux: fix misspellings using codespell tool
  selinux: fix misspellings using codespell tool
  selinux: measure state and policy capabilities
  selinux: Allow context mounts for unpriviliged overlayfs
parents fafe1e39 e4c82eaf

drivers/android/binder.c

+10 −1
Original line number Diff line number Diff line
@@ -2713,7 +2713,16 @@ static void binder_transaction(struct binder_proc *proc, 
		u32 secid;

		size_t added_size;



		security_task_getsecid(proc->tsk, &secid);

		/*

		 * Arguably this should be the task's subjective LSM secid but

		 * we can't reliably access the subjective creds of a task

		 * other than our own so we must use the objective creds, which

		 * are safe to access.  The downside is that if a task is

		 * temporarily overriding it's creds it will not be reflected

		 * here; however, it isn't clear that binder would handle that

		 * case well anyway.

		 */

		security_task_getsecid_obj(proc->tsk, &secid);

		ret = security_secid_to_secctx(secid, &secctx, &secctx_sz);

		if (ret) {

			return_error = BR_FAILED_REPLY;

fs/nfs/fs_context.c

+3 −0
Original line number Diff line number Diff line
@@ -463,6 +463,9 @@ static int nfs_fs_context_parse_param(struct fs_context *fc, 
	if (opt < 0)

		return ctx->sloppy ? 1 : opt;



	if (fc->security)

		ctx->has_sec_mnt_opts = 1;



	switch (opt) {

	case Opt_source:

		if (fc->source)

fs/nfs/internal.h

+1 −0
Original line number Diff line number Diff line
@@ -96,6 +96,7 @@ struct nfs_fs_context { 
	char			*fscache_uniq;

	unsigned short		protofamily;

	unsigned short		mountfamily;

	bool			has_sec_mnt_opts;



	struct {

		union {

fs/nfs/super.c

+5 −1
Original line number Diff line number Diff line
@@ -1045,7 +1045,7 @@ static void nfs_fill_super(struct super_block *sb, struct nfs_fs_context *ctx) 
	sb->s_blocksize = 0;

	sb->s_xattr = server->nfs_client->cl_nfs_mod->xattr;

	sb->s_op = server->nfs_client->cl_nfs_mod->sops;

	if (ctx && ctx->bsize)

	if (ctx->bsize)

		sb->s_blocksize = nfs_block_size(ctx->bsize, &sb->s_blocksize_bits);



	if (server->nfs_client->rpc_ops->version != 2) {
@@ -1077,6 +1077,7 @@ static void nfs_fill_super(struct super_block *sb, struct nfs_fs_context *ctx) 
						 &sb->s_blocksize_bits);



	nfs_super_set_maxbytes(sb, server->maxfilesize);

	server->has_sec_mnt_opts = ctx->has_sec_mnt_opts;

}



static int nfs_compare_mount_options(const struct super_block *s, const struct nfs_server *b,
@@ -1193,6 +1194,9 @@ static int nfs_compare_super(struct super_block *sb, struct fs_context *fc) 
		return 0;

	if (!nfs_compare_userns(old, server))

		return 0;

	if ((old->has_sec_mnt_opts || fc->security) &&

			security_sb_mnt_opts_compat(sb, fc->security))

		return 0;

	return nfs_compare_mount_options(sb, server, fc);

}

include/linux/cred.h

+1 −1
Original line number Diff line number Diff line
@@ -140,7 +140,7 @@ struct cred { 
	struct key	*request_key_auth; /* assumed request_key authority */

#endif

#ifdef CONFIG_SECURITY

	void		*security;	/* subjective LSM security */

	void		*security;	/* LSM security */

#endif

	struct user_struct *user;	/* real user ID subscription */

	struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */