From eccbe858ce6412b96fc7cb32eb23a3592f64e5f6 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 8 Mar 2016 21:17:20 -0300 Subject: Linux-libre 4.4.4-gnu --- security/commoncap.c | 4 ++-- security/device_cgroup.c | 2 +- security/security.c | 20 ++++++++++---------- security/smack/smack_lsm.c | 8 +++----- security/yama/yama_lsm.c | 4 ++-- 5 files changed, 18 insertions(+), 20 deletions(-) (limited to 'security') diff --git a/security/commoncap.c b/security/commoncap.c index bf8241483..50a1a40f0 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1058,14 +1058,14 @@ int cap_mmap_addr(unsigned long addr) } return ret; } -EXPORT_SYMBOL(cap_mmap_addr); +EXPORT_SYMBOL_GPL(cap_mmap_addr); int cap_mmap_file(struct file *file, unsigned long reqprot, unsigned long prot, unsigned long flags) { return 0; } -EXPORT_SYMBOL(cap_mmap_file); +EXPORT_SYMBOL_GPL(cap_mmap_file); #ifdef CONFIG_SECURITY diff --git a/security/device_cgroup.c b/security/device_cgroup.c index b00aa761d..f88c84bf1 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -850,7 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask) return __devcgroup_check_permission(type, imajor(inode), iminor(inode), access); } -EXPORT_SYMBOL(__devcgroup_inode_permission); +EXPORT_SYMBOL_GPL(__devcgroup_inode_permission); int devcgroup_inode_mknod(int mode, dev_t dev) { diff --git a/security/security.c b/security/security.c index 54488b0f0..bc8514e27 100644 --- a/security/security.c +++ b/security/security.c @@ -433,7 +433,7 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry) return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } -EXPORT_SYMBOL(security_path_rmdir); +EXPORT_SYMBOL_GPL(security_path_rmdir); int security_path_unlink(struct path *dir, struct dentry *dentry) { @@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, return 0; return call_int_hook(path_symlink, 0, dir, dentry, old_name); } -EXPORT_SYMBOL(security_path_symlink); +EXPORT_SYMBOL_GPL(security_path_symlink); int security_path_link(struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) @@ -459,7 +459,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, return 0; return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } -EXPORT_SYMBOL(security_path_link); +EXPORT_SYMBOL_GPL(security_path_link); int security_path_rename(struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry, @@ -487,7 +487,7 @@ int security_path_truncate(struct path *path) return 0; return call_int_hook(path_truncate, 0, path); } -EXPORT_SYMBOL(security_path_truncate); +EXPORT_SYMBOL_GPL(security_path_truncate); int security_path_chmod(struct path *path, umode_t mode) { @@ -495,7 +495,7 @@ int security_path_chmod(struct path *path, umode_t mode) return 0; return call_int_hook(path_chmod, 0, path, mode); } -EXPORT_SYMBOL(security_path_chmod); +EXPORT_SYMBOL_GPL(security_path_chmod); int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) { @@ -503,7 +503,7 @@ int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) return 0; return call_int_hook(path_chown, 0, path, uid, gid); } -EXPORT_SYMBOL(security_path_chown); +EXPORT_SYMBOL_GPL(security_path_chown); int security_path_chroot(struct path *path) { @@ -589,7 +589,7 @@ int security_inode_readlink(struct dentry *dentry) return 0; return call_int_hook(inode_readlink, 0, dentry); } -EXPORT_SYMBOL(security_inode_readlink); +EXPORT_SYMBOL_GPL(security_inode_readlink); int security_inode_follow_link(struct dentry *dentry, struct inode *inode, bool rcu) @@ -605,7 +605,7 @@ int security_inode_permission(struct inode *inode, int mask) return 0; return call_int_hook(inode_permission, 0, inode, mask); } -EXPORT_SYMBOL(security_inode_permission); +EXPORT_SYMBOL_GPL(security_inode_permission); int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { @@ -744,7 +744,7 @@ int security_file_permission(struct file *file, int mask) return fsnotify_perm(file, mask); } -EXPORT_SYMBOL(security_file_permission); +EXPORT_SYMBOL_GPL(security_file_permission); int security_file_alloc(struct file *file) { @@ -804,7 +804,7 @@ int security_mmap_file(struct file *file, unsigned long prot, return ret; return ima_file_mmap(file, prot); } -EXPORT_SYMBOL(security_mmap_file); +EXPORT_SYMBOL_GPL(security_mmap_file); int security_mmap_addr(unsigned long addr) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ff81026f6..7c57c7fcf 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -398,12 +398,10 @@ static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, */ static inline unsigned int smk_ptrace_mode(unsigned int mode) { - switch (mode) { - case PTRACE_MODE_READ: - return MAY_READ; - case PTRACE_MODE_ATTACH: + if (mode & PTRACE_MODE_ATTACH) return MAY_READWRITE; - } + if (mode & PTRACE_MODE_READ) + return MAY_READ; return 0; } diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index d3c19c970..cb6ed1081 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -281,7 +281,7 @@ static int yama_ptrace_access_check(struct task_struct *child, int rc = 0; /* require ptrace target be a child of ptracer on attach */ - if (mode == PTRACE_MODE_ATTACH) { + if (mode & PTRACE_MODE_ATTACH) { switch (ptrace_scope) { case YAMA_SCOPE_DISABLED: /* No additional restrictions. */ @@ -307,7 +307,7 @@ static int yama_ptrace_access_check(struct task_struct *child, } } - if (rc) { + if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) { printk_ratelimited(KERN_NOTICE "ptrace of pid %d was attempted by: %s (pid %d)\n", child->pid, current->comm, current->pid); -- cgit v1.2.3-54-g00ecf