Merge tag 'selinux-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull SELinux updates from Paul Moore:
"Six SELinux patches, all are simple and easily understood, but a list
of the highlights is below:

- Use 'grep -E' instead of 'egrep' in the SELinux policy install
script.

Fun fact, this seems to be GregKH's *second* dedicated SELinux
patch since we transitioned to git (ignoring merges, the SPDX
stuff, and a trivial fs reference removal when lustre was yanked);
the first was back in 2011 when selinuxfs was placed in
/sys/fs/selinux. Oh, the memories ...

- Convert the SELinux policy boolean values to use signed integer
types throughout the SELinux kernel code.

Prior to this we were using a mix of signed and unsigned integers
which was probably okay in this particular case, but it is
definitely not a good idea in general.

- Remove a reference to the SELinux runtime disable functionality in
/etc/selinux/config as we are in the process of deprecating that.

See [1] for more background on this if you missed the previous
notes on the deprecation.

- Minor cleanups: remove unneeded variables and function parameter
constification"

Link: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable [1]

* tag 'selinux-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: remove runtime disable message in the install_policy.sh script
selinux: use "grep -E" instead of "egrep"
selinux: remove the unneeded result variable
selinux: declare read-only parameters const
selinux: use int arrays for boolean values
selinux: remove an unneeded variable in sel_make_class_dir_entries()

Linus Torvalds 3 years ago e816da29 eafb121e

+48 -56

7 changed files

expand all

scripts

selinux

install_policy.sh

security

selinux

hooks.c

selinuxfs.c

context.h

ebitmap.c

ebitmap.h

mls_types.h

+2 -3

scripts/selinux/install_policy.sh

··· 31 31 if selinuxenabled; then 32 32 echo "SELinux is already enabled" 33 33 echo "This prevents safely relabeling all files." 34 - echo "Boot with selinux=0 on the kernel command-line or" 35 - echo "SELINUX=disabled in /etc/selinux/config." 34 + echo "Boot with selinux=0 on the kernel command-line." 36 35 exit 1 37 36 fi 38 37 ··· 77 78 $SF -F file_contexts / 78 79 79 80 mounts=`cat /proc/$$/mounts | \ 80 - egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \ 81 + grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \ 81 82 awk '{ print $2 '}` 82 83 $SF -F file_contexts $mounts 83 84

+9 -15

security/selinux/hooks.c

··· 5987 5987 struct ipc_security_struct *isec; 5988 5988 struct common_audit_data ad; 5989 5989 u32 sid = current_sid(); 5990 - int rc; 5991 5990 5992 5991 isec = selinux_ipc(msq); 5993 5992 ipc_init_security(isec, SECCLASS_MSGQ); ··· 5994 5995 ad.type = LSM_AUDIT_DATA_IPC; 5995 5996 ad.u.ipc_id = msq->key; 5996 5997 5997 - rc = avc_has_perm(&selinux_state, 5998 - sid, isec->sid, SECCLASS_MSGQ, 5999 - MSGQ__CREATE, &ad); 6000 - return rc; 5998 + return avc_has_perm(&selinux_state, 5999 + sid, isec->sid, SECCLASS_MSGQ, 6000 + MSGQ__CREATE, &ad); 6001 6001 } 6002 6002 6003 6003 static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) ··· 6124 6126 struct ipc_security_struct *isec; 6125 6127 struct common_audit_data ad; 6126 6128 u32 sid = current_sid(); 6127 - int rc; 6128 6129 6129 6130 isec = selinux_ipc(shp); 6130 6131 ipc_init_security(isec, SECCLASS_SHM); ··· 6131 6134 ad.type = LSM_AUDIT_DATA_IPC; 6132 6135 ad.u.ipc_id = shp->key; 6133 6136 6134 - rc = avc_has_perm(&selinux_state, 6135 - sid, isec->sid, SECCLASS_SHM, 6136 - SHM__CREATE, &ad); 6137 - return rc; 6137 + return avc_has_perm(&selinux_state, 6138 + sid, isec->sid, SECCLASS_SHM, 6139 + SHM__CREATE, &ad); 6138 6140 } 6139 6141 6140 6142 static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) ··· 6207 6211 struct ipc_security_struct *isec; 6208 6212 struct common_audit_data ad; 6209 6213 u32 sid = current_sid(); 6210 - int rc; 6211 6214 6212 6215 isec = selinux_ipc(sma); 6213 6216 ipc_init_security(isec, SECCLASS_SEM); ··· 6214 6219 ad.type = LSM_AUDIT_DATA_IPC; 6215 6220 ad.u.ipc_id = sma->key; 6216 6221 6217 - rc = avc_has_perm(&selinux_state, 6218 - sid, isec->sid, SECCLASS_SEM, 6219 - SEM__CREATE, &ad); 6220 - return rc; 6222 + return avc_has_perm(&selinux_state, 6223 + sid, isec->sid, SECCLASS_SEM, 6224 + SEM__CREATE, &ad); 6221 6225 } 6222 6226 6223 6227 static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)

+6 -9

security/selinux/selinuxfs.c

··· 71 71 struct dentry *bool_dir; 72 72 unsigned int bool_num; 73 73 char **bool_pending_names; 74 - unsigned int *bool_pending_values; 74 + int *bool_pending_values; 75 75 struct dentry *class_dir; 76 76 unsigned long last_class_ino; 77 77 bool policy_opened; ··· 356 356 /* declaration for sel_write_load */ 357 357 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 358 358 unsigned int *bool_num, char ***bool_pending_names, 359 - unsigned int **bool_pending_values); 359 + int **bool_pending_values); 360 360 static int sel_make_classes(struct selinux_policy *newpolicy, 361 361 struct dentry *class_dir, 362 362 unsigned long *last_class_ino); ··· 527 527 }; 528 528 529 529 static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, 530 - unsigned int *bool_values) 530 + int *bool_values) 531 531 { 532 532 u32 i; 533 533 ··· 545 545 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir, *old_dentry; 546 546 unsigned int tmp_bool_num, old_bool_num; 547 547 char **tmp_bool_names, **old_bool_names; 548 - unsigned int *tmp_bool_values, *old_bool_values; 548 + int *tmp_bool_values, *old_bool_values; 549 549 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ 550 550 551 551 tmp_parent = sel_make_disconnected_dir(fsi->sb, &tmp_ino); ··· 1423 1423 1424 1424 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 1425 1425 unsigned int *bool_num, char ***bool_pending_names, 1426 - unsigned int **bool_pending_values) 1426 + int **bool_pending_values) 1427 1427 { 1428 1428 int ret; 1429 1429 ssize_t len; ··· 1917 1917 struct selinux_fs_info *fsi = sb->s_fs_info; 1918 1918 struct dentry *dentry = NULL; 1919 1919 struct inode *inode = NULL; 1920 - int rc; 1921 1920 1922 1921 dentry = d_alloc_name(dir, "index"); 1923 1922 if (!dentry) ··· 1936 1937 if (IS_ERR(dentry)) 1937 1938 return PTR_ERR(dentry); 1938 1939 1939 - rc = sel_make_perm_files(newpolicy, classname, index, dentry); 1940 - 1941 - return rc; 1940 + return sel_make_perm_files(newpolicy, classname, index, dentry); 1942 1941 } 1943 1942 1944 1943 static int sel_make_classes(struct selinux_policy *newpolicy,

+9 -8

security/selinux/ss/context.h

··· 38 38 memset(&c->range, 0, sizeof(c->range)); 39 39 } 40 40 41 - static inline int mls_context_cpy(struct context *dst, struct context *src) 41 + static inline int mls_context_cpy(struct context *dst, const struct context *src) 42 42 { 43 43 int rc; 44 44 ··· 58 58 /* 59 59 * Sets both levels in the MLS range of 'dst' to the low level of 'src'. 60 60 */ 61 - static inline int mls_context_cpy_low(struct context *dst, struct context *src) 61 + static inline int mls_context_cpy_low(struct context *dst, const struct context *src) 62 62 { 63 63 int rc; 64 64 ··· 78 78 /* 79 79 * Sets both levels in the MLS range of 'dst' to the high level of 'src'. 80 80 */ 81 - static inline int mls_context_cpy_high(struct context *dst, struct context *src) 81 + static inline int mls_context_cpy_high(struct context *dst, const struct context *src) 82 82 { 83 83 int rc; 84 84 ··· 97 97 98 98 99 99 static inline int mls_context_glblub(struct context *dst, 100 - struct context *c1, struct context *c2) 100 + const struct context *c1, const struct context *c2) 101 101 { 102 - struct mls_range *dr = &dst->range, *r1 = &c1->range, *r2 = &c2->range; 102 + struct mls_range *dr = &dst->range; 103 + const struct mls_range *r1 = &c1->range, *r2 = &c2->range; 103 104 int rc = 0; 104 105 105 106 if (r1->level[1].sens < r2->level[0].sens || ··· 128 127 return rc; 129 128 } 130 129 131 - static inline int mls_context_cmp(struct context *c1, struct context *c2) 130 + static inline int mls_context_cmp(const struct context *c1, const struct context *c2) 132 131 { 133 132 return ((c1->range.level[0].sens == c2->range.level[0].sens) && 134 133 ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) && ··· 148 147 memset(c, 0, sizeof(*c)); 149 148 } 150 149 151 - static inline int context_cpy(struct context *dst, struct context *src) 150 + static inline int context_cpy(struct context *dst, const struct context *src) 152 151 { 153 152 int rc; 154 153 ··· 181 180 mls_context_destroy(c); 182 181 } 183 182 184 - static inline int context_cmp(struct context *c1, struct context *c2) 183 + static inline int context_cmp(const struct context *c1, const struct context *c2) 185 184 { 186 185 if (c1->len && c2->len) 187 186 return (c1->len == c2->len && !strcmp(c1->str, c2->str));

+11 -10

security/selinux/ss/ebitmap.c

··· 28 28 29 29 static struct kmem_cache *ebitmap_node_cachep __ro_after_init; 30 30 31 - int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2) 31 + int ebitmap_cmp(const struct ebitmap *e1, const struct ebitmap *e2) 32 32 { 33 - struct ebitmap_node *n1, *n2; 33 + const struct ebitmap_node *n1, *n2; 34 34 35 35 if (e1->highbit != e2->highbit) 36 36 return 0; ··· 50 50 return 1; 51 51 } 52 52 53 - int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src) 53 + int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src) 54 54 { 55 - struct ebitmap_node *n, *new, *prev; 55 + struct ebitmap_node *new, *prev; 56 + const struct ebitmap_node *n; 56 57 57 58 ebitmap_init(dst); 58 59 n = src->node; ··· 79 78 return 0; 80 79 } 81 80 82 - int ebitmap_and(struct ebitmap *dst, struct ebitmap *e1, struct ebitmap *e2) 81 + int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2) 83 82 { 84 83 struct ebitmap_node *n; 85 84 int bit, rc; ··· 218 217 * if last_e2bit is non-zero, the highest set bit in e2 cannot exceed 219 218 * last_e2bit. 220 219 */ 221 - int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2, u32 last_e2bit) 220 + int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 last_e2bit) 222 221 { 223 - struct ebitmap_node *n1, *n2; 222 + const struct ebitmap_node *n1, *n2; 224 223 int i; 225 224 226 225 if (e1->highbit < e2->highbit) ··· 259 258 return 1; 260 259 } 261 260 262 - int ebitmap_get_bit(struct ebitmap *e, unsigned long bit) 261 + int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) 263 262 { 264 - struct ebitmap_node *n; 263 + const struct ebitmap_node *n; 265 264 266 265 if (e->highbit < bit) 267 266 return 0; ··· 468 467 goto out; 469 468 } 470 469 471 - int ebitmap_write(struct ebitmap *e, void *fp) 470 + int ebitmap_write(const struct ebitmap *e, void *fp) 472 471 { 473 472 struct ebitmap_node *n; 474 473 u32 count;

+9 -9

security/selinux/ss/ebitmap.h

··· 44 44 45 45 #define ebitmap_length(e) ((e)->highbit) 46 46 47 - static inline unsigned int ebitmap_start_positive(struct ebitmap *e, 47 + static inline unsigned int ebitmap_start_positive(const struct ebitmap *e, 48 48 struct ebitmap_node **n) 49 49 { 50 50 unsigned int ofs; ··· 62 62 memset(e, 0, sizeof(*e)); 63 63 } 64 64 65 - static inline unsigned int ebitmap_next_positive(struct ebitmap *e, 65 + static inline unsigned int ebitmap_next_positive(const struct ebitmap *e, 66 66 struct ebitmap_node **n, 67 67 unsigned int bit) 68 68 { ··· 85 85 #define EBITMAP_NODE_OFFSET(node, bit) \ 86 86 (((bit) - (node)->startbit) % EBITMAP_UNIT_SIZE) 87 87 88 - static inline int ebitmap_node_get_bit(struct ebitmap_node *n, 88 + static inline int ebitmap_node_get_bit(const struct ebitmap_node *n, 89 89 unsigned int bit) 90 90 { 91 91 unsigned int index = EBITMAP_NODE_INDEX(n, bit); ··· 122 122 (bit) < ebitmap_length(e); \ 123 123 (bit) = ebitmap_next_positive(e, &(n), bit)) \ 124 124 125 - int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2); 126 - int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src); 127 - int ebitmap_and(struct ebitmap *dst, struct ebitmap *e1, struct ebitmap *e2); 128 - int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2, u32 last_e2bit); 129 - int ebitmap_get_bit(struct ebitmap *e, unsigned long bit); 125 + int ebitmap_cmp(const struct ebitmap *e1, const struct ebitmap *e2); 126 + int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src); 127 + int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2); 128 + int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 last_e2bit); 129 + int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit); 130 130 int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value); 131 131 void ebitmap_destroy(struct ebitmap *e); 132 132 int ebitmap_read(struct ebitmap *e, void *fp); 133 - int ebitmap_write(struct ebitmap *e, void *fp); 133 + int ebitmap_write(const struct ebitmap *e, void *fp); 134 134 u32 ebitmap_hash(const struct ebitmap *e, u32 hash); 135 135 136 136 #ifdef CONFIG_NETLABEL

+2 -2

security/selinux/ss/mls_types.h

··· 27 27 struct mls_level level[2]; /* low == level[0], high == level[1] */ 28 28 }; 29 29 30 - static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2) 30 + static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2) 31 31 { 32 32 return ((l1->sens == l2->sens) && 33 33 ebitmap_cmp(&l1->cat, &l2->cat)); 34 34 } 35 35 36 - static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2) 36 + static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2) 37 37 { 38 38 return ((l1->sens >= l2->sens) && 39 39 ebitmap_contains(&l1->cat, &l2->cat, 0));