kernel/security/selinux/include/netlabel.h, branch linux-rolling-stable

selinux: fix style issues with security/selinux/include/netlabel.h

2023-12-22T23:09:28Z

As part of on ongoing effort to perform more automated testing and provide more tools for individual developers to validate their patches before submitting, we are trying to make our code "clang-format clean". My hope is that once we have fixed all of our style "quirks", developers will be able to run clang-format on their patches to help avoid silly formatting problems and ensure their changes fit in well with the rest of the SELinux kernel code. Signed-off-by: Paul Moore

security: pass asoc to sctp_assoc_request and sctp_sk_clone

2021-11-03T11:09:20Z

This patch is to move secid and peer_secid from endpoint to association, and pass asoc to sctp_assoc_request and sctp_sk_clone instead of ep. As ep is the local endpoint and asoc represents a connection, and in SCTP one sk/ep could have multiple asoc/connection, saving secid/peer_secid for new asoc will overwrite the old asoc's. Note that since asoc can be passed as NULL, security_sctp_assoc_request() is moved to the place right after the new_asoc is created in sctp_sf_do_5_1B_init() and sctp_sf_do_unexpected_init(). v1->v2: - fix the description of selinux_netlbl_skbuff_setsid(), as Jakub noticed. - fix the annotation in selinux_sctp_assoc_request(), as Richard Noticed. Fixes: 72e89f50084c ("security: Add support for SCTP security hooks") Reported-by: Prashanth Prahlad Reviewed-by: Richard Haines Tested-by: Richard Haines Signed-off-by: Xin Long Signed-off-by: David S. Miller

selinux: netlabel: Remove unused inline function

2020-05-13T00:16:33Z

There's no callers in-tree. Signed-off-by: YueHaibing Signed-off-by: Paul Moore

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13

2019-05-21T09:28:45Z

Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not see http www gnu org licenses this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details [based] [from] [clk] [highbank] [c] you should have received a copy of the gnu general public license along with this program if not see http www gnu org licenses extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 355 file(s). Signed-off-by: Thomas Gleixner Reviewed-by: Kate Stewart Reviewed-by: Jilayne Lovejoy Reviewed-by: Steve Winslow Reviewed-by: Allison Randal Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190519154041.837383322@linutronix.de Signed-off-by: Greg Kroah-Hartman

selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration

2018-02-26T22:45:32Z

A missing 'struct' keyword caused a build error when CONFIG_NETLABEL is disabled: In file included from security/selinux/hooks.c:99: security/selinux/include/netlabel.h:135:66: error: unknown type name 'sock' static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk, sock *newsk) ^~~~ security/selinux/hooks.c: In function 'selinux_sctp_sk_clone': security/selinux/hooks.c:5188:2: error: implicit declaration of function 'selinux_netlbl_sctp_sk_clone'; did you mean 'selinux_netlbl_inet_csk_clone'? [-Werror=implicit-function-declaration] Fixes: db97c9f9d312 ("selinux: Add SCTP support") Signed-off-by: Arnd Bergmann Signed-off-by: Paul Moore

selinux: Add SCTP support

2018-02-26T22:45:25Z

The SELinux SCTP implementation is explained in: Documentation/security/SELinux-sctp.rst Signed-off-by: Richard Haines Signed-off-by: Paul Moore

security: replace FSF address with web source in license notices

2017-11-20T22:01:29Z

A few years ago the FSF moved and "59 Temple Place" is wrong. Having this still in our source files feels old and unmaintained. Let's take the license statement serious and not confuse users. As https://www.gnu.org/licenses/gpl-howto.html suggests, we replace the postal address with "" in the security directory. Signed-off-by: Martin Kepplinger Acked-by: Serge Hallyn Signed-off-by: Paul Moore

netlabel: Pass a family parameter to netlbl_skbuff_err().

2016-06-27T19:06:16Z

This makes it possible to route the error to the appropriate labelling engine. CALIPSO is far less verbose than CIPSO when encountering a bogus packet, so there is no need for a CALIPSO error handler. Signed-off-by: Huw Davies Signed-off-by: Paul Moore

doc: Update the email address for Paul Moore in various source files

2011-08-02T00:58:33Z

My @hp.com will no longer be valid starting August 5, 2011 so an update is necessary. My new email address is employer independent so we don't have to worry about doing this again any time soon. Signed-off-by: Paul Moore Signed-off-by: Paul Moore Signed-off-by: David S. Miller

selinux: always call sk_security_struct sksec

2010-04-07T23:17:02Z

trying to grep everything that messes with a sk_security_struct isn't easy since we don't always call it sksec. Just rename everything sksec. Signed-off-by: Eric Paris Signed-off-by: James Morris