diff v31→v29 (patch 27) | series

Inter-revision diff: patch 27

Comparing v31 (message) to v29 (message)
--- v31
+++ v29
@@ -12,17 +12,39 @@
 Cc: linux-api@vger.kernel.org
 Cc: linux-doc@vger.kernel.org
 ---
- Documentation/security/lsm.rst       | 14 +++++
- fs/proc/base.c                       |  1 +
- include/linux/lsm_hooks.h            |  6 +++
- security/apparmor/include/procattr.h |  2 +-
- security/apparmor/lsm.c              |  8 ++-
- security/apparmor/procattr.c         | 22 ++++----
- security/security.c                  | 79 ++++++++++++++++++++++++++++
- security/selinux/hooks.c             |  2 +-
- security/smack/smack_lsm.c           |  2 +-
- 9 files changed, 121 insertions(+), 15 deletions(-)
+ Documentation/ABI/testing/procfs-attr-context | 14 ++++
+ Documentation/security/lsm.rst                | 14 ++++
+ fs/proc/base.c                                |  1 +
+ include/linux/lsm_hooks.h                     |  6 ++
+ security/apparmor/include/procattr.h          |  2 +-
+ security/apparmor/lsm.c                       |  8 +-
+ security/apparmor/procattr.c                  | 22 +++---
+ security/security.c                           | 79 +++++++++++++++++++
+ security/selinux/hooks.c                      |  2 +-
+ security/smack/smack_lsm.c                    |  2 +-
+ 10 files changed, 135 insertions(+), 15 deletions(-)
+ create mode 100644 Documentation/ABI/testing/procfs-attr-context
 
+diff --git a/Documentation/ABI/testing/procfs-attr-context b/Documentation/ABI/testing/procfs-attr-context
+new file mode 100644
+index 000000000000..40da1c397c30
+--- /dev/null
++++ b/Documentation/ABI/testing/procfs-attr-context
+@@ -0,0 +1,14 @@
++What:		/proc/*/attr/context
++Contact:	linux-security-module@vger.kernel.org,
++Description:	The current security information used by all Linux
++		security module (LSMs) that are active on the system.
++		The details of permissions required to read from
++		this interface and hence obtain the security state
++		of the task identified is dependent on the LSMs that
++		are active on the system.
++		A process cannot write to this interface.
++		The data provided by this interface will have the form:
++			lsm_name\0lsm_data\0[lsm_name\0lsm_data\0]...
++		where lsm_name is the name of the LSM and the following
++		lsm_data is the process data for that LSM.
++Users:		LSM user-space
 diff --git a/Documentation/security/lsm.rst b/Documentation/security/lsm.rst
 index b77b4a540391..070225ae6ceb 100644
 --- a/Documentation/security/lsm.rst
@@ -46,10 +68,10 @@
 +The file ``/proc/pid/attr/context`` provides the security
 +context of the identified process.
 diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 50dbe5612a26..c90022027357 100644
+index 65da9d2f3060..b87977f0488b 100644
 --- a/fs/proc/base.c
 +++ b/fs/proc/base.c
-@@ -2829,6 +2829,7 @@ static const struct pid_entry attr_dir_stuff[] = {
+@@ -2824,6 +2824,7 @@ static const struct pid_entry attr_dir_stuff[] = {
  	ATTR(NULL, "keycreate",		0666),
  	ATTR(NULL, "sockcreate",	0666),
  	ATTR(NULL, "interface_lsm",	0666),
@@ -58,10 +80,10 @@
  	DIR("smack",			0555,
  	    proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
 diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
-index 490545f0db6d..b919d5ab9120 100644
+index d2c4bc94d47f..f6ffe8b069e2 100644
 --- a/include/linux/lsm_hooks.h
 +++ b/include/linux/lsm_hooks.h
-@@ -1400,6 +1400,12 @@
+@@ -1397,6 +1397,12 @@
   *	@pages contains the number of pages.
   *	Return 0 if permission is granted.
   *
@@ -88,7 +110,7 @@
  
  #endif /* __AA_PROCATTR_H */
 diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 5ed40fd93ce9..28ed41a3ffcf 100644
+index 4237536106aa..65a004597e53 100644
 --- a/security/apparmor/lsm.c
 +++ b/security/apparmor/lsm.c
 @@ -602,6 +602,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
@@ -117,7 +139,7 @@
  	aa_put_label(label);
  	put_cred(cred);
 diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
-index fde332e0ea7d..172550f67fc0 100644
+index c929bf4a3df1..be3b083d9b74 100644
 --- a/security/apparmor/procattr.c
 +++ b/security/apparmor/procattr.c
 @@ -20,6 +20,7 @@
@@ -126,9 +148,9 @@
   * @string: Returns - string containing the profile info (NOT NULL)
 + * @newline: Should a newline be added to @string.
   *
-  * Requires: profile != NULL
+  * Returns: length of @string on success else error on failure
   *
-@@ -28,20 +29,21 @@
+@@ -30,20 +31,21 @@
   *
   * Returns: size of string placed in @string else error code on failure
   */
@@ -154,7 +176,7 @@
  	AA_BUG(len < 0);
  
  	*string = kmalloc(len + 2, GFP_KERNEL);
-@@ -50,19 +52,19 @@ int aa_getprocattr(struct aa_label *label, char **string)
+@@ -52,19 +54,19 @@ int aa_getprocattr(struct aa_label *label, char **string)
  		return -ENOMEM;
  	}
  
@@ -181,7 +203,7 @@
  
  /**
 diff --git a/security/security.c b/security/security.c
-index a1dec90d7757..26b6cc0ee64b 100644
+index 96b1d9c37d49..798e887b18fe 100644
 --- a/security/security.c
 +++ b/security/security.c
 @@ -802,6 +802,57 @@ static int lsm_superblock_alloc(struct super_block *sb)
@@ -242,7 +264,7 @@
  /*
   * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
   * can be accessed with:
-@@ -2207,6 +2258,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
+@@ -2235,6 +2286,10 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
  				char **value)
  {
  	struct security_hook_list *hp;
@@ -253,7 +275,7 @@
  	int ilsm = lsm_task_ilsm(current);
  	int slot = 0;
  
-@@ -2234,6 +2289,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
+@@ -2262,6 +2317,30 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
  		return -ENOMEM;
  	}
  
@@ -285,10 +307,10 @@
  		if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
  			continue;
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 6f790d96594d..cbacfdabbc30 100644
+index c3e5fcedae0b..ec045d9e240a 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
-@@ -6399,7 +6399,7 @@ static int selinux_getprocattr(struct task_struct *p,
+@@ -6462,7 +6462,7 @@ static int selinux_getprocattr(struct task_struct *p,
  			goto bad;
  	}
  
@@ -298,10 +320,10 @@
  	else if (!strcmp(name, "prev"))
  		sid = __tsec->osid;
 diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index 9832b5e5c9fd..e5437d72699b 100644
+index 711fb49b4d5f..bd46921b9d28 100644
 --- a/security/smack/smack_lsm.c
 +++ b/security/smack/smack_lsm.c
-@@ -3486,7 +3486,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
+@@ -3477,7 +3477,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
  	char *cp;
  	int slen;
`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help