diff options
author | Kevin Hilman <khilman@linaro.org> | 2015-11-11 15:24:46 -0800 |
---|---|---|
committer | Kevin Hilman <khilman@linaro.org> | 2015-11-11 15:24:46 -0800 |
commit | 6679a18a14a4ff9fae7fb0ee554e7161619308ad (patch) | |
tree | 92d5c10caec1803ee98447eac09892e713956523 | |
parent | c9e5228eb9632625c04800dcbd2a83dc0542fbce (diff) | |
parent | 24dc742abc1fa4f953b42750ec08e3ec4586de42 (diff) |
Merge branch 'v3.18/topic/aosp' into linux-linaro-lsk-v3.18-android
* v3.18/topic/aosp: (25 commits)
wakeup: Add the guard condition for len in pm_get_active_wakeup_sources
CHROMIUM: android: Unconditionally remove callbacks in sync_fence_free()
CHROMIUM: android: fix warning when releasing active sync point
mm: reorder can_do_mlock to fix audit denial
staging: ion: debugfs to shrink pool
usb: gadget: configfs: handle gadget reset request for android
Enable adb with android-pipe in IA image
selinux: Android kernel compatibility with M userspace
selinux: extended permissions for ioctls
security: add ioctl specific auditing to lsm_audit
selinux: remove unnecessary pointer reassignment
Revert "security: lsm_audit: add ioctl specific auditing"
Revert "SELinux: per-command whitelisting of ioctls"
Revert "SELinux: use deletion-safe iterator to free list"
Revert "SELinux: ss: Fix policy write for ioctl operations"
android: add CONFIG_DEBUG_RODATA to recommended config
arm: mm: support ARCH_MMAP_RND_BITS.
mm: mmap: Add new /proc tunable for mmap_base ASLR.
Don't kill IPv4 sockets when killing IPv6 sockets was requested.
uid_cputime: Check for the range while removing range of UIDs.
...
Conflicts:
drivers/usb/gadget/Kconfig
Conflict due to android-3.18 merge trying to sneak in Android
Composite Gadget "USB_G_ANDROID" changes into
drivers/usb/gadget/Kconfig which we have already moved to
drivers/usb/gadget/legacy/Kconfig during last restructuring.
Resolution (as recommended by Amit Pundir)
Delete "USB_G_ANDROID" and dependent config option and keep only
USB_CONFIGFS_F_MIDI specific changes from AOSP commit 2ccf4f4f216f
"usb: gadget: Remove circular dependency on Config".
33 files changed, 735 insertions, 516 deletions
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt index 57baff5bdb80..62044945a118 100644 --- a/Documentation/sysctl/kernel.txt +++ b/Documentation/sysctl/kernel.txt @@ -41,6 +41,7 @@ show up in /proc/sys/kernel: - kptr_restrict - kstack_depth_to_print [ X86 only ] - l2cr [ PPC only ] +- mmap_rnd_bits - modprobe ==> Documentation/debugging-modules.txt - modules_disabled - msg_next_id [ sysv ipc ] @@ -386,6 +387,19 @@ This flag controls the L2 cache of G3 processor boards. If ============================================================== +mmap_rnd_bits: + +This value can be used to select the number of bits to use to +determine the random offset to the base address of vma regions +resulting from mmap allocations on architectures which support +tuning address space randomization. This value will be bounded +by the architecture's minimum and maximum supported values. + +This value can be changed after boot using the +/proc/sys/kernel/mmap_rnd_bits tunable + +============================================================== + modules_disabled: A toggle value indicating if modules are allowed to be loaded diff --git a/android/configs/android-recommended.cfg b/android/configs/android-recommended.cfg index 960b9de2860d..562de015f05c 100644 --- a/android/configs/android-recommended.cfg +++ b/android/configs/android-recommended.cfg @@ -6,11 +6,13 @@ # CONFIG_PM_WAKELOCKS_GC is not set # CONFIG_VT is not set CONFIG_ANDROID_TIMED_GPIO=y +CONFIG_ARM_KERNMEM_PERMS=y CONFIG_BACKLIGHT_LCD_SUPPORT=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_SIZE=8192 CONFIG_COMPACTION=y +CONFIG_DEBUG_RODATA=y CONFIG_DM_UEVENT=y CONFIG_DRAGONRISE_FF=y CONFIG_ENABLE_DEFAULT_TRACERS=y diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 6fc091ca09d5..424f1576b651 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -296,6 +296,30 @@ config MMU Select if you want MMU-based virtualised addressing space support by paged memory management. If unsure, say 'Y'. +config ARCH_MMAP_RND_BITS_MIN + int + default 8 + +config ARCH_MMAP_RND_BITS_MAX + int + default 14 if MMU && PAGE_OFFSET=0x40000000 + default 15 if MMU && PAGE_OFFSET=0x80000000 + default 16 if MMU + default 8 + +config ARCH_MMAP_RND_BITS + int "Number of bits to use for ASLR of mmap base address" if EXPERT + range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX + default ARCH_MMAP_RND_BITS_MIN + help + This value can be used to select the number of bits to use to + determine the random offset to the base address of vma regions + resulting from mmap allocations. This value will be bounded + by the architecture's minimum and maximum supported values. + + This value can be changed after boot using the + /proc/sys/kernel/mmap_rnd_bits tunable + # # The "ARM system type" choice list is ordered alphabetically by option # text. Please add new entries in the option alphabetic order. diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c index 5e85ed371364..290cbb310486 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -11,6 +11,10 @@ #include <linux/random.h> #include <asm/cachetype.h> +int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN; +int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX; +int mmap_rnd_bits = CONFIG_ARCH_MMAP_RND_BITS; + #define COLOUR_ALIGN(addr,pgoff) \ ((((addr)+SHMLBA-1)&~(SHMLBA-1)) + \ (((pgoff)<<PAGE_SHIFT) & (SHMLBA-1))) @@ -173,10 +177,9 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; - /* 8 bits of randomness in 20 address space bits */ if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) - random_factor = (get_random_int() % (1 << 8)) << PAGE_SHIFT; + random_factor = (get_random_int() % (1 << mmap_rnd_bits)) << PAGE_SHIFT; if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c index f1cf53abd32b..e730f64cffcb 100644 --- a/drivers/base/power/wakeup.c +++ b/drivers/base/power/wakeup.c @@ -677,7 +677,7 @@ void pm_get_active_wakeup_sources(char *pending_wakeup_source, size_t max) rcu_read_lock(); list_for_each_entry_rcu(ws, &wakeup_sources, entry) { - if (ws->active) { + if (ws->active && len < max) { if (!active) len += scnprintf(pending_wakeup_source, max, "Pending Wakeup Sources: "); diff --git a/drivers/dma-buf/fence.c b/drivers/dma-buf/fence.c index 7bb9d65d9a2c..ae50011fba3e 100644 --- a/drivers/dma-buf/fence.c +++ b/drivers/dma-buf/fence.c @@ -301,8 +301,12 @@ fence_remove_callback(struct fence *fence, struct fence_cb *cb) spin_lock_irqsave(fence->lock, flags); ret = !list_empty(&cb->node); - if (ret) + if (ret) { list_del_init(&cb->node); + if (list_empty(&fence->cb_list)) + if (fence->ops->disable_signaling) + fence->ops->disable_signaling(fence); + } spin_unlock_irqrestore(fence->lock, flags); diff --git a/drivers/misc/uid_cputime.c b/drivers/misc/uid_cputime.c index 43298a43ecc3..c751188ce2ab 100644 --- a/drivers/misc/uid_cputime.c +++ b/drivers/misc/uid_cputime.c @@ -174,14 +174,15 @@ static ssize_t uid_remove_write(struct file *file, kstrtol(end_uid, 10, &uid_end) != 0) { return -EINVAL; } - mutex_lock(&uid_lock); for (; uid_start <= uid_end; uid_start++) { hash_for_each_possible_safe(hash_table, uid_entry, tmp, - hash, uid_start) { - hash_del(&uid_entry->hash); - kfree(uid_entry); + hash, (uid_t)uid_start) { + if (uid_start == uid_entry->uid) { + hash_del(&uid_entry->hash); + kfree(uid_entry); + } } } diff --git a/drivers/platform/Kconfig b/drivers/platform/Kconfig index 09fde58b12e0..bf45a623a5d2 100644 --- a/drivers/platform/Kconfig +++ b/drivers/platform/Kconfig @@ -1,8 +1,6 @@ if X86 source "drivers/platform/x86/Kconfig" endif -if GOLDFISH source "drivers/platform/goldfish/Kconfig" -endif source "drivers/platform/chrome/Kconfig" diff --git a/drivers/platform/goldfish/Kconfig b/drivers/platform/goldfish/Kconfig index 635ef25cc722..f4f00f75d267 100644 --- a/drivers/platform/goldfish/Kconfig +++ b/drivers/platform/goldfish/Kconfig @@ -1,5 +1,23 @@ +menuconfig GOLDFISH + bool "Platform support for Goldfish virtual devices" + depends on X86_32 || X86_64 || ARM || ARM64 || MIPS + ---help--- + Say Y here to get to see options for the Goldfish virtual platform. + This option alone does not add any kernel code. + + Unless you are building for the Android Goldfish emulator say N here. + +if GOLDFISH + +config GOLDFISH_BUS + tristate "Goldfish platform bus" + ---help--- + This is a virtual bus to host Goldfish Android Virtual Devices. + config GOLDFISH_PIPE tristate "Goldfish virtual device for QEMU pipes" ---help--- This is a virtual device to drive the QEMU pipe interface used by the Goldfish Android Virtual Device. + +endif # GOLDFISH diff --git a/drivers/platform/goldfish/Makefile b/drivers/platform/goldfish/Makefile index a0022395eee9..d3487125838c 100644 --- a/drivers/platform/goldfish/Makefile +++ b/drivers/platform/goldfish/Makefile @@ -1,5 +1,5 @@ # # Makefile for Goldfish platform specific drivers # -obj-$(CONFIG_GOLDFISH) += pdev_bus.o +obj-$(CONFIG_GOLDFISH_BUS) += pdev_bus.o obj-$(CONFIG_GOLDFISH_PIPE) += goldfish_pipe.o diff --git a/drivers/platform/goldfish/goldfish_pipe.c b/drivers/platform/goldfish/goldfish_pipe.c index d9a09d9637d9..9ceac07245a1 100644 --- a/drivers/platform/goldfish/goldfish_pipe.c +++ b/drivers/platform/goldfish/goldfish_pipe.c @@ -2,6 +2,7 @@ * Copyright (C) 2011 Google, Inc. * Copyright (C) 2012 Intel, Inc. * Copyright (C) 2013 Intel, Inc. + * Copyright (C) 2014 Linaro Limited * * This software is licensed under the terms of the GNU General Public * License version 2, as published by the Free Software Foundation, and @@ -57,6 +58,8 @@ #include <linux/slab.h> #include <linux/io.h> #include <linux/goldfish.h> +#include <linux/mm.h> +#include <linux/acpi.h> /* * IMPORTANT: The following constants must match the ones used and defined @@ -75,6 +78,7 @@ #define PIPE_REG_PARAMS_ADDR_LOW 0x18 /* read/write: batch data address */ #define PIPE_REG_PARAMS_ADDR_HIGH 0x1c /* read/write: batch data address */ #define PIPE_REG_ACCESS_PARAMS 0x20 /* write: batch access */ +#define PIPE_REG_VERSION 0x24 /* read: device version */ /* list of commands for PIPE_REG_COMMAND */ #define CMD_OPEN 1 /* open new channel */ @@ -90,12 +94,6 @@ #define CMD_WRITE_BUFFER 4 /* send a user buffer to the emulator */ #define CMD_WAKE_ON_WRITE 5 /* tell the emulator to wake us when writing is possible */ - -/* The following commands are related to read operations, they must be - * listed in the same order than the corresponding write ones, since we - * will use (CMD_READ_BUFFER - CMD_WRITE_BUFFER) as a special offset - * in goldfish_pipe_read_write() below. - */ #define CMD_READ_BUFFER 6 /* receive a user buffer from the emulator */ #define CMD_WAKE_ON_READ 7 /* tell the emulator to wake us when reading * is possible */ @@ -130,6 +128,7 @@ struct goldfish_pipe_dev { unsigned char __iomem *base; struct access_params *aps; int irq; + u32 version; }; static struct goldfish_pipe_dev pipe_dev[1]; @@ -263,19 +262,14 @@ static int access_with_param(struct goldfish_pipe_dev *dev, const int cmd, return 0; } -/* This function is used for both reading from and writing to a given - * pipe. - */ static ssize_t goldfish_pipe_read_write(struct file *filp, char __user *buffer, size_t bufflen, int is_write) { unsigned long irq_flags; struct goldfish_pipe *pipe = filp->private_data; struct goldfish_pipe_dev *dev = pipe->dev; - const int cmd_offset = is_write ? 0 - : (CMD_READ_BUFFER - CMD_WRITE_BUFFER); unsigned long address, address_end; - int ret = 0; + int count = 0, ret = -EINVAL; /* If the emulator already closed the pipe, no need to go further */ if (test_bit(BIT_CLOSED_ON_HOST, &pipe->flags)) @@ -303,74 +297,100 @@ static ssize_t goldfish_pipe_read_write(struct file *filp, char __user *buffer, : address_end; unsigned long avail = next - address; int status, wakeBit; - - /* Ensure that the corresponding page is properly mapped */ - /* FIXME: this isn't safe or sufficient - use get_user_pages */ - if (is_write) { - char c; - /* Ensure that the page is mapped and readable */ - if (__get_user(c, (char __user *)address)) { - if (!ret) - ret = -EFAULT; - break; - } + struct page *page; + + /* Either vaddr or paddr depending on the device version */ + unsigned long xaddr; + + /* + * We grab the pages on a page-by-page basis in case user + * space gives us a potentially huge buffer but the read only + * returns a small amount, then there's no need to pin that + * much memory to the process. + */ + down_read(¤t->mm->mmap_sem); + ret = get_user_pages(current, current->mm, address, 1, + !is_write, 0, &page, NULL); + up_read(¤t->mm->mmap_sem); + if (ret < 0) + return ret; + + if (dev->version) { + /* Device version 1 or newer (qemu-android) expects the + * physical address. */ + xaddr = page_to_phys(page) | (address & ~PAGE_MASK); } else { - /* Ensure that the page is mapped and writable */ - if (__put_user(0, (char __user *)address)) { - if (!ret) - ret = -EFAULT; - break; - } + /* Device version 0 (classic emulator) expects the + * virtual address. */ + xaddr = address; } /* Now, try to transfer the bytes in the current page */ spin_lock_irqsave(&dev->lock, irq_flags); - if (access_with_param(dev, CMD_WRITE_BUFFER + cmd_offset, - address, avail, pipe, &status)) { + if (access_with_param(dev, + is_write ? CMD_WRITE_BUFFER : CMD_READ_BUFFER, + xaddr, avail, pipe, &status)) { gf_write64((u64)(unsigned long)pipe, dev->base + PIPE_REG_CHANNEL, dev->base + PIPE_REG_CHANNEL_HIGH); writel(avail, dev->base + PIPE_REG_SIZE); - gf_write64(address, dev->base + PIPE_REG_ADDRESS, + gf_write64(xaddr, dev->base + PIPE_REG_ADDRESS, dev->base + PIPE_REG_ADDRESS_HIGH); - writel(CMD_WRITE_BUFFER + cmd_offset, - dev->base + PIPE_REG_COMMAND); + writel(is_write ? CMD_WRITE_BUFFER : CMD_READ_BUFFER, + dev->base + PIPE_REG_COMMAND); status = readl(dev->base + PIPE_REG_STATUS); } spin_unlock_irqrestore(&dev->lock, irq_flags); + if (status > 0 && !is_write) + set_page_dirty(page); + put_page(page); + if (status > 0) { /* Correct transfer */ - ret += status; + count += status; address += status; continue; - } - - if (status == 0) /* EOF */ + } else if (status == 0) { /* EOF */ + ret = 0; break; - - /* An error occured. If we already transfered stuff, just - * return with its count. We expect the next call to return - * an error code */ - if (ret > 0) + } else if (status < 0 && count > 0) { + /* + * An error occured and we already transfered + * something on one of the previous pages. + * Just return what we already copied and log this + * err. + * + * Note: This seems like an incorrect approach but + * cannot change it until we check if any user space + * ABI relies on this behavior. + */ + if (status != PIPE_ERROR_AGAIN) + pr_info_ratelimited("goldfish_pipe: backend returned error %d on %s\n", + status, is_write ? "write" : "read"); + ret = 0; break; + } - /* If the error is not PIPE_ERROR_AGAIN, or if we are not in - * non-blocking mode, just return the error code. - */ + /* + * If the error is not PIPE_ERROR_AGAIN, or if we are not in + * non-blocking mode, just return the error code. + */ if (status != PIPE_ERROR_AGAIN || (filp->f_flags & O_NONBLOCK) != 0) { ret = goldfish_pipe_error_convert(status); break; } - /* We will have to wait until more data/space is available. - * First, mark the pipe as waiting for a specific wake signal. - */ + /* + * The backend blocked the read/write, wait until the backend + * tells us it's ready to process more data. + */ wakeBit = is_write ? BIT_WAKE_ON_WRITE : BIT_WAKE_ON_READ; set_bit(wakeBit, &pipe->flags); /* Tell the emulator we're going to wait for a wake event */ - goldfish_cmd(pipe, CMD_WAKE_ON_WRITE + cmd_offset); + goldfish_cmd(pipe, + is_write ? CMD_WAKE_ON_WRITE : CMD_WAKE_ON_READ); /* Unlock the pipe, then wait for the wake signal */ mutex_unlock(&pipe->lock); @@ -378,22 +398,29 @@ static ssize_t goldfish_pipe_read_write(struct file *filp, char __user *buffer, while (test_bit(wakeBit, &pipe->flags)) { if (wait_event_interruptible( pipe->wake_queue, - !test_bit(wakeBit, &pipe->flags))) - return -ERESTARTSYS; + !test_bit(wakeBit, &pipe->flags))) { + ret = -ERESTARTSYS; + break; + } - if (test_bit(BIT_CLOSED_ON_HOST, &pipe->flags)) - return -EIO; + if (test_bit(BIT_CLOSED_ON_HOST, &pipe->flags)) { + ret = -EIO; + break; + } } /* Try to re-acquire the lock */ - if (mutex_lock_interruptible(&pipe->lock)) - return -ERESTARTSYS; - - /* Try the transfer again */ - continue; + if (mutex_lock_interruptible(&pipe->lock)) { + ret = -ERESTARTSYS; + break; + } } mutex_unlock(&pipe->lock); - return ret; + + if (ret < 0) + return ret; + else + return count; } static ssize_t goldfish_pipe_read(struct file *filp, char __user *buffer, @@ -446,10 +473,11 @@ static irqreturn_t goldfish_pipe_interrupt(int irq, void *dev_id) unsigned long irq_flags; int count = 0; - /* We're going to read from the emulator a list of (channel,flags) - * pairs corresponding to the wake events that occured on each - * blocked pipe (i.e. channel). - */ + /* + * We're going to read from the emulator a list of (channel,flags) + * pairs corresponding to the wake events that occured on each + * blocked pipe (i.e. channel). + */ spin_lock_irqsave(&dev->lock, irq_flags); for (;;) { /* First read the channel, 0 means the end of the list */ @@ -600,6 +628,11 @@ static int goldfish_pipe_probe(struct platform_device *pdev) goto error; } setup_access_params_addr(pdev, dev); + + /* Although the pipe device in the classic Android emulator does not + * recognize the 'version' register, it won't treat this as an error + * either and will simply return 0, which is fine. */ + dev->version = readl(dev->base + PIPE_REG_VERSION); return 0; error: @@ -615,11 +648,26 @@ static int goldfish_pipe_remove(struct platform_device *pdev) return 0; } +static const struct acpi_device_id goldfish_pipe_acpi_match[] = { + { "GFSH0003", 0 }, + { }, +}; +MODULE_DEVICE_TABLE(acpi, goldfish_pipe_acpi_match); + +static const struct of_device_id goldfish_pipe_of_match[] = { + { .compatible = "generic,android-pipe", }, + {}, +}; +MODULE_DEVICE_TABLE(of, goldfish_pipe_of_match); + static struct platform_driver goldfish_pipe = { .probe = goldfish_pipe_probe, .remove = goldfish_pipe_remove, .driver = { - .name = "goldfish_pipe" + .name = "goldfish_pipe", + .owner = THIS_MODULE, + .of_match_table = goldfish_pipe_of_match, + .acpi_match_table = ACPI_PTR(goldfish_pipe_acpi_match), } }; diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index 710393a72a8a..183748919ba6 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -26,7 +26,6 @@ #include <linux/miscdevice.h> #include <linux/mm.h> #include <linux/module.h> -#include <linux/rtmutex.h> #include <linux/mutex.h> #include <linux/nsproxy.h> #include <linux/poll.h> @@ -43,7 +42,7 @@ #include "binder.h" #include "binder_trace.h" -static DEFINE_RT_MUTEX(binder_main_lock); +static DEFINE_MUTEX(binder_main_lock); static DEFINE_MUTEX(binder_deferred_lock); static DEFINE_MUTEX(binder_mmap_lock); @@ -423,14 +422,14 @@ static long task_close_fd(struct binder_proc *proc, unsigned int fd) static inline void binder_lock(const char *tag) { trace_binder_lock(tag); - rt_mutex_lock(&binder_main_lock); + mutex_lock(&binder_main_lock); trace_binder_locked(tag); } static inline void binder_unlock(const char *tag) { trace_binder_unlock(tag); - rt_mutex_unlock(&binder_main_lock); + mutex_unlock(&binder_main_lock); } static void binder_set_nice(long nice) @@ -3592,13 +3591,24 @@ static int binder_transactions_show(struct seq_file *m, void *unused) static int binder_proc_show(struct seq_file *m, void *unused) { + struct binder_proc *itr; struct binder_proc *proc = m->private; int do_lock = !binder_debug_no_lock; + bool valid_proc = false; if (do_lock) binder_lock(__func__); - seq_puts(m, "binder proc state:\n"); - print_binder_proc(m, proc, 1); + + hlist_for_each_entry(itr, &binder_procs, proc_node) { + if (itr == proc) { + valid_proc = true; + break; + } + } + if (valid_proc) { + seq_puts(m, "binder proc state:\n"); + print_binder_proc(m, proc, 1); + } if (do_lock) binder_unlock(__func__); return 0; diff --git a/drivers/staging/android/ion/Kconfig b/drivers/staging/android/ion/Kconfig index 301948cc48bd..356e10969272 100644 --- a/drivers/staging/android/ion/Kconfig +++ b/drivers/staging/android/ion/Kconfig @@ -35,7 +35,7 @@ config ION_TEGRA config ION_POOL_CACHE_POLICY bool "Ion set page pool cache policy" - depends on ION + depends on ION && X86 default y if X86 help Choose this option if need to explicity set cache policy of the diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index b1a3e1a2d936..65b46fab72e5 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -1463,7 +1463,6 @@ static const struct file_operations debug_heap_fops = { .release = single_release, }; -#ifdef DEBUG_HEAP_SHRINKER static int debug_shrink_set(void *data, u64 val) { struct ion_heap *heap = data; @@ -1471,15 +1470,14 @@ static int debug_shrink_set(void *data, u64 val) int objs; sc.gfp_mask = -1; - sc.nr_to_scan = 0; - - if (!val) - return 0; + sc.nr_to_scan = val; - objs = heap->shrinker.shrink(&heap->shrinker, &sc); - sc.nr_to_scan = objs; + if (!val) { + objs = heap->shrinker.count_objects(&heap->shrinker, &sc); + sc.nr_to_scan = objs; + } - heap->shrinker.shrink(&heap->shrinker, &sc); + heap->shrinker.scan_objects(&heap->shrinker, &sc); return 0; } @@ -1492,14 +1490,13 @@ static int debug_shrink_get(void *data, u64 *val) sc.gfp_mask = -1; sc.nr_to_scan = 0; - objs = heap->shrinker.shrink(&heap->shrinker, &sc); + objs = heap->shrinker.count_objects(&heap->shrinker, &sc); *val = objs; return 0; } DEFINE_SIMPLE_ATTRIBUTE(debug_shrink_fops, debug_shrink_get, debug_shrink_set, "%llu\n"); -#endif void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap) { @@ -1534,8 +1531,7 @@ void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap) path, heap->name); } -#ifdef DEBUG_HEAP_SHRINKER - if (heap->shrinker.shrink) { + if (heap->shrinker.count_objects && heap->shrinker.scan_objects) { char debug_name[64]; snprintf(debug_name, 64, "%s_shrink", heap->name); @@ -1550,7 +1546,7 @@ void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap) path, debug_name); } } -#endif + up_write(&dev->lock); } diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c index f83e00c78051..da101a506cd2 100644 --- a/drivers/staging/android/sync.c +++ b/drivers/staging/android/sync.c @@ -465,6 +465,13 @@ static bool android_fence_enable_signaling(struct fence *fence) return true; } +static void android_fence_disable_signaling(struct fence *fence) +{ + struct sync_pt *pt = container_of(fence, struct sync_pt, base); + + list_del_init(&pt->active_list); +} + static int android_fence_fill_driver_data(struct fence *fence, void *data, int size) { @@ -508,6 +515,7 @@ static const struct fence_ops android_fence_ops = { .get_driver_name = android_fence_get_driver_name, .get_timeline_name = android_fence_get_timeline_name, .enable_signaling = android_fence_enable_signaling, + .disable_signaling = android_fence_disable_signaling, .signaled = android_fence_signaled, .wait = fence_default_wait, .release = android_fence_release, @@ -519,12 +527,10 @@ static const struct fence_ops android_fence_ops = { static void sync_fence_free(struct kref *kref) { struct sync_fence *fence = container_of(kref, struct sync_fence, kref); - int i, status = atomic_read(&fence->status); + int i; for (i = 0; i < fence->num_fences; ++i) { - if (status) - fence_remove_callback(fence->cbs[i].sync_pt, - &fence->cbs[i].cb); + fence_remove_callback(fence->cbs[i].sync_pt, &fence->cbs[i].cb); fence_put(fence->cbs[i].sync_pt); } diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig index 23814ec22401..aa2e48aba324 100644 --- a/drivers/usb/gadget/Kconfig +++ b/drivers/usb/gadget/Kconfig @@ -418,7 +418,6 @@ config USB_CONFIGFS_F_MIDI boolean "MIDI function" depends on USB_CONFIGFS depends on SND - select USB_LIBCOMPOSITE select SND_RAWMIDI select USB_F_MIDI help diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c index fbf07ff48f18..0ff90c937f5f 100644 --- a/drivers/usb/gadget/configfs.c +++ b/drivers/usb/gadget/configfs.c @@ -1600,6 +1600,7 @@ static const struct usb_gadget_driver configfs_driver_template = { .unbind = configfs_composite_unbind, #ifdef CONFIG_USB_CONFIGFS_UEVENT .setup = android_setup, + .reset = android_disconnect, .disconnect = android_disconnect, #else .setup = composite_setup, diff --git a/include/linux/fence.h b/include/linux/fence.h index d174585b874b..1c94759e7148 100644 --- a/include/linux/fence.h +++ b/include/linux/fence.h @@ -107,6 +107,7 @@ struct fence_cb { * @get_driver_name: returns the driver name. * @get_timeline_name: return the name of the context this fence belongs to. * @enable_signaling: enable software signaling of fence. + * @disable_signaling: disable software signaling of fence (optional). * @signaled: [optional] peek whether the fence is signaled, can be null. * @wait: custom wait implementation, or fence_default_wait. * @release: [optional] called on destruction of fence, can be null @@ -166,6 +167,7 @@ struct fence_ops { const char * (*get_driver_name)(struct fence *fence); const char * (*get_timeline_name)(struct fence *fence); bool (*enable_signaling)(struct fence *fence); + void (*disable_signaling)(struct fence *fence); bool (*signaled)(struct fence *fence); signed long (*wait)(struct fence *fence, bool intr, signed long timeout); void (*release)(struct fence *fence); diff --git a/include/linux/mm.h b/include/linux/mm.h index 8fae7d6e9a1f..e65c2870abb3 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -48,6 +48,12 @@ extern int sysctl_legacy_va_layout; #define sysctl_legacy_va_layout 0 #endif +#ifdef CONFIG_ARCH_MMAP_RND_BITS +extern int mmap_rnd_bits_min; +extern int mmap_rnd_bits_max; +extern int mmap_rnd_bits; +#endif + #include <asm/page.h> #include <asm/pgtable.h> #include <asm/processor.h> diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 8479c4567add..bf1b069186ca 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1106,6 +1106,17 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif +#ifdef CONFIG_ARCH_MMAP_RND_BITS + { + .procname = "mmap_rnd_bits", + .data = &mmap_rnd_bits, + .maxlen = sizeof(mmap_rnd_bits), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, + .extra1 = &mmap_rnd_bits_min, + .extra2 = &mmap_rnd_bits_max, + }, +#endif { } }; diff --git a/mm/mlock.c b/mm/mlock.c index 1d0d2392ffad..6eee8a67a273 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -26,10 +26,10 @@ int can_do_mlock(void) { - if (capable(CAP_IPC_LOCK)) - return 1; if (rlimit(RLIMIT_MEMLOCK) != 0) return 1; + if (capable(CAP_IPC_LOCK)) + return 1; return 0; } EXPORT_SYMBOL(can_do_mlock); diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 93e795e18b5c..49c5f2db2c7a 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -3226,6 +3226,8 @@ restart: #if defined(CONFIG_IPV6) if (family == AF_INET6) { struct in6_addr *s6; + if (!inet->pinet6) + continue; s6 = &sk->sk_v6_rcv_saddr; if (ipv6_addr_type(s6) == IPV6_ADDR_MAPPED) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 21a34153df14..fd33dbce9d8a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -49,7 +49,7 @@ struct avc_entry { u32 tsid; u16 tclass; struct av_decision avd; - struct avc_operation_node *ops_node; + struct avc_xperms_node *xp_node; }; struct avc_node { @@ -58,6 +58,16 @@ struct avc_node { struct rcu_head rhead; }; +struct avc_xperms_decision_node { + struct extended_perms_decision xpd; + struct list_head xpd_list; /* list of extended_perms_decision */ +}; + +struct avc_xperms_node { + struct extended_perms xp; + struct list_head xpd_head; /* list head of extended_perms_decision */ +}; + struct avc_cache { struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ @@ -66,16 +76,6 @@ struct avc_cache { u32 latest_notif; /* latest revocation notification */ }; -struct avc_operation_decision_node { - struct operation_decision od; - struct list_head od_list; -}; - -struct avc_operation_node { - struct operation ops; - struct list_head od_head; /* list of operation_decision_node */ -}; - struct avc_callback_node { int (*callback) (u32 event); u32 events; @@ -92,9 +92,9 @@ DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 }; static struct avc_cache avc_cache; static struct avc_callback_node *avc_callbacks; static struct kmem_cache *avc_node_cachep; -static struct kmem_cache *avc_operation_decision_node_cachep; -static struct kmem_cache *avc_operation_node_cachep; -static struct kmem_cache *avc_operation_perm_cachep; +static struct kmem_cache *avc_xperms_data_cachep; +static struct kmem_cache *avc_xperms_decision_cachep; +static struct kmem_cache *avc_xperms_cachep; static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) { @@ -185,17 +185,17 @@ void __init avc_init(void) atomic_set(&avc_cache.lru_hint, 0); avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), - 0, SLAB_PANIC, NULL); - avc_operation_node_cachep = kmem_cache_create("avc_operation_node", - sizeof(struct avc_operation_node), - 0, SLAB_PANIC, NULL); - avc_operation_decision_node_cachep = kmem_cache_create( - "avc_operation_decision_node", - sizeof(struct avc_operation_decision_node), - 0, SLAB_PANIC, NULL); - avc_operation_perm_cachep = kmem_cache_create("avc_operation_perm", - sizeof(struct operation_perm), - 0, SLAB_PANIC, NULL); + 0, SLAB_PANIC, NULL); + avc_xperms_cachep = kmem_cache_create("avc_xperms_node", + sizeof(struct avc_xperms_node), + 0, SLAB_PANIC, NULL); + avc_xperms_decision_cachep = kmem_cache_create( + "avc_xperms_decision_node", + sizeof(struct avc_xperms_decision_node), + 0, SLAB_PANIC, NULL); + avc_xperms_data_cachep = kmem_cache_create("avc_xperms_data", + sizeof(struct extended_perms_data), + 0, SLAB_PANIC, NULL); audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n"); } @@ -231,222 +231,214 @@ int avc_get_hash_stats(char *page) } /* - * using a linked list for operation_decision lookup because the list is + * using a linked list for extended_perms_decision lookup because the list is * always small. i.e. less than 5, typically 1 */ -static struct operation_decision *avc_operation_lookup(u8 type, - struct avc_operation_node *ops_node) +static struct extended_perms_decision *avc_xperms_decision_lookup(u8 driver, + struct avc_xperms_node *xp_node) { - struct avc_operation_decision_node *od_node; - struct operation_decision *od = NULL; + struct avc_xperms_decision_node *xpd_node; - list_for_each_entry(od_node, &ops_node->od_head, od_list) { - if (od_node->od.type != type) - continue; - od = &od_node->od; - break; + list_for_each_entry(xpd_node, &xp_node->xpd_head, xpd_list) { + if (xpd_node->xpd.driver == driver) + return &xpd_node->xpd; } - return od; + return NULL; } -static inline unsigned int avc_operation_has_perm(struct operation_decision *od, - u16 cmd, u8 specified) +static inline unsigned int +avc_xperms_has_perm(struct extended_perms_decision *xpd, + u8 perm, u8 which) { unsigned int rc = 0; - u8 num = cmd & 0xff; - - if ((specified == OPERATION_ALLOWED) && - (od->specified & OPERATION_ALLOWED)) - rc = security_operation_test(od->allowed->perms, num); - else if ((specified == OPERATION_AUDITALLOW) && - (od->specified & OPERATION_AUDITALLOW)) - rc = security_operation_test(od->auditallow->perms, num); - else if ((specified == OPERATION_DONTAUDIT) && - (od->specified & OPERATION_DONTAUDIT)) - rc = security_operation_test(od->dontaudit->perms, num); + + if ((which == XPERMS_ALLOWED) && + (xpd->used & XPERMS_ALLOWED)) + rc = security_xperm_test(xpd->allowed->p, perm); + else if ((which == XPERMS_AUDITALLOW) && + (xpd->used & XPERMS_AUDITALLOW)) + rc = security_xperm_test(xpd->auditallow->p, perm); + else if ((which == XPERMS_DONTAUDIT) && + (xpd->used & XPERMS_DONTAUDIT)) + rc = security_xperm_test(xpd->dontaudit->p, perm); return rc; } -static void avc_operation_allow_perm(struct avc_operation_node *node, u16 cmd) +static void avc_xperms_allow_perm(struct avc_xperms_node *xp_node, + u8 driver, u8 perm) { - struct operation_decision *od; - u8 type; - u8 num; - - type = cmd >> 8; - num = cmd & 0xff; - security_operation_set(node->ops.type, type); - od = avc_operation_lookup(type, node); - if (od && od->allowed) - security_operation_set(od->allowed->perms, num); + struct extended_perms_decision *xpd; + security_xperm_set(xp_node->xp.drivers.p, driver); + xpd = avc_xperms_decision_lookup(driver, xp_node); + if (xpd && xpd->allowed) + security_xperm_set(xpd->allowed->p, perm); } -static void avc_operation_decision_free( - struct avc_operation_decision_node *od_node) +static void avc_xperms_decision_free(struct avc_xperms_decision_node *xpd_node) { - struct operation_decision *od; - - od = &od_node->od; - if (od->allowed) - kmem_cache_free(avc_operation_perm_cachep, od->allowed); - if (od->auditallow) - kmem_cache_free(avc_operation_perm_cachep, od->auditallow); - if (od->dontaudit) - kmem_cache_free(avc_operation_perm_cachep, od->dontaudit); - kmem_cache_free(avc_operation_decision_node_cachep, od_node); + struct extended_perms_decision *xpd; + + xpd = &xpd_node->xpd; + if (xpd->allowed) + kmem_cache_free(avc_xperms_data_cachep, xpd->allowed); + if (xpd->auditallow) + kmem_cache_free(avc_xperms_data_cachep, xpd->auditallow); + if (xpd->dontaudit) + kmem_cache_free(avc_xperms_data_cachep, xpd->dontaudit); + kmem_cache_free(avc_xperms_decision_cachep, xpd_node); } -static void avc_operation_free(struct avc_operation_node *ops_node) +static void avc_xperms_free(struct avc_xperms_node *xp_node) { - struct avc_operation_decision_node *od_node, *tmp; + struct avc_xperms_decision_node *xpd_node, *tmp; - if (!ops_node) + if (!xp_node) return; - list_for_each_entry_safe(od_node, tmp, &ops_node->od_head, od_list) { - list_del(&od_node->od_list); - avc_operation_decision_free(od_node); + list_for_each_entry_safe(xpd_node, tmp, &xp_node->xpd_head, xpd_list) { + list_del(&xpd_node->xpd_list); + avc_xperms_decision_free(xpd_node); } - kmem_cache_free(avc_operation_node_cachep, ops_node); + kmem_cache_free(avc_xperms_cachep, xp_node); } -static void avc_copy_operation_decision(struct operation_decision *dest, - struct operation_decision *src) +static void avc_copy_xperms_decision(struct extended_perms_decision *dest, + struct extended_perms_decision *src) { - dest->type = src->type; - dest->specified = src->specified; - if (dest->specified & OPERATION_ALLOWED) - memcpy(dest->allowed->perms, src->allowed->perms, - sizeof(src->allowed->perms)); - if (dest->specified & OPERATION_AUDITALLOW) - memcpy(dest->auditallow->perms, src->auditallow->perms, - sizeof(src->auditallow->perms)); - if (dest->specified & OPERATION_DONTAUDIT) - memcpy(dest->dontaudit->perms, src->dontaudit->perms, - sizeof(src->dontaudit->perms)); + dest->driver = src->driver; + dest->used = src->used; + if (dest->used & XPERMS_ALLOWED) + memcpy(dest->allowed->p, src->allowed->p, + sizeof(src->allowed->p)); + if (dest->used & XPERMS_AUDITALLOW) + memcpy(dest->auditallow->p, src->auditallow->p, + sizeof(src->auditallow->p)); + if (dest->used & XPERMS_DONTAUDIT) + memcpy(dest->dontaudit->p, src->dontaudit->p, + sizeof(src->dontaudit->p)); } /* - * similar to avc_copy_operation_decision, but only copy decision - * information relevant to this command + * similar to avc_copy_xperms_decision, but only copy decision + * information relevant to this perm */ -static inline void avc_quick_copy_operation_decision(u16 cmd, - struct operation_decision *dest, - struct operation_decision *src) +static inline void avc_quick_copy_xperms_decision(u8 perm, + struct extended_perms_decision *dest, + struct extended_perms_decision *src) { /* * compute index of the u32 of the 256 bits (8 u32s) that contain this * command permission */ - u8 i = (0xff & cmd) >> 5; - - dest->specified = src->specified; - if (dest->specified & OPERATION_ALLOWED) - dest->allowed->perms[i] = src->allowed->perms[i]; - if (dest->specified & OPERATION_AUDITALLOW) - dest->auditallow->perms[i] = src->auditallow->perms[i]; - if (dest->specified & OPERATION_DONTAUDIT) - dest->dontaudit->perms[i] = src->dontaudit->perms[i]; + u8 i = perm >> 5; + + dest->used = src->used; + if (dest->used & XPERMS_ALLOWED) + dest->allowed->p[i] = src->allowed->p[i]; + if (dest->used & XPERMS_AUDITALLOW) + dest->auditallow->p[i] = src->auditallow->p[i]; + if (dest->used & XPERMS_DONTAUDIT) + dest->dontaudit->p[i] = src->dontaudit->p[i]; } -static struct avc_operation_decision_node - *avc_operation_decision_alloc(u8 specified) +static struct avc_xperms_decision_node + *avc_xperms_decision_alloc(u8 which) { - struct avc_operation_decision_node *node; - struct operation_decision *od; + struct avc_xperms_decision_node *xpd_node; + struct extended_perms_decision *xpd; - node = kmem_cache_zalloc(avc_operation_decision_node_cachep, + xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_ATOMIC | __GFP_NOMEMALLOC); - if (!node) + if (!xpd_node) return NULL; - od = &node->od; - if (specified & OPERATION_ALLOWED) { - od->allowed = kmem_cache_zalloc(avc_operation_perm_cachep, + xpd = &xpd_node->xpd; + if (which & XPERMS_ALLOWED) { + xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep, GFP_ATOMIC | __GFP_NOMEMALLOC); - if (!od->allowed) + if (!xpd->allowed) goto error; } - if (specified & OPERATION_AUDITALLOW) { - od->auditallow = kmem_cache_zalloc(avc_operation_perm_cachep, + if (which & XPERMS_AUDITALLOW) { + xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep, GFP_ATOMIC | __GFP_NOMEMALLOC); - if (!od->auditallow) + if (!xpd->auditallow) goto error; } - if (specified & OPERATION_DONTAUDIT) { - od->dontaudit = kmem_cache_zalloc(avc_operation_perm_cachep, + if (which & XPERMS_DONTAUDIT) { + xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep, GFP_ATOMIC | __GFP_NOMEMALLOC); - if (!od->dontaudit) + if (!xpd->dontaudit) goto error; } - return node; + return xpd_node; error: - avc_operation_decision_free(node); + avc_xperms_decision_free(xpd_node); return NULL; } -static int avc_add_operation(struct avc_node *node, - struct operation_decision *od) +static int avc_add_xperms_decision(struct avc_node *node, + struct extended_perms_decision *src) { - struct avc_operation_decision_node *dest_od; + struct avc_xperms_decision_node *dest_xpd; - node->ae.ops_node->ops.len++; - dest_od = avc_operation_decision_alloc(od->specified); - if (!dest_od) + node->ae.xp_node->xp.len++; + dest_xpd = avc_xperms_decision_alloc(src->used); + if (!dest_xpd) return -ENOMEM; - avc_copy_operation_decision(&dest_od->od, od); - list_add(&dest_od->od_list, &node->ae.ops_node->od_head); + avc_copy_xperms_decision(&dest_xpd->xpd, src); + list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head); return 0; } -static struct avc_operation_node *avc_operation_alloc(void) +static struct avc_xperms_node *avc_xperms_alloc(void) { - struct avc_operation_node *ops; + struct avc_xperms_node *xp_node; - ops = kmem_cache_zalloc(avc_operation_node_cachep, + xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC); - if (!ops) - return ops; - INIT_LIST_HEAD(&ops->od_head); - return ops; + if (!xp_node) + return xp_node; + INIT_LIST_HEAD(&xp_node->xpd_head); + return xp_node; } -static int avc_operation_populate(struct avc_node *node, - struct avc_operation_node *src) +static int avc_xperms_populate(struct avc_node *node, + struct avc_xperms_node *src) { - struct avc_operation_node *dest; - struct avc_operation_decision_node *dest_od; - struct avc_operation_decision_node *src_od; + struct avc_xperms_node *dest; + struct avc_xperms_decision_node *dest_xpd; + struct avc_xperms_decision_node *src_xpd; - if (src->ops.len == 0) + if (src->xp.len == 0) return 0; - dest = avc_operation_alloc(); + dest = avc_xperms_alloc(); if (!dest) return -ENOMEM; - memcpy(dest->ops.type, &src->ops.type, sizeof(dest->ops.type)); - dest->ops.len = src->ops.len; + memcpy(dest->xp.drivers.p, src->xp.drivers.p, sizeof(dest->xp.drivers.p)); + dest->xp.len = src->xp.len; - /* for each source od allocate a destination od and copy */ - list_for_each_entry(src_od, &src->od_head, od_list) { - dest_od = avc_operation_decision_alloc(src_od->od.specified); - if (!dest_od) + /* for each source xpd allocate a destination xpd and copy */ + list_for_each_entry(src_xpd, &src->xpd_head, xpd_list) { + dest_xpd = avc_xperms_decision_alloc(src_xpd->xpd.used); + if (!dest_xpd) goto error; - avc_copy_operation_decision(&dest_od->od, &src_od->od); - list_add(&dest_od->od_list, &dest->od_head); + avc_copy_xperms_decision(&dest_xpd->xpd, &src_xpd->xpd); + list_add(&dest_xpd->xpd_list, &dest->xpd_head); } - node->ae.ops_node = dest; + node->ae.xp_node = dest; return 0; error: - avc_operation_free(dest); + avc_xperms_free(dest); return -ENOMEM; } -static inline u32 avc_operation_audit_required(u32 requested, +static inline u32 avc_xperms_audit_required(u32 requested, struct av_decision *avd, - struct operation_decision *od, - u16 cmd, + struct extended_perms_decision *xpd, + u8 perm, int result, u32 *deniedp) { @@ -455,18 +447,16 @@ static inline u32 avc_operation_audit_required(u32 requested, denied = requested & ~avd->allowed; if (unlikely(denied)) { audited = denied & avd->auditdeny; - if (audited && od) { - if (avc_operation_has_perm(od, cmd, - OPERATION_DONTAUDIT)) + if (audited && xpd) { + if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT)) audited &= ~requested; } } else if (result) { audited = denied = requested; } else { audited = requested & avd->auditallow; - if (audited && od) { - if (!avc_operation_has_perm(od, cmd, - OPERATION_AUDITALLOW)) + if (audited && xpd) { + if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW)) audited &= ~requested; } } @@ -475,16 +465,16 @@ static inline u32 avc_operation_audit_required(u32 requested, return audited; } -static inline int avc_operation_audit(u32 ssid, u32 tsid, u16 tclass, +static inline int avc_xperms_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct av_decision *avd, - struct operation_decision *od, - u16 cmd, int result, + struct extended_perms_decision *xpd, + u8 perm, int result, struct common_audit_data *ad) { u32 audited, denied; - audited = avc_operation_audit_required( - requested, avd, od, cmd, result, &denied); + audited = avc_xperms_audit_required( + requested, avd, xpd, perm, result, &denied); if (likely(!audited)) return 0; return slow_avc_audit(ssid, tsid, tclass, requested, @@ -494,7 +484,7 @@ static inline int avc_operation_audit(u32 ssid, u32 tsid, u16 tclass, static void avc_node_free(struct rcu_head *rhead) { struct avc_node *node = container_of(rhead, struct avc_node, rhead); - avc_operation_free(node->ae.ops_node); + avc_xperms_free(node->ae.xp_node); kmem_cache_free(avc_node_cachep, node); avc_cache_stats_incr(frees); } @@ -508,7 +498,7 @@ static void avc_node_delete(struct avc_node *node) static void avc_node_kill(struct avc_node *node) { - avc_operation_free(node->ae.ops_node); + avc_xperms_free(node->ae.xp_node); kmem_cache_free(avc_node_cachep, node); avc_cache_stats_incr(frees); atomic_dec(&avc_cache.active_nodes); @@ -655,7 +645,7 @@ static int avc_latest_notif_update(int seqno, int is_insert) * @tsid: target security identifier * @tclass: target security class * @avd: resulting av decision - * @ops: resulting operation decisions + * @xp_node: resulting extended permissions * * Insert an AVC entry for the SID pair * (@ssid, @tsid) and class @tclass. @@ -669,7 +659,7 @@ static int avc_latest_notif_update(int seqno, int is_insert) */ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd, - struct avc_operation_node *ops_node) + struct avc_xperms_node *xp_node) { struct avc_node *pos, *node = NULL; int hvalue; @@ -686,7 +676,7 @@ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, hvalue = avc_hash(ssid, tsid, tclass); avc_node_populate(node, ssid, tsid, tclass, avd); - rc = avc_operation_populate(node, ops_node); + rc = avc_xperms_populate(node, xp_node); if (rc) { kmem_cache_free(avc_node_cachep, node); return NULL; @@ -824,16 +814,16 @@ static inline int avc_sidcmp(u32 x, u32 y) * @perms : Permission mask bits * @ssid,@tsid,@tclass : identifier of an AVC entry * @seqno : sequence number when decision was made - * @od: operation_decision to be added to the node + * @xpd: extended_perms_decision to be added to the node * * if a valid AVC entry doesn't exist,this function returns -ENOENT. * if kmalloc() called internal returns NULL, this function returns -ENOMEM. * otherwise, this function updates the AVC entry. The original AVC-entry object * will release later by RCU. */ -static int avc_update_node(u32 event, u32 perms, u16 cmd, u32 ssid, u32 tsid, - u16 tclass, u32 seqno, - struct operation_decision *od, +static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, + u32 tsid, u16 tclass, u32 seqno, + struct extended_perms_decision *xpd, u32 flags) { int hvalue, rc = 0; @@ -878,8 +868,8 @@ static int avc_update_node(u32 event, u32 perms, u16 cmd, u32 ssid, u32 tsid, avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd); - if (orig->ae.ops_node) { - rc = avc_operation_populate(node, orig->ae.ops_node); + if (orig->ae.xp_node) { + rc = avc_xperms_populate(node, orig->ae.xp_node); if (rc) { kmem_cache_free(avc_node_cachep, node); goto out_unlock; @@ -889,8 +879,8 @@ static int avc_update_node(u32 event, u32 perms, u16 cmd, u32 ssid, u32 tsid, switch (event) { case AVC_CALLBACK_GRANT: node->ae.avd.allowed |= perms; - if (node->ae.ops_node && (flags & AVC_OPERATION_CMD)) - avc_operation_allow_perm(node->ae.ops_node, cmd); + if (node->ae.xp_node && (flags & AVC_EXTENDED_PERMS)) + avc_xperms_allow_perm(node->ae.xp_node, driver, xperm); break; case AVC_CALLBACK_TRY_REVOKE: case AVC_CALLBACK_REVOKE: @@ -908,8 +898,8 @@ static int avc_update_node(u32 event, u32 perms, u16 cmd, u32 ssid, u32 tsid, case AVC_CALLBACK_AUDITDENY_DISABLE: node->ae.avd.auditdeny &= ~perms; break; - case AVC_CALLBACK_ADD_OPERATION: - avc_add_operation(node, od); + case AVC_CALLBACK_ADD_XPERMS: + avc_add_xperms_decision(node, xpd); break; } avc_node_replace(node, orig); @@ -983,18 +973,18 @@ int avc_ss_reset(u32 seqno) */ static noinline struct avc_node *avc_compute_av(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd, - struct avc_operation_node *ops_node) + struct avc_xperms_node *xp_node) { rcu_read_unlock(); - INIT_LIST_HEAD(&ops_node->od_head); - security_compute_av(ssid, tsid, tclass, avd, &ops_node->ops); + INIT_LIST_HEAD(&xp_node->xpd_head); + security_compute_av(ssid, tsid, tclass, avd, &xp_node->xp); rcu_read_lock(); - return avc_insert(ssid, tsid, tclass, avd, ops_node); + return avc_insert(ssid, tsid, tclass, avd, xp_node); } static noinline int avc_denied(u32 ssid, u32 tsid, u16 tclass, u32 requested, - u16 cmd, unsigned flags, + u8 driver, u8 xperm, unsigned flags, struct av_decision *avd) { if (flags & AVC_STRICT) @@ -1003,88 +993,87 @@ static noinline int avc_denied(u32 ssid, u32 tsid, if (selinux_enforcing && !(avd->flags & AVD_FLAGS_PERMISSIVE)) return -EACCES; - avc_update_node(AVC_CALLBACK_GRANT, requested, cmd, ssid, + avc_update_node(AVC_CALLBACK_GRANT, requested, driver, xperm, ssid, tsid, tclass, avd->seqno, NULL, flags); return 0; } /* - * ioctl commands are comprised of four fields, direction, size, type, and - * number. The avc operation logic filters based on two of them: - * - * type: or code, typically unique to each driver - * number: or function - * - * For example, 0x89 is a socket type, and number 0x27 is the get hardware - * address function. + * The avc extended permissions logic adds an additional 256 bits of + * permissions to an avc node when extended permissions for that node are + * specified in the avtab. If the additional 256 permissions is not adequate, + * as-is the case with ioctls, then multiple may be chained together and the + * driver field is used to specify which set contains the permission. */ -int avc_has_operation(u32 ssid, u32 tsid, u16 tclass, u32 requested, - u16 cmd, struct common_audit_data *ad) +int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested, + u8 driver, u8 xperm, struct common_audit_data *ad) { struct avc_node *node; struct av_decision avd; u32 denied; - struct operation_decision *od = NULL; - struct operation_decision od_local; - struct operation_perm allowed; - struct operation_perm auditallow; - struct operation_perm dontaudit; - struct avc_operation_node local_ops_node; - struct avc_operation_node *ops_node; - u8 type = cmd >> 8; + struct extended_perms_decision local_xpd; + struct extended_perms_decision *xpd = NULL; + struct extended_perms_data allowed; + struct extended_perms_data auditallow; + struct extended_perms_data dontaudit; + struct avc_xperms_node local_xp_node; + struct avc_xperms_node *xp_node; int rc = 0, rc2; - ops_node = &local_ops_node; + xp_node = &local_xp_node; BUG_ON(!requested); rcu_read_lock(); node = avc_lookup(ssid, tsid, tclass); if (unlikely(!node)) { - node = avc_compute_av(ssid, tsid, tclass, &avd, ops_node); + node = avc_compute_av(ssid, tsid, tclass, &avd, xp_node); } else { memcpy(&avd, &node->ae.avd, sizeof(avd)); - ops_node = node->ae.ops_node; + xp_node = node->ae.xp_node; } - /* if operations are not defined, only consider av_decision */ - if (!ops_node || !ops_node->ops.len) + /* if extended permissions are not defined, only consider av_decision */ + if (!xp_node || !xp_node->xp.len) goto decision; - od_local.allowed = &allowed; - od_local.auditallow = &auditallow; - od_local.dontaudit = &dontaudit; + local_xpd.allowed = &allowed; + local_xpd.auditallow = &auditallow; + local_xpd.dontaudit = &dontaudit; - /* lookup operation decision */ - od = avc_operation_lookup(type, ops_node); - if (unlikely(!od)) { - /* Compute operation decision if type is flagged */ - if (!security_operation_test(ops_node->ops.type, type)) { + xpd = avc_xperms_decision_lookup(driver, xp_node); + if (unlikely(!xpd)) { + /* + * Compute the extended_perms_decision only if the driver + * is flagged + */ + if (!security_xperm_test(xp_node->xp.drivers.p, driver)) { avd.allowed &= ~requested; goto decision; } rcu_read_unlock(); - security_compute_operation(ssid, tsid, tclass, type, &od_local); + security_compute_xperms_decision(ssid, tsid, tclass, driver, + &local_xpd); rcu_read_lock(); - avc_update_node(AVC_CALLBACK_ADD_OPERATION, requested, cmd, - ssid, tsid, tclass, avd.seqno, &od_local, 0); + avc_update_node(AVC_CALLBACK_ADD_XPERMS, requested, driver, xperm, + ssid, tsid, tclass, avd.seqno, &local_xpd, 0); } else { - avc_quick_copy_operation_decision(cmd, &od_local, od); + avc_quick_copy_xperms_decision(xperm, &local_xpd, xpd); } - od = &od_local; + xpd = &local_xpd; - if (!avc_operation_has_perm(od, cmd, OPERATION_ALLOWED)) + if (!avc_xperms_has_perm(xpd, xperm, XPERMS_ALLOWED)) avd.allowed &= ~requested; decision: denied = requested & ~(avd.allowed); if (unlikely(denied)) - rc = avc_denied(ssid, tsid, tclass, requested, cmd, - AVC_OPERATION_CMD, &avd); + rc = avc_denied(ssid, tsid, tclass, requested, driver, xperm, + AVC_EXTENDED_PERMS, &avd); rcu_read_unlock(); - rc2 = avc_operation_audit(ssid, tsid, tclass, requested, - &avd, od, cmd, rc, ad); + rc2 = avc_xperms_audit(ssid, tsid, tclass, requested, + &avd, xpd, xperm, rc, ad); if (rc2) return rc2; return rc; @@ -1116,7 +1105,7 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid, struct av_decision *avd) { struct avc_node *node; - struct avc_operation_node ops_node; + struct avc_xperms_node xp_node; int rc = 0; u32 denied; @@ -1126,13 +1115,13 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid, node = avc_lookup(ssid, tsid, tclass); if (unlikely(!node)) - node = avc_compute_av(ssid, tsid, tclass, avd, &ops_node); + node = avc_compute_av(ssid, tsid, tclass, avd, &xp_node); else memcpy(avd, &node->ae.avd, sizeof(*avd)); denied = requested & ~(avd->allowed); if (unlikely(denied)) - rc = avc_denied(ssid, tsid, tclass, requested, 0, flags, avd); + rc = avc_denied(ssid, tsid, tclass, requested, 0, 0, flags, avd); rcu_read_unlock(); return rc; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index bc76f992014d..5b3ea8359f42 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3253,6 +3253,8 @@ int ioctl_has_perm(const struct cred *cred, struct file *file, struct lsm_ioctlop_audit ioctl; u32 ssid = cred_sid(cred); int rc; + u8 driver = cmd >> 8; + u8 xperm = cmd & 0xff; ad.type = LSM_AUDIT_DATA_IOCTL_OP; ad.u.op = &ioctl; @@ -3271,8 +3273,8 @@ int ioctl_has_perm(const struct cred *cred, struct file *file, if (unlikely(IS_PRIVATE(inode))) return 0; - rc = avc_has_operation(ssid, isec->sid, isec->sclass, - requested, cmd, &ad); + rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, + requested, driver, xperm, &ad); out: return rc; } diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 3165d4ed837c..03a9f08053e3 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -142,7 +142,7 @@ static inline int avc_audit(u32 ssid, u32 tsid, } #define AVC_STRICT 1 /* Ignore permissive mode. */ -#define AVC_OPERATION_CMD 2 /* ignore command when updating operations */ +#define AVC_EXTENDED_PERMS 2 /* update extended permissions */ int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested, unsigned flags, @@ -152,8 +152,8 @@ int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *auditdata); -int avc_has_operation(u32 ssid, u32 tsid, u16 tclass, u32 requested, - u16 cmd, struct common_audit_data *ad); +int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested, + u8 driver, u8 perm, struct common_audit_data *ad); u32 avc_policy_seqno(void); @@ -165,7 +165,7 @@ u32 avc_policy_seqno(void); #define AVC_CALLBACK_AUDITALLOW_DISABLE 32 #define AVC_CALLBACK_AUDITDENY_ENABLE 64 #define AVC_CALLBACK_AUDITDENY_DISABLE 128 -#define AVC_CALLBACK_ADD_OPERATION 256 +#define AVC_CALLBACK_ADD_XPERMS 256 int avc_add_callback(int (*callback)(u32 event), u32 events); diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 8d506832927f..6a681d26bf20 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -35,14 +35,14 @@ #define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 27 #define POLICYDB_VERSION_DEFAULT_TYPE 28 #define POLICYDB_VERSION_CONSTRAINT_NAMES 29 -#define POLICYDB_VERSION_IOCTL_OPERATIONS 30 +#define POLICYDB_VERSION_XPERMS_IOCTL 30 /* Range of policy versions we understand*/ #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE #else -#define POLICYDB_VERSION_MAX POLICYDB_VERSION_IOCTL_OPERATIONS +#define POLICYDB_VERSION_MAX POLICYDB_VERSION_XPERMS_IOCTL #endif /* Mask for just the mount related flags */ @@ -110,29 +110,27 @@ struct av_decision { u32 flags; }; -#define security_operation_set(perms, x) (perms[x >> 5] |= 1 << (x & 0x1f)) -#define security_operation_test(perms, x) (1 & (perms[x >> 5] >> (x & 0x1f))) +#define XPERMS_ALLOWED 1 +#define XPERMS_AUDITALLOW 2 +#define XPERMS_DONTAUDIT 4 -struct operation_perm { - u32 perms[8]; +#define security_xperm_set(perms, x) (perms[x >> 5] |= 1 << (x & 0x1f)) +#define security_xperm_test(perms, x) (1 & (perms[x >> 5] >> (x & 0x1f))) +struct extended_perms_data { + u32 p[8]; }; -struct operation_decision { - u8 type; - u8 specified; - struct operation_perm *allowed; - struct operation_perm *auditallow; - struct operation_perm *dontaudit; +struct extended_perms_decision { + u8 used; + u8 driver; + struct extended_perms_data *allowed; + struct extended_perms_data *auditallow; + struct extended_perms_data *dontaudit; }; -#define OPERATION_ALLOWED 1 -#define OPERATION_AUDITALLOW 2 -#define OPERATION_DONTAUDIT 4 -#define OPERATION_ALL (OPERATION_ALLOWED | OPERATION_AUDITALLOW |\ - OPERATION_DONTAUDIT) -struct operation { - u16 len; /* length of operation decision chain */ - u32 type[8]; /* 256 types */ +struct extended_perms { + u16 len; /* length associated decision chain */ + struct extended_perms_data drivers; /* flag drivers that are used */ }; /* definitions of av_decision.flags */ @@ -140,10 +138,10 @@ struct operation { void security_compute_av(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd, - struct operation *ops); + struct extended_perms *xperms); -void security_compute_operation(u32 ssid, u32 tsid, u16 tclass, - u8 type, struct operation_decision *od); +void security_compute_xperms_decision(u32 ssid, u32 tsid, u16 tclass, + u8 driver, struct extended_perms_decision *xpermd); void security_compute_av_user(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd); diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index dd7466cb2021..640c16b9d3fb 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -24,7 +24,7 @@ #include "policydb.h" static struct kmem_cache *avtab_node_cachep; -static struct kmem_cache *avtab_operation_cachep; +static struct kmem_cache *avtab_xperms_cachep; static inline int avtab_hash(struct avtab_key *keyp, u16 mask) { @@ -38,20 +38,20 @@ avtab_insert_node(struct avtab *h, int hvalue, struct avtab_key *key, struct avtab_datum *datum) { struct avtab_node *newnode; - struct avtab_operation *ops; + struct avtab_extended_perms *xperms; newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL); if (newnode == NULL) return NULL; newnode->key = *key; - if (key->specified & AVTAB_OP) { - ops = kmem_cache_zalloc(avtab_operation_cachep, GFP_KERNEL); - if (ops == NULL) { + if (key->specified & AVTAB_XPERMS) { + xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL); + if (xperms == NULL) { kmem_cache_free(avtab_node_cachep, newnode); return NULL; } - *ops = *(datum->u.ops); - newnode->datum.u.ops = ops; + *xperms = *(datum->u.xperms); + newnode->datum.u.xperms = xperms; } else { newnode->datum.u.data = datum->u.data; } @@ -85,7 +85,8 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat key->target_type == cur->key.target_type && key->target_class == cur->key.target_class && (specified & cur->key.specified)) { - if (specified & AVTAB_OPNUM) + /* extended perms may not be unique */ + if (specified & AVTAB_XPERMS) break; return -EEXIST; } @@ -249,9 +250,9 @@ void avtab_destroy(struct avtab *h) while (cur) { temp = cur; cur = cur->next; - if (temp->key.specified & AVTAB_OP) - kmem_cache_free(avtab_operation_cachep, - temp->datum.u.ops); + if (temp->key.specified & AVTAB_XPERMS) + kmem_cache_free(avtab_xperms_cachep, + temp->datum.u.xperms); kmem_cache_free(avtab_node_cachep, temp); } h->htable[i] = NULL; @@ -334,6 +335,32 @@ void avtab_hash_eval(struct avtab *h, char *tag) chain2_len_sum); } +/* + * extended permissions compatibility. Make ToT Android kernels compatible + * with Android M releases + */ +#define AVTAB_OPTYPE_ALLOWED 0x1000 +#define AVTAB_OPTYPE_AUDITALLOW 0x2000 +#define AVTAB_OPTYPE_DONTAUDIT 0x4000 +#define AVTAB_OPTYPE (AVTAB_OPTYPE_ALLOWED | \ + AVTAB_OPTYPE_AUDITALLOW | \ + AVTAB_OPTYPE_DONTAUDIT) +#define AVTAB_XPERMS_OPTYPE 4 + +#define avtab_xperms_to_optype(x) (x << AVTAB_XPERMS_OPTYPE) +#define avtab_optype_to_xperms(x) (x >> AVTAB_XPERMS_OPTYPE) + +static unsigned int avtab_android_m_compat; + +static void avtab_android_m_compat_set(void) +{ + if (!avtab_android_m_compat) { + pr_info("SELinux: Android master kernel running Android" + " M policy in compatibility mode.\n"); + avtab_android_m_compat = 1; + } +} + static uint16_t spec_order[] = { AVTAB_ALLOWED, AVTAB_AUDITDENY, @@ -341,12 +368,9 @@ static uint16_t spec_order[] = { AVTAB_TRANSITION, AVTAB_CHANGE, AVTAB_MEMBER, - AVTAB_OPNUM_ALLOWED, - AVTAB_OPNUM_AUDITALLOW, - AVTAB_OPNUM_DONTAUDIT, - AVTAB_OPTYPE_ALLOWED, - AVTAB_OPTYPE_AUDITALLOW, - AVTAB_OPTYPE_DONTAUDIT + AVTAB_XPERMS_ALLOWED, + AVTAB_XPERMS_AUDITALLOW, + AVTAB_XPERMS_DONTAUDIT }; int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, @@ -359,8 +383,9 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, u32 items, items2, val, vers = pol->policyvers; struct avtab_key key; struct avtab_datum datum; - struct avtab_operation ops; - __le32 buf32[ARRAY_SIZE(ops.op.perms)]; + struct avtab_extended_perms xperms; + __le32 buf32[ARRAY_SIZE(xperms.perms.p)]; + unsigned int android_m_compat_optype = 0; int i, rc; unsigned set; @@ -417,8 +442,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n"); return -EINVAL; } - if (val & AVTAB_OP) { - printk(KERN_ERR "SELinux: avtab: entry has operations\n"); + if (val & AVTAB_XPERMS) { + printk(KERN_ERR "SELinux: avtab: entry has extended permissions\n"); return -EINVAL; } @@ -444,12 +469,20 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return rc; } + items = 0; key.source_type = le16_to_cpu(buf16[items++]); key.target_type = le16_to_cpu(buf16[items++]); key.target_class = le16_to_cpu(buf16[items++]); key.specified = le16_to_cpu(buf16[items++]); + if ((key.specified & AVTAB_OPTYPE) && + (vers == POLICYDB_VERSION_XPERMS_IOCTL)) { + key.specified = avtab_optype_to_xperms(key.specified); + android_m_compat_optype = 1; + avtab_android_m_compat_set(); + } + if (!policydb_type_isvalid(pol, key.source_type) || !policydb_type_isvalid(pol, key.target_type) || !policydb_class_isvalid(pol, key.target_class)) { @@ -467,29 +500,51 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, return -EINVAL; } - if ((vers < POLICYDB_VERSION_IOCTL_OPERATIONS) - || !(key.specified & AVTAB_OP)) { - rc = next_entry(buf32, fp, sizeof(u32)); + if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) && + (key.specified & AVTAB_XPERMS)) { + printk(KERN_ERR "SELinux: avtab: policy version %u does not " + "support extended permissions rules and one " + "was specified\n", vers); + return -EINVAL; + } else if (key.specified & AVTAB_XPERMS) { + memset(&xperms, 0, sizeof(struct avtab_extended_perms)); + rc = next_entry(&xperms.specified, fp, sizeof(u8)); if (rc) { printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return rc; } - datum.u.data = le32_to_cpu(*buf32); - } else { - memset(&ops, 0, sizeof(struct avtab_operation)); - rc = next_entry(&ops.type, fp, sizeof(u8)); + if (avtab_android_m_compat || + ((xperms.specified != AVTAB_XPERMS_IOCTLFUNCTION) && + (xperms.specified != AVTAB_XPERMS_IOCTLDRIVER) && + (vers == POLICYDB_VERSION_XPERMS_IOCTL))) { + xperms.driver = xperms.specified; + if (android_m_compat_optype) + xperms.specified = AVTAB_XPERMS_IOCTLDRIVER; + else + xperms.specified = AVTAB_XPERMS_IOCTLFUNCTION; + avtab_android_m_compat_set(); + } else { + rc = next_entry(&xperms.driver, fp, sizeof(u8)); + if (rc) { + printk(KERN_ERR "SELinux: avtab: truncated entry\n"); + return rc; + } + } + rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(xperms.perms.p)); if (rc) { printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return rc; } - rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(ops.op.perms)); + for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) + xperms.perms.p[i] = le32_to_cpu(buf32[i]); + datum.u.xperms = &xperms; + } else { + rc = next_entry(buf32, fp, sizeof(u32)); if (rc) { printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return rc; } - for (i = 0; i < ARRAY_SIZE(ops.op.perms); i++) - ops.op.perms[i] = le32_to_cpu(buf32[i]); - datum.u.ops = &ops; + datum.u.data = le32_to_cpu(*buf32); } if ((key.specified & AVTAB_TYPE) && !policydb_type_isvalid(pol, datum.u.data)) { @@ -552,26 +607,36 @@ bad: int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp) { __le16 buf16[4]; - __le32 buf32[ARRAY_SIZE(cur->datum.u.ops->op.perms)]; + __le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)]; int rc; unsigned int i; buf16[0] = cpu_to_le16(cur->key.source_type); buf16[1] = cpu_to_le16(cur->key.target_type); buf16[2] = cpu_to_le16(cur->key.target_class); - buf16[3] = cpu_to_le16(cur->key.specified); + if (avtab_android_m_compat && (cur->key.specified & AVTAB_XPERMS) && + (cur->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER)) + buf16[3] = cpu_to_le16(avtab_xperms_to_optype(cur->key.specified)); + else + buf16[3] = cpu_to_le16(cur->key.specified); rc = put_entry(buf16, sizeof(u16), 4, fp); if (rc) return rc; - if (cur->key.specified & AVTAB_OP) { - rc = put_entry(&cur->datum.u.ops->type, sizeof(u8), 1, fp); + if (cur->key.specified & AVTAB_XPERMS) { + if (avtab_android_m_compat == 0) { + rc = put_entry(&cur->datum.u.xperms->specified, + sizeof(u8), 1, fp); + if (rc) + return rc; + } + rc = put_entry(&cur->datum.u.xperms->driver, sizeof(u8), 1, fp); if (rc) return rc; - for (i = 0; i < ARRAY_SIZE(cur->datum.u.ops->op.perms); i++) - buf32[i] = cpu_to_le32(cur->datum.u.ops->op.perms[i]); + for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++) + buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]); rc = put_entry(buf32, sizeof(u32), - ARRAY_SIZE(cur->datum.u.ops->op.perms), fp); + ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp); } else { buf32[0] = cpu_to_le32(cur->datum.u.data); rc = put_entry(buf32, sizeof(u32), 1, fp); @@ -608,13 +673,13 @@ void avtab_cache_init(void) avtab_node_cachep = kmem_cache_create("avtab_node", sizeof(struct avtab_node), 0, SLAB_PANIC, NULL); - avtab_operation_cachep = kmem_cache_create("avtab_operation", - sizeof(struct avtab_operation), - 0, SLAB_PANIC, NULL); + avtab_xperms_cachep = kmem_cache_create("avtab_extended_perms", + sizeof(struct avtab_extended_perms), + 0, SLAB_PANIC, NULL); } void avtab_cache_destroy(void) { kmem_cache_destroy(avtab_node_cachep); - kmem_cache_destroy(avtab_operation_cachep); + kmem_cache_destroy(avtab_xperms_cachep); } diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index 97acd6fa705e..8133523ca679 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -37,33 +37,42 @@ struct avtab_key { #define AVTAB_MEMBER 0x0020 #define AVTAB_CHANGE 0x0040 #define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) -#define AVTAB_OPNUM_ALLOWED 0x0100 -#define AVTAB_OPNUM_AUDITALLOW 0x0200 -#define AVTAB_OPNUM_DONTAUDIT 0x0400 -#define AVTAB_OPNUM (AVTAB_OPNUM_ALLOWED | \ - AVTAB_OPNUM_AUDITALLOW | \ - AVTAB_OPNUM_DONTAUDIT) -#define AVTAB_OPTYPE_ALLOWED 0x1000 -#define AVTAB_OPTYPE_AUDITALLOW 0x2000 -#define AVTAB_OPTYPE_DONTAUDIT 0x4000 -#define AVTAB_OPTYPE (AVTAB_OPTYPE_ALLOWED | \ - AVTAB_OPTYPE_AUDITALLOW | \ - AVTAB_OPTYPE_DONTAUDIT) -#define AVTAB_OP (AVTAB_OPNUM | AVTAB_OPTYPE) +/* extended permissions */ +#define AVTAB_XPERMS_ALLOWED 0x0100 +#define AVTAB_XPERMS_AUDITALLOW 0x0200 +#define AVTAB_XPERMS_DONTAUDIT 0x0400 +#define AVTAB_XPERMS (AVTAB_XPERMS_ALLOWED | \ + AVTAB_XPERMS_AUDITALLOW | \ + AVTAB_XPERMS_DONTAUDIT) #define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */ #define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ u16 specified; /* what field is specified */ }; -struct avtab_operation { - u8 type; - struct operation_perm op; +/* + * For operations that require more than the 32 permissions provided by the avc + * extended permissions may be used to provide 256 bits of permissions. + */ +struct avtab_extended_perms { +/* These are not flags. All 256 values may be used */ +#define AVTAB_XPERMS_IOCTLFUNCTION 0x01 +#define AVTAB_XPERMS_IOCTLDRIVER 0x02 + /* extension of the avtab_key specified */ + u8 specified; /* ioctl, netfilter, ... */ + /* + * if 256 bits is not adequate as is often the case with ioctls, then + * multiple extended perms may be used and the driver field + * specifies which permissions are included. + */ + u8 driver; + /* 256 bits of permissions */ + struct extended_perms_data perms; }; struct avtab_datum { union { u32 data; /* access vector or type value */ - struct avtab_operation *ops; /* ioctl operations */ + struct avtab_extended_perms *xperms; } u; }; diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index c4cd20a2d5bd..18643bf9894d 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -614,18 +614,18 @@ int cond_write_list(struct policydb *p, struct cond_node *list, void *fp) return 0; } -void cond_compute_operation(struct avtab *ctab, struct avtab_key *key, - struct operation_decision *od) +void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, + struct extended_perms_decision *xpermd) { struct avtab_node *node; - if (!ctab || !key || !od) + if (!ctab || !key || !xpermd) return; for (node = avtab_search_node(ctab, key); node; node = avtab_search_node_next(node, key->specified)) { if (node->key.specified & AVTAB_ENABLED) - services_compute_operation_num(od, node); + services_compute_xperms_decision(xpermd, node); } return; @@ -634,11 +634,11 @@ void cond_compute_operation(struct avtab *ctab, struct avtab_key *key, * av table, and if so, add them to the result */ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, - struct av_decision *avd, struct operation *ops) + struct av_decision *avd, struct extended_perms *xperms) { struct avtab_node *node; - if (!ctab || !key || !avd || !ops) + if (!ctab || !key || !avd || !xperms) return; for (node = avtab_search_node(ctab, key); node; @@ -658,8 +658,8 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) avd->auditallow |= node->datum.u.data; if ((node->key.specified & AVTAB_ENABLED) && - (node->key.specified & AVTAB_OP)) - services_compute_operation_type(ops, node); + (node->key.specified & AVTAB_XPERMS)) + services_compute_xperms_drivers(xperms, node); } return; } diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h index 80ee2bb20eee..ddb43e7e1c75 100644 --- a/security/selinux/ss/conditional.h +++ b/security/selinux/ss/conditional.h @@ -74,9 +74,9 @@ int cond_write_bool(void *key, void *datum, void *ptr); int cond_write_list(struct policydb *p, struct cond_node *list, void *fp); void cond_compute_av(struct avtab *ctab, struct avtab_key *key, - struct av_decision *avd, struct operation *ops); -void cond_compute_operation(struct avtab *ctab, struct avtab_key *key, - struct operation_decision *od); + struct av_decision *avd, struct extended_perms *xperms); +void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, + struct extended_perms_decision *xpermd); int evaluate_cond_node(struct policydb *p, struct cond_node *node); #endif /* _CONDITIONAL_H_ */ diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 1c7daf20a2d7..7e5deafc150c 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -149,7 +149,7 @@ static struct policydb_compat_info policydb_compat[] = { .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_IOCTL_OPERATIONS, + .version = POLICYDB_VERSION_XPERMS_IOCTL, .sym_num = SYM_NUM, .ocon_num = OCON_NUM, }, diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4eba19fd912b..4719b109eaa0 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -96,7 +96,7 @@ static void context_struct_compute_av(struct context *scontext, struct context *tcontext, u16 tclass, struct av_decision *avd, - struct operation *ops); + struct extended_perms *xperms); struct selinux_mapping { u16 value; /* policy value */ @@ -616,39 +616,40 @@ static void type_attribute_bounds_av(struct context *scontext, } } -/* flag ioctl types that have operation permissions */ -void services_compute_operation_type( - struct operation *ops, +/* + * flag which drivers have permissions + * only looking for ioctl based extended permssions + */ +void services_compute_xperms_drivers( + struct extended_perms *xperms, struct avtab_node *node) { - u8 type; unsigned int i; - if (node->key.specified & AVTAB_OPTYPE) { - /* if allowing one or more complete types */ - for (i = 0; i < ARRAY_SIZE(ops->type); i++) - ops->type[i] |= node->datum.u.ops->op.perms[i]; - } else { - /* if allowing operations within a type */ - type = node->datum.u.ops->type; - security_operation_set(ops->type, type); + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) { + /* if one or more driver has all permissions allowed */ + for (i = 0; i < ARRAY_SIZE(xperms->drivers.p); i++) + xperms->drivers.p[i] |= node->datum.u.xperms->perms.p[i]; + } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) { + /* if allowing permissions within a driver */ + security_xperm_set(xperms->drivers.p, + node->datum.u.xperms->driver); } /* If no ioctl commands are allowed, ignore auditallow and auditdeny */ - if (node->key.specified & AVTAB_OPTYPE_ALLOWED || - node->key.specified & AVTAB_OPNUM_ALLOWED) - ops->len = 1; + if (node->key.specified & AVTAB_XPERMS_ALLOWED) + xperms->len = 1; } /* - * Compute access vectors and operations ranges based on a context + * Compute access vectors and extended permissions based on a context * structure pair for the permissions in a particular class. */ static void context_struct_compute_av(struct context *scontext, struct context *tcontext, u16 tclass, struct av_decision *avd, - struct operation *ops) + struct extended_perms *xperms) { struct constraint_node *constraint; struct role_allow *ra; @@ -662,9 +663,9 @@ static void context_struct_compute_av(struct context *scontext, avd->allowed = 0; avd->auditallow = 0; avd->auditdeny = 0xffffffff; - if (ops) { - memset(&ops->type, 0, sizeof(ops->type)); - ops->len = 0; + if (xperms) { + memset(&xperms->drivers, 0, sizeof(xperms->drivers)); + xperms->len = 0; } if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) { @@ -680,7 +681,7 @@ static void context_struct_compute_av(struct context *scontext, * this permission check, then use it. */ avkey.target_class = tclass; - avkey.specified = AVTAB_AV | AVTAB_OP; + avkey.specified = AVTAB_AV | AVTAB_XPERMS; sattr = flex_array_get(policydb.type_attr_map_array, scontext->type - 1); BUG_ON(!sattr); tattr = flex_array_get(policydb.type_attr_map_array, tcontext->type - 1); @@ -698,12 +699,13 @@ static void context_struct_compute_av(struct context *scontext, avd->auditallow |= node->datum.u.data; else if (node->key.specified == AVTAB_AUDITDENY) avd->auditdeny &= node->datum.u.data; - else if (ops && (node->key.specified & AVTAB_OP)) - services_compute_operation_type(ops, node); + else if (xperms && (node->key.specified & AVTAB_XPERMS)) + services_compute_xperms_drivers(xperms, node); } /* Check conditional av table for additional permissions */ - cond_compute_av(&policydb.te_cond_avtab, &avkey, avd, ops); + cond_compute_av(&policydb.te_cond_avtab, &avkey, + avd, xperms); } } @@ -934,57 +936,65 @@ static void avd_init(struct av_decision *avd) avd->flags = 0; } -void services_compute_operation_num(struct operation_decision *od, +void services_compute_xperms_decision(struct extended_perms_decision *xpermd, struct avtab_node *node) { unsigned int i; - if (node->key.specified & AVTAB_OPNUM) { - if (od->type != node->datum.u.ops->type) + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) { + if (xpermd->driver != node->datum.u.xperms->driver) return; - } else { - if (!security_operation_test(node->datum.u.ops->op.perms, - od->type)) + } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) { + if (!security_xperm_test(node->datum.u.xperms->perms.p, + xpermd->driver)) return; + } else { + BUG(); } - if (node->key.specified == AVTAB_OPTYPE_ALLOWED) { - od->specified |= OPERATION_ALLOWED; - memset(od->allowed->perms, 0xff, - sizeof(od->allowed->perms)); - } else if (node->key.specified == AVTAB_OPTYPE_AUDITALLOW) { - od->specified |= OPERATION_AUDITALLOW; - memset(od->auditallow->perms, 0xff, - sizeof(od->auditallow->perms)); - } else if (node->key.specified == AVTAB_OPTYPE_DONTAUDIT) { - od->specified |= OPERATION_DONTAUDIT; - memset(od->dontaudit->perms, 0xff, - sizeof(od->dontaudit->perms)); - } else if (node->key.specified == AVTAB_OPNUM_ALLOWED) { - od->specified |= OPERATION_ALLOWED; - for (i = 0; i < ARRAY_SIZE(od->allowed->perms); i++) - od->allowed->perms[i] |= - node->datum.u.ops->op.perms[i]; - } else if (node->key.specified == AVTAB_OPNUM_AUDITALLOW) { - od->specified |= OPERATION_AUDITALLOW; - for (i = 0; i < ARRAY_SIZE(od->auditallow->perms); i++) - od->auditallow->perms[i] |= - node->datum.u.ops->op.perms[i]; - } else if (node->key.specified == AVTAB_OPNUM_DONTAUDIT) { - od->specified |= OPERATION_DONTAUDIT; - for (i = 0; i < ARRAY_SIZE(od->dontaudit->perms); i++) - od->dontaudit->perms[i] |= - node->datum.u.ops->op.perms[i]; + if (node->key.specified == AVTAB_XPERMS_ALLOWED) { + xpermd->used |= XPERMS_ALLOWED; + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) { + memset(xpermd->allowed->p, 0xff, + sizeof(xpermd->allowed->p)); + } + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) { + for (i = 0; i < ARRAY_SIZE(xpermd->allowed->p); i++) + xpermd->allowed->p[i] |= + node->datum.u.xperms->perms.p[i]; + } + } else if (node->key.specified == AVTAB_XPERMS_AUDITALLOW) { + xpermd->used |= XPERMS_AUDITALLOW; + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) { + memset(xpermd->auditallow->p, 0xff, + sizeof(xpermd->auditallow->p)); + } + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) { + for (i = 0; i < ARRAY_SIZE(xpermd->auditallow->p); i++) + xpermd->auditallow->p[i] |= + node->datum.u.xperms->perms.p[i]; + } + } else if (node->key.specified == AVTAB_XPERMS_DONTAUDIT) { + xpermd->used |= XPERMS_DONTAUDIT; + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) { + memset(xpermd->dontaudit->p, 0xff, + sizeof(xpermd->dontaudit->p)); + } + if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) { + for (i = 0; i < ARRAY_SIZE(xpermd->dontaudit->p); i++) + xpermd->dontaudit->p[i] |= + node->datum.u.xperms->perms.p[i]; + } } else { BUG(); } } -void security_compute_operation(u32 ssid, +void security_compute_xperms_decision(u32 ssid, u32 tsid, u16 orig_tclass, - u8 type, - struct operation_decision *od) + u8 driver, + struct extended_perms_decision *xpermd) { u16 tclass; struct context *scontext, *tcontext; @@ -994,11 +1004,11 @@ void security_compute_operation(u32 ssid, struct ebitmap_node *snode, *tnode; unsigned int i, j; - od->type = type; - od->specified = 0; - memset(od->allowed->perms, 0, sizeof(od->allowed->perms)); - memset(od->auditallow->perms, 0, sizeof(od->auditallow->perms)); - memset(od->dontaudit->perms, 0, sizeof(od->dontaudit->perms)); + xpermd->driver = driver; + xpermd->used = 0; + memset(xpermd->allowed->p, 0, sizeof(xpermd->allowed->p)); + memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p)); + memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p)); read_lock(&policy_rwlock); if (!ss_initialized) @@ -1032,7 +1042,7 @@ void security_compute_operation(u32 ssid, } avkey.target_class = tclass; - avkey.specified = AVTAB_OP; + avkey.specified = AVTAB_XPERMS; sattr = flex_array_get(policydb.type_attr_map_array, scontext->type - 1); BUG_ON(!sattr); @@ -1046,26 +1056,27 @@ void security_compute_operation(u32 ssid, for (node = avtab_search_node(&policydb.te_avtab, &avkey); node; node = avtab_search_node_next(node, avkey.specified)) - services_compute_operation_num(od, node); + services_compute_xperms_decision(xpermd, node); - cond_compute_operation(&policydb.te_cond_avtab, - &avkey, od); + cond_compute_xperms(&policydb.te_cond_avtab, + &avkey, xpermd); } } out: read_unlock(&policy_rwlock); return; allow: - memset(od->allowed->perms, 0xff, sizeof(od->allowed->perms)); + memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p)); goto out; } + /** * security_compute_av - Compute access vector decisions. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class * @avd: access vector decisions - * @od: operation decisions + * @xperms: extended permissions * * Compute a set of access vector decisions based on the * SID pair (@ssid, @tsid) for the permissions in @tclass. @@ -1074,14 +1085,14 @@ void security_compute_av(u32 ssid, u32 tsid, u16 orig_tclass, struct av_decision *avd, - struct operation *ops) + struct extended_perms *xperms) { u16 tclass; struct context *scontext = NULL, *tcontext = NULL; read_lock(&policy_rwlock); avd_init(avd); - ops->len = 0; + xperms->len = 0; if (!ss_initialized) goto allow; @@ -1109,7 +1120,7 @@ void security_compute_av(u32 ssid, goto allow; goto out; } - context_struct_compute_av(scontext, tcontext, tclass, avd, ops); + context_struct_compute_av(scontext, tcontext, tclass, avd, xperms); map_decision(orig_tclass, avd, policydb.allow_unknown); out: read_unlock(&policy_rwlock); diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index 569757484d05..6abcd8729ec3 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -11,10 +11,10 @@ extern struct policydb policydb; -void services_compute_operation_type(struct operation *ops, +void services_compute_xperms_drivers(struct extended_perms *xperms, struct avtab_node *node); -void services_compute_operation_num(struct operation_decision *od, +void services_compute_xperms_decision(struct extended_perms_decision *xpermd, struct avtab_node *node); #endif /* _SS_SERVICES_H_ */ |