From patchwork Wed May 13 15:21:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 11546697 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B3E01912 for ; Wed, 13 May 2020 15:21:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 720EA2065D for ; Wed, 13 May 2020 15:21:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589383295; bh=1azQTu3YqUrPqAvVCaCfWApr5s4YVo2LJ3vdz6ZXYXs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Lc2857pUos5axtDwRUou+om8ndTWruXDBT4gFLFqSwoJJ1Jf9SjKuXM3bNkoGdj4f R7nS93vW9jj5yXbyi9Xb5t+jKLAg+EyWgVGjaopz18VDEv+dZzrIPuWGn39Wm7LsKw bdQNIBfmhdeqLHn3vhU2lpBnpVzshophOXpLaNoA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389202AbgEMPVQ (ORCPT ); Wed, 13 May 2020 11:21:16 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:35644 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389170AbgEMPVP (ORCPT ); Wed, 13 May 2020 11:21:15 -0400 Received: by mail-pf1-f195.google.com with SMTP id n18so645016pfa.2; Wed, 13 May 2020 08:21:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=L2EmjNUNQ4Z5jimRhohvy5E6UFn8J7/n3AurcqTssfc=; b=pKjK5/uLwvB1l4zaIfTdJJfWUmJTFDpuGrtJJT9esp2duuPlmJHlIB+eh+as55fii3 hOi9By7XgiF6KLzjMvn4WxVV/J1fOo6sXLVpN5q//IH3Fmv/ctS88Zbc5s3j3B7iFnkn vgj4SJ3pdB2g8nEOXbLDjGw+ZYhGwsgZo46SEk31JbOgq9r4Uk99oq6LK97B8UZ6ABNE qImx4R2WBKdMwV8VLDbMmbftbdfsHv9VkLGbW+ZDZ+oAIQs6hvDAz0UWXicdGfk3ZjrF tbZE2KgusOnxRYswn9tmEi1uLgNqPw7SnusG0rpXVyK3W1Fr6ttvPPKkK/OP18E+amuU BHJQ== X-Gm-Message-State: AGi0PuaeTKJyhXUfDAy2HW3Hf0hZ5lRqSaLOSMRgHj3HdicUT0yDZjXt JO0pmqF04pzZUpNm/7Qdpp0= X-Google-Smtp-Source: APiQypLjceC/PEfdNROkTqxbFVK4lToQw5U4tMxxK9Fb2TK7BTD2Imz/M+WiRtr+fq6JB7P+q54wFA== X-Received: by 2002:a63:1361:: with SMTP id 33mr23946447pgt.265.1589383274907; Wed, 13 May 2020 08:21:14 -0700 (PDT) Received: from 42.do-not-panic.com (42.do-not-panic.com. [157.230.128.187]) by smtp.gmail.com with ESMTPSA id j2sm15315389pfb.73.2020.05.13.08.21.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 08:21:12 -0700 (PDT) Received: by 42.do-not-panic.com (Postfix, from userid 1000) id 4BEB0418C0; Wed, 13 May 2020 15:21:12 +0000 (UTC) From: Luis Chamberlain To: viro@zeniv.linux.org.uk, gregkh@linuxfoundation.org, rafael@kernel.org, ebiederm@xmission.com, jeyu@kernel.org, jmorris@namei.org, keescook@chromium.org, paul@paul-moore.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, nayna@linux.ibm.com, zohar@linux.ibm.com Cc: scott.branden@broadcom.com, dan.carpenter@oracle.com, skhan@linuxfoundation.org, geert@linux-m68k.org, tglx@linutronix.de, bauerman@linux.ibm.com, dhowells@redhat.com, linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, Luis Chamberlain Subject: [PATCH 1/3] fs: unexport kernel_read_file() Date: Wed, 13 May 2020 15:21:06 +0000 Message-Id: <20200513152108.25669-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.23.0.rc1 In-Reply-To: <20200513152108.25669-1-mcgrof@kernel.org> References: <20200513152108.25669-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: There are no modular uses of kernel_read_file(), so just unexport it. Suggested-by: Al Viro Signed-off-by: Luis Chamberlain --- fs/exec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/exec.c b/fs/exec.c index 23dc2b45d590..9791b9eef9ce 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -988,7 +988,6 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, allow_write_access(file); return ret; } -EXPORT_SYMBOL_GPL(kernel_read_file); int kernel_read_file_from_path(const char *path, void **buf, loff_t *size, loff_t max_size, enum kernel_read_file_id id) From patchwork Wed May 13 15:21:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 11546695 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 91716913 for ; Wed, 13 May 2020 15:21:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5CDB720659 for ; Wed, 13 May 2020 15:21:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589383294; bh=eg9vZ7f7NuJB6AS3Wdsc/E+1PHMXZ4bcGffRHa3IpsA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=KNNdU8UxREEEz3rQIUka2uoOEj8xPKlOr5IDs1QnSnmB1oi29/bpruNC+o6f/L6HY Vi79XCtoXlICyorPQBIniZomtBeCavlM8Pe8PeoQ3OmCxqTnuctWEK9ad9pMmukqt4 tdoc+biW6ZrtgrA2W1QZneN4QsO7lwLbRm3Guueo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731586AbgEMPV3 (ORCPT ); Wed, 13 May 2020 11:21:29 -0400 Received: from mail-pl1-f195.google.com ([209.85.214.195]:41043 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389194AbgEMPVQ (ORCPT ); Wed, 13 May 2020 11:21:16 -0400 Received: by mail-pl1-f195.google.com with SMTP id u10so6947472pls.8; Wed, 13 May 2020 08:21:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Y6Z349elIdKKVeaQxYemASvgjctlEyt1SGMVKJhxPXM=; b=gyR+naj/grs9FYkqd0BkqB6VJREmlDi5xnmwlWJ0HMj/hEAyfEDzpDaZEPzrM567lE coJ2wm4EQesZEpo6u/YEBmn6WkA/mad2A+WxXlvd2yaY6LClM+chjxPfd0t7dCJvbNeU +omp2hYgR/qfssq/ZtmnJ4x5wV3cEGCyL+nXGl5TSDuod0bfA6gQxIDG/mbTYdZTXKV5 N7hvqbBjr2SdOSLZPeUYXyOGJJppAPaMRCVkhsyqlU6V0Z6Dyg1wpIOoKQ8IXGYlneGT JGAjZOaGlrWy21UoTMnYQIuB/6Ux4wkfOydJZOXbh9CcRdra/83ceHAF8B4JrWkSAs7f ouCw== X-Gm-Message-State: AGi0PuaLQ2JkixjwOt6RTueI+PTBA48aLT1PMJ2rlQWreGUIcYggV2So gVx+4BGpLhmloLEWO6R6SE4= X-Google-Smtp-Source: APiQypJ0RK+oeB+zoVh6X+gWZ3eFKKxCmbjeHLRNnXh89syCW3qa7AF2ZqhxpjaGZLht8Q8+XSsMkg== X-Received: by 2002:a17:90a:1743:: with SMTP id 3mr33555393pjm.106.1589383275911; Wed, 13 May 2020 08:21:15 -0700 (PDT) Received: from 42.do-not-panic.com (42.do-not-panic.com. [157.230.128.187]) by smtp.gmail.com with ESMTPSA id i3sm6842005pfe.44.2020.05.13.08.21.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 08:21:13 -0700 (PDT) Received: by 42.do-not-panic.com (Postfix, from userid 1000) id 5D22941D00; Wed, 13 May 2020 15:21:12 +0000 (UTC) From: Luis Chamberlain To: viro@zeniv.linux.org.uk, gregkh@linuxfoundation.org, rafael@kernel.org, ebiederm@xmission.com, jeyu@kernel.org, jmorris@namei.org, keescook@chromium.org, paul@paul-moore.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, nayna@linux.ibm.com, zohar@linux.ibm.com Cc: scott.branden@broadcom.com, dan.carpenter@oracle.com, skhan@linuxfoundation.org, geert@linux-m68k.org, tglx@linutronix.de, bauerman@linux.ibm.com, dhowells@redhat.com, linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, Luis Chamberlain Subject: [PATCH 2/3] security: add symbol namespace for reading file data Date: Wed, 13 May 2020 15:21:07 +0000 Message-Id: <20200513152108.25669-3-mcgrof@kernel.org> X-Mailer: git-send-email 2.23.0.rc1 In-Reply-To: <20200513152108.25669-1-mcgrof@kernel.org> References: <20200513152108.25669-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Certain symbols are not meant to be used by everybody, the security helpers for reading files directly is one such case. Use a symbol namespace for them. This will prevent abuse of use of these symbols in places they were not inteded to be used, and provides an easy way to audit where these types of operations happen as a whole. Signed-off-by: Luis Chamberlain --- drivers/base/firmware_loader/fallback.c | 1 + fs/exec.c | 2 ++ kernel/kexec.c | 2 ++ kernel/module.c | 2 ++ security/security.c | 6 +++--- 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/base/firmware_loader/fallback.c b/drivers/base/firmware_loader/fallback.c index d9ac7296205e..b088886dafda 100644 --- a/drivers/base/firmware_loader/fallback.c +++ b/drivers/base/firmware_loader/fallback.c @@ -19,6 +19,7 @@ */ MODULE_IMPORT_NS(FIRMWARE_LOADER_PRIVATE); +MODULE_IMPORT_NS(SECURITY_READ); extern struct firmware_fallback_config fw_fallback_config; diff --git a/fs/exec.c b/fs/exec.c index 9791b9eef9ce..30bd800ab1d6 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -72,6 +72,8 @@ #include +MODULE_IMPORT_NS(SECURITY_READ); + int suid_dumpable = 0; static LIST_HEAD(formats); diff --git a/kernel/kexec.c b/kernel/kexec.c index f977786fe498..8d572b41a157 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -19,6 +19,8 @@ #include "kexec_internal.h" +MODULE_IMPORT_NS(SECURITY_READ); + static int copy_user_segment_list(struct kimage *image, unsigned long nr_segments, struct kexec_segment __user *segments) diff --git a/kernel/module.c b/kernel/module.c index 80faaf2116dd..8973a463712e 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -59,6 +59,8 @@ #include #include "module-internal.h" +MODULE_IMPORT_NS(SECURITY_READ); + #define CREATE_TRACE_POINTS #include diff --git a/security/security.c b/security/security.c index 8ae66e4c370f..bdbd1fc5105a 100644 --- a/security/security.c +++ b/security/security.c @@ -1654,7 +1654,7 @@ int security_kernel_read_file(struct file *file, enum kernel_read_file_id id) return ret; return ima_read_file(file, id); } -EXPORT_SYMBOL_GPL(security_kernel_read_file); +EXPORT_SYMBOL_NS_GPL(security_kernel_read_file, SECURITY_READ); int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id) @@ -1666,7 +1666,7 @@ int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, return ret; return ima_post_read_file(file, buf, size, id); } -EXPORT_SYMBOL_GPL(security_kernel_post_read_file); +EXPORT_SYMBOL_NS_GPL(security_kernel_post_read_file, SECURITY_READ); int security_kernel_load_data(enum kernel_load_data_id id) { @@ -1677,7 +1677,7 @@ int security_kernel_load_data(enum kernel_load_data_id id) return ret; return ima_load_data(id); } -EXPORT_SYMBOL_GPL(security_kernel_load_data); +EXPORT_SYMBOL_NS_GPL(security_kernel_load_data, SECURITY_READ); int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) From patchwork Wed May 13 15:21:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 11546687 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D3778739 for ; Wed, 13 May 2020 15:21:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 985EC206F5 for ; Wed, 13 May 2020 15:21:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589383289; bh=ppbpJ/tiGc6AAsfEyrLUH1GG5EABg4BNhApQAkuqWOw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=zv3lhtItIragCLvv9xhJIjHYr99OYFpQzLZBMcG8DUNxrgQ1AfING4hbIgaxh9L7W xWXlT8VoJxeRlNLXag0/n+vvwn2Rxexjx1fkhRJhCe4RSGWiDEnGncfyaEX141+EKe tv2ZYz7ALUooICPL+/+cCUoelL4LuC/fTDIH/32s= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389170AbgEMPVU (ORCPT ); Wed, 13 May 2020 11:21:20 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:45436 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389208AbgEMPVS (ORCPT ); Wed, 13 May 2020 11:21:18 -0400 Received: by mail-pg1-f195.google.com with SMTP id r22so6331688pga.12; Wed, 13 May 2020 08:21:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sVPbNXCCooK7xs5q4tPUuYOkgiYvbFLYSsM11573Kow=; b=YhDWrrl2YmwuH6C/D6LSsdpjxidKPlizPVkQWMRXllgx3ceBr1IntjbXMl+ifzoTgR aizwY8YDCsWmkTD7K8C9/kivgxMwnQux5aKY8JenJKS03v0FG0HFkhDNudYu02LpQys6 uUV0FwO1GEZJ/DbCJuA07svfqThOgwRcC8gXcG+NYmc/xyg/s6SN6gT6XT46DYB3s8fC 0nLIBE3rEF22KDUq1G3ixdZE3pAyptD/8DEAxcA+gZLe45GbFLz6HYV5kTsGRuUXag0x u3Wvd01dxdkBUFxg4tJC4c6/89w8bSSwdhOt6ywUp2aYYnLc9KFPwrpA7CM/mP5z+kl/ TH7Q== X-Gm-Message-State: AGi0PuZLuVf1EFRDhDUZWmNPZCkJcBFjgNqn5zVWX/2dUBFxFxQM8ZjR IniRsMUxCEKVz47lxsO0Uv/VccKXZBxNuQ== X-Google-Smtp-Source: APiQypKJxNQFZPpCeObFfzlvgoO/y5iJXbbt0fp6k+Bh0324QO2zLbObQGGHUWDJ+UruNtob9Uv7wQ== X-Received: by 2002:aa7:80cf:: with SMTP id a15mr28046474pfn.124.1589383276926; Wed, 13 May 2020 08:21:16 -0700 (PDT) Received: from 42.do-not-panic.com (42.do-not-panic.com. [157.230.128.187]) by smtp.gmail.com with ESMTPSA id n23sm15605462pjq.18.2020.05.13.08.21.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 08:21:13 -0700 (PDT) Received: by 42.do-not-panic.com (Postfix, from userid 1000) id 7045741D95; Wed, 13 May 2020 15:21:12 +0000 (UTC) From: Luis Chamberlain To: viro@zeniv.linux.org.uk, gregkh@linuxfoundation.org, rafael@kernel.org, ebiederm@xmission.com, jeyu@kernel.org, jmorris@namei.org, keescook@chromium.org, paul@paul-moore.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, nayna@linux.ibm.com, zohar@linux.ibm.com Cc: scott.branden@broadcom.com, dan.carpenter@oracle.com, skhan@linuxfoundation.org, geert@linux-m68k.org, tglx@linutronix.de, bauerman@linux.ibm.com, dhowells@redhat.com, linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, Luis Chamberlain Subject: [PATCH 3/3] fs: move kernel_read*() calls to its own symbol namespace Date: Wed, 13 May 2020 15:21:08 +0000 Message-Id: <20200513152108.25669-4-mcgrof@kernel.org> X-Mailer: git-send-email 2.23.0.rc1 In-Reply-To: <20200513152108.25669-1-mcgrof@kernel.org> References: <20200513152108.25669-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Luis Chamberlain --- drivers/base/firmware_loader/main.c | 1 + fs/exec.c | 6 +++--- kernel/kexec_file.c | 2 ++ kernel/module.c | 1 + security/integrity/digsig.c | 3 +++ security/integrity/ima/ima_fs.c | 3 +++ security/integrity/ima/ima_main.c | 2 ++ security/loadpin/loadpin.c | 2 ++ security/security.c | 2 ++ security/selinux/hooks.c | 2 ++ 10 files changed, 21 insertions(+), 3 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 5296aaca35cf..a5ed796a9166 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -44,6 +44,7 @@ MODULE_AUTHOR("Manuel Estrada Sainz"); MODULE_DESCRIPTION("Multi purpose firmware loading support"); MODULE_LICENSE("GPL"); +MODULE_IMPORT_NS(CORE_FS_READ); struct firmware_cache { /* firmware_buf instance will be added into the below list */ diff --git a/fs/exec.c b/fs/exec.c index 30bd800ab1d6..bbe2a35ea2e0 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1008,7 +1008,7 @@ int kernel_read_file_from_path(const char *path, void **buf, loff_t *size, fput(file); return ret; } -EXPORT_SYMBOL_GPL(kernel_read_file_from_path); +EXPORT_SYMBOL_NS_GPL(kernel_read_file_from_path, CORE_FS_READ); int kernel_read_file_from_path_initns(const char *path, void **buf, loff_t *size, loff_t max_size, @@ -1034,7 +1034,7 @@ int kernel_read_file_from_path_initns(const char *path, void **buf, fput(file); return ret; } -EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns); +EXPORT_SYMBOL_NS_GPL(kernel_read_file_from_path_initns, CORE_FS_READ); int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size, enum kernel_read_file_id id) @@ -1050,7 +1050,7 @@ int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size, fdput(f); return ret; } -EXPORT_SYMBOL_GPL(kernel_read_file_from_fd); +EXPORT_SYMBOL_NS_GPL(kernel_read_file_from_fd, CORE_FS_READ); ssize_t read_code(struct file *file, unsigned long addr, loff_t pos, size_t len) { diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index bb05fd52de85..d96b7c05b0a5 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -28,6 +28,8 @@ #include #include "kexec_internal.h" +MODULE_IMPORT_NS(CORE_FS_READ); + static int kexec_calculate_store_digests(struct kimage *image); /* diff --git a/kernel/module.c b/kernel/module.c index 8973a463712e..f14868980080 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -60,6 +60,7 @@ #include "module-internal.h" MODULE_IMPORT_NS(SECURITY_READ); +MODULE_IMPORT_NS(CORE_FS_READ); #define CREATE_TRACE_POINTS #include diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index e9cbadade74b..d68ef41a3987 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -13,11 +13,14 @@ #include #include #include +#include #include #include #include "integrity.h" +MODULE_IMPORT_NS(CORE_FS_READ); + static struct key *keyring[INTEGRITY_KEYRING_MAX]; static const char * const keyring_name[INTEGRITY_KEYRING_MAX] = { diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index e3fcad871861..41fd03281ae1 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -20,6 +20,9 @@ #include #include #include +#include + +MODULE_IMPORT_NS(CORE_FS_READ); #include "ima.h" diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f96f151294e6..ffa7a14deef1 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -28,6 +28,8 @@ #include "ima.h" +MODULE_IMPORT_NS(CORE_FS_READ); + #ifdef CONFIG_IMA_APPRAISE int ima_appraise = IMA_APPRAISE_ENFORCE; #else diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index ee5cb944f4ad..ca2022ad5f88 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -17,6 +17,8 @@ #include /* current */ #include +MODULE_IMPORT_NS(CORE_FS_READ); + static void report_load(const char *origin, struct file *file, char *operation) { char *cmdline, *pathname; diff --git a/security/security.c b/security/security.c index bdbd1fc5105a..c865f1de4b03 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,8 @@ #include #include +MODULE_IMPORT_NS(CORE_FS_READ); + #define MAX_LSM_EVM_XATTR 2 /* How many LSMs were built into the kernel? */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9979b45e0a34..6dc4abfbfb78 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -103,6 +103,8 @@ #include "audit.h" #include "avc_ss.h" +MODULE_IMPORT_NS(CORE_FS_READ); + struct selinux_state selinux_state; /* SECMARK reference count */