--- v25
+++ v29
@@ -5,7 +5,7 @@
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
@@ -20,10 +20,10 @@
6 files changed, 35 insertions(+), 48 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
-index 6fa19899903e..175c8032b636 100644
+index 5a336fa10818..58c853eabcc9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
-@@ -479,7 +479,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
+@@ -482,7 +482,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
void security_transfer_creds(struct cred *new, const struct cred *old);
@@ -33,7 +33,7 @@
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
int security_kernel_module_request(char *kmod_name);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 70df7ac1b357..c06133104695 100644
+index d92c7b894183..8ec64e6e8bc0 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
@@ -92,18 +92,18 @@
audit_sig_uid = auid;
else
audit_sig_uid = uid;
-- security_task_getsecid(current, &blob);
+- security_task_getsecid_subj(current, &blob);
- /* scaffolding until audit_sig_sid is converted */
- audit_sig_sid = blob.secid[0];
-+ security_task_getsecid(current, &audit_sig_lsm);
++ security_task_getsecid_subj(current, &audit_sig_lsm);
}
return audit_signal_info_syscall(t);
diff --git a/kernel/audit.h b/kernel/audit.h
-index 3b9c0945225a..ce41886807bb 100644
+index d6a2c899a8db..d43a08eabd86 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
-@@ -9,6 +9,7 @@
+@@ -12,6 +12,7 @@
#include <linux/fs.h>
#include <linux/audit.h>
#include <linux/skbuff.h>
@@ -111,7 +111,7 @@
#include <uapi/linux/mqueue.h>
#include <linux/tty.h>
-@@ -134,7 +135,7 @@ struct audit_context {
+@@ -137,7 +138,7 @@ struct audit_context {
kuid_t target_auid;
kuid_t target_uid;
unsigned int target_sessionid;
@@ -121,7 +121,7 @@
struct audit_tree_refs *trees, *first_trees;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 59cb2c4ad149..768989b2f09e 100644
+index dcd1b988a2d3..b5807b9b8a4d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -111,7 +111,7 @@ struct audit_aux_data_pids {
@@ -133,7 +133,7 @@
char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
int pid_count;
};
-@@ -993,14 +993,14 @@ static inline void audit_free_context(struct audit_context *context)
+@@ -997,14 +997,14 @@ static inline void audit_free_context(struct audit_context *context)
}
static int audit_log_pid_context(struct audit_context *context, pid_t pid,
@@ -151,7 +151,7 @@
ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
if (!ab)
-@@ -1009,9 +1009,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
+@@ -1013,9 +1013,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid);
@@ -163,7 +163,7 @@
audit_log_format(ab, " obj=(none)");
rc = 1;
} else {
-@@ -1582,7 +1581,7 @@ static void audit_log_exit(void)
+@@ -1590,7 +1589,7 @@ static void audit_log_exit(void)
axs->target_auid[i],
axs->target_uid[i],
axs->target_sessionid[i],
@@ -172,7 +172,7 @@
axs->target_comm[i]))
call_panic = 1;
}
-@@ -1591,7 +1590,7 @@ static void audit_log_exit(void)
+@@ -1599,7 +1598,7 @@ static void audit_log_exit(void)
audit_log_pid_context(context, context->target_pid,
context->target_auid, context->target_uid,
context->target_sessionid,
@@ -181,7 +181,7 @@
call_panic = 1;
if (context->pwd.dentry && context->pwd.mnt) {
-@@ -1769,7 +1768,7 @@ void __audit_syscall_exit(int success, long return_code)
+@@ -1775,7 +1774,7 @@ void __audit_syscall_exit(int success, long return_code)
context->aux = NULL;
context->aux_pids = NULL;
context->target_pid = 0;
@@ -190,7 +190,7 @@
context->sockaddr_len = 0;
context->type = 0;
context->fds[0] = -1;
-@@ -2421,15 +2420,12 @@ int __audit_sockaddr(int len, void *a)
+@@ -2434,15 +2433,12 @@ int __audit_sockaddr(int len, void *a)
void __audit_ptrace(struct task_struct *t)
{
struct audit_context *context = audit_context();
@@ -200,14 +200,14 @@
context->target_auid = audit_get_loginuid(t);
context->target_uid = task_uid(t);
context->target_sessionid = audit_get_sessionid(t);
-- security_task_getsecid(t, &blob);
+- security_task_getsecid_obj(t, &blob);
- /* scaffolding - until target_sid is converted */
- context->target_sid = blob.secid[0];
-+ security_task_getsecid(t, &context->target_lsm);
++ security_task_getsecid_obj(t, &context->target_lsm);
memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
}
-@@ -2445,7 +2441,6 @@ int audit_signal_info_syscall(struct task_struct *t)
+@@ -2458,7 +2454,6 @@ int audit_signal_info_syscall(struct task_struct *t)
struct audit_aux_data_pids *axp;
struct audit_context *ctx = audit_context();
kuid_t t_uid = task_uid(t);
@@ -215,41 +215,41 @@
if (!audit_signals || audit_dummy_context())
return 0;
-@@ -2457,9 +2452,7 @@ int audit_signal_info_syscall(struct task_struct *t)
+@@ -2470,9 +2465,7 @@ int audit_signal_info_syscall(struct task_struct *t)
ctx->target_auid = audit_get_loginuid(t);
ctx->target_uid = t_uid;
ctx->target_sessionid = audit_get_sessionid(t);
-- security_task_getsecid(t, &blob);
+- security_task_getsecid_obj(t, &blob);
- /* scaffolding until target_sid is converted */
- ctx->target_sid = blob.secid[0];
-+ security_task_getsecid(t, &ctx->target_lsm);
++ security_task_getsecid_obj(t, &ctx->target_lsm);
memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
return 0;
}
-@@ -2480,9 +2473,7 @@ int audit_signal_info_syscall(struct task_struct *t)
+@@ -2493,9 +2486,7 @@ int audit_signal_info_syscall(struct task_struct *t)
axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
axp->target_uid[axp->pid_count] = t_uid;
axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
-- security_task_getsecid(t, &blob);
+- security_task_getsecid_obj(t, &blob);
- /* scaffolding until target_sid is converted */
- axp->target_sid[axp->pid_count] = blob.secid[0];
-+ security_task_getsecid(t, &axp->target_lsm[axp->pid_count]);
++ security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]);
memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
axp->pid_count++;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
-index 360c5e3760cc..5a6ba57beef3 100644
+index c327f93d3962..1a4f7b00253b 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
-@@ -470,7 +470,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
+@@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
int ima_bprm_check(struct linux_binprm *bprm)
{
int ret;
- u32 secid;
struct lsmblob blob;
- security_task_getsecid(current, &blob);
-@@ -480,9 +479,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
+ security_task_getsecid_subj(current, &blob);
+@@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
if (ret)
return ret;
@@ -264,10 +264,10 @@
/**
diff --git a/security/security.c b/security/security.c
-index 54bca6d52ab7..0d9a4b50f252 100644
+index 5fbcccbdbccd..f5e9f2eaf5da 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -1752,10 +1752,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
+@@ -1799,10 +1799,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
call_void_hook(cred_transfer, new, old);
}
@@ -288,5 +288,5 @@
EXPORT_SYMBOL(security_cred_getsecid);
--
-2.29.2
+2.31.1