From patchwork Thu Feb 7 12:44:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801039 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 54F9F1390 for ; Thu, 7 Feb 2019 12:45:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 43A6F2C4D0 for ; Thu, 7 Feb 2019 12:45:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3739C2D291; Thu, 7 Feb 2019 12:45:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B558D2C4D0 for ; Thu, 7 Feb 2019 12:45:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727002AbfBGMpO (ORCPT ); Thu, 7 Feb 2019 07:45:14 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60540 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbfBGMpO (ORCPT ); Thu, 7 Feb 2019 07:45:14 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id B4C865400AA; Thu, 7 Feb 2019 15:45:12 +0300 (MSK) From: Denis Efremov To: Eric Paris Cc: Denis Efremov , Casey Schaufler , "Eric W. Biederman" , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 01/10] security: fix documentation for the sb_copy_data hook Date: Thu, 7 Feb 2019 15:44:49 +0300 Message-Id: <163c782b51c696ea210dfa9043ea64cabac44ef7.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The @type argument of the sb_copy_data hook was removed in the commit "LSM/SELinux: Interfaces to allow FS to control mount options" (e0007529893c). This commit removes the description of the @type argument from the LSM documentation. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 9a0bdf91e646..de179331be5c 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -111,7 +111,6 @@ * options cleanly (a filesystem may modify the data e.g. with strsep()). * This also allows the original mount data to be stripped of security- * specific options to avoid having to make filesystems aware of them. - * @type the type of filesystem being mounted. * @orig the original mount data copied from userspace. * @copy copied data which will be passed to the security module. * Returns 0 if the copy was successful. From patchwork Thu Feb 7 12:44:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801041 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 013D16C2 for ; Thu, 7 Feb 2019 12:45:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E4C642C4D0 for ; Thu, 7 Feb 2019 12:45:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D8A432D291; Thu, 7 Feb 2019 12:45:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E62C2C4D0 for ; Thu, 7 Feb 2019 12:45:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727125AbfBGMpS (ORCPT ); Thu, 7 Feb 2019 07:45:18 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60564 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbfBGMpR (ORCPT ); Thu, 7 Feb 2019 07:45:17 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id 6FEEE5400A9; Thu, 7 Feb 2019 15:45:15 +0300 (MSK) From: Denis Efremov To: Eric Paris Cc: Denis Efremov , Casey Schaufler , "Eric W. Biederman" , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 02/10] security: fix documentation for the syslog hook Date: Thu, 7 Feb 2019 15:44:50 +0300 Message-Id: <70ac80069eb645ffa3a30d8206acb066cb2810b9.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The syslog hook was changed in the commit "capabilities/syslog: open code cap_syslog logic to fix build failure" (12b3052c3ee8). The argument @from_file was removed from the hook. This patch updates the documentation for the syslog hook accordingly. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index de179331be5c..a0555683db63 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1276,7 +1276,6 @@ * logging to the console. * See the syslog(2) manual page for an explanation of the @type values. * @type contains the type of action. - * @from_file indicates the context of action (if it came from /proc). * Return 0 if permission is granted. * @settime: * Check permission to change the system time. From patchwork Thu Feb 7 12:44:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801055 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0A0B56C2 for ; Thu, 7 Feb 2019 12:46:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E873E2D2D6 for ; Thu, 7 Feb 2019 12:46:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DBCA02D321; Thu, 7 Feb 2019 12:46:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 881C22D2D6 for ; Thu, 7 Feb 2019 12:46:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727138AbfBGMpY (ORCPT ); Thu, 7 Feb 2019 07:45:24 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60590 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbfBGMpX (ORCPT ); Thu, 7 Feb 2019 07:45:23 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id 58A675400AD; Thu, 7 Feb 2019 15:45:21 +0300 (MSK) From: Denis Efremov To: Casey Schaufler Cc: Denis Efremov , "Eric W. Biederman" , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 03/10] security: fix documentation for the socket_post_create hook Date: Thu, 7 Feb 2019 15:44:51 +0300 Message-Id: <79859c6d228789c3f287ccb46bd0ddeb46aefcdd.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This patch slightly fixes the documentation for the socket_post_create hook. The documentation states that i_security field is accessible through inode field of socket structure (i.e., 'sock->inode->i_security'). There is no inode field in the socket structure. The i_security field is accessible through SOCK_INODE macro. The patch updates the documentation to reflect this. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a0555683db63..80e5f3421b91 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -752,9 +752,9 @@ * socket structure, but rather, the socket security information is stored * in the associated inode. Typically, the inode alloc_security hook will * allocate and and attach security information to - * sock->inode->i_security. This hook may be used to update the - * sock->inode->i_security field with additional information that wasn't - * available when the inode was allocated. + * SOCK_INODE(sock)->i_security. This hook may be used to update the + * SOCK_INODE(sock)->i_security field with additional information that + * wasn't available when the inode was allocated. * @sock contains the newly created socket structure. * @family contains the requested protocol family. * @type contains the requested communications type. From patchwork Thu Feb 7 12:44:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801059 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 979756C2 for ; Thu, 7 Feb 2019 12:46:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 884532C4E5 for ; Thu, 7 Feb 2019 12:46:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7C9DC2D30E; Thu, 7 Feb 2019 12:46:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6147A2C4E5 for ; Thu, 7 Feb 2019 12:46:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727218AbfBGMp2 (ORCPT ); Thu, 7 Feb 2019 07:45:28 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60632 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbfBGMp0 (ORCPT ); Thu, 7 Feb 2019 07:45:26 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id 7DA575400AA; Thu, 7 Feb 2019 15:45:24 +0300 (MSK) From: Denis Efremov To: KOSAKI Motohiro Cc: Denis Efremov , Casey Schaufler , "Eric W. Biederman" , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 04/10] security: fix documentation for the task_setscheduler hook Date: Thu, 7 Feb 2019 15:44:52 +0300 Message-Id: X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The task_setscheduler hook was changed in the commit "security: remove unused parameter from security_task_setscheduler()" (b0ae19811375). The arguments @policy, @lp were removed from the hook. This patch updates the documentation accordingly. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 80e5f3421b91..09223911876e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -655,10 +655,8 @@ * Return 0 if permission is granted. * @task_setscheduler: * Check permission before setting scheduling policy and/or parameters of - * process @p based on @policy and @lp. + * process @p. * @p contains the task_struct for process. - * @policy contains the scheduling policy. - * @lp contains the scheduling parameters. * Return 0 if permission is granted. * @task_getscheduler: * Check permission before obtaining scheduling information for process From patchwork Thu Feb 7 12:44:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801043 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CAF666C2 for ; Thu, 7 Feb 2019 12:45:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB0612C4D0 for ; Thu, 7 Feb 2019 12:45:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AEEEE2D2D6; Thu, 7 Feb 2019 12:45:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A9412C4D0 for ; Thu, 7 Feb 2019 12:45:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727249AbfBGMpd (ORCPT ); Thu, 7 Feb 2019 07:45:33 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60648 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbfBGMpc (ORCPT ); Thu, 7 Feb 2019 07:45:32 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id 6DFBB5400A9; Thu, 7 Feb 2019 15:45:30 +0300 (MSK) From: Denis Efremov To: Stephen Smalley Cc: Denis Efremov , Casey Schaufler , "Eric W. Biederman" , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 05/10] security: fix documentation for the socket_getpeersec_dgram hook Date: Thu, 7 Feb 2019 15:44:53 +0300 Message-Id: <402a6bb32fac3dff3c71eb5400944dae14bfda9e.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The socket_getpeersec_dgram hook was changed in the commit "[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch" (dc49c1f94e34). The arguments @secdata and @seclen were changed to @sock and @secid. This patch updates the documentation accordingly. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 09223911876e..cb93972257be 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -861,9 +861,9 @@ * the IP_PASSSEC option via getsockopt. It can then retrieve the * security state returned by this hook for a packet via the SCM_SECURITY * ancillary message type. - * @skb is the skbuff for the packet being queried - * @secdata is a pointer to a buffer in which to copy the security data - * @seclen is the maximum length for @secdata + * @sock contains the socket structure. + * @skb is the skbuff for the packet being queried. + * @secid pointer to store the secid of the packet. * Return 0 on success, error on failure. * @sk_alloc_security: * Allocate and attach a security structure to the sk->sk_security field, From patchwork Thu Feb 7 12:44:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801045 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1B5301823 for ; Thu, 7 Feb 2019 12:45:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0B7CD2C4D0 for ; Thu, 7 Feb 2019 12:45:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F38AC2C4E5; Thu, 7 Feb 2019 12:45:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A0C0D2D2CC for ; Thu, 7 Feb 2019 12:45:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727272AbfBGMph (ORCPT ); Thu, 7 Feb 2019 07:45:37 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60670 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbfBGMph (ORCPT ); Thu, 7 Feb 2019 07:45:37 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id D3B5A5400AE; Thu, 7 Feb 2019 15:45:34 +0300 (MSK) From: Denis Efremov To: Al Viro Cc: Denis Efremov , Casey Schaufler , "Eric W. Biederman" , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 06/10] security: fix documentation for the path_chmod hook Date: Thu, 7 Feb 2019 15:44:54 +0300 Message-Id: <0275d06334cdb1d2a87384d7971924a70776b3cb.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The path_chmod hook was changed in the commit "switch security_path_chmod() to struct path *" (cdcf116d44e7). The argument @mnt was removed from the hook, @dentry was changed to @path. This patch updates the documentation accordingly. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index cb93972257be..5d6428d0027b 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -304,8 +304,7 @@ * Return 0 if permission is granted. * @path_chmod: * Check for permission to change DAC's permission of a file or directory. - * @dentry contains the dentry structure. - * @mnt contains the vfsmnt structure. + * @path contains the path structure. * @mode contains DAC's mode. * Return 0 if permission is granted. * @path_chown: From patchwork Thu Feb 7 12:44:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801053 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4CA666C2 for ; Thu, 7 Feb 2019 12:46:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3CD222C4E5 for ; Thu, 7 Feb 2019 12:46:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 30ED42D30E; Thu, 7 Feb 2019 12:46:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D07292C4E5 for ; Thu, 7 Feb 2019 12:46:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727291AbfBGMpo (ORCPT ); Thu, 7 Feb 2019 07:45:44 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60706 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726769AbfBGMpn (ORCPT ); Thu, 7 Feb 2019 07:45:43 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id B25845400AA; Thu, 7 Feb 2019 15:45:41 +0300 (MSK) From: Denis Efremov To: Casey Schaufler Cc: Denis Efremov , "Eric W. Biederman" , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 07/10] security: fix documentation for the audit_* hooks Date: Thu, 7 Feb 2019 15:44:55 +0300 Message-Id: X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This patch updates the documentation for the audit_* hooks to use the same arguments names as in the hook's declarations. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 5d6428d0027b..307714b8b072 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1329,7 +1329,7 @@ * @audit_rule_known: * Specifies whether given @rule contains any fields related to * current LSM. - * @rule contains the audit rule of interest. + * @krule contains the audit rule of interest. * Return 1 in case of relation found, 0 otherwise. * * @audit_rule_match: @@ -1338,14 +1338,14 @@ * @secid contains the security id in question. * @field contains the field which relates to current LSM. * @op contains the operator that will be used for matching. - * @rule points to the audit rule that will be checked against. + * @lsmrule points to the audit rule that will be checked against. * @actx points to the audit context associated with the check. * Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure. * * @audit_rule_free: * Deallocate the LSM audit rule structure previously allocated by * audit_rule_init. - * @rule contains the allocated rule + * @lsmrule contains the allocated rule. * * @inode_invalidate_secctx: * Notify the security module that it must revalidate the security context From patchwork Thu Feb 7 12:44:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801051 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 65BA96C2 for ; Thu, 7 Feb 2019 12:46:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 55B222C4E5 for ; Thu, 7 Feb 2019 12:46:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 481C92D30E; Thu, 7 Feb 2019 12:46:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB0982C4E5 for ; Thu, 7 Feb 2019 12:46:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726769AbfBGMpr (ORCPT ); Thu, 7 Feb 2019 07:45:47 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60742 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727305AbfBGMpq (ORCPT ); Thu, 7 Feb 2019 07:45:46 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id E51285400AD; Thu, 7 Feb 2019 15:45:43 +0300 (MSK) From: Denis Efremov To: "Eric W. Biederman" Cc: Denis Efremov , Casey Schaufler , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 08/10] security: fix documentation for the msg_queue_* hooks Date: Thu, 7 Feb 2019 15:44:56 +0300 Message-Id: <3fba6c919f2125262b9939cb36d8df912f834433.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The msg_queue_* hooks were changed in the commit "msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks" (d8c6e8543294). The type of the argument msq was changed from msq_queue to kern_ipc_perm. This patch updates the documentation for the hooks accordingly. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 307714b8b072..f61f39c73208 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1093,41 +1093,41 @@ * * @msg_queue_alloc_security: * Allocate and attach a security structure to the - * msq->q_perm.security field. The security field is initialized to + * perm->security field. The security field is initialized to * NULL when the structure is first created. - * @msq contains the message queue structure to be modified. + * @perm contains the IPC permissions of the message queue. * Return 0 if operation was successful and permission is granted. * @msg_queue_free_security: * Deallocate security structure for this message queue. - * @msq contains the message queue structure to be modified. + * @perm contains the IPC permissions of the message queue. * @msg_queue_associate: * Check permission when a message queue is requested through the - * msgget system call. This hook is only called when returning the + * msgget system call. This hook is only called when returning the * message queue identifier for an existing message queue, not when a * new message queue is created. - * @msq contains the message queue to act upon. + * @perm contains the IPC permissions of the message queue. * @msqflg contains the operation control flags. * Return 0 if permission is granted. * @msg_queue_msgctl: * Check permission when a message control operation specified by @cmd - * is to be performed on the message queue @msq. - * The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO. - * @msq contains the message queue to act upon. May be NULL. + * is to be performed on the message queue with permissions @perm. + * The @perm may be NULL, e.g. for IPC_INFO or MSG_INFO. + * @perm contains the IPC permissions of the msg queue. May be NULL. * @cmd contains the operation to be performed. * Return 0 if permission is granted. * @msg_queue_msgsnd: * Check permission before a message, @msg, is enqueued on the message - * queue, @msq. - * @msq contains the message queue to send message to. + * queue with permissions @perm. + * @perm contains the IPC permissions of the message queue. * @msg contains the message to be enqueued. * @msqflg contains operational flags. * Return 0 if permission is granted. * @msg_queue_msgrcv: * Check permission before a message, @msg, is removed from the message - * queue, @msq. The @target task structure contains a pointer to the + * queue. The @target task structure contains a pointer to the * process that will be receiving the message (not equal to the current * process when inline receives are being performed). - * @msq contains the message queue to retrieve message from. + * @perm contains the IPC permissions of the message queue. * @msg contains the message destination. * @target contains the task structure for recipient process. * @type contains the type of message requested. @@ -1615,13 +1615,13 @@ union security_list_options { int (*msg_msg_alloc_security)(struct msg_msg *msg); void (*msg_msg_free_security)(struct msg_msg *msg); - int (*msg_queue_alloc_security)(struct kern_ipc_perm *msq); - void (*msg_queue_free_security)(struct kern_ipc_perm *msq); - int (*msg_queue_associate)(struct kern_ipc_perm *msq, int msqflg); - int (*msg_queue_msgctl)(struct kern_ipc_perm *msq, int cmd); - int (*msg_queue_msgsnd)(struct kern_ipc_perm *msq, struct msg_msg *msg, + int (*msg_queue_alloc_security)(struct kern_ipc_perm *perm); + void (*msg_queue_free_security)(struct kern_ipc_perm *perm); + int (*msg_queue_associate)(struct kern_ipc_perm *perm, int msqflg); + int (*msg_queue_msgctl)(struct kern_ipc_perm *perm, int cmd); + int (*msg_queue_msgsnd)(struct kern_ipc_perm *perm, struct msg_msg *msg, int msqflg); - int (*msg_queue_msgrcv)(struct kern_ipc_perm *msq, struct msg_msg *msg, + int (*msg_queue_msgrcv)(struct kern_ipc_perm *perm, struct msg_msg *msg, struct task_struct *target, long type, int mode); From patchwork Thu Feb 7 12:44:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801049 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1AD656C2 for ; Thu, 7 Feb 2019 12:46:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 070812C4E5 for ; Thu, 7 Feb 2019 12:46:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EF9EE2D2D6; Thu, 7 Feb 2019 12:46:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8448D2C4E5 for ; Thu, 7 Feb 2019 12:46:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727327AbfBGMpt (ORCPT ); Thu, 7 Feb 2019 07:45:49 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60778 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727311AbfBGMps (ORCPT ); Thu, 7 Feb 2019 07:45:48 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id 2D74C5400B5; Thu, 7 Feb 2019 15:45:45 +0300 (MSK) From: Denis Efremov To: "Eric W. Biederman" Cc: Denis Efremov , Casey Schaufler , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 09/10] security: fix documentation for the sem_* hooks Date: Thu, 7 Feb 2019 15:44:57 +0300 Message-Id: <61203dee8c760e0d3627be17f0473c1a9bfce3f3.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The sem_* hooks were changed in the commit "sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks" (aefad9593ec5). The type of the argument sma was changed from sem_array to kern_ipc_perm. This patch updates the documentation for the hooks accordingly. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index f61f39c73208..4bfb6532cbb3 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1172,34 +1172,34 @@ * Security hooks for System V Semaphores * * @sem_alloc_security: - * Allocate and attach a security structure to the sma->sem_perm.security - * field. The security field is initialized to NULL when the structure is + * Allocate and attach a security structure to the perm->security + * field. The security field is initialized to NULL when the structure is * first created. - * @sma contains the semaphore structure + * @perm contains the IPC permissions of the semaphore. * Return 0 if operation was successful and permission is granted. * @sem_free_security: * deallocate security struct for this semaphore - * @sma contains the semaphore structure. + * @perm contains the IPC permissions of the semaphore. * @sem_associate: * Check permission when a semaphore is requested through the semget - * system call. This hook is only called when returning the semaphore + * system call. This hook is only called when returning the semaphore * identifier for an existing semaphore, not when a new one must be * created. - * @sma contains the semaphore structure. + * @perm contains the IPC permissions of the semaphore. * @semflg contains the operation control flags. * Return 0 if permission is granted. * @sem_semctl: * Check permission when a semaphore operation specified by @cmd is to be - * performed on the semaphore @sma. The @sma may be NULL, e.g. for + * performed on the semaphore. The @perm may be NULL, e.g. for * IPC_INFO or SEM_INFO. - * @sma contains the semaphore structure. May be NULL. + * @perm contains the IPC permissions of the semaphore. May be NULL. * @cmd contains the operation to be performed. * Return 0 if permission is granted. * @sem_semop: * Check permissions before performing operations on members of the - * semaphore set @sma. If the @alter flag is nonzero, the semaphore set + * semaphore set. If the @alter flag is nonzero, the semaphore set * may be modified. - * @sma contains the semaphore structure. + * @perm contains the IPC permissions of the semaphore. * @sops contains the operations to perform. * @nsops contains the number of operations to perform. * @alter contains the flag indicating whether changes are to be made. @@ -1632,11 +1632,11 @@ union security_list_options { int (*shm_shmat)(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg); - int (*sem_alloc_security)(struct kern_ipc_perm *sma); - void (*sem_free_security)(struct kern_ipc_perm *sma); - int (*sem_associate)(struct kern_ipc_perm *sma, int semflg); - int (*sem_semctl)(struct kern_ipc_perm *sma, int cmd); - int (*sem_semop)(struct kern_ipc_perm *sma, struct sembuf *sops, + int (*sem_alloc_security)(struct kern_ipc_perm *perm); + void (*sem_free_security)(struct kern_ipc_perm *perm); + int (*sem_associate)(struct kern_ipc_perm *perm, int semflg); + int (*sem_semctl)(struct kern_ipc_perm *perm, int cmd); + int (*sem_semop)(struct kern_ipc_perm *perm, struct sembuf *sops, unsigned nsops, int alter); int (*netlink_send)(struct sock *sk, struct sk_buff *skb); From patchwork Thu Feb 7 12:44:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Efremov X-Patchwork-Id: 10801047 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 782AC1390 for ; Thu, 7 Feb 2019 12:46:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 670912C4E5 for ; Thu, 7 Feb 2019 12:46:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5B09B2D2D6; Thu, 7 Feb 2019 12:46:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E251C2C4E5 for ; Thu, 7 Feb 2019 12:46:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726786AbfBGMpy (ORCPT ); Thu, 7 Feb 2019 07:45:54 -0500 Received: from mail.ispras.ru ([83.149.199.45]:60792 "EHLO mail.ispras.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727321AbfBGMpt (ORCPT ); Thu, 7 Feb 2019 07:45:49 -0500 Received: from green.intra.ispras.ru (pluton2.ispras.ru [83.149.199.44]) by mail.ispras.ru (Postfix) with ESMTPSA id 6824E5400B6; Thu, 7 Feb 2019 15:45:47 +0300 (MSK) From: Denis Efremov To: "Eric W. Biederman" Cc: Denis Efremov , Casey Schaufler , Eric Paris , Kees Cook , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Kentaro Takeda , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 10/10] security: fix documentation for the shm_* hooks Date: Thu, 7 Feb 2019 15:44:58 +0300 Message-Id: <26eeda9e281a7650f028e554e2f64a25f17cb1d1.1549540487.git.efremov@ispras.ru> X-Mailer: git-send-email 2.17.2 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The shm_* hooks were changed in the commit "shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks" (7191adff2a55). The type of the argument shp was changed from shmid_kernel to kern_ipc_perm. This patch updates the documentation for the hooks accordingly. Signed-off-by: Denis Efremov --- include/linux/lsm_hooks.h | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 4bfb6532cbb3..8382dd1bed59 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1137,34 +1137,34 @@ * Security hooks for System V Shared Memory Segments * * @shm_alloc_security: - * Allocate and attach a security structure to the shp->shm_perm.security - * field. The security field is initialized to NULL when the structure is + * Allocate and attach a security structure to the perm->security + * field. The security field is initialized to NULL when the structure is * first created. - * @shp contains the shared memory structure to be modified. + * @perm contains the IPC permissions of the shared memory structure. * Return 0 if operation was successful and permission is granted. * @shm_free_security: * Deallocate the security struct for this memory segment. - * @shp contains the shared memory structure to be modified. + * @perm contains the IPC permissions of the shared memory structure. * @shm_associate: * Check permission when a shared memory region is requested through the - * shmget system call. This hook is only called when returning the shared + * shmget system call. This hook is only called when returning the shared * memory region identifier for an existing region, not when a new shared * memory region is created. - * @shp contains the shared memory structure to be modified. + * @perm contains the IPC permissions of the shared memory structure. * @shmflg contains the operation control flags. * Return 0 if permission is granted. * @shm_shmctl: * Check permission when a shared memory control operation specified by - * @cmd is to be performed on the shared memory region @shp. - * The @shp may be NULL, e.g. for IPC_INFO or SHM_INFO. - * @shp contains shared memory structure to be modified. + * @cmd is to be performed on the shared memory region with permissions @perm. + * The @perm may be NULL, e.g. for IPC_INFO or SHM_INFO. + * @perm contains the IPC permissions of the shared memory structure. * @cmd contains the operation to be performed. * Return 0 if permission is granted. * @shm_shmat: * Check permissions prior to allowing the shmat system call to attach the - * shared memory segment @shp to the data segment of the calling process. - * The attaching address is specified by @shmaddr. - * @shp contains the shared memory structure to be modified. + * shared memory segment with permissions @perm to the data segment of the + * calling process. The attaching address is specified by @shmaddr. + * @perm contains the IPC permissions of the shared memory structure. * @shmaddr contains the address to attach memory region to. * @shmflg contains the operational flags. * Return 0 if permission is granted. @@ -1625,11 +1625,11 @@ union security_list_options { struct task_struct *target, long type, int mode); - int (*shm_alloc_security)(struct kern_ipc_perm *shp); - void (*shm_free_security)(struct kern_ipc_perm *shp); - int (*shm_associate)(struct kern_ipc_perm *shp, int shmflg); - int (*shm_shmctl)(struct kern_ipc_perm *shp, int cmd); - int (*shm_shmat)(struct kern_ipc_perm *shp, char __user *shmaddr, + int (*shm_alloc_security)(struct kern_ipc_perm *perm); + void (*shm_free_security)(struct kern_ipc_perm *perm); + int (*shm_associate)(struct kern_ipc_perm *perm, int shmflg); + int (*shm_shmctl)(struct kern_ipc_perm *perm, int cmd); + int (*shm_shmat)(struct kern_ipc_perm *perm, char __user *shmaddr, int shmflg); int (*sem_alloc_security)(struct kern_ipc_perm *perm);