From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755555AbbDJLZh (ORCPT <rfc822;w@1wt.eu>);
	Fri, 10 Apr 2015 07:25:37 -0400
Received: from www262.sakura.ne.jp ([202.181.97.72]:63211 "EHLO
	www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755388AbbDJLZb (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 10 Apr 2015 07:25:31 -0400
To: casey@schaufler-ca.com, john.johansen@canonical.com
Cc: jmorris@namei.org, james.l.morris@oracle.com,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org,
        pmoore@redhat.com, sds@tycho.nsa.gov, eparis@redhat.com,
        keescook@chromium.org
Subject: Re: [PATCH 0/7 v21] LSM: Multiple concurrent LSMs
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
References: <54FE4553.3000209@schaufler-ca.com>
In-Reply-To: <54FE4553.3000209@schaufler-ca.com>
Message-Id: <201504102024.HGF17141.SOFFJQOMOFtHLV@I-love.SAKURA.ne.jp>
X-Mailer: Winbiff [Version 2.51 PL2]
X-Accept-Language: ja,en,zh
Date: Fri, 10 Apr 2015 20:24:59 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patchset seems to be blocked for waiting for an ACK from AppArmor
people. John, can you give us ACK?

Apart from ACK from John, I wrote a cleanup patch (shown below) which
we might want to append to this patchset, though we anyway need to
refresh this patchset with commit 58bc19542455 in linux-next.git included.
----------------------------------------
>>From 49f753bb197ed2dda9c7958b5acf9d5458d102ef Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Fri, 10 Apr 2015 13:57:45 +0900
Subject: [PATCH] Cleanups for LSM: Multiple concurrent LSMs

(1) Move definition of SECURITY_NAME_MAX from include/linux/security.h and
    include/linux/lsm_hooks.h to security/security.c.

(2) Drop "#ifdef CONFIG_SECURITY" from include/linux/lsm_hooks.h because
    all files which include this file depend on CONFIG_SECURITY=y.

(3) Drop comment of removed "union security_list_options"->name member.

(4) Drop cap_netlink_send() which always returns 0.

(5) Simplify security_add_hooks(), and move it from security/security.c
    to include/linux/lsm_hooks.h as an inline function.

(6) Move prototype of yama_add_hooks() and capability_add_hooks() from
    include/linux/security.h to include/linux/lsm_hooks.h, and mark them
    as __init functions.

(7) Move security_delete_hooks() from security/security.c to
    security/selinux/hooks.c.

(8) Update comment of prototype of commoncap functions.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 include/linux/lsm_hooks.h | 33 +++++++++++++++------------------
 include/linux/security.h  | 17 ++---------------
 security/commoncap.c      |  7 +------
 security/security.c       | 28 +++-------------------------
 security/selinux/hooks.c  |  8 ++++++++
 security/yama/yama_lsm.c  |  2 +-
 6 files changed, 30 insertions(+), 65 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index c86aaf0..3b805de 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -25,19 +25,10 @@
 #define __LINUX_LSM_HOOKS_H
 
 #include <linux/security.h>
-
-/* Maximum number of letters for an LSM name string */
-#define SECURITY_NAME_MAX	10
-
-#ifdef CONFIG_SECURITY
+#include <linux/init.h>
+#include <linux/rculist.h>
 
 /**
- * Security module identifier.
- *
- * @name:
- *	A string that acts as a unique identifier for the LSM with max number
- *	of characters = SECURITY_NAME_MAX.
- *
  * Security hooks for program execution operations.
  *
  * @bprm_set_creds:
@@ -1859,14 +1850,20 @@ struct security_hook_list {
 
 extern struct security_hook_heads security_hook_heads;
 
+static inline void security_add_hooks(struct security_hook_list *hooks,
+				      int count)
+{
+	int i;
+
+	for (i = 0; i < count; i++)
+		list_add_tail_rcu(&hooks[i].list, hooks[i].head);
+}
+
 /* prototypes */
-extern int security_module_enable(const char *module);
-extern void security_add_hooks(struct security_hook_list *hooks, int count);
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-extern void security_delete_hooks(struct security_hook_list *hooks, int count);
+extern int __init security_module_enable(const char *module);
+extern void __init capability_add_hooks(void);
+#ifdef CONFIG_SECURITY_YAMA_STACKED
+void __init yama_add_hooks(void);
 #endif
 
-#endif /* CONFIG_SECURITY */
-
 #endif /* ! __LINUX_LSM_HOOKS_H */
-
diff --git a/include/linux/security.h b/include/linux/security.h
index 04e2a3e..337105f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -55,9 +55,6 @@ struct xattr;
 struct xfrm_sec_ctx;
 struct mm_struct;
 
-/* Maximum number of letters for an LSM name string */
-#define SECURITY_NAME_MAX	10
-
 /* If capable should audit the security request */
 #define SECURITY_CAP_NOAUDIT 0
 #define SECURITY_CAP_AUDIT 1
@@ -70,10 +67,7 @@ struct audit_krule;
 struct user_namespace;
 struct timezone;
 
-/*
- * These functions are in security/capability.c and are used
- * as the default capabilities functions
- */
+/* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, int audit);
 extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
@@ -101,7 +95,6 @@ extern int cap_task_setscheduler(struct task_struct *p);
 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
 extern int cap_task_setnice(struct task_struct *p, int nice);
 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
-extern void capability_add_hooks(void);
 
 struct msghdr;
 struct sk_buff;
@@ -116,8 +109,6 @@ struct xfrm_state;
 struct xfrm_user_sec_ctx;
 struct seq_file;
 
-extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
-
 #ifdef CONFIG_MMU
 extern unsigned long mmap_min_addr;
 extern unsigned long dac_mmap_min_addr;
@@ -1078,7 +1069,7 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void *
 
 static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
-	return cap_netlink_send(sk, skb);
+	return 0;
 }
 
 static inline int security_ismaclabel(const char *name)
@@ -1653,9 +1644,5 @@ static inline void free_secdata(void *secdata)
 { }
 #endif /* CONFIG_SECURITY */
 
-#ifdef CONFIG_SECURITY_YAMA_STACKED
-void yama_add_hooks(void);
-#endif
-
 #endif /* ! __LINUX_SECURITY_H */
 
diff --git a/security/commoncap.c b/security/commoncap.c
index b7f341f..fe76865 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -53,11 +53,6 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
 	}
 }
 
-int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-{
-	return 0;
-}
-
 /**
  * cap_capable - Determine whether a task has a particular effective capability
  * @cred: The credentials to use
@@ -1005,7 +1000,7 @@ struct security_hook_list capability_hooks[] = {
 	LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory),
 };
 
-void capability_add_hooks(void)
+void __init capability_add_hooks(void)
 {
 	security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
 }
diff --git a/security/security.c b/security/security.c
index be10ea4..e9d7171 100644
--- a/security/security.c
+++ b/security/security.c
@@ -29,6 +29,9 @@
 
 #define MAX_LSM_EVM_XATTR	2
 
+/* Maximum number of letters for an LSM name string */
+#define SECURITY_NAME_MAX	10
+
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
 	CONFIG_DEFAULT_SECURITY;
@@ -1888,28 +1891,3 @@ struct security_hook_heads security_hook_heads = {
 		LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
 #endif /* CONFIG_AUDIT */
 };
-
-void security_add_hooks(struct security_hook_list *hooks, int count)
-{
-	struct security_hook_list *shp;
-	int i;
-
-	for (i = 0; i < count; i++) {
-		INIT_LIST_HEAD(&hooks[i].list);
-		shp = list_last_entry(hooks[i].head,
-					struct security_hook_list, list);
-		list_add_rcu(&hooks[i].list, &shp->list);
-	}
-}
-
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-
-void security_delete_hooks(struct security_hook_list *hooks, int count)
-{
-	int i;
-
-	for (i = 0; i < count; i++)
-		list_del_rcu(&hooks[i].list);
-}
-
-#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3fd8610..cea78f2 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6161,6 +6161,14 @@ static void selinux_nf_ip_exit(void)
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 static int selinux_disabled;
 
+static void security_delete_hooks(struct security_hook_list *hooks, int count)
+{
+	int i;
+
+	for (i = 0; i < count; i++)
+		list_del_rcu(&hooks[i].list);
+}
+
 int selinux_disable(void)
 {
 	if (ss_initialized) {
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index a6b876d..9ed3250 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -353,7 +353,7 @@ static struct security_hook_list yama_hooks[] = {
 	LSM_HOOK_INIT(task_free, yama_task_free),
 };
 
-void yama_add_hooks(void)
+void __init yama_add_hooks(void)
 {
 	security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
 }
-- 
1.8.3.1