1. 28 May, 2016 1 commit
  2. 11 Apr, 2016 1 commit
  3. 10 Apr, 2016 1 commit
  4. 16 Feb, 2016 1 commit
  5. 11 Feb, 2016 1 commit
    • Casey Schaufler's avatar
      Smack: Remove pointless hooks · 491a0b08
      Casey Schaufler authored
      Prior to the 4.2 kernel there no no harm in providing
      a security module hook that does nothing, as the default
      hook would get called if the module did not supply one.
      With the list based infrastructure an empty hook adds
      overhead. This patch removes the three Smack hooks that
      don't actually do anything.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      491a0b08
  6. 21 Jan, 2016 1 commit
  7. 04 Jan, 2016 1 commit
  8. 24 Dec, 2015 2 commits
  9. 17 Dec, 2015 1 commit
  10. 14 Dec, 2015 1 commit
  11. 10 Dec, 2015 1 commit
    • Casey Schaufler's avatar
      Smack: File receive for sockets · 79be0935
      Casey Schaufler authored
      The existing file receive hook checks for access on
      the file inode even for UDS. This is not right, as
      the inode is not used by Smack to make access checks
      for sockets. This change checks for an appropriate
      access relationship between the receiving (current)
      process and the socket. If the process can't write
      to the socket's send label or the socket's receive
      label can't write to the process fail.
      
      This will allow the legitimate cases, where the
      socket sender and socket receiver can freely communicate.
      Only strangly set socket labels should cause a problem.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      79be0935
  12. 09 Nov, 2015 1 commit
  13. 19 Oct, 2015 1 commit
    • Zbigniew Jasinski's avatar
      Smack: limited capability for changing process label · 38416e53
      Zbigniew Jasinski authored
      This feature introduces new kernel interface:
      
      - <smack_fs>/relabel-self - for setting transition labels list
      
      This list is used to control smack label transition mechanism.
      List is set by, and per process. Process can transit to new label only if
      label is on the list. Only process with CAP_MAC_ADMIN capability can add
      labels to this list. With this list, process can change it's label without
      CAP_MAC_ADMIN but only once. After label changing, list is unset.
      
      Changes in v2:
      * use list_for_each_entry instead of _rcu during label write
      * added missing description in security/Smack.txt
      
      Changes in v3:
      * squashed into one commit
      
      Changes in v4:
      * switch from global list to per-task list
      * since the per-task list is accessed only by the task itself
        there is no need to use synchronization mechanisms on it
      
      Changes in v5:
      * change smackfs interface of relabel-self to the one used for onlycap
        multiple labels are accepted, separated by space, which
        replace the previous list upon write
      Signed-off-by: default avatarZbigniew Jasinski <z.jasinski@samsung.com>
      Signed-off-by: default avatarRafal Krypa <r.krypa@samsung.com>
      Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      38416e53
  14. 16 Oct, 2015 1 commit
  15. 09 Oct, 2015 4 commits
  16. 18 Sep, 2015 1 commit
  17. 13 Aug, 2015 1 commit
  18. 10 Aug, 2015 1 commit
  19. 31 Jul, 2015 1 commit
  20. 28 Jul, 2015 1 commit
    • Casey Schaufler's avatar
      Smack: IPv6 host labeling · 21abb1ec
      Casey Schaufler authored
      IPv6 appears to be (finally) coming of age with the
      influx of autonomous devices. In support of this, add
      the ability to associate a Smack label with IPv6 addresses.
      
      This patch also cleans up some of the conditional
      compilation associated with the introduction of
      secmark processing. It's now more obvious which bit
      of code goes with which feature.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      21abb1ec
  21. 22 Jul, 2015 2 commits
  22. 01 Jul, 2015 1 commit
  23. 12 Jun, 2015 1 commit
  24. 02 Jun, 2015 2 commits
    • Rafal Krypa's avatar
      Smack: allow multiple labels in onlycap · c0d77c88
      Rafal Krypa authored
      Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to
      processes running with the configured label. But having single privileged
      label is not enough in some real use cases. On a complex system like Tizen,
      there maybe few programs that need to configure Smack policy in run-time
      and running them all with a single label is not always practical.
      This patch extends onlycap feature for multiple labels. They are configured
      in the same smackfs "onlycap" interface, separated by spaces.
      Signed-off-by: default avatarRafal Krypa <r.krypa@samsung.com>
      c0d77c88
    • Rafal Krypa's avatar
      Smack: fix seq operations in smackfs · 01fa8474
      Rafal Krypa authored
      Use proper RCU functions and read locking in smackfs seq_operations.
      
      Smack gets away with not using proper RCU functions in smackfs, because
      it never removes entries from these lists. But now one list will be
      needed (with interface in smackfs) that will have both elements added and
      removed to it.
      This change will also help any future changes implementing removal of
      unneeded entries from other Smack lists.
      
      The patch also fixes handling of pos argument in smk_seq_start and
      smk_seq_next. This fixes a bug in case when smackfs is read with a small
      buffer:
      
      Kernel panic - not syncing: Kernel mode fault at addr 0xfa0000011b
      CPU: 0 PID: 1292 Comm: dd Not tainted 4.1.0-rc1-00012-g98179b8 #13
      Stack:
       00000003 0000000d 7ff39e48 7f69fd00
       7ff39ce0 601ae4b0 7ff39d50 600e587b
       00000010 6039f690 7f69fd40 00612003
      Call Trace:
       [<601ae4b0>] load2_seq_show+0x19/0x1d
       [<600e587b>] seq_read+0x168/0x331
       [<600c5943>] __vfs_read+0x21/0x101
       [<601a595e>] ? security_file_permission+0xf8/0x105
       [<600c5ec6>] ? rw_verify_area+0x86/0xe2
       [<600c5fc3>] vfs_read+0xa1/0x14c
       [<600c68e2>] SyS_read+0x57/0xa0
       [<6001da60>] handle_syscall+0x60/0x80
       [<6003087d>] userspace+0x442/0x548
       [<6001aa77>] ? interrupt_end+0x0/0x80
       [<6001daae>] ? copy_chunk_to_user+0x0/0x2b
       [<6002cb6b>] ? save_registers+0x1f/0x39
       [<60032ef7>] ? arch_prctl+0xf5/0x170
       [<6001a92d>] fork_handler+0x85/0x87
      Signed-off-by: default avatarRafal Krypa <r.krypa@samsung.com>
      01fa8474
  25. 15 May, 2015 2 commits
    • Lukasz Pawelczyk's avatar
      smack: pass error code through pointers · e774ad68
      Lukasz Pawelczyk authored
      This patch makes the following functions to use ERR_PTR() and related
      macros to pass the appropriate error code through returned pointers:
      
      smk_parse_smack()
      smk_import_entry()
      smk_fetch()
      
      It also makes all the other functions that use them to handle the
      error cases properly. This ways correct error codes from places
      where they happened can be propagated to the user space if necessary.
      
      Doing this it fixes a bug in onlycap and unconfined files
      handling. Previously their content was cleared on any error from
      smk_import_entry/smk_parse_smack, be it EINVAL (as originally intended)
      or ENOMEM. Right now it only reacts on EINVAL passing other codes
      properly to userspace.
      
      Comments have been updated accordingly.
      Signed-off-by: default avatarLukasz Pawelczyk <l.pawelczyk@samsung.com>
      e774ad68
    • Seung-Woo Kim's avatar
      Smack: ignore private inode for smack_file_receive · 9777582e
      Seung-Woo Kim authored
      The dmabuf fd can be shared between processes via unix domain
      socket. The file of dmabuf fd is came from anon_inode. The inode
      has no set and get xattr operations, so it can not be shared
      between processes with smack. This patch fixes just to ignore
      private inode including anon_inode for smack_file_receive.
      Signed-off-by: default avatarSeung-Woo Kim <sw0312.kim@samsung.com>
      9777582e
  26. 12 May, 2015 3 commits
  27. 15 Apr, 2015 2 commits
  28. 12 Apr, 2015 1 commit
  29. 04 Apr, 2015 1 commit
  30. 23 Mar, 2015 1 commit
    • Paul Gortmaker's avatar
      smack: Fix gcc warning from unused smack_syslog_lock mutex in smackfs.c · f43b65ba
      Paul Gortmaker authored
      In commit 00f84f3f ("Smack: Make the
      syslog control configurable") this mutex was added, but the rest of
      the final commit never actually made use of it, resulting in:
      
       In file included from include/linux/mutex.h:29:0,
                        from include/linux/notifier.h:13,
                        from include/linux/memory_hotplug.h:6,
                        from include/linux/mmzone.h:821,
                        from include/linux/gfp.h:5,
                        from include/linux/slab.h:14,
                        from include/linux/security.h:27,
                        from security/smack/smackfs.c:21:
       security/smack/smackfs.c:63:21: warning: ‘smack_syslog_lock’ defined but not used [-Wunused-variable]
        static DEFINE_MUTEX(smack_syslog_lock);
                            ^
      
      A git grep shows no other instances/references to smack_syslog_lock.
      Delete it, assuming that the mutex addition was just a leftover from
      an earlier work in progress version of the change.
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      f43b65ba