Received-SPF: pass (google.com: domain of linux-kernel+bounces-18414-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Date: Fri, 05 Jan 2024 18:21:08 -0500
Message-ID: <7502247c0a4439b9bcf2c2ae315f2433@paul-moore.com>
From: Paul Moore <paul@paul-moore.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] selinux/selinux-pr-20240105
Precedence: bulk

Hi Linus,

I realize this is a little early, but my network access is expected to
be a little spotty the first half of next week so I wanted to get the
Linux v6.8 pull requests out now.  The highlights of the SELinux pull
request are below:

* Add a new SELinux initial SID, SECINITSID_INIT, to represent
userspace processes started before the SELinux policy is loaded in
early boot.  Prior to this patch all processes were marked as
SECINITSID_KERNEL before the SELinux policy was loaded, making it
difficult to distinquish early boot userspace processes from the
kernel in the SELinux policy.  For most users this will be a non-issue
as the policy is loaded early enough during boot, but for users who
load their SELinux policy relatively late, this should make it easier
to construct meaningful security policies.

* Cleanups to the selinuxfs code by Al, mostly on VFS related issues
during a policy reload.  The commit description has more detail, but
the quick summary is that we are replacing a disconnected directory
approach with a temporary directory that we swapover at the end of
the reload.

* Fix an issue where the input sanity checking on socket bind()
operations was slightly different depending on the presence of
SELinux.  This is caused by the placement of the LSM hooks in the
generic socket layer as opposed to the protocol specific bind()
handler where the protocol specific sanity checks are performed.
Mickaël has mentioned that he is working to fix this, but in the
meantime we just ensure that we are replicating the checks properly.
We need to balance the placement of the LSM hooks with the number of
LSM hooks; pushing the hooks down into the protocol layers is likely
not the right answer.

* Update the avc_has_perm_noaudit() prototype to better match the
function definition.

* Migrate from using partial_name_hash() to full_name_hash() the
filename transition hash table.  This improves the quality of the code
and has the potential for a minor performance bump.

* Consolidate some open coded SELinux access vector comparisions into
a single new function, avtab_node_cmp(), and use that instead.  A
small, but nice win for code quality and maintainability.

* Updated the SELinux MAINTAINERS entry with additional information
around process, bug reporting, etc.  We're also updating some of our
"official" roles: dropping Eric Paris and adding Ondrej as a reviewer.

* Cleanup the coding style crimes in security/selinux/include.  While
I'm not a fan of code churn, I am pushing for more automated code
checks that can be done at the developer level and one of the obvious
things to check for is coding style.  In an effort to start from a
"good" base I'm slowly working through our source files cleaning them
up with the help of clang-format and good ol' fashioned human
eyeballs; this pull request has the first batch of these changes.
I've been splitting the changes up per-file to help reduce the impact
if backports are required (either for LTS or distro kernels), and I
expect the some of the larger files, e.g. hooks.c and ss/services.c,
will likely need to be split even further.

* Cleanup old, outdated comments.

Thanks,
-Paul

--
The following changes since commit b85ea95d086471afb4ad062012a4d73cd328fa86:

  Linux 6.7-rc1 (2023-11-12 16:19:07 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
    tags/selinux-pr-20240105

for you to fetch changes up to bbf5a1d0e5d0fb3bdf90205aa872636122692a50:

  selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
    (2024-01-04 16:54:54 -0500)

----------------------------------------------------------------
selinux/stable-6.8 PR 20240105

----------------------------------------------------------------
Al Viro (1):
      selinux: saner handling of policy reloads

Jacob Satterfield (1):
      selinux: refactor avtab_node comparisons

Mickaël Salaün (1):
      selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket

Munehisa Kamata (1):
      selinux: remove the wrong comment about multithreaded process handling

Ondrej Mosnacek (1):
      selinux: introduce an initial SID for early boot processes

Paul Moore (19):
      selinux: update filenametr_hash() to use full_name_hash()
      MAINTAINERS: update the SELinux entry
      MAINTAINERS: add Ondrej Mosnacek as a SELinux reviewer
      MAINTAINERS: drop Eric Paris from his SELinux role
      selinux: fix style issues in security/selinux/include/audit.h
      selinux: fix style issues in security/selinux/include/avc.h
      selinux: align avc_has_perm_noaudit() prototype with definition
      selinux: fix style issues in security/selinux/include/avc_ss.h
      selinux: fix style issues in security/selinux/include/classmap.h
      selinux: fix style issues in security/selinux/include/conditional.h
      selinux: fix style issues in security/selinux/include/ima.h
      selinux: fix style issues in security/selinux/include/netif.h
      selinux: fix style issues with security/selinux/include/netlabel.h
      selinux: fix style issues in security/selinux/include/objsec.h
      selinux: fix style issues in security/selinux/include/policycap.h
      selinux: fix style issues with
        security/selinux/include/policycap_names.h
      selinux: fix style issues in security/selinux/include/security.h
      selinux: fix style issues in security/selinux/include/xfrm.h
      selinux: fix style issues in
        security/selinux/include/initial_sid_to_string.h

 MAINTAINERS                                      |   8 +-
 security/selinux/hooks.c                         |  36 ++-
 security/selinux/include/audit.h                 |   1 -
 security/selinux/include/avc.h                   |  41 +--
 security/selinux/include/avc_ss.h                |   2 +-
 security/selinux/include/classmap.h              | 342 +++++++------------
 security/selinux/include/conditional.h           |   4 +-
 security/selinux/include/ima.h                   |   2 +-
 security/selinux/include/initial_sid_to_string.h |  57 ++--
 security/selinux/include/netif.h                 |   4 +-
 security/selinux/include/netlabel.h              |  53 ++--
 security/selinux/include/objsec.h                | 129 ++++-----
 security/selinux/include/policycap.h             |   2 +
 security/selinux/include/policycap_names.h       |   4 +
 security/selinux/include/security.h              | 161 +++++------
 security/selinux/include/xfrm.h                  |   4 +-
 security/selinux/selinuxfs.c                     | 148 +++++-----
 security/selinux/ss/avtab.c                      | 101 +++----
 security/selinux/ss/policydb.c                   |  38 ++-
 security/selinux/ss/services.c                   |  13 +-
 20 files changed, 545 insertions(+), 605 deletions(-)

--
paul-moore.com