[GIT PULL] Security subsystem update for 4.1

From: James Morris
Date: Tue Apr 14 2015 - 20:03:48 EST


Hi Linus,

Highlights for this window:

o Improved AVC hashing for SELinux by John Brooks and Stephen Smalley
o Addition of an unconfined label to Smack
o Smack documentation update
o TPM driver updates

Please pull.

---

The following changes since commit 80dcc31fbe55932ac9204daee5f2ebc0c49b6da3:

Merge tag 'gfs2-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 (2015-04-14 16:09:18 -0700)

are available in the git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

Casey Schaufler (2):
Smack: Allow an unconfined label in bringup mode
Smack: Updates for Smack documentation

Christophe Ricard (6):
tpm/tpm_i2c_stm_st33: Replace access to io_lpcpd from struct st33zp24_platform_data to tpm_stm_dev
tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy)
tpm/st33zp24/spi: Add st33zp24 spi phy
tpm/st33zp24/dts/st33zp24-spi: Add dts documentation for st33zp24 spi phy
tpm/st33zp24: Add proper wait for ordinal duration in case of irq mode
tpm/st33zp24/spi: Add missing device table for spi phy.

James Morris (3):
Merge tag 'yama-4.0' of git://git.kernel.org/.../kees/linux into next
Merge branch 'smack-for-4.1' of git://github.com/cschaufler/smack-next into next
Merge branch 'tomoyo-cleanup' of git://git.kernel.org/.../mmarek/kbuild into next

Jarkko Sakkinen (2):
tpm: fix call order in tpm-chip.c
tpm: fix: sanitized code paths in tpm_chip_register()

Jeff Vander Stoep (1):
selinux: remove unnecessary pointer reassignment

John Brooks (1):
selinux: Use a better hash function for avtab

José Bollo (1):
Smack: getting the Smack security context of keys

Kees Cook (1):
Yama: do not modify global sysctl table entry

Marcin Lis (1):
Smack: Assign smack_known_web as default smk_in label for kernel thread's socket

Michal Marek (3):
tomoyo: Use bin2c to generate builtin-policy.h
tomoyo: Use if_changed when generating builtin-policy.h
tomoyo: Do not generate empty policy files

Paul Gortmaker (1):
smack: Fix gcc warning from unused smack_syslog_lock mutex in smackfs.c

Paul Moore (1):
selinux: reconcile security_netlbl_secattr_to_sid() and mls_import_netlbl_cat()

Peter Huewe (3):
tpm: Update KConfig text to include TPM2.0 FIFO chips
MAINTAINERS: Add Jason as designated reviewer for TPM
tpm/tpm_infineon: Use struct dev_pm_ops for power management

Richard Guy Briggs (1):
lsm: copy comm before calling audit_log to avoid race in string printing

Stephen Smalley (3):
security/yama: Remove unnecessary selects from Kconfig.
selinux: convert avtab hash table to flex_array
selinux: increase avtab max buckets

jmlatten@xxxxxxxxxxxxxxxxxx (1):
tpm/ibmvtpm: Additional LE support for tpm_ibmvtpm_send

.../bindings/security/tpm/st33zp24-spi.txt | 34 +
Documentation/security/Smack.txt | 129 ++--
MAINTAINERS | 1 +
drivers/char/tpm/Kconfig | 20 +-
drivers/char/tpm/Makefile | 2 +-
drivers/char/tpm/st33zp24/Kconfig | 30 +
drivers/char/tpm/st33zp24/Makefile | 12 +
drivers/char/tpm/st33zp24/i2c.c | 276 ++++++
drivers/char/tpm/st33zp24/spi.c | 399 +++++++++
drivers/char/tpm/st33zp24/st33zp24.c | 698 +++++++++++++++
drivers/char/tpm/st33zp24/st33zp24.h | 37 +
drivers/char/tpm/tpm-chip.c | 92 ++-
drivers/char/tpm/tpm_i2c_stm_st33.c | 911 --------------------
drivers/char/tpm/tpm_ibmvtpm.c | 10 +-
drivers/char/tpm/tpm_ibmvtpm.h | 6 +-
drivers/char/tpm/tpm_infineon.c | 34 +-
.../platform_data/{tpm_stm_st33.h => st33zp24.h} | 21 +-
security/lsm_audit.c | 15 +-
security/selinux/avc.c | 6 +-
security/selinux/ss/avtab.c | 72 ++-
security/selinux/ss/avtab.h | 8 +-
security/selinux/ss/mls.c | 10 +-
security/selinux/ss/services.c | 6 +-
security/smack/smack.h | 8 +
security/smack/smack_access.c | 43 +-
security/smack/smack_lsm.c | 99 ++-
security/smack/smackfs.c | 97 ++-
security/tomoyo/.gitignore | 2 +-
security/tomoyo/Kconfig | 1 +
security/tomoyo/Makefile | 55 +-
.../tomoyo/policy/exception_policy.conf.default | 2 +
security/yama/Kconfig | 2 -
security/yama/yama_lsm.c | 13 +-
33 files changed, 1971 insertions(+), 1180 deletions(-)
create mode 100644 Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt
create mode 100644 drivers/char/tpm/st33zp24/Kconfig
create mode 100644 drivers/char/tpm/st33zp24/Makefile
create mode 100644 drivers/char/tpm/st33zp24/i2c.c
create mode 100644 drivers/char/tpm/st33zp24/spi.c
create mode 100644 drivers/char/tpm/st33zp24/st33zp24.c
create mode 100644 drivers/char/tpm/st33zp24/st33zp24.h
delete mode 100644 drivers/char/tpm/tpm_i2c_stm_st33.c
rename include/linux/platform_data/{tpm_stm_st33.h => st33zp24.h} (60%)
create mode 100644 security/tomoyo/policy/exception_policy.conf.default