OrgACRN
/
clear-pkgs-linux-iot-lts2018
mirror of https://github.com/clearlinux-pkgs/linux-iot-lts2018.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update to PKT lts-v4.19.23-base-190219T125834Z 

Signed-off-by: Alek Du <alek.du@intel.com>
This commit is contained in:
Alek Du 2019-02-20 09:29:57 +00:00
parent 3b8b7e05ea
commit 61502c1aae
5 changed files with 57 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
0097-LSM-Infrastructure-management-of-the-key-s.patch
View File

@ -19,10 +19,10 @@ Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c | 33 ++++++++++++-------------
6 files changed, 75 insertions(+), 36 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index fba6908ffd84..dab23cf22deb 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
Index: kernel-lts2018/include/linux/lsm_hooks.h
===================================================================
--- kernel-lts2018.orig/include/linux/lsm_hooks.h
+++ kernel-lts2018/include/linux/lsm_hooks.h
@@ -2032,6 +2032,7 @@ struct lsm_blob_sizes {
int lbs_file;
int lbs_inode;
@ -31,10 +31,10 @@ index fba6908ffd84..dab23cf22deb 100644
int lbs_msg_msg;
int lbs_sock;
int lbs_superblock;
diff --git a/security/security.c b/security/security.c
index a700d74d56d6..ce78c0e1b28a 100644
--- a/security/security.c
+++ b/security/security.c
Index: kernel-lts2018/security/security.c
===================================================================
--- kernel-lts2018.orig/security/security.c
+++ kernel-lts2018/security/security.c
@@ -120,6 +120,9 @@ int __init security_init(void)
pr_info("LSM: file blob size = %d\n", blob_sizes.lbs_file);
pr_info("LSM: inode blob size = %d\n", blob_sizes.lbs_inode);
@ -45,7 +45,7 @@ index a700d74d56d6..ce78c0e1b28a 100644
pr_info("LSM: msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
pr_info("LSM: sock blob size = %d\n", blob_sizes.lbs_sock);
pr_info("LSM: superblock blob size = %d\n", blob_sizes.lbs_superblock);
@@ -302,6 +305,9 @@ void __init security_add_blobs(struct lsm_blob_sizes *needed)
@@ -302,6 +305,9 @@ void __init security_add_blobs(struct ls
lsm_set_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
lsm_set_size(&needed->lbs_file, &blob_sizes.lbs_file);
lsm_set_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
@ -55,7 +55,7 @@ index a700d74d56d6..ce78c0e1b28a 100644
lsm_set_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
lsm_set_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
lsm_set_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
@@ -437,6 +443,29 @@ int lsm_ipc_alloc(struct kern_ipc_perm *kip)
@@ -437,6 +443,29 @@ int lsm_ipc_alloc(struct kern_ipc_perm *
return 0;
}
@ -85,7 +85,7 @@ index a700d74d56d6..ce78c0e1b28a 100644
/**
* lsm_msg_msg_alloc - allocate a composite msg_msg blob
* @mp: the msg_msg that needs a blob
@@ -2164,12 +2193,21 @@ EXPORT_SYMBOL(security_skb_classify_flow);
@@ -2171,12 +2200,21 @@ EXPORT_SYMBOL(security_skb_classify_flow
int security_key_alloc(struct key *key, const struct cred *cred,
unsigned long flags)
{
@ -108,11 +108,11 @@ index a700d74d56d6..ce78c0e1b28a 100644
}
int security_key_permission(key_ref_t key_ref,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b7503dfc295f..0fc1730f786e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6453,11 +6453,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred,
Index: kernel-lts2018/security/selinux/hooks.c
===================================================================
--- kernel-lts2018.orig/security/selinux/hooks.c
+++ kernel-lts2018/security/selinux/hooks.c
@@ -6461,11 +6461,7 @@ static int selinux_key_alloc(struct key
unsigned long flags)
{
const struct task_security_struct *tsec;
@ -125,7 +125,7 @@ index b7503dfc295f..0fc1730f786e 100644
tsec = selinux_cred(cred);
if (tsec->keycreate_sid)
@@ -6465,18 +6461,9 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred,
@@ -6473,18 +6469,9 @@ static int selinux_key_alloc(struct key
else
ksec->sid = tsec->sid;
@ -144,7 +144,7 @@ index b7503dfc295f..0fc1730f786e 100644
static int selinux_key_permission(key_ref_t key_ref,
const struct cred *cred,
unsigned perm)
@@ -6494,7 +6481,7 @@ static int selinux_key_permission(key_ref_t key_ref,
@@ -6502,7 +6489,7 @@ static int selinux_key_permission(key_re
sid = cred_sid(cred);
key = key_ref_to_ptr(key_ref);
@ -153,7 +153,7 @@ index b7503dfc295f..0fc1730f786e 100644
return avc_has_perm(&selinux_state,
sid, ksec->sid, SECCLASS_KEY, perm, NULL);
@@ -6502,7 +6489,7 @@ static int selinux_key_permission(key_ref_t key_ref,
@@ -6510,7 +6497,7 @@ static int selinux_key_permission(key_re
static int selinux_key_getsecurity(struct key *key, char **_buffer)
{
@ -162,7 +162,7 @@ index b7503dfc295f..0fc1730f786e 100644
char *context = NULL;
unsigned len;
int rc;
@@ -6727,6 +6714,9 @@ struct lsm_blob_sizes selinux_blob_sizes = {
@@ -6735,6 +6722,9 @@ struct lsm_blob_sizes selinux_blob_sizes
.lbs_file = sizeof(struct file_security_struct),
.lbs_inode = sizeof(struct inode_security_struct),
.lbs_ipc = sizeof(struct ipc_security_struct),
@ -172,7 +172,7 @@ index b7503dfc295f..0fc1730f786e 100644
.lbs_msg_msg = sizeof(struct msg_security_struct),
.lbs_sock = sizeof(struct sk_security_struct),
.lbs_superblock = sizeof(struct superblock_security_struct),
@@ -6938,7 +6928,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
@@ -6946,7 +6936,6 @@ static struct security_hook_list selinux
#ifdef CONFIG_KEYS
LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
@ -180,11 +180,11 @@ index b7503dfc295f..0fc1730f786e 100644
LSM_HOOK_INIT(key_permission, selinux_key_permission),
LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
#endif
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 848ba24921c9..96cecdbcd3fb 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -193,6 +193,13 @@ static inline struct ipc_security_struct *selinux_ipc(
Index: kernel-lts2018/security/selinux/include/objsec.h
===================================================================
--- kernel-lts2018.orig/security/selinux/include/objsec.h
+++ kernel-lts2018/security/selinux/include/objsec.h
@@ -193,6 +193,13 @@ static inline struct ipc_security_struct
return ipc->security;
}
@ -198,11 +198,11 @@ index 848ba24921c9..96cecdbcd3fb 100644
static inline struct sk_security_struct *selinux_sock(const struct sock *sock)
{
return sock->sk_security;
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 42c36e37b0bd..e50ed4945a40 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -393,6 +393,13 @@ static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc)
Index: kernel-lts2018/security/smack/smack.h
===================================================================
--- kernel-lts2018.orig/security/smack/smack.h
+++ kernel-lts2018/security/smack/smack.h
@@ -393,6 +393,13 @@ static inline struct smack_known **smack
return ipc->security;
}
@ -216,11 +216,11 @@ index 42c36e37b0bd..e50ed4945a40 100644
/*
* Is the directory transmuting?
*/
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index b24909a697e3..557bacb0568e 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4164,23 +4164,13 @@ static void smack_inet_csk_clone(struct sock *sk,
Index: kernel-lts2018/security/smack/smack_lsm.c
===================================================================
--- kernel-lts2018.orig/security/smack/smack_lsm.c
+++ kernel-lts2018/security/smack/smack_lsm.c
@@ -4171,24 +4171,14 @@ static void smack_inet_csk_clone(struct
static int smack_key_alloc(struct key *key, const struct cred *cred,
unsigned long flags)
{
@ -232,7 +232,7 @@ index b24909a697e3..557bacb0568e 100644
return 0;
}
-/**
/**
- * smack_key_free - Clear the key security blob
- * @key: the object
- *
@ -243,10 +243,11 @@ index b24909a697e3..557bacb0568e 100644
- key->security = NULL;
-}
-
/**
-/**
* smack_key_permission - Smack access on a key
* @key_ref: gets to the object
@@ -4193,6 +4183,8 @@ static void smack_key_free(struct key *key)
* @cred: the credentials to use
@@ -4200,6 +4190,8 @@ static void smack_key_free(struct key *k
static int smack_key_permission(key_ref_t key_ref,
const struct cred *cred, unsigned perm)
{
@ -255,7 +256,7 @@ index b24909a697e3..557bacb0568e 100644
struct key *keyp;
struct smk_audit_info ad;
struct smack_known *tkp = smk_of_task(smack_cred(cred));
@@ -4206,7 +4198,9 @@ static int smack_key_permission(key_ref_t key_ref,
@@ -4219,7 +4211,9 @@ static int smack_key_permission(key_ref_
* If the key hasn't been initialized give it access so that
* it may do so.
*/
@ -266,10 +267,10 @@ index b24909a697e3..557bacb0568e 100644
return 0;
/*
* This should not occur
@@ -4226,8 +4220,8 @@ static int smack_key_permission(key_ref_t key_ref,
request = MAY_READ;
@@ -4239,8 +4233,8 @@ static int smack_key_permission(key_ref_
request |= MAY_READ;
if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
request = MAY_WRITE;
request |= MAY_WRITE;
- rc = smk_access(tkp, keyp->security, request, &ad);
- rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
+ rc = smk_access(tkp, skp, request, &ad);
@ -277,7 +278,7 @@ index b24909a697e3..557bacb0568e 100644
return rc;
}
@@ -4242,11 +4236,12 @@ static int smack_key_permission(key_ref_t key_ref,
@@ -4255,11 +4249,12 @@ static int smack_key_permission(key_ref_
*/
static int smack_key_getsecurity(struct key *key, char **_buffer)
{
@ -292,7 +293,7 @@ index b24909a697e3..557bacb0568e 100644
*_buffer = NULL;
return 0;
}
@@ -4531,6 +4526,9 @@ struct lsm_blob_sizes smack_blob_sizes = {
@@ -4544,6 +4539,9 @@ struct lsm_blob_sizes smack_blob_sizes =
.lbs_file = sizeof(struct smack_known *),
.lbs_inode = sizeof(struct inode_smack),
.lbs_ipc = sizeof(struct smack_known *),
@ -302,7 +303,7 @@ index b24909a697e3..557bacb0568e 100644
.lbs_msg_msg = sizeof(struct smack_known *),
.lbs_sock = sizeof(struct socket_smack),
.lbs_superblock = sizeof(struct superblock_smack),
@@ -4650,7 +4648,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
@@ -4663,7 +4661,6 @@ static struct security_hook_list smack_h
/* key management security hooks */
#ifdef CONFIG_KEYS
LSM_HOOK_INIT(key_alloc, smack_key_alloc),
@ -310,6 +311,3 @@ index b24909a697e3..557bacb0568e 100644
LSM_HOOK_INIT(key_permission, smack_key_permission),
LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
#endif /* CONFIG_KEYS */
--
2.19.1

2
config-iot-lts2018-sos
View File

@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 4.19.20 Kernel Configuration
# Linux/x86 4.19.23 Kernel Configuration
#
#

14
linux-iot-lts2018.spec
View File

@ -14,16 +14,16 @@
#
Name: linux-iot-lts2018
Version: 4.19.20
Version: 4.19.23
# upstream number is the number from PKT it consist in
# YYMMDDHHMM a 10 length number
%global upstreamnumber 1902162344
Release: 18
%global upstreamnumber 1902191258
Release: 19
License: GPL-2.0
Summary: The Linux kernel
Url: http://www.kernel.org/
Group: kernel
Source0: https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.20.tar.xz
Source0: https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.23.tar.xz
Source1: config-iot-lts2018
Source2: config-iot-lts2018-sos
Source3: cmdline-iot-lts2018
@ -32,8 +32,8 @@ Source5: fragment-sos
# quilt.url: https://github.com/intel/linux-intel-quilt
# quilt.branch: 4.19/base
# quilt.tag: lts-v4.19.20-base-190216T234416Z
# config.tag: lts-v4.19.20-base-190216T234416Z
# quilt.tag: lts-v4.19.23-base-190219T125834Z
# config.tag: lts-v4.19.23-base-190219T125834Z
%define ktarget0 iot-lts2018
%define kversion0 %{version}-%{release}.%{ktarget0}
@ -1103,7 +1103,7 @@ Requires: %{name} = %{version}-%{release}, %{name}-sos-extra = %{version}-
Linux kernel build files and install script
%prep
%setup -q -n linux-4.19.20
%setup -q -n linux-4.19.23
#patchXXXX PK Series
%patch0001 -p1

2
release
View File

@ -1 +1 @@
18
19

2
upstream
View File

@ -1 +1 @@
36b19941b097d27157a0aface2349cc38d59489e/linux-4.19.20.tar.xz
862aa74e58eebe9de8708c03b252a6d0292c8694/linux-4.19.23.tar.xz