Linux kernel source tree https://git.amat.us/linux/atom/security/smack?h=v3.2.41 2011-11-11T19:07:21Z 2011-11-11T19:07:21Z Casey Schaufler casey@schaufler-ca.com 2011-11-10T23:02:22Z urn:sha1:40809565ca57a8e94bae20b22da014c44ec233f6 Commit 272cd7a8c67dd40a31ecff76a503bbb84707f757 introduced a change to the way rule lists are handled and reported in the smackfs filesystem. One of the issues addressed had to do with the termination of read requests on /smack/load. This change introduced a error in /smack/cipso, which shares some of the same list processing code. This patch updates all the file access list handling in smackfs to use the code introduced for /smack/load. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2011-10-20T23:07:31Z Jarkko Sakkinen jarkko.j.sakkinen@gmail.com 2011-10-18T18:21:36Z urn:sha1:0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d Allow query access as a normal user removing the need for CAP_MAC_ADMIN. Give RW access to /smack/access for UGO. Do not import smack labels in access check. Signed-off-by: Jarkko Sakkinen <jarkko.j.sakkinen@gmail.com> Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)> 2011-10-18T16:02:57Z Jarkko Sakkinen jarkko.j.sakkinen@gmail.com 2011-10-18T11:34:28Z urn:sha1:d86b2b61d4dea614d6f319772a90a8f98b55ed67 Forgot to update simple_transaction_set() to take terminator character into account. Signed-off-by: Jarkko Sakkinen <jarkko.j.sakkinen@gmail.com> Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)> 2011-10-14T15:56:49Z Jarkko Sakkinen jarkko.j.sakkinen@gmail.com 2011-10-14T10:16:24Z urn:sha1:16014d87509e26d6ed6935adbbf437a571fb5870 On some build configurations PER_CLEAR_ON_SETID symbol was not found when compiling smack_lsm.c. This patch fixes the issue by explicitly doing #include <linux/personality.h>. Signed-off-by: Jarkko Sakkinen <jarkko.j.sakkinen@gmail.com> Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)> 2011-10-12T21:30:07Z Jarkko Sakkinen jarkko.sakkinen@intel.com 2011-10-10T11:29:28Z urn:sha1:f8859d98c1d1e73393285fb9dd57007839956247 Small fix for the output of access SmackFS file. Use string is instead of byte. Makes it easier to extend API if it is needed. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com> 2011-10-12T21:28:15Z Jarkko Sakkinen jarkko.sakkinen@intel.com 2011-10-07T06:27:53Z urn:sha1:84088ba239293abb24260c6c36d86e8775b6707f Protections for domain transition: - BPRM unsafe flags - Secureexec - Clear unsafe personality bits. - Clear parent death signal Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com> 2011-10-12T21:27:05Z Casey Schaufler casey@schaufler-ca.com 2011-09-26T21:43:39Z urn:sha1:975d5e55c2e78b755bd0b92b71db1c241c5a2665 This patch is targeted for the smack-next tree. This patch takes advantage of the recent changes for performance and points the packet labels on UDS connect at the output label of the far side. This makes getsockopt(...SO_PEERCRED...) function properly. Without this change the getsockopt does not provide any information. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2011-10-12T21:26:07Z Casey Schaufler casey@schaufler-ca.com 2011-09-30T01:21:01Z urn:sha1:ce8a432197d9892689eb4896f690b9fe6b3de598 There are a number of comments in the Smack code that are either malformed or include code. This patch cleans them up. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2011-10-12T21:24:28Z Casey Schaufler casey@schaufler-ca.com 2011-09-19T19:41:42Z urn:sha1:531f1d453ed8a8acee4015bd64e7bcc2eab939e4 Al Viro pointed out that the processing of fcntl done by Smack appeared poorly designed. He was right. There are three things that required change. Most obviously, the list of commands that really imply writing is limited to those involving file locking and signal handling. The initialization if the file security blob was incomplete, requiring use of a heretofore unused LSM hook. Finally, the audit information coming from a helper masked the identity of the LSM hook. This patch corrects all three of these defects. This is targeted for the smack-next tree pending comments. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2011-10-12T21:23:13Z Casey Schaufler casey@schaufler-ca.com 2011-09-20T19:24:36Z urn:sha1:272cd7a8c67dd40a31ecff76a503bbb84707f757 This patch is targeted for the smack-next tree. Smack access checks suffer from two significant performance issues. In cases where there are large numbers of rules the search of the single list of rules is wasteful. Comparing the string values of the smack labels is less efficient than a numeric comparison would. These changes take advantage of the Smack label list, which maintains the mapping of Smack labels to secids and optional CIPSO labels. Because the labels are kept perpetually, an access check can be done strictly based on the address of the label in the list without ever looking at the label itself. Rather than keeping one global list of rules the rules with a particular subject label can be based off of that label list entry. The access check need never look at entries that do not use the current subject label. This requires that packets coming off the network with CIPSO direct Smack labels that have never been seen before be treated carefully. The only case where they could be delivered is where the receiving socket has an IPIN star label, so that case is explicitly addressed. On a system with 39,800 rules (200 labels in all permutations) a system with this patch runs an access speed test in 5% of the time of the old version. That should be a best case improvement. If all of the rules are associated with the same subject label and all of the accesses are for processes with that label (unlikely) the improvement is about 30%. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>