Merge branch 'android-3.18' of https://android.googlesource.com/kernel/common

Merge AOSP's 'android-3.18' branch in Linux-4.1 * android-3.18: (581 commits) cpu_power: Avoids race condition when the task exits. uid_cputime: Avoids double accounting of process stime, utime and cpu_power in task exit. Shrink ashmem directly through shmem_fallocate sched: cpufreq: update power usage only if cpufreq_stat is enabled cpufreq: Iterate over all the possible cpus to create powerstats. uid_cputime: Extends the cputime functionality to report power per uid sched: cpufreq: Adds a field cpu_power in the task_struct cpufreq_stats: Adds the fucntionality to load current values for each frequency for all the cores. cgroup: Fix issues in allow_attach callback New Build Breakage in branch: kernel-m-dev-tegra-flounder-3.10 @ 1960706 net/unix: sk_socket can disappear when state is unlocked selinux: enable genfscon labeling for sysfs and pstore files ext4: don't save the error information if the block device is read-only selinux: enable per-file labeling for debugfs files. cpufreq: interactive: Rearm governor timer at max freq cpufreq: interactive: Implement cluster-based min_sample_time cpufreq: interactive: Exercise hispeed settings at a policy level cpufreq: interactive: Round up timer_rate to match jiffy cpufreq: interactive: Don't set floor_validate_time during boost suspend: Return error when pending wakeup source is found. ... Signed-off-by: Amit Pundir <amit.pundir@linaro.org> Dropped AOSP Patches: ==> We need to investigate if we need following set of patches, so dropping them for now. * commit 1307afc31753 "ARM: convert build of appended dtb zImage to list of dtbs" * commit 082d89f7f2ae "ARM64: add option to build Image.gz/dtb combo" * commit 2c84417a1305 "mmc: mmcblk: Add support for deferred SD bus resume" ==> cpufreq_stats set of patches for "persistent stats data across cpu hotplug" and "power/current stat per cpufreq" need a major refactoring so dropping them for now. * commit 7502d79f3615 "cpufreq: Persist cpufreq time in state data across hotplug" * commit 501a08a8fbb3 "cpufreq: stats: hold reference on global cpufreq" * commit 7f53705d4ca3 "cpufreq_stats: Adds the fucntionality to load current values for each frequency for all the cores" * commit 141aa174ac26 "sched: cpufreq: Adds a field cpu_power in the task_struct" * commit 4b254ff54bf9 "uid_cputime: Extends the cputime functionality to report power per uid" * commit 553b785b5383 "cpufreq: Iterate over all the possible cpus to create powerstats." * commit 7717da919c87 "uid_cputime: Avoids double accounting of process stime, utime and cpu_power in task exit" * commit a63e9712ac7a "cpu_power: Avoids race condition when the task exits." Note: VireshK recently pushed similar cpufreq hotplug changes to 4.2-rc1 and current/voltage stats per frequency is also mainline is working on. So I guess it is easier to just backport those cpufreq changes to 4.1 once they are done. Or we can just refactor these AOSP cpufreq_stats changes and live with it for now? Conflicts and Resolutions: Documentation/networking/ip-sysctl.txt ==> Added mainline commit 9f0761c15 "ipv6: add documentation for stable_secret, idgen_delay and idgen_retries knobs" Makefile ==> Kept mainline changes for v4.1 code NAME instead of AOSP's v3.18. arch/arm/Kconfig.debug ==> Added AOSP commit 7f865d188 "ARM: Fix "Make low-level printk work" to use a separate config option". arch/arm/boot/dts/Makefile ==> Picked mainline changes and dropped AOSP commit 1307afc31753, "ARM: convert build of appended dtb zImage to list of dtbs" which need refactoring. arch/arm/include/asm/hardware/coresight.h arch/arm/kernel/etm.c ==> Picked mainline commit 184901a06a36 "ARM: removing support for etb/etm in arch/arm/kernel/". arch/arm/kernel/process.c ==> Added AOSP commits ac20546 "[ARM] process: Add display of memory around registers when displaying regs.", and d4dcc857 "ARM: smp: implement arch_trigger_all_cpus_backtrace using IPI", Moved AOSP commit 2cc932a "ARM: add option to flush console before reboot" to arch/arm/kernel/reboot.c as suggested by this mainline commit 045ab94e10ee "ARM: move reboot code to arch/arm/kernel/reboot.c". arch/arm64/Kconfig arch/arm64/boot/dts/Makefile ==> Picked mainline changes and dropped AOSP commit 082d89f7f2ae "ARM64: add option to build Image.gz/dtb combo" which need refactoring. arch/arm64/include/asm/cpufeature.h arch/arm64/kernel/Makefile arch/arm64/kernel/cpuinfo.c ==> Picked mainline changes which is a superset of AOSP changes. arch/arm64/kernel/setup.c ==> Dropped AOSP changes since mainline already moved that ARM64's early_mem initialization part of code to mm/init.c. Relevant mainline commit 6083fe74b7bf "arm64: respect mem= for EFI". drivers/base/cpu.c ==> Picked mainline changes and dropped AOSP changes from commit 9025d688a3bc "cpu: add generic support for CPU feature based module autoloading". So now we use CONFIG_GENERIC_CPU_AUTOPROBE everywhere instead of mixing it with CONFIG_HAVE_CPU_AUTOPROBE. This is what mainline did as well, commit 2b9c1f03278a "x86: align x86 arch with generic CPU modalias handling". drivers/char/Kconfig drivers/char/mem.c ==> DEVMEM/DEVKMEM conflicting changes. Kept mainline changes and dropped AOSP's. drivers/clk/Kconfig drivers/clk/clk.c ==> Picked and refactored AOSP changes from commit 3a3804b "clk: debugfs: Support frequency stats accounting" by moving CONFIG_COMMON_CLK_FREQ_STATS_ACCOUNTING code from now obsolete include/linux/clk-private.h to drivers/clk/clk.c and kept mainline changes otherwise. drivers/cpufreq/cpufreq_stats.c ==> This one is in total chaos due to recent mainline changes conflicting with AOSP's patches for "persistent cpufreq_stats data across cpu hotplug" and "power/current stats per cpufreq". Dropped all AOSP patches for now since they need major refactoring and also because mainline is working on similar feature implementations. drivers/hid/hid-multitouch.c ==> Picked mainline changes as well as AOSP commits 9956451 "hid-multitouch: Filter collections by application usage.", and 274ba2d "HID: Add input_register callback." drivers/mmc/card/block.c ==> Dropped changes from AOSP commit 2c84417a1305 "mmc: mmcblk: Add support for deferred SD bus resume", which is broken at so many levels. drivers/mmc/core/sdio_bus.c ==> Picked mainline as well as AOSP changes from commit 488ad4b90b85 "mmc: Add concept of an 'embedded' SDIO device." drivers/staging/android/Kconfig ==> Added AOSP changes from commit c034ef7 "staging: android: lowmemorykiller: Add config option to support oom_adj values" drivers/staging/android/TODO ==> Picked AOSP commit 85139a99fe48 "staging: remove Greg's TODO, now obsolete." drivers/staging/android/ashmem.c ==> Picked AOSP commit 7394e76edff5 "Shrink ashmem directly through shmem_fallocate" over mainline commit 72c72bdf7bf5 "VFS: Rename do_fallocate() to vfs_fallocate()". drivers/staging/android/binder.c ==> Kept mainline commit 777783e0abae "staging: android: binder: move to the "real" part of the kernel". drivers/usb/gadget/Kconfig drivers/usb/gadget/configfs.c drivers/usb/gadget/function/Makefile ==> Picked mainline changes as well as AOSP's USB configfs gadget implementation for MTP/PTP, RNDIS, ANDROID_ACCESORIES etc. drivers/usb/gadget/udc/udc-core.c ==> Refactored AOSP commit 2896b29 "HACK: usb: gadget: Fix enumeration on boot". We should revisit this and check if we still need this HACK. fs/fuse/dev.c ==> Picked mainline changes from commit e2e40f2c1ed4 "fs: move struct kiocb to fs.h" as well as AOSP changes from commit 71a389b "fuse: Freeze client on suspend when request sent to userspace". fs/pstore/inode.c ==> Picked changes from mainline commit dbaffde76405 "pstore: Use scnprintf() in pstore_mkfile()" over AOSP commit 0fb7895 "pstore: use scnprintf". fs/pstore/ram.c ==> Duplicate prz_ok() definition conflict, removed one definition. Picked AOSP changes from commit cac2eb7 "pstore/ram: Give proper names to dump-related variables" as well as changes from mainline commit a28726b4fb62 "pstore/ram: Strip ramoops header for correct decompression" include/asm-generic/seccomp.h ==> Remove duplicate __NR_seccomp_sigreturn_32 definition. Picked mainline changes. include/linux/clk-private.h ==> Picked mainline commit b09d6d991025 "clk: remove clk-private.h". include/linux/cpu.h ==> Picked mainline changes as well as changes from AOSP commit f0cf66df8 "Move x86_64 idle notifiers to generic" include/linux/mm_types.h ==> Kept mainline changes from commit ac51b934f "mm: replace vma->sharead.linear with vma->shared" and refactored AOSP changes from commit 964e307e0 "mm: add a field to store names for private anonymous memory". include/linux/pstore.h ==> Added changes from mainline commit ae011d2e "pstore: Add pstore type id for PPC64 opal nvram partition". include/linux/security.h security/capability.c security/security.c security/selinux/hooks.c security/selinux/include/classmap.h ==> Kept mainline changes for coding style cleanups. include/net/tcp.h net/ipv4/sysctl_net_ipv4.c net/ipv4/tcp_input.c ==> Picked mainline changes as well as AOSP changes from commit fac8460 "tcp: add a sysctl to config the tcp_default_init_rwnd". include/uapi/linux/ipv6.h ==> Added mainline changes. include/uapi/linux/prctl.h ==> Picked mainline changes as well as refactored AOSP changes to keep PR_SET_TIMERSLACK_PID to 41 and assigned 127 to PR_SET_THP_DISABLE because AOSP still expects PR_SET_TIMERSLACK_PID to be 41. include/uapi/linux/rtnetlink.h ==> Picked mainline changes as well as AOSP changes from commit ba3d8d3f "net: core: Support UID-based routing.". kernel/debug/debug_core.c ==> Picked mainline changes as well as AOSP changes from commit e7051b407 "debug: add parameters to prevent entering debug mode on errors". kernel/power/Kconfig ==> Added AOSP changes from commits ab10023e0 "cpu_pm: Add cpu power management notifiers" and 7e0e70173 "power: Add option to log time spent in suspend". kernel/power/process.c ==> Picked AOSP changes from commit 5bc08b27 "power: Avoids bogus error messages for the suspend aborts." over mainline changes from commit 35536ae170f0 PM: convert printk to pr_* equivalent". kernel/power/suspend.c ==> Picked mainline changes as well as AOSP changes from commit 722c1106f "power: Adds functionality to log the last suspend abort reason." kernel/printk/printk.c ==> Picked mainline changes as well as AOSP changes from commit 7f865d188 "ARM: Fix "Make low-level printk work" to use a separate config option". kernel/sys.c ==> Picked mainline changes as well as AOSP changes from commit 964e307e0 "mm: add a field to store names for private anonymous memory". kernel/trace/trace_output.c ==> Refactor and picked AOSP changes from commit 0438cf86a "trace: Add an option to show tgids in trace output". kernel/watchdog.c ==> Picked AOSP changes from commit 6f5f01007 "hardlockup: detect hard lockups without NMIs using secondary cpus". as well as refactored mainline changes from commit b3738d293 "watchdog: Add watchdog enable/disable all functions" by wrapping it under CONFIG_HARDLOCKUP_DETECTOR_NMI instead of CONFIG_HARDLOCKUP_DETECTOR as intended by the AOSP commit. mm/memcontrol.c ==> Picked AOSP changes and refactored AOSP changes from commit 701112f "memcg: add permission check". mm/mmap.c ==> Picked AOSP changes from commit 964e307e0 "mm: add a field to store names for private anonymous memory". net/Kconfig ==> Picked mainline changes over AOSP changes from commit 38bd652 "net: Fix CONFIG_RPS option to be turned off". net/Makefile ==> Picked mainline changes as well as AOSP changes from commit e84594a68 "net: activity_stats: Add statistics for network transmission activity". net/core/fib_rules.c net/ipv4/inet_connection_sock.c net/ipv6/route.c ==> Picked mainline changes as well as AOSP changes from commit ba3d8d3f9 "net: core: Support UID-based routing." net/ipv6/addrconf.c ==> Picked mainline changes from commit c58da4c65 "net: ipv6: allow explicitly choosing optimistic addresses" over AOSP changes from commit 4461760 "net: ipv6: allow choosing optimistic addresses with use_optimistic". Also picked AOSP commit 63003d5 "net: ipv6: autoconf routes into per-device tables". net/netfilter/xt_socket.c ==> Picked mainline changes from commit d64d80a2 "netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match" over AOSP commit e0bffd5 "netfilter: Build fixups - kuid/kguid changes & xt_socket_get/put_sk". Also picked mainline changes from commit 78296c97 "netfilter: xt_socket: fix a stack corruption bug" over AOSP changes. scripts/Makefile.lib ==> Dropped AOSP changes from commits 1307afc "ARM: convert build of appended dtb zImage to list of dtbs" and f4d4ffc "kbuild: dtbs_install: new make target". security/selinux/avc.c ==> Picked AOSP changes from commit ba733f985 "SELinux: per-command whitelisting of ioctls". security/selinux/ss/avtab.h ==> Picked mainline changes as well as AOSP changes from commit ba733f985 "SELinux: per-command whitelisting of ioctls".
author: Amit Pundir <amit.pundir@linaro.org> 2015-07-06 15:35:12 +0530
committer: Amit Pundir <amit.pundir@linaro.org> 2015-07-21 00:54:20 +0530
commit: af97441aa2059e11c1caf586f898999489b79d60 (patch)
tree: abb33f81b7ad3f0b57d48fbca4a9445308681827 /security/selinux/ss/avtab.c
parent: b953c0d234bc72e8489d3bf51a276c5c4ec85345 (diff)
parent: a63e9712ac7aab9386181eadf76fae010bd755a9 (diff)
1 files changed, 79 insertions, 15 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index b64f2772b030..40397c54f0e2 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -24,6 +24,7 @@
 #include "policydb.h"
 
 static struct kmem_cache *avtab_node_cachep;
+static struct kmem_cache *avtab_operation_cachep;
 
 /* Based on MurmurHash3, written by Austin Appleby and placed in the
  * public domain.
@@ -70,11 +71,24 @@ avtab_insert_node(struct avtab *h, int hvalue,
 		  struct avtab_key *key, struct avtab_datum *datum)
 {
 	struct avtab_node *newnode;
+	struct avtab_operation *ops;
 	newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
 	if (newnode == NULL)
 		return NULL;
 	newnode->key = *key;
-	newnode->datum = *datum;
+
+	if (key->specified & AVTAB_OP) {
+		ops = kmem_cache_zalloc(avtab_operation_cachep, GFP_KERNEL);
+		if (ops == NULL) {
+			kmem_cache_free(avtab_node_cachep, newnode);
+			return NULL;
+		}
+		*ops = *(datum->u.ops);
+		newnode->datum.u.ops = ops;
+	} else {
+		newnode->datum.u.data = datum->u.data;
+	}
+
 	if (prev) {
 		newnode->next = prev->next;
 		prev->next = newnode;
@@ -107,8 +121,11 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (specified & cur->key.specified))
+		    (specified & cur->key.specified)) {
+			if (specified & AVTAB_OPNUM)
+				break;
 			return -EEXIST;
+		}
 		if (key->source_type < cur->key.source_type)
 			break;
 		if (key->source_type == cur->key.source_type &&
@@ -271,6 +288,9 @@ void avtab_destroy(struct avtab *h)
 		while (cur) {
 			temp = cur;
 			cur = cur->next;
+			if (temp->key.specified & AVTAB_OP)
+				kmem_cache_free(avtab_operation_cachep,
+							temp->datum.u.ops);
 			kmem_cache_free(avtab_node_cachep, temp);
 		}
 	}
@@ -359,7 +379,13 @@ static uint16_t spec_order[] = {
 	AVTAB_AUDITALLOW,
 	AVTAB_TRANSITION,
 	AVTAB_CHANGE,
-	AVTAB_MEMBER
+	AVTAB_MEMBER,
+	AVTAB_OPNUM_ALLOWED,
+	AVTAB_OPNUM_AUDITALLOW,
+	AVTAB_OPNUM_DONTAUDIT,
+	AVTAB_OPTYPE_ALLOWED,
+	AVTAB_OPTYPE_AUDITALLOW,
+	AVTAB_OPTYPE_DONTAUDIT
 };
 
 int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
@@ -369,10 +395,11 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 {
 	__le16 buf16[4];
 	u16 enabled;
-	__le32 buf32[7];
 	u32 items, items2, val, vers = pol->policyvers;
 	struct avtab_key key;
 	struct avtab_datum datum;
+	struct avtab_operation ops;
+	__le32 buf32[ARRAY_SIZE(ops.op.perms)];
 	int i, rc;
 	unsigned set;
 
@@ -429,11 +456,15 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 			printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
 			return -EINVAL;
 		}
+		if (val & AVTAB_OP) {
+			printk(KERN_ERR "SELinux: avtab: entry has operations\n");
+			return -EINVAL;
+		}
 
 		for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
 			if (val & spec_order[i]) {
 				key.specified = spec_order[i] | enabled;
-				datum.data = le32_to_cpu(buf32[items++]);
+				datum.u.data = le32_to_cpu(buf32[items++]);
 				rc = insertf(a, &key, &datum, p);
 				if (rc)
 					return rc;
@@ -452,7 +483,6 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 		printk(KERN_ERR "SELinux: avtab: truncated entry\n");
 		return rc;
 	}
-
 	items = 0;
 	key.source_type = le16_to_cpu(buf16[items++]);
 	key.target_type = le16_to_cpu(buf16[items++]);
@@ -476,14 +506,32 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 		return -EINVAL;
 	}
 
-	rc = next_entry(buf32, fp, sizeof(u32));
-	if (rc) {
-		printk(KERN_ERR "SELinux: avtab: truncated entry\n");
-		return rc;
+	if ((vers < POLICYDB_VERSION_IOCTL_OPERATIONS)
+			|| !(key.specified & AVTAB_OP)) {
+		rc = next_entry(buf32, fp, sizeof(u32));
+		if (rc) {
+			printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+			return rc;
+		}
+		datum.u.data = le32_to_cpu(*buf32);
+	} else {
+		memset(&ops, 0, sizeof(struct avtab_operation));
+		rc = next_entry(&ops.type, fp, sizeof(u8));
+		if (rc) {
+			printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+			return rc;
+		}
+		rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(ops.op.perms));
+		if (rc) {
+			printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+			return rc;
+		}
+		for (i = 0; i < ARRAY_SIZE(ops.op.perms); i++)
+			ops.op.perms[i] = le32_to_cpu(buf32[i]);
+		datum.u.ops = &ops;
 	}
-	datum.data = le32_to_cpu(*buf32);
 	if ((key.specified & AVTAB_TYPE) &&
-	    !policydb_type_isvalid(pol, datum.data)) {
+	    !policydb_type_isvalid(pol, datum.u.data)) {
 		printk(KERN_ERR "SELinux: avtab: invalid type\n");
 		return -EINVAL;
 	}
@@ -543,8 +591,9 @@ bad:
 int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp)
 {
 	__le16 buf16[4];
-	__le32 buf32[1];
+	__le32 buf32[ARRAY_SIZE(cur->datum.u.ops->op.perms)];
 	int rc;
+	unsigned int i;
 
 	buf16[0] = cpu_to_le16(cur->key.source_type);
 	buf16[1] = cpu_to_le16(cur->key.target_type);
@@ -553,8 +602,19 @@ int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp)
 	rc = put_entry(buf16, sizeof(u16), 4, fp);
 	if (rc)
 		return rc;
-	buf32[0] = cpu_to_le32(cur->datum.data);
-	rc = put_entry(buf32, sizeof(u32), 1, fp);
+
+	if (cur->key.specified & AVTAB_OP) {
+		rc = put_entry(&cur->datum.u.ops->type, sizeof(u8), 1, fp);
+		if (rc)
+			return rc;
+		for (i = 0; i < ARRAY_SIZE(cur->datum.u.ops->op.perms); i++)
+			buf32[i] = cpu_to_le32(cur->datum.u.ops->op.perms[i]);
+		rc = put_entry(buf32, sizeof(u32),
+				ARRAY_SIZE(cur->datum.u.ops->op.perms), fp);
+	} else {
+		buf32[0] = cpu_to_le32(cur->datum.u.data);
+		rc = put_entry(buf32, sizeof(u32), 1, fp);
+	}
 	if (rc)
 		return rc;
 	return 0;
@@ -588,9 +648,13 @@ void avtab_cache_init(void)
 	avtab_node_cachep = kmem_cache_create("avtab_node",
 					      sizeof(struct avtab_node),
 					      0, SLAB_PANIC, NULL);
+	avtab_operation_cachep = kmem_cache_create("avtab_operation",
+					      sizeof(struct avtab_operation),
+					      0, SLAB_PANIC, NULL);
 }
 
 void avtab_cache_destroy(void)
 {
 	kmem_cache_destroy(avtab_node_cachep);
+	kmem_cache_destroy(avtab_operation_cachep);
 }
author	Amit Pundir <amit.pundir@linaro.org>	2015-07-06 15:35:12 +0530
committer	Amit Pundir <amit.pundir@linaro.org>	2015-07-21 00:54:20 +0530
commit	af97441aa2059e11c1caf586f898999489b79d60 (patch)
tree	abb33f81b7ad3f0b57d48fbca4a9445308681827 /security/selinux/ss/avtab.c
parent	b953c0d234bc72e8489d3bf51a276c5c4ec85345 (diff)
parent	a63e9712ac7aab9386181eadf76fae010bd755a9 (diff)