[GIT PULL] SELinux patches for v6.1

From: Paul Moore <paul@paul-moore.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [GIT PULL] SELinux patches for v6.1
Date: Mon, 3 Oct 2022 16:44:56 -0400	[thread overview]
Message-ID: <CAHC9VhQF6oLGHN=fHSN568iM-mP7yDpMWH=OKwSRADu4Rb5-Dw@mail.gmail.com> (raw)

Hi Linus,

Six SELinux patches, all are simple and easily understood, but a list
of the highlights is below:

- Use 'grep -E' instead of 'egrep' in the SELinux policy install
script.  Fun fact, this seems to be GregKH's *second* dedicated
SELinux patch since we transitioned to git (ignoring merges, the SPDX
stuff, and a trivial fs reference removal when lustre was yanked); the
first was back in 2011 when selinuxfs was placed in /sys/fs/selinux.
Oh, the memories ...

- Convert the SELinux policy boolean values to use signed integer
types throughout the SELinux kernel code.  Prior to this we were using
a mix of signed and unsigned integers which was probably okay in this
particular case, but it is definitely not a good idea in general.

- Remove a reference to the SELinux runtime disable functionality in
/etc/selinux/config as we are in the process of deprecating that.  See
<https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable>
for more background on this if you missed the previous notes on the
deprecation.

- Minor cleanups: remove unneeded variables and function parameter
constification.

Please merge for v6.1,
-Paul

--
The following changes since commit 568035b01cfb107af8d2e4bd2fb9aea22cf5b868:

 Linux 6.0-rc1 (2022-08-14 15:50:18 -0700)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
   tags/selinux-pr-20221003

for you to fetch changes up to 2fe2fb4ce60be9005d7bfdd5665be03b8efb5b13:

 selinux: remove runtime disable message in the install_policy.sh script
   (2022-09-20 14:12:25 -0400)

----------------------------------------------------------------
selinux/stable-6.1 PR 20221003

----------------------------------------------------------------
Christian Göttsche (2):
     selinux: use int arrays for boolean values
     selinux: declare read-only parameters const

Greg Kroah-Hartman (1):
     selinux: use "grep -E" instead of "egrep"

Paul Moore (1):
     selinux: remove runtime disable message in the install_policy.sh script

Xu Panda (1):
     selinux: remove the unneeded result variable

ye xingchen (1):
     selinux: remove an unneeded variable in sel_make_class_dir_entries()

scripts/selinux/install_policy.sh |  5 ++---
security/selinux/hooks.c          | 24 +++++++++---------------
security/selinux/selinuxfs.c      | 15 ++++++---------
security/selinux/ss/context.h     | 17 +++++++++--------
security/selinux/ss/ebitmap.c     | 21 +++++++++++----------
security/selinux/ss/ebitmap.h     | 18 +++++++++---------
security/selinux/ss/mls_types.h   |  4 ++--
7 files changed, 48 insertions(+), 56 deletions(-)

-- 
paul-moore.com