[GIT PULL] SELinux patches for v5.6

From: Paul Moore
Date: Mon Jan 27 2020 - 17:26:38 EST


Hi Linus,

This is one of the bigger SELinux pull requests in recent years with
28 patches. Everything is passing our test suite and the highlights
are listed below, please merge them for v5.6.

- Mark CONFIG_SECURITY_SELINUX_DISABLE as deprecated. We're some time
away from actually attempting to remove this in the kernel, but the
only distro we know that still uses it (Fedora) is working on moving
away from this so we want to at least let people know we are planning
to remove it.

- Reorder the SELinux hooks to help prevent bad things when SELinux is
disabled at runtime. The proper fix is to remove the
CONFIG_SECURITY_SELINUX_DISABLE functionality (see above) and just
take care of it at boot time (e.g. "selinux=0").

- Add SELinux controls for the kernel lockdown functionality,
introducing a new SELinux class/permissions: "lockdown { integrity
confidentiality }".

- Add a SELinux control for move_mount(2) that reuses the "file {
mounton }" permission.

- Improvements to the SELinux security label data store lookup
functions to speed up translations between our internal label
representations and the visible string labels (both directions).

- Revisit a previous fix related to SELinux inode auditing and
permission caching and do it correctly this time.

- Fix the SELinux access decision cache to cleanup properly on error.
In some extreme cases this could limit the cache size and result in a
decrease in performance.

- Enable SELinux per-file labeling for binderfs.

- The SELinux initialized and disabled flags were wrapped with
accessors to ensure they are accessed correctly.

- Mark several key SELinux structures with __randomize_layout.

- Changes to the LSM build configuration to only build
security/lsm_audit.c when needed.

- Changes to the SELinux build configuration to only build the IB
object cache when CONFIG_SECURITY_INFINIBAND is enabled.

- Move a number of single-caller functions into their callers.

- Documentation fixes (/selinux -> /sys/fs/selinux).

- A handful of cleanup patches that aren't worth mentioning on their
own, the individual descriptions have plenty of detail.

Thanks,
-Paul

--
The following changes since commit e42617b825f8073569da76dc4510bfa019b1c35a:

Linux 5.5-rc1 (2019-12-08 14:57:55 -0800)

are available in the Git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20200127

for you to fetch changes up to 98aa00345de54b8340dc2ddcd87f446d33387b5e:

selinux: fix regression introduced by move_mount(2) syscall
(2020-01-20 07:42:37 -0500)

----------------------------------------------------------------
selinux/stable-5.6 PR 20200127

----------------------------------------------------------------
Hridya Valsaraju (1):
selinux: allow per-file labelling for binderfs

Huaisheng Ye (2):
selinux: remove redundant msg_msg_alloc_security
selinux: remove redundant selinux_nlmsg_perm

Jaihind Yadav (1):
selinux: ensure we cleanup the internal AVC counters on error in
avc_update()

Jeff Vander Stoep (1):
selinux: sidtab reverse lookup hash table

Ondrej Mosnacek (5):
selinux: cache the SID -> context string translation
selinux: treat atomic flags more carefully
selinux: reorder hooks to make runtime disable less broken
selinux: fix wrong buffer types in policydb.c
selinux: do not allocate ancillary buffer on first load

Paul Moore (4):
selinux: ensure we cleanup the internal AVC counters on error in
avc_insert()
selinux: ensure the policy has been loaded before reading the sidtab stats
selinux: deprecate disabling SELinux and runtime
selinux: remove redundant allocation and helper functions

Ravi Kumar Siddojigari (1):
selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND.

Stephen Smalley (10):
security,lockdown,selinux: implement SELinux lockdown
selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
selinux: fall back to ref-walk if audit is required
selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests
security: only build lsm_audit if CONFIG_SECURITY=y
selinux: clean up selinux_enabled/disabled/enforcing_boot
selinux: randomize layout of key structures
Documentation,selinux: fix references to old selinuxfs mount point
selinux: make default_noexec read-only after init
selinux: fix regression introduced by move_mount(2) syscall

Yang Guo (1):
selinux: remove unnecessary selinux cred request

YueHaibing (1):
selinux: remove set but not used variable 'sidtab'

liuyang34 (1):
selinuxfs: use scnprintf to get real length for inode

Documentation/ABI/obsolete/sysfs-selinux-disable | 26 ++
Documentation/admin-guide/kernel-parameters.txt | 9 +-
MAINTAINERS | 1 +
include/linux/lsm_audit.h | 2 +
include/linux/security.h | 2 +
security/Makefile | 2 +-
security/lockdown/lockdown.c | 27 --
security/lsm_audit.c | 5 +
security/security.c | 33 ++
security/selinux/Kconfig | 33 +-
security/selinux/Makefile | 4 +-
security/selinux/avc.c | 95 +++---
security/selinux/hooks.c | 388 ++++++++++--------
security/selinux/ibpkey.c | 2 +-
security/selinux/include/avc.h | 13 +-
security/selinux/include/classmap.h | 2 +
security/selinux/include/ibpkey.h | 13 +-
security/selinux/include/objsec.h | 2 +-
security/selinux/include/security.h | 40 ++-
security/selinux/netif.c | 2 +-
security/selinux/netnode.c | 2 +-
security/selinux/netport.c | 2 +-
security/selinux/selinuxfs.c | 87 ++++-
security/selinux/ss/context.h | 11 +-
security/selinux/ss/policydb.c | 9 +-
security/selinux/ss/policydb.h | 2 +-
security/selinux/ss/services.c | 312 +++++++++++-------
security/selinux/ss/services.h | 6 +-
security/selinux/ss/sidtab.c | 402 ++++++++++++-------
security/selinux/ss/sidtab.h | 70 +++-
30 files changed, 1045 insertions(+), 559 deletions(-)
create mode 100644 Documentation/ABI/obsolete/sysfs-selinux-disable

--
paul moore
www.paul-moore.com