--- v26
+++ v28
@@ -34,9 +34,9 @@
---
include/linux/audit.h | 4 +-
include/linux/lsm_hooks.h | 12 ++++-
- include/linux/security.h | 67 +++++++++++++++++++++++++--
+ include/linux/security.h | 67 ++++++++++++++++++++++++--
kernel/auditfilter.c | 24 +++++-----
- kernel/auditsc.c | 13 +++---
+ kernel/auditsc.c | 13 +++--
security/apparmor/lsm.c | 7 ++-
security/bpf/hooks.c | 12 ++++-
security/commoncap.c | 7 ++-
@@ -44,17 +44,17 @@
security/landlock/cred.c | 2 +-
security/landlock/fs.c | 2 +-
security/landlock/ptrace.c | 2 +-
- security/landlock/setup.c | 4 ++
+ security/landlock/setup.c | 5 ++
security/landlock/setup.h | 1 +
security/loadpin/loadpin.c | 8 +++-
security/lockdown/lockdown.c | 7 ++-
security/safesetid/lsm.c | 8 +++-
- security/security.c | 72 ++++++++++++++++++++++++-----
+ security/security.c | 74 ++++++++++++++++++++++++-----
security/selinux/hooks.c | 8 +++-
security/smack/smack_lsm.c | 7 ++-
security/tomoyo/tomoyo.c | 8 +++-
security/yama/yama_lsm.c | 7 ++-
- 22 files changed, 262 insertions(+), 60 deletions(-)
+ 22 files changed, 265 insertions(+), 60 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 82b7c1116a85..418a485af114 100644
@@ -117,7 +117,7 @@
#define LSM_FLAG_LEGACY_MAJOR BIT(0)
#define LSM_FLAG_EXCLUSIVE BIT(1)
diff --git a/include/linux/security.h b/include/linux/security.h
-index 06f7c50ce77f..62588bc522ba 100644
+index 24eda04221e9..7655bfce4b96 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -133,6 +133,65 @@ enum lockdown_reason {
@@ -310,10 +310,10 @@
err = res;
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 175ef6f3ea4e..392afe3e2fd6 100644
+index 8dd73a64f921..acbd896f54a5 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -665,14 +665,13 @@ static int audit_filter_rules(struct task_struct *tsk,
+@@ -671,14 +671,13 @@ static int audit_filter_rules(struct task_struct *tsk,
match for now to avoid losing information that
may be wanted. An error message will also be
logged upon error */
@@ -330,7 +330,7 @@
}
break;
case AUDIT_OBJ_USER:
-@@ -682,21 +681,21 @@ static int audit_filter_rules(struct task_struct *tsk,
+@@ -688,21 +687,21 @@ static int audit_filter_rules(struct task_struct *tsk,
case AUDIT_OBJ_LEV_HIGH:
/* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
also applies here */
@@ -355,7 +355,7 @@
++result;
break;
}
-@@ -707,7 +706,7 @@ static int audit_filter_rules(struct task_struct *tsk,
+@@ -713,7 +712,7 @@ static int audit_filter_rules(struct task_struct *tsk,
break;
if (security_audit_rule_match(ctx->ipc.osid,
f->type, f->op,
@@ -588,15 +588,16 @@
+ &landlock_lsmid);
}
diff --git a/security/landlock/setup.c b/security/landlock/setup.c
-index f8e8e980454c..4a12666a4090 100644
+index f8e8e980454c..759e00b9436c 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
-@@ -23,6 +23,10 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
+@@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
.lbs_superblock = sizeof(struct landlock_superblock_security),
};
+struct lsm_id landlock_lsmid __lsm_ro_after_init = {
+ .lsm = LANDLOCK_NAME,
++ .slot = LSMBLOB_NOT_NEEDED,
+};
+
static int __init landlock_init(void)
@@ -665,7 +666,7 @@
}
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
-index 1079c6d54784..a2a2f462a821 100644
+index 963f4ad9cb66..0c368950dc14 100644
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
@@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new,
@@ -691,7 +692,7 @@
/* Report that SafeSetID successfully initialized */
safesetid_initialized = 1;
diff --git a/security/security.c b/security/security.c
-index e12a7c463468..a3276deb1b8a 100644
+index 335c313a668d..5f1b281511f2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -344,6 +344,7 @@ static void __init ordered_lsm_init(void)
@@ -702,7 +703,7 @@
/*
* Create any kmem_caches needed for blobs
-@@ -471,21 +472,36 @@ static int lsm_append(const char *new, char **result)
+@@ -471,21 +472,38 @@ static int lsm_append(const char *new, char **result)
return 0;
}
@@ -728,6 +729,8 @@
{
int i;
++ WARN_ON(!lsmid->slot || !lsmid->lsm);
++
+ if (lsmid->slot == LSMBLOB_NEEDED) {
+ if (lsm_slot >= LSMBLOB_ENTRIES)
+ panic("%s Too many LSMs registered.\n", __func__);
@@ -742,7 +745,7 @@
hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);
}
-@@ -494,7 +510,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
+@@ -494,7 +512,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
* and fix this up afterwards.
*/
if (slab_is_available()) {
@@ -751,7 +754,7 @@
panic("%s - Cannot get early memory.\n", __func__);
}
}
-@@ -2070,7 +2086,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
+@@ -2070,7 +2088,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
struct security_hook_list *hp;
hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
@@ -760,7 +763,7 @@
continue;
return hp->hook.getprocattr(p, name, value);
}
-@@ -2083,7 +2099,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
+@@ -2083,7 +2101,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
struct security_hook_list *hp;
hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
@@ -769,7 +772,7 @@
continue;
return hp->hook.setprocattr(name, value, size);
}
-@@ -2576,7 +2592,24 @@ int security_key_getsecurity(struct key *key, char **_buffer)
+@@ -2576,7 +2594,24 @@ int security_key_getsecurity(struct key *key, char **_buffer)
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{
@@ -795,7 +798,7 @@
}
int security_audit_rule_known(struct audit_krule *krule)
-@@ -2584,14 +2617,31 @@ int security_audit_rule_known(struct audit_krule *krule)
+@@ -2584,14 +2619,31 @@ int security_audit_rule_known(struct audit_krule *krule)
return call_int_hook(audit_rule_known, 0, krule);
}
@@ -832,10 +835,10 @@
#endif /* CONFIG_AUDIT */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 84ddcec6322e..0133b142e938 100644
+index e2c4a1fd952f..f84b6c274a10 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
-@@ -7111,6 +7111,11 @@ static int selinux_perf_event_write(struct perf_event *event)
+@@ -7101,6 +7101,11 @@ static int selinux_perf_event_write(struct perf_event *event)
}
#endif
@@ -847,7 +850,7 @@
/*
* IMPORTANT NOTE: When adding new hooks, please be careful to keep this order:
* 1. any hooks that don't belong to (2.) or (3.) below,
-@@ -7424,7 +7429,8 @@ static __init int selinux_init(void)
+@@ -7414,7 +7419,8 @@ static __init int selinux_init(void)
hashtab_cache_init();
@@ -883,10 +886,10 @@
pr_info("Smack: Initializing.\n");
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index 1f3cd432d830..22f62c67f2ec 100644
+index b6a31901f289..e8f6bb9782c1 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
-@@ -523,6 +523,11 @@ static void tomoyo_task_free(struct task_struct *task)
+@@ -521,6 +521,11 @@ static void tomoyo_task_free(struct task_struct *task)
}
}
@@ -898,7 +901,7 @@
/*
* tomoyo_security_ops is a "struct security_operations" which is used for
* registering TOMOYO.
-@@ -575,7 +580,8 @@ static int __init tomoyo_init(void)
+@@ -573,7 +578,8 @@ static int __init tomoyo_init(void)
struct tomoyo_task *s = tomoyo_task(current);
/* register ourselves with the security framework */
@@ -934,5 +937,5 @@
return 0;
}
--
-2.29.2
+2.31.1