diff v26→v29 (patch 12) | series

Inter-revision diff: patch 12

Comparing v26 (message) to v29 (message)
--- v26
+++ v29
@@ -5,7 +5,7 @@
 
 Reviewed-by: Kees Cook <keescook@chromium.org>
 Reviewed-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
 Acked-by: Paul Moore <paul@paul-moore.com>
 Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
 Cc: linux-integrity@vger.kernel.org
@@ -14,16 +14,16 @@
  include/linux/security.h          |  2 +-
  kernel/audit.c                    | 25 +++++++----------------
  kernel/audit.h                    |  3 ++-
- kernel/auditsc.c                  | 34 ++++++++++++-------------------
+ kernel/auditsc.c                  | 33 +++++++++++--------------------
  security/integrity/ima/ima_main.c |  8 ++++----
  security/security.c               | 12 ++++++++---
- 6 files changed, 36 insertions(+), 48 deletions(-)
+ 6 files changed, 35 insertions(+), 48 deletions(-)
 
 diff --git a/include/linux/security.h b/include/linux/security.h
-index 64f898e5e854..c1c31eb23859 100644
+index 5a336fa10818..58c853eabcc9 100644
 --- a/include/linux/security.h
 +++ b/include/linux/security.h
-@@ -481,7 +481,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
+@@ -482,7 +482,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
  void security_cred_free(struct cred *cred);
  int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
  void security_transfer_creds(struct cred *new, const struct cred *old);
@@ -100,10 +100,10 @@
  
  	return audit_signal_info_syscall(t);
 diff --git a/kernel/audit.h b/kernel/audit.h
-index 1522e100fd17..23a85a470121 100644
+index d6a2c899a8db..d43a08eabd86 100644
 --- a/kernel/audit.h
 +++ b/kernel/audit.h
-@@ -9,6 +9,7 @@
+@@ -12,6 +12,7 @@
  #include <linux/fs.h>
  #include <linux/audit.h>
  #include <linux/skbuff.h>
@@ -111,7 +111,7 @@
  #include <uapi/linux/mqueue.h>
  #include <linux/tty.h>
  
-@@ -134,7 +135,7 @@ struct audit_context {
+@@ -137,7 +138,7 @@ struct audit_context {
  	kuid_t		    target_auid;
  	kuid_t		    target_uid;
  	unsigned int	    target_sessionid;
@@ -121,7 +121,7 @@
  
  	struct audit_tree_refs *trees, *first_trees;
 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 6684927f12fc..573c6a8e505f 100644
+index dcd1b988a2d3..b5807b9b8a4d 100644
 --- a/kernel/auditsc.c
 +++ b/kernel/auditsc.c
 @@ -111,7 +111,7 @@ struct audit_aux_data_pids {
@@ -133,7 +133,7 @@
  	char 			target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
  	int			pid_count;
  };
-@@ -991,14 +991,14 @@ static inline void audit_free_context(struct audit_context *context)
+@@ -997,14 +997,14 @@ static inline void audit_free_context(struct audit_context *context)
  }
  
  static int audit_log_pid_context(struct audit_context *context, pid_t pid,
@@ -151,7 +151,7 @@
  
  	ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
  	if (!ab)
-@@ -1007,9 +1007,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
+@@ -1013,9 +1013,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
  	audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
  			 from_kuid(&init_user_ns, auid),
  			 from_kuid(&init_user_ns, uid), sessionid);
@@ -163,7 +163,7 @@
  			audit_log_format(ab, " obj=(none)");
  			rc = 1;
  		} else {
-@@ -1580,7 +1579,7 @@ static void audit_log_exit(void)
+@@ -1590,7 +1589,7 @@ static void audit_log_exit(void)
  						  axs->target_auid[i],
  						  axs->target_uid[i],
  						  axs->target_sessionid[i],
@@ -172,7 +172,7 @@
  						  axs->target_comm[i]))
  				call_panic = 1;
  	}
-@@ -1589,7 +1588,7 @@ static void audit_log_exit(void)
+@@ -1599,7 +1598,7 @@ static void audit_log_exit(void)
  	    audit_log_pid_context(context, context->target_pid,
  				  context->target_auid, context->target_uid,
  				  context->target_sessionid,
@@ -181,7 +181,7 @@
  			call_panic = 1;
  
  	if (context->pwd.dentry && context->pwd.mnt) {
-@@ -1765,7 +1764,7 @@ void __audit_syscall_exit(int success, long return_code)
+@@ -1775,7 +1774,7 @@ void __audit_syscall_exit(int success, long return_code)
  	context->aux = NULL;
  	context->aux_pids = NULL;
  	context->target_pid = 0;
@@ -190,15 +190,7 @@
  	context->sockaddr_len = 0;
  	context->type = 0;
  	context->fds[0] = -1;
-@@ -2319,6 +2318,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp)
- {
- 	struct audit_context *context = audit_context();
- 	struct lsmblob blob;
-+
- 	context->ipc.uid = ipcp->uid;
- 	context->ipc.gid = ipcp->gid;
- 	context->ipc.mode = ipcp->mode;
-@@ -2417,15 +2417,12 @@ int __audit_sockaddr(int len, void *a)
+@@ -2434,15 +2433,12 @@ int __audit_sockaddr(int len, void *a)
  void __audit_ptrace(struct task_struct *t)
  {
  	struct audit_context *context = audit_context();
@@ -215,7 +207,7 @@
  	memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
  }
  
-@@ -2441,7 +2438,6 @@ int audit_signal_info_syscall(struct task_struct *t)
+@@ -2458,7 +2454,6 @@ int audit_signal_info_syscall(struct task_struct *t)
  	struct audit_aux_data_pids *axp;
  	struct audit_context *ctx = audit_context();
  	kuid_t t_uid = task_uid(t);
@@ -223,7 +215,7 @@
  
  	if (!audit_signals || audit_dummy_context())
  		return 0;
-@@ -2453,9 +2449,7 @@ int audit_signal_info_syscall(struct task_struct *t)
+@@ -2470,9 +2465,7 @@ int audit_signal_info_syscall(struct task_struct *t)
  		ctx->target_auid = audit_get_loginuid(t);
  		ctx->target_uid = t_uid;
  		ctx->target_sessionid = audit_get_sessionid(t);
@@ -234,7 +226,7 @@
  		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
  		return 0;
  	}
-@@ -2476,9 +2470,7 @@ int audit_signal_info_syscall(struct task_struct *t)
+@@ -2493,9 +2486,7 @@ int audit_signal_info_syscall(struct task_struct *t)
  	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
  	axp->target_uid[axp->pid_count] = t_uid;
  	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
@@ -246,10 +238,10 @@
  	axp->pid_count++;
  
 diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
-index 9d1ed00eb349..b3e00340a97c 100644
+index c327f93d3962..1a4f7b00253b 100644
 --- a/security/integrity/ima/ima_main.c
 +++ b/security/integrity/ima/ima_main.c
-@@ -470,7 +470,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
+@@ -486,7 +486,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
  int ima_bprm_check(struct linux_binprm *bprm)
  {
  	int ret;
@@ -257,7 +249,7 @@
  	struct lsmblob blob;
  
  	security_task_getsecid_subj(current, &blob);
-@@ -480,9 +479,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
+@@ -496,9 +495,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
  	if (ret)
  		return ret;
  
@@ -272,10 +264,10 @@
  
  /**
 diff --git a/security/security.c b/security/security.c
-index 54f4a4ead69f..f5407a85641e 100644
+index 5fbcccbdbccd..f5e9f2eaf5da 100644
 --- a/security/security.c
 +++ b/security/security.c
-@@ -1796,10 +1796,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
+@@ -1799,10 +1799,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
  	call_void_hook(cred_transfer, new, old);
  }
  
@@ -296,5 +288,5 @@
  EXPORT_SYMBOL(security_cred_getsecid);
  
 -- 
-2.29.2
+2.31.1
`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help