• Linus Torvalds's avatar
    Merge tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · 1dbae189
    Linus Torvalds authored
    Pull selinux updates from Paul Moore:
     "Thirty three SELinux patches, which is a pretty big number for us, but
      there isn't really anything scary in here; in fact we actually manage
      to remove 10 lines of code with this :)
    
       - Promote the SELinux DEBUG_HASHES macro to CONFIG_SECURITY_SELINUX_DEBUG
    
         The DEBUG_HASHES macro was a buried SELinux specific preprocessor
         debug macro that was a problem waiting to happen. Promoting the
         debug macro to a proper Kconfig setting should help both improve
         the visibility of the feature as well enable improved test
         coverage. We've moved some additional debug functions under the
         CONFIG_SECURITY_SELINUX_DEBUG flag and we may see more work in the
         future.
    
       - Emit a pr_notice() message if virtual memory is executable by default
    
         As this impacts the SELinux access control policy enforcement, if
         the system's configuration is such that virtual memory is
         executable by default we print a single line notice to the console.
    
       - Drop avtab_search() in favor of avtab_search_node()
    
         Both functions are nearly identical so we removed avtab_search()
         and converted the callers to avtab_search_node().
    
       - Add some SELinux network auditing helpers
    
         The helpers not only reduce a small amount of code duplication, but
         they provide an opportunity to improve UDP flood performance
         slightly by delaying initialization of the audit data in some
         cases.
    
       - Convert GFP_ATOMIC allocators to GFP_KERNEL when reading SELinux policy
    
         There were two SELinux policy load helper functions that were
         allocating memory using GFP_ATOMIC, they have been converted to
         GFP_KERNEL.
    
       - Quiet a KMSAN warning in selinux_inet_conn_request()
    
         A one-line error path (re)set patch that resolves a KMSAN warning.
         It is important to note that this doesn't represent a real bug in
         the current code, but it quiets KMSAN and arguably hardens the code
         against future changes.
    
       - Cleanup the policy capability accessor functions
    
         This is a follow-up to the patch which reverted SELinux to using a
         global selinux_state pointer. This patch cleans up some artifacts
         of that change and turns each accessor into a one-line READ_ONCE()
         call into the policy capabilities array.
    
       - A number of patches from Christian Göttsche
    
         Christian submitted almost two-thirds of the patches in this pull
         request as he worked to harden the SELinux code against type
         differences, variable overflows, etc.
    
       - Support for separating early userspace from the kernel in policy,
         with a later revert
    
         We did have a patch that added a new userspace initial SID which
         would allow SELinux to distinguish between early user processes
         created before the initial policy load and the kernel itself.
    
         Unfortunately additional post-merge testing revealed a problematic
         interaction with an old SELinux userspace on an old version of
         Ubuntu so we've reverted the patch until we can resolve the
         compatibility issue.
    
       - Remove some outdated comments dealing with LSM hook registration
    
         When we removed the runtime disable functionality we forgot to
         remove some old comments discussing the importance of LSM hook
         registration ordering.
    
       - Minor administrative changes
    
         Stephen Smalley updated his email address and "debranded" SELinux
         from "NSA SELinux" to simply "SELinux". We've come a long way from
         the original NSA submission and I would consider SELinux a true
         community project at this point so removing the NSA branding just
         makes sense"
    
    * tag 'selinux-pr-20230829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: (33 commits)
      selinux: prevent KMSAN warning in selinux_inet_conn_request()
      selinux: use unsigned iterator in nlmsgtab code
      selinux: avoid implicit conversions in policydb code
      selinux: avoid implicit conversions in selinuxfs code
      selinux: make left shifts well defined
      selinux: update type for number of class permissions in services code
      selinux: avoid implicit conversions in avtab code
      selinux: revert SECINITSID_INIT support
      selinux: use GFP_KERNEL while reading binary policy
      selinux: update comment on selinux_hooks[]
      selinux: avoid implicit conversions in services code
      selinux: avoid implicit conversions in mls code
      selinux: use identical iterator type in hashtab_duplicate()
      selinux: move debug functions into debug configuration
      selinux: log about VM being executable by default
      selinux: fix a 0/NULL mistmatch in ad_net_init_from_iif()
      selinux: introduce SECURITY_SELINUX_DEBUG configuration
      selinux: introduce and use lsm_ad_net_init*() helpers
      selinux: update my email address
      selinux: add missing newlines in pr_err() statements
      ...
    1dbae189
policydb.c 75.6 KB