From patchwork Mon Aug 15 19:42:12 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Roberts, William C" <william.c.roberts@intel.com>
X-Patchwork-Id: 9282025
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A9A0860839 for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 15 Aug 2016 19:49:21 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9930128E6A
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 15 Aug 2016 19:49:21 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8C6A228E6E; Mon, 15 Aug 2016 19:49:21 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A44F928E6A
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 15 Aug 2016 19:49:20 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.28,526,1464652800"; d="scan'208";a="16613420"
IronPort-PHdr: =?us-ascii?q?9a23=3AU6WJ+BVOu8rBT7cjUNdJ3sWrDzHV8LGtZVwlr6E/?=
	=?us-ascii?q?grcLSJyIuqrYZxeAt8tkgFKBZ4jH8fUM07OQ6PG5HzVdqs/d6ThCKMUKDE5dz5?=
	=?us-ascii?q?1O3kQJO42sMQXDNvnkbig3ToxpdWRO2DWFC3VTA9v0fFbIo3e/vnY4ExT7Mhdp?=
	=?us-ascii?q?dKyuQtaBx/q+2+36wZDPeQIA3GP7OuIrakzr5lyN74FW2dIkcfdpjEOR4zNhQK?=
	=?us-ascii?q?d//StQP1WdnhLxtI+b3aVI1GBugc8n7NNKSq7gfq41HvRyBTUiNH0ptoWw7UGQ?=
	=?us-ascii?q?BTaV4jMgdkle0l8RW0mWpC39C4z9qQPmp+F932+cJsSwQrcqHXy65rpvYAfhlS?=
	=?us-ascii?q?NCMjk+6myRgct1yOpArRagoQFv65LFa4GScvxld+XSes1eDXFMV8BdTStADsa4?=
	=?us-ascii?q?bpATJ/YQNuZf6Y/mrh0BqgXtKxOrAbbwyztMh3bzm6Z8yeMrHBvaxyQhGc4DtD?=
	=?us-ascii?q?Lfq9CmZ+8pTempwfyQnn34ZPRM1GK4sdDF?=
X-IPAS-Result: =?us-ascii?q?A2FQBACyG7JX/wHyM5BeGgEBAQGDJ1Z8tQyFdTkgC4dMTAE?=
	=?us-ascii?q?BAQEBAQECAQJbJ4IyBAMRCAE5PAEBAQEBASMCDWYCNxQgDgMJAhcIIQgIAwEtF?=
	=?us-ascii?q?RgHCwUYBIgQDr4RAQEBHgWIKoZfEQGCZQuDBwWIKIZoii6GHoh4AolqhVUCSI9?=
	=?us-ascii?q?nVIQaTgGFbYE2AQEB?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 15 Aug 2016 19:49:12 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7FJk0jm031410;
	Mon, 15 Aug 2016 15:47:03 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u7FJgJ43199207 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Mon, 15 Aug 2016 15:42:19 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7FJgJOU031201;
	Mon, 15 Aug 2016 15:42:19 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1DHBABdGrJX/yNjr8ZeGgEBAQGDJ1Z8tQyCKYQMFBCFeYFTTAEBAQEBAQECXoYFMIEPEogxDr4FAQsgBYgqiVYLgwcFiCiGaIouhh6IeAKPPwJIj2dUhBocMgGHIwEBAQ
X-IPAS-Result: 
 A1DHBABdGrJX/yNjr8ZeGgEBAQGDJ1Z8tQyCKYQMFBCFeYFTTAEBAQEBAQECXoYFMIEPEogxDr4FAQsgBYgqiVYLgwcFiCiGaIouhh6IeAKPPwJIj2dUhBocMgGHIwEBAQ
X-IronPort-AV: E=Sophos;i="5.28,526,1464667200"; d="scan'208";a="5646135"
Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	([10.208.41.37])
	by goalie.tycho.ncsc.mil with ESMTP; 15 Aug 2016 15:42:18 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3AHPGQmRXeUOYeMgUfWUXXrQj+sh7V8LGtZVwlr6E/?=
	=?us-ascii?q?grcLSJyIuqrYZxCDt8tkgFKBZ4jH8fUM07OQ6PG5HzVdqs/a4DhCKMUKDE5dz5?=
	=?us-ascii?q?1O3kQJO42sMQXDNvnkbig3ToxpdWRO2DWFC3VTA9v0fFbIo3e/vnY4ExT7Mhdp?=
	=?us-ascii?q?dKyuQtaBx/q+2+36wZDPeQIA3GP7OuIrakzr5lyK5oFW2dIkcfdpjEOR4zNhQK?=
	=?us-ascii?q?d//StQP1WdnhLxtI+b3aVI1GBugc8n7NNKSq7gfq41HvRyBTUiNH0ptoWw7UGQ?=
	=?us-ascii?q?BSPG3HYXU30XnxxUGECFqUiiBtai+hf94/FxwwGGLMb2SvYyQj3k4KB1DFfwgT?=
	=?us-ascii?q?oDHyYw7WWSj8t3lq8dqxWk41RkzorVZpyFHOZvdaPaO9UBTCxOWdgVHzdMC4Ww?=
	=?us-ascii?q?dYwOA68FPP1Eh5XsrFsJ6x2lDE+jA/285CVPgyrp3Kk+0u0kVwqAxgsqEsgSq1?=
	=?us-ascii?q?zVqsn4MOEZVuXmn+Hz0TzfYqYOin/G44/Sf0Vk+KnUUA=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ELBQAxGrJX/yNjr8ZeGwEBAYMnVny1D?=
	=?us-ascii?q?IIpg0xAFBCFeYFTTAEBAQEBAQECAQJbJ4IyBAETAQcBOTwBAQEBAQEjAg2BXjC?=
	=?us-ascii?q?BDxKIMQ6+BQELAR8FiCqJVguDBwWIKIZoii6GHoh4Ao8/AkiPZ1SEGhwyAYcjA?=
	=?us-ascii?q?QEB?=
X-IPAS-Result: =?us-ascii?q?A0ELBQAxGrJX/yNjr8ZeGwEBAYMnVny1DIIpg0xAFBCFeYF?=
	=?us-ascii?q?TTAEBAQEBAQECAQJbJ4IyBAETAQcBOTwBAQEBAQEjAg2BXjCBDxKIMQ6+BQELA?=
	=?us-ascii?q?R8FiCqJVguDBwWIKIZoii6GHoh4Ao8/AkiPZ1SEGhwyAYcjAQEB?=
X-IronPort-AV: E=Sophos;i="5.28,526,1464652800"; d="scan'208";a="18486551"
Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 15 Aug 2016 19:42:17 +0000
Received: from orsmga001.jf.intel.com ([10.7.209.18])
	by fmsmga002-icc.fm.intel.com with ESMTP; 15 Aug 2016 12:42:16 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.28,526,1464678000"; d="scan'208";
	a="1014781787"
Received: from hkramach-mobl1.amr.corp.intel.com (HELO
	wcrobert-MOBL1.amr.corp.intel.com) ([10.254.184.14])
	by orsmga001.jf.intel.com with ESMTP; 15 Aug 2016 12:42:16 -0700
From: william.c.roberts@intel.com
To: sds@tycho.nsa.gov, paul@paul-moore.com, selinux@tycho.nsa.gov,
	seandroid-list@tycho.nsa.gov
Subject: [PATCH] selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX
Date: Mon, 15 Aug 2016 12:42:12 -0700
Message-Id: <1471290132-26336-1-git-send-email-william.c.roberts@intel.com>
X-Mailer: git-send-email 1.9.1
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: William Roberts <william.c.roberts@intel.com>

Remove the SECURITY_SELINUX_POLICYDB_VERSION_MAX Kconfig option

Per: https://github.com/SELinuxProject/selinux/wiki/Kernel-Todo

This was only needed on Fedora 3 and 4 and just causes issues now,
so drop it.

The MAX and MIN should just be whatever the kernel can support.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 security/selinux/Kconfig            | 38 -------------------------------------
 security/selinux/include/security.h |  4 ----
 2 files changed, 42 deletions(-)

diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index 8691e92..ea7e3ef 100644
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -93,41 +93,3 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
 	  via /selinux/checkreqprot if authorized by policy.
 
 	  If you are unsure how to answer this question, answer 0.
-
-config SECURITY_SELINUX_POLICYDB_VERSION_MAX
-	bool "NSA SELinux maximum supported policy format version"
-	depends on SECURITY_SELINUX
-	default n
-	help
-	  This option enables the maximum policy format version supported
-	  by SELinux to be set to a particular value.  This value is reported
-	  to userspace via /selinux/policyvers and used at policy load time.
-	  It can be adjusted downward to support legacy userland (init) that
-	  does not correctly handle kernels that support newer policy versions.
-
-	  Examples:
-	  For the Fedora Core 3 or 4 Linux distributions, enable this option
-	  and set the value via the next option. For Fedora Core 5 and later,
-	  do not enable this option.
-
-	  If you are unsure how to answer this question, answer N.
-
-config SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
-	int "NSA SELinux maximum supported policy format version value"
-	depends on SECURITY_SELINUX_POLICYDB_VERSION_MAX
-	range 15 23
-	default 19
-	help
-	  This option sets the value for the maximum policy format version
-	  supported by SELinux.
-
-	  Examples:
-	  For Fedora Core 3, use 18.
-	  For Fedora Core 4, use 19.
-
-	  If you are unsure how to answer this question, look for the
-	  policy format version supported by your policy toolchain, by
-	  running 'checkpolicy -V'. Or look at what policy you have
-	  installed under /etc/selinux/$SELINUXTYPE/policy, where
-	  SELINUXTYPE is defined in your /etc/selinux/config.
-
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 38feb55..308a286 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -39,11 +39,7 @@
 
 /* Range of policy versions we understand*/
 #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
-#ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX
-#define POLICYDB_VERSION_MAX	CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
-#else
 #define POLICYDB_VERSION_MAX	POLICYDB_VERSION_XPERMS_IOCTL
-#endif
 
 /* Mask for just the mount related flags */
 #define SE_MNTMASK	0x0f