kernel/security/tomoyo, branch linux-5.1.y

tomoyo: Bump version.

2019-02-19T22:17:25Z

Update URLs and profile version. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

tomoyo: Allow multiple use_group lines.

2019-01-24T22:50:27Z

Being able to specify multiple "use_group" lines makes it easier to write whitelisted policies. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

tomoyo: Coding style fix.

2019-01-24T22:50:27Z

Follow many of recommendations by scripts/checkpatch.pl, and follow "lift switch variables out of switches" by Kees Cook. This patch makes no functional change. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

tomoyo: Swicth from cred->security to task_struct->security.

2019-01-23T19:36:15Z

TOMOYO security module is designed to use "struct task_struct"->security in order to allow per "struct task_struct" tracking without being disturbed by unable to update "struct cred"->security due to override mechanism. Now that infrastructure-managed security blob is ready, this patch updates TOMOYO to use "struct task_struct"->security. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris

LSM: Make lsm_early_cred() and lsm_early_task() local functions.

2019-01-18T19:44:02Z

Since current->cred == current->real_cred when ordered_lsm_init() is called, and lsm_early_cred()/lsm_early_task() need to be called between the amount of required bytes is determined and module specific initialization function is called, we can move these calls from individual modules to ordered_lsm_init(). Signed-off-by: Tetsuo Handa Acked-by: Casey Schaufler Signed-off-by: James Morris

TOMOYO: Update LSM flags to no longer be exclusive

2019-01-08T21:18:45Z

With blob sharing in place, TOMOYO is no longer an exclusive LSM, so it can operate separately now. Mark it as such. Signed-off-by: Kees Cook

Infrastructure management of the cred security blob

2019-01-08T21:18:44Z

Move management of the cred security blob out of the security modules and into the security infrastructre. Instead of allocating and freeing space the security modules tell the infrastructure how much space they require. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook

TOMOYO: Abstract use of cred security blob

2019-01-08T21:18:44Z

Don't use the cred->security pointer directly. Provide helper functions that provide the security blob pointer. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook [kees: adjusted for ordered init series] Signed-off-by: Kees Cook

LSM: Separate idea of "major" LSM from "exclusive" LSM

2019-01-08T21:18:43Z

In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler

LSM: Lift LSM selection out of individual LSMs

2019-01-08T21:18:42Z

As a prerequisite to adjusting LSM selection logic in the future, this moves the selection logic up out of the individual major LSMs, making their init functions only run when actually enabled. This considers all LSMs enabled by default unless they specified an external "enable" variable. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen