Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp905734ybg; Mon, 1 Jun 2020 18:11:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwenycgj6OHGQESHM08xEwauP7BTebkg1pIcsRVMr1bWnMGcsgmZ7GuWZ6WYhIo/6BGja3M X-Received: by 2002:a17:906:9157:: with SMTP id y23mr22911248ejw.0.1591060274931; Mon, 01 Jun 2020 18:11:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591060274; cv=none; d=google.com; s=arc-20160816; b=efIsbAym/1Qzfwa89jrj359mSR9na+YDSyR5z099Q5Jr7bGHph9avzUMnYzF+fWarG Ap1KLJ9n2Tuwmnl62LeKNqca44k/x3rZ1XRS4+DIpzn+6/p5hATA+bQOpuDDP9sIMnAs J6LYyRV42TQDfeSRSVVNJLIRpzhh4FxvJ6i0uOVFRfj5Nprj0SeC0q3GbORmUMUW1EKe lqPp5EwzEE1HrgE9IhQuliM+M2cr9qoYucU4PZmxHwOq+okbw2KHDclv83a8ZXo6bq4F Y4YGXdShCpMnOeqNRIDwx44NSokC0+o6ea/vNFDcBuqbaK0i1RCdsuaplgqi3nkJ6W5Z 4LfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :mime-version:dkim-signature; bh=bacYd6Xj63f6+mhdcMdTVJ2YDOuetS8awQOMSRyd60k=; b=xSP47iZjPCzbDsARYXnCIJkS30TvbGmSrWWbKz5639EJQOwhgDxw97AaWzryhlDa3W PGpCQv1NbAjGWiSDkyb+/czUhaG2GB3vPqjgXk1+GFG+SVeySDW9f5vPbl2GIDcSg81u 02QgsxofT6M5fpjH8HWH/PYFgjdIUXVHlu6AavNe4IDYOBZBiOLM/w0yxuVuyxFEhwNU FfoHsn1ziGwmv76CvhRCTeIXSw0p2WdFSH58FHrHCM/5Wd6pr8zQ0QQ7ZrNHMLI4IyLQ jFFRdOnTYUsHH1ayb/Gp4JZt+3VWd8od0JeChlfHkS5VX3sNFRkajeQYdOOggKXFeRfR lrvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=g3P79kjv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d7si593583edt.176.2020.06.01.18.10.51; Mon, 01 Jun 2020 18:11:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=g3P79kjv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725900AbgFBBHC (ORCPT + 99 others); Mon, 1 Jun 2020 21:07:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47724 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725825AbgFBBHB (ORCPT ); Mon, 1 Jun 2020 21:07:01 -0400 Received: from mail-ej1-x643.google.com (mail-ej1-x643.google.com [IPv6:2a00:1450:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AF0BC061A0E for ; Mon, 1 Jun 2020 18:07:00 -0700 (PDT) Received: by mail-ej1-x643.google.com with SMTP id x1so11035914ejd.8 for ; Mon, 01 Jun 2020 18:07:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=bacYd6Xj63f6+mhdcMdTVJ2YDOuetS8awQOMSRyd60k=; b=g3P79kjvPSikCAVrOvBjMTJ1MhKHE5VPpEN91wi3kMamR76EyRhCW9QvW8uo4vgVeY 4T/e+gLBxH1XD09jzNROz6FxUoHmrP7v9gVAhUpKD/OEEnkjrnz8yAKbp3vQGEGf8IOr r86eaWMmSva9QxMhxNWI7HqZHNI9gy9hAspDJ3MWp8Tj1XQF3/Vdffbuw8+0MOkTBCN+ qw0F9UkTrdMj4I1Ao7kICX4j8WOagpY+oE0Y6vhkNXaAo9cahwHcCiwoYPrTxychDbB7 aX4VoZrX1I1exEHTXOqkJTuflg7HRJS3lvG7ZwRA6PAAWPkD1BD99DE45/LjxwR012CP t/Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=bacYd6Xj63f6+mhdcMdTVJ2YDOuetS8awQOMSRyd60k=; b=eCn7XklC1newYEm3RKYpIqY+Wnh1bK9lv1yW8odpWY8XppMPySlvoqr09MQVt9qkkA +PO8GaWjLPZHP+ZM0JSC1SF+bn7qLSqFGdUqHjgYT8tJg6tFYR+JF0bjLXi8uLjzihOM cWA61F4+l+mIN8Kpws3Iy3+FJnC0+jT9c4ipzfS7HtNy5BzRVlJ7e15D6w1hTc+NaJuo MRlv8uzM6kBYTlWfh+T3kjO//pigV58e47LGKJ4nQ5X1UPdsUeggk3EFIWt4/L1yodlk kITNVkl/Oqt/EElZm6RQko37JWwpOztbjWNRypXwCFqAoxv2ZpLKIoZOWKpgTHFAy6bj +r8w== X-Gm-Message-State: AOAM5321m/sbXEADMHiay0A97NIQ5z8UMrC1H8xsAQBf/ZCwe7AxfrtX UHi69ZJtCVjkYfjq7SB83cWXamTCfhR++R1WBmQh X-Received: by 2002:a17:906:7395:: with SMTP id f21mr10789073ejl.178.1591060018671; Mon, 01 Jun 2020 18:06:58 -0700 (PDT) MIME-Version: 1.0 From: Paul Moore Date: Mon, 1 Jun 2020 21:06:48 -0400 Message-ID: Subject: [GIT PULL] SELinux patches for v5.8 To: Linus Torvalds Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Linus, Here are the SELinux patches for v5.8. All the patches pass our test suite and as of about 15 minutes ago they apply cleanly to the top of your tree. Please merge into v5.8. The highlights: - A number of improvements to various SELinux internal data structures to help improve performance. We move the role transitions into a hash table. In the content structure we shift from hashing the content string (aka SELinux label) to the structure itself, when it is valid. This last change not only offers a speedup, but it helps us simplify the code some as well. - Add a new SELinux policy version which allows for a more space efficient way of storing the filename transitions in the binary policy. Given the default Fedora SELinux policy with the unconfined module enabled, this change drops the policy size from ~7.6MB to ~3.3MB. The kernel policy load time dropped as well. - Some fixes to the error handling code in the policy parser to properly return error codes when things go wrong. Thanks, -Paul -- The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136: Linux 5.7-rc1 (2020-04-12 12:35:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20200601 for you to fetch changes up to fe5a90b8c14914397a3bb0c214d142103c1ba3bf: selinux: netlabel: Remove unused inline function (2020-05-12 20:16:33 -0400) ---------------------------------------------------------------- selinux/stable-5.8 PR 20200601 ---------------------------------------------------------------- Ondrej Mosnacek (9): selinux: drop unnecessary smp_load_acquire() call selinux: store role transitions in a hash table selinux: hash context structure directly selinux: move context hashing under sidtab selinux: implement new format of filename transitions selinux: don't produce incorrect filename_trans_count selinux: simplify range_write() selinux: fix return value on error in policydb_read() selinux: do not allocate hashtabs dynamically Wei Yongjun (1): selinux: fix error return code in policydb_read() YueHaibing (1): selinux: netlabel: Remove unused inline function Zou Wei (1): selinux: fix warning Comparison to bool security/selinux/Makefile | 2 +- security/selinux/include/netlabel.h | 6 - security/selinux/include/security.h | 3 +- security/selinux/ss/context.c | 32 +++ security/selinux/ss/context.h | 11 +- security/selinux/ss/ebitmap.c | 14 ++ security/selinux/ss/ebitmap.h | 1 + security/selinux/ss/hashtab.c | 51 ++-- security/selinux/ss/hashtab.h | 13 +- security/selinux/ss/mls.c | 16 +- security/selinux/ss/mls.h | 11 + security/selinux/ss/policydb.c | 451 +++++++++++++++++++++++--------- security/selinux/ss/policydb.h | 15 +- security/selinux/ss/services.c | 153 +++++------- security/selinux/ss/services.h | 3 - security/selinux/ss/sidtab.c | 35 +-- security/selinux/ss/sidtab.h | 1 + security/selinux/ss/symtab.c | 5 +- security/selinux/ss/symtab.h | 2 +- 19 files changed, 499 insertions(+), 326 deletions(-) create mode 100644 security/selinux/ss/context.c -- paul moore www.paul-moore.com