Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp4772264pxv; Tue, 29 Jun 2021 15:31:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx/LRNeQtxQVMaZM0+hBpTZK6iNKLyi14pXq+6c++J/oRP5e3Gt4dicnB/2CqM6NLdo0Sh1 X-Received: by 2002:a17:906:6ad3:: with SMTP id q19mr31799323ejs.11.1625005878645; Tue, 29 Jun 2021 15:31:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625005878; cv=none; d=google.com; s=arc-20160816; b=ocYdOA/8DACyEQHApwHlIL4Mxz9Rsk1xwUk4TZabcsWnqyzqY58/CzyOH3eMxOjmYy r0r/P0p/G9k10wrnk+FhVtbgshThSPNicWh1P+ENzSCfdPC4zzB9KoT/iVnl1vz4FijJ mR365/Ngo6W+eJeWbLMDyb2Gkk/pztmCif3l3ZJQdlkhCWijejZlrSUy1kBq36BJognu B6PE9RUo7VI06V9NfynLsSW9FjQLhA1yZ3+VHJVupUVTR9LxsAKJeG3fbPtWPO7MOjyM h5TOhb5sSk8Yyyzs19GnPrSm6xq5LYKZ7O3IrNNONwTL45+MabCFlr1Zs67prMeIjqus JquQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=kVbXk/jGkX9FNNfyx7X6Mxyt8GqROWHeQ+D0oZ/1rWQ=; b=YjGSmJGMB8jihN2mLx4TccixVctoUGoPqG5NXN45u03bjG+fayO98Ei1BF2NcjA8oj 35IzyKBFiyld/EJ3P895o/poezUjGafc6iUp4yfkWJ6Lv1k0I2wngo1jPr0aKCpBRzDI q12CVnhEaNBPh2KvniPO14LdFWqT6C3e/8v8ouZGssCs+hpjSYYQtiCgseZXhH0U1PC3 +qNO82WTpkbAWd0lIb1xHGHo6PYBL6O8Bz4/JNiEzuqqh/TOrXFrry/EA4HgVcpwk0R1 vuC6GmgoSVpYiGUGpsVaZKkVlffgEVgsGgi6b1+N1JTkXV4p7zPjiJz9VdzewRE6b5WC 77WA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=CKkESIfc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p31si22867985edb.554.2021.06.29.15.30.46; Tue, 29 Jun 2021 15:31:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=CKkESIfc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235631AbhF2Vim (ORCPT + 99 others); Tue, 29 Jun 2021 17:38:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235445AbhF2Vim (ORCPT ); Tue, 29 Jun 2021 17:38:42 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7466C061760 for ; Tue, 29 Jun 2021 14:36:13 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id j11so113933edq.6 for ; Tue, 29 Jun 2021 14:36:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=kVbXk/jGkX9FNNfyx7X6Mxyt8GqROWHeQ+D0oZ/1rWQ=; b=CKkESIfcf8PxrA+EjyxdXfq/B8pdPyMMuQzo4iLBkBNAO+/4WefIuWjHuhMptM7CvA E8zQicV5wwjKbD1D09KAfTx5xWZUjc7tSGATHt2tlTsRBGWcQbfIoiXzHlgVRgB+PhEb ixtemYRI4pIsOmEdxuzy7ig+vVJ7n6bvqK6hjC3v1c7wnYpw8gbhzIBd+9++G4i1ZcUj /XF8o9HILnUSDESr4I/EeOBN7JOj1xd25r+kTC7lImvpAJvlhjewqFs/vuCISC0puVVc hqVM1uOvEYfJqH3j7VMTRpy0dPF6D0sxLuWdMFQoz4ojezvUOdh9wRj4VivXclaCcg3i 4gwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=kVbXk/jGkX9FNNfyx7X6Mxyt8GqROWHeQ+D0oZ/1rWQ=; b=qe1KmEnjOxf44ZdhuQCjS1vJcss27H/WWAlmUVS4N/PV2//vivFYVcShNZv4lQLtnA nlLwz5yBiDKTHeC77uSfR+rpsJK6vdFVtOQyJu0DDtJUEZdFrsoaKzgutYKfPGurQ0ht VDJFPbLNc1/VBU0eAdEuTBdPQzEqnJpHSmqr+hRC4jANyZ2Lqiqio6X2uEzXfXxHsC2X xXBYSNC4wjrfgI6qVHpQtRtLr403SuhMBEersd6QAgV6pIWqp+saCbC4kHf7dqRHrOBC CaICuycjgVWDw1bXmQ2aH9fznhm6W0TvwO3wvKVyvASHT77G8WuNYAIGvZNkMJPm1T8s Uoww== X-Gm-Message-State: AOAM530lCFpmJDufsqTqn64JGX0DS8gqDawo1ym7edgK4shOKAX/6QKQ iJ3GkZjL0fK56Y/sVioTDJ1BkWSFVv0Km4o6W1Zk X-Received: by 2002:a05:6402:1d17:: with SMTP id dg23mr42849509edb.128.1625002572146; Tue, 29 Jun 2021 14:36:12 -0700 (PDT) MIME-Version: 1.0 From: Paul Moore Date: Tue, 29 Jun 2021 17:36:01 -0400 Message-ID: Subject: [GIT PULL] SELinux patches for v5.14 To: Linus Torvalds Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Linus, Here is the SELinux pull request for v5.14, the highlights are below: * The slow_avc_audit() function is now non-blocking so we can remove the AVC_NONBLOCKING tricks; this also includes the 'flags' variant of avc_has_perm(). * Use kmemdup() instead of kcalloc()+copy when copying parts of the SELinux policydb. * The InfiniBand device name is now passed by reference when possible in the SELinux code, removing a strncpy(). * Minor cleanups including: constification of avtab function args, removal of useless LSM/XFRM function args, SELinux kdoc fixes, and removal of redundant assignments. Everything has been tested against the selinux-testsuite and as of a few moments ago the tag applies cleanly to your tree; please merge this for v5.14. Thanks, -Paul -- The following changes since commit 6efb943b8616ec53a5e444193dccf1af9ad627b5: Linux 5.13-rc1 (2021-05-09 14:17:44 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20210629 for you to fetch changes up to d99cf13f14200cdb5cbb704345774c9c0698612d: selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit() (2021-06-11 13:11:45 -0400) ---------------------------------------------------------------- selinux/stable-5.14 PR 20210629 ---------------------------------------------------------------- Al Viro (2): selinux: slow_avc_audit has become non-blocking selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit() Jiapeng Chong (1): selinux: Remove redundant assignment to rc Minchan Kim (1): selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC Ondrej Mosnacek (3): selinux: simplify duplicate_policydb_cond_list() by using kmemdup() selinux: constify some avtab function arguments lsm_audit,selinux: pass IB device name by reference Souptick Joarder (1): selinux: Corrected comment to match kernel-doc comment Yang Li (1): selinux: Fix kernel-doc Zhongjun Tan (1): selinux: delete selinux_xfrm_policy_lookup() useless argument include/linux/lsm_audit.h | 8 ++--- include/linux/lsm_hook_defs.h | 3 +- include/linux/security.h | 4 +-- net/xfrm/xfrm_policy.c | 6 ++-- security/security.c | 4 +-- security/selinux/avc.c | 61 ++++++++-------------------------- security/selinux/hooks.c | 22 ++++---------- security/selinux/include/avc.h | 13 +-------- security/selinux/include/xfrm.h | 2 +- security/selinux/ss/avtab.c | 28 +++++++++--------- security/selinux/ss/avtab.h | 16 +++++----- security/selinux/ss/conditional.c | 14 +++++---- security/selinux/ss/policydb.c | 1 - security/selinux/ss/services.c | 27 +++++++++++++---- security/selinux/xfrm.c | 2 +- 15 files changed, 90 insertions(+), 121 deletions(-) -- paul moore www.paul-moore.com