[GIT PULL] Security subsystem updates for 4.11

From: James Morris
Date: Tue Feb 21 2017 - 03:20:44 EST


Hi Linus,

Highlights:

o major AppArmor update: policy namespaces & lots of fixes

o add /sys/kernel/security/lsm node for easy detection of loaded LSMs

o SELinux cgroupfs labeling support

o SELinux context mounts on tmpfs, ramfs, devpts within user namespaces

o improved TPM 2.0 support


Please pull!

---

The following changes since commit c470abd4fde40ea6a0846a2beab642a578c0b8cd:

Linux 4.10 (2017-02-19 14:34:00 -0800)

are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

Antonio Murdaca (1):
selinux: allow changing labels for cgroupfs

Casey Schaufler (1):
LSM: Add /sys/kernel/security/lsm

Corentin Labbe (1):
tpm/st33zp24: Remove unneeded linux/miscdevice.h include

Dan Carpenter (3):
tpm: silence an array overflow warning
KEYS: Fix an error code in request_master_key()
KEYS: Use memzero_explicit() for secret data

Dmitry Torokhov (1):
tpm: fix misspelled "facilitate" in module parameter description

Felix Fietkau (1):
sign-file: fix build error in sign-file.c with libressl

Gary Tierney (2):
selinux: log errors when loading new policy
selinux: default to security isid in sel_make_bools() if no sid is found

Geliang Tang (1):
tpm/tpm_tis_spi: drop duplicate header module.h

Himanshu Shukla (3):
SMACK: Delete list_head repeated initialization
SMACK: Free the i_security blob in inode using RCU
SMACK: Use smk_tskacc() instead of smk_access() for proper logging

James Morris (3):
Merge branch 'smack-for-4.11' of git://github.com/cschaufler/smack-next into next
Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/selinux into next
Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/selinux into next

Jarkko Sakkinen (3):
tpm: remove tpm_read_index and tpm_write_index from tpm.h
tpm: fix RC value check in tpm2_seal_trusted
tpm: declare tpm2_get_pcr_allocation() as static

Jason Gunthorpe (2):
tpm: Do not print an error message when doing TPM auto startup
tpm: Begin the process to deprecate user_read_timer

Jiandi An (1):
tpm, tpm_crb: Handle 64-bit resource in crb_check_resource()

John Johansen (57):
apparmor: move lib definitions into separate lib include
apparmor: split out shared policy_XXX fns to lib
apparmor: split apparmor policy namespaces code into its own file
apparmor: rename namespace to ns to improve code line lengths
apparmor: rename sid to secid
apparmor: rename PFLAG_INVALID to PFLAG_STALE
apparmor: rename replacedby to proxy
apparmor: add strn version of lookup_profile fn
apparmor: add strn version of aa_find_ns
apparmor: add lib fn to find the "split" for fqnames
apparmor: add fn to lookup profiles by fqname
apparmor: allow ns visibility question to consider subnses
apparmor: add macro for bug asserts to check that a lock is held
apparmor: add debug assert AA_BUG and Kconfig to control debug info
apparmor: rename mediated_filesystem() to path_mediated_fs()
apparmor: rename hname_tail to basename
apparmor: constify policy name and hname
apparmor: pass gfp param into aa_policy_init()
apparmor: update policy_destroy to use new debug asserts
apparmor: refactor prepare_ns() and make usable from different views
apparmor: pass gfp_t parameter into profile allocation
apparmor: name null-XXX profiles after the executable
apparmor: remove paranoid load switch
apparmor: add support for force complain flag to support learning mode
apparmor: prepare to support newer versions of policy
apparmor: add get_dfa() fn
apparmor: allow policydb to be used as the file dfa
apparmor: add a default null dfa
apparmor: provide userspace flag indicating binfmt_elf_mmap change
apparmor: add special .null file used to "close" fds at exec
apparmor: track ns level so it can be used to help in view checks
apparmor: Make aa_remove_profile() callable from a different view
apparmor: allow introspecting the policy namespace name
apparmor: allow specifying the profile doing the management
apparmor: add ns being viewed as a param to policy_view_capable()
apparmor: add ns being viewed as a param to policy_admin_capable()
apparmor: add profile and ns params to aa_may_manage_policy()
apparmor: add ns name to the audit data for policy loads
apparmor: allow introspecting the loaded policy pre internal transform
apparmor: audit policy ns specified in policy load
apparmor: pass the subject profile into profile replace/remove
apparmor: add per policy ns .load, .replace, .remove interface files
apparmor: fail task profile update if current_cred isn't real_cred
apparmor: rename context abreviation cxt to the more standard ctx
apparmor: change op from int to const char *
apparmor: change aad apparmor_audit_data macro to a fn macro
apparmor: remove unused op parameter from simple_write_to_buffer()
apparmor: fix change_hat debug output
apparmor: convert change_profile to use fqname later to give better control
apparmor: make computing policy hashes conditional on kernel parameter
apparmor: update cap audit to check SECURITY_CAP_NOAUDIT
apparmor: add per cpu work buffers to avoid allocating buffers at every hook
apparmor: add check for apparmor enabled in module parameters missing it
apparmor: fix restricted endian type warnings for dfa unpack
apparmor: fix restricted endian type warnings for policy unpack
apparmor: replace remaining BUG_ON() asserts with AA_BUG()
apparmor: fix undefined reference to `aa_g_hash_policy'

Julia Lawall (1):
tpm xen: drop unneeded chip variable

Kees Cook (1):
apparmor: use designated initializers

Lans Zhang (1):
ima: allow to check MAY_APPEND

Maciej S. Szmigiero (2):
tpm_tis: use default timeout value if chip reports it as zero
tpm_tis: fix iTPM probe via probe_itpm() function

Mathias Svensson (1):
samples/seccomp: fix 64-bit comparison macros

Mickaël Salaün (1):
security: Fix inode_getattr documentation

Mike Frysinger (1):
seccomp: dump core when using SECCOMP_RET_KILL

Mimi Zohar (1):
ima: fix ima_d_path() possible race with rename

Nayna Jain (4):
tpm: implement TPM 2.0 capability to get active PCR banks
tpm: enhance TPM 2.0 PCR extend to support multiple banks
tpm: enhance read_log_of() to support Physical TPM event log
tpm: add securityfs support for TPM 2.0 firmware event log

Rafal Krypa (1):
Smack: fix d_instantiate logic for sockfs and pipefs

Seung-Woo Kim (1):
Smack: ignore private inode for file functions

Stefan Berger (3):
tpm: Check size of response before accessing data
tpm: fix the type of owned field in cap_t
tpm: Fix expected number of response bytes of TPM1.2 PCR Extend

Stephen Smalley (8):
selinux: support distinctions among all network address families
selinux: handle ICMPv6 consistently with ICMP
selinux: allow context mounts on tmpfs, ramfs, devpts within user namespaces
selinux: clean up cred usage and simplify
proc,security: move restriction on writing /proc/pid/attr nodes to proc
selinux: drop unused socket security classes
security,selinux,smack: kill security_task_wait hook
selinux: fix off-by-one in setprocattr

Tetsuo Handa (1):
AppArmor: Use GFP_KERNEL for __aa_kvmalloc().

Tyler Hicks (1):
apparmor: sysctl to enable unprivileged user ns AppArmor policy loading

Vishal Goel (5):
SMACK: Add the rcu synchronization mechanism in ipv6 hooks
Smack: Fix the issue of permission denied error in ipv6 hook
Smack: Fix the issue of wrong SMACK label update in socket bind fail case
SMACK: Add new lock for adding entry in smack master list
Smack: Traverse the smack_known_list using list_for_each_entry_rcu macro

Wei Yongjun (1):
tpm_tis: fix the error handling of init_tis()

William Hua (1):
apparmor: support querying extended trusted helper extra data

Winkler, Tomas (4):
tpm: add kdoc for tpm_transmit and tpm_transmit_cmd
tpm/tpm2-chip: fix kdoc errors
tmp: use pdev for parent device in tpm_chip_alloc
tpm/vtpm: fix kdoc warnings

Yongqin Liu (1):
selinux: add security in-core xattr support for tracefs

Documentation/security/LSM.txt | 7 +
drivers/char/tpm/Kconfig | 1 +
drivers/char/tpm/Makefile | 2 +-
drivers/char/tpm/st33zp24/st33zp24.c | 1 -
drivers/char/tpm/tpm-chip.c | 8 +-
drivers/char/tpm/tpm-dev.c | 5 +-
drivers/char/tpm/tpm-interface.c | 175 +++--
drivers/char/tpm/tpm-sysfs.c | 28 +-
drivers/char/tpm/tpm.h | 45 +-
.../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} | 35 +-
drivers/char/tpm/tpm2-cmd.c | 338 ++++++---
drivers/char/tpm/tpm2_eventlog.c | 203 +++++
drivers/char/tpm/tpm_acpi.c | 3 +
drivers/char/tpm/tpm_atmel.h | 6 +
drivers/char/tpm/tpm_crb.c | 8 +-
drivers/char/tpm/tpm_eventlog.h | 51 ++-
drivers/char/tpm/tpm_ibmvtpm.c | 106 ++--
drivers/char/tpm/tpm_nsc.c | 12 +
drivers/char/tpm/tpm_of.c | 27 +-
drivers/char/tpm/tpm_tis.c | 4 +-
drivers/char/tpm/tpm_tis_core.c | 30 +-
drivers/char/tpm/tpm_tis_core.h | 2 +-
drivers/char/tpm/tpm_tis_spi.c | 1 -
drivers/char/tpm/tpm_vtpm_proxy.c | 48 +-
drivers/char/tpm/xen-tpmfront.c | 2 -
fs/proc/base.c | 13 +-
include/linux/lsm_hooks.h | 25 +-
include/linux/security.h | 10 +-
kernel/exit.c | 19 +-
kernel/seccomp.c | 29 +-
samples/seccomp/bpf-helper.h | 125 ++--
scripts/sign-file.c | 4 +-
security/apparmor/Kconfig | 31 +-
security/apparmor/Makefile | 2 +-
security/apparmor/apparmorfs.c | 681 ++++++++++++++---
security/apparmor/audit.c | 98 +--
security/apparmor/capability.c | 26 +-
security/apparmor/context.c | 107 ++--
security/apparmor/crypto.c | 39 +-
security/apparmor/domain.c | 137 ++--
security/apparmor/file.c | 80 +-
security/apparmor/include/apparmor.h | 82 +--
security/apparmor/include/apparmorfs.h | 21 +-
security/apparmor/include/audit.h | 152 ++--
security/apparmor/include/context.h | 84 ++-
security/apparmor/include/crypto.h | 5 +
security/apparmor/include/domain.h | 4 +-
security/apparmor/include/file.h | 9 +-
security/apparmor/include/lib.h | 200 +++++
security/apparmor/include/match.h | 26 +-
security/apparmor/include/path.h | 53 ++
security/apparmor/include/policy.h | 199 ++----
security/apparmor/include/policy_ns.h | 147 ++++
security/apparmor/include/policy_unpack.h | 28 +-
security/apparmor/include/{sid.h => secid.h} | 18 +-
security/apparmor/ipc.c | 18 +-
security/apparmor/lib.c | 111 +++-
security/apparmor/lsm.c | 327 ++++++---
security/apparmor/match.c | 47 +-
security/apparmor/nulldfa.in | 1 +
security/apparmor/policy.c | 824 ++++++++------------
security/apparmor/policy_ns.c | 346 ++++++++
security/apparmor/policy_unpack.c | 257 +++++--
security/apparmor/procattr.c | 38 +-
security/apparmor/resource.c | 17 +-
security/apparmor/secid.c | 55 ++
security/apparmor/sid.c | 55 --
security/commoncap.c | 3 +-
security/inode.c | 26 +-
security/integrity/ima/ima.h | 2 +-
security/integrity/ima/ima_api.c | 23 +-
security/integrity/ima/ima_main.c | 14 +-
security/keys/encrypted-keys/encrypted.c | 4 +-
security/loadpin/loadpin.c | 2 +-
security/security.c | 48 +-
security/selinux/hooks.c | 383 +++++-----
security/selinux/include/classmap.h | 62 ++
security/selinux/include/objsec.h | 10 +
security/selinux/include/security.h | 3 +-
security/selinux/selinuxfs.c | 98 ++-
security/selinux/ss/services.c | 3 +
security/smack/smack.h | 3 +
security/smack/smack_lsm.c | 147 +++--
security/smack/smackfs.c | 5 +
security/tomoyo/tomoyo.c | 2 +-
security/yama/yama_lsm.c | 2 +-
86 files changed, 4282 insertions(+), 2256 deletions(-)
rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
create mode 100644 drivers/char/tpm/tpm2_eventlog.c
create mode 100644 security/apparmor/include/lib.h
create mode 100644 security/apparmor/include/policy_ns.h
rename security/apparmor/include/{sid.h => secid.h} (50%)
create mode 100644 security/apparmor/nulldfa.in
create mode 100644 security/apparmor/policy_ns.c
create mode 100644 security/apparmor/secid.c
delete mode 100644 security/apparmor/sid.c