xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 5.8-rc1 into android-mainline

Browse Source 
Linux 5.8-rc1

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I00f2168bc9b6fd8e48c7c0776088d2c6cb8e1629
This commit is contained in:
Greg Kroah-Hartman
2020-06-25 14:25:32 +02:00
parent 8912845e4e b3a9e3b962
commit a33191d441
2624 changed files with 70658 additions and 27260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
security/selinux/hooks.c
View File

@@ -6562,20 +6562,43 @@ static void selinux_key_free(struct key *k)
static int selinux_key_permission(key_ref_t key_ref,
const struct cred *cred,
unsigned perm)
enum key_need_perm need_perm)
{
struct key *key;
struct key_security_struct *ksec;
u32 sid;
u32 perm, sid;
/* if no specific permissions are requested, we skip the
permission check. No serious, additional covert channels
appear to be created. */
if (perm == 0)
switch (need_perm) {
case KEY_NEED_VIEW:
perm = KEY__VIEW;
break;
case KEY_NEED_READ:
perm = KEY__READ;
break;
case KEY_NEED_WRITE:
perm = KEY__WRITE;
break;
case KEY_NEED_SEARCH:
perm = KEY__SEARCH;
break;
case KEY_NEED_LINK:
perm = KEY__LINK;
break;
case KEY_NEED_SETATTR:
perm = KEY__SETATTR;
break;
case KEY_NEED_UNLINK:
case KEY_SYSADMIN_OVERRIDE:
case KEY_AUTHTOKEN_OVERRIDE:
case KEY_DEFER_PERM_CHECK:
return 0;
default:
WARN_ON(1);
return -EPERM;
}
sid = cred_sid(cred);
key = key_ref_to_ptr(key_ref);
ksec = key->security;
@@ -6597,6 +6620,17 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
*_buffer = context;
return rc;
}
#ifdef CONFIG_KEY_NOTIFICATIONS
static int selinux_watch_key(struct key *key)
{
struct key_security_struct *ksec = key->security;
u32 sid = current_sid();
return avc_has_perm(&selinux_state,
sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
}
#endif
#endif
#ifdef CONFIG_SECURITY_INFINIBAND
@@ -7084,6 +7118,9 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(key_free, selinux_key_free),
LSM_HOOK_INIT(key_permission, selinux_key_permission),
LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
#ifdef CONFIG_KEY_NOTIFICATIONS
LSM_HOOK_INIT(watch_key, selinux_watch_key),
#endif
#endif
#ifdef CONFIG_AUDIT