summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-kernel/linux
diff options
context:
space:
mode:
authorJan-Simon Moeller <jsmoeller@linuxfoundation.org>2018-02-16 17:42:11 +0000
committerGerrit Code Review <gerrit@automotivelinux.org>2018-02-16 17:42:11 +0000
commit2f78d5518a436ca870ecc342fed38427710256d2 (patch)
treeb9dc01f6c3e336897ec3ae938d82bebc8d3816b6 /meta-app-framework/recipes-kernel/linux
parent3aa279fa890da6a9954ba8279aefcd8286a74357 (diff)
parente0a51284c21ac0c7187b2f972923023e907f4bc5 (diff)
Merge "linux-yocto: remove redundant patches from recipe"
Diffstat (limited to 'meta-app-framework/recipes-kernel/linux')
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend11
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch65
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0002-smack-fix-cache-of-access-labels.patch43
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0003-Smack-ignore-null-signal-in-smack_task_kill.patch39
-rw-r--r--meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch49
5 files changed, 0 insertions, 207 deletions
diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
deleted file mode 100644
index 5ae62d586..000000000
--- a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
+++ /dev/null
@@ -1,11 +0,0 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.12:"
-
-#-------------------------------------------------------------------------
-# smack patches for handling bluetooth
-
-SRC_URI_append_with-lsm-smack = "\
- file://0002-smack-fix-cache-of-access-labels.patch \
- file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \
- file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \
-"
-
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch
deleted file mode 100644
index 4021e5d38..000000000
--- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001
-From: Casey Schaufler <casey@schaufler-ca.com>
-Date: Mon, 7 Dec 2015 14:34:32 -0800
-Subject: [PATCH 1/4] Smack: File receive for sockets
-
-The existing file receive hook checks for access on
-the file inode even for UDS. This is not right, as
-the inode is not used by Smack to make access checks
-for sockets. This change checks for an appropriate
-access relationship between the receiving (current)
-process and the socket. If the process can't write
-to the socket's send label or the socket's receive
-label can't write to the process fail.
-
-This will allow the legitimate cases, where the
-socket sender and socket receiver can freely communicate.
-Only strangly set socket labels should cause a problem.
-
-Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
----
- security/smack/smack_lsm.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index ff81026..b20ef06 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file)
- int may = 0;
- struct smk_audit_info ad;
- struct inode *inode = file_inode(file);
-+ struct socket *sock;
-+ struct task_smack *tsp;
-+ struct socket_smack *ssp;
-
- if (unlikely(IS_PRIVATE(inode)))
- return 0;
-
- smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
- smk_ad_setfield_u_fs_path(&ad, file->f_path);
-+
-+ if (S_ISSOCK(inode->i_mode)) {
-+ sock = SOCKET_I(inode);
-+ ssp = sock->sk->sk_security;
-+ tsp = current_security();
-+ /*
-+ * If the receiving process can't write to the
-+ * passed socket or if the passed socket can't
-+ * write to the receiving process don't accept
-+ * the passed socket.
-+ */
-+ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
-+ rc = smk_bu_file(file, may, rc);
-+ if (rc < 0)
-+ return rc;
-+ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
-+ rc = smk_bu_file(file, may, rc);
-+ return rc;
-+ }
- /*
- * This code relies on bitmasks.
- */
---
-2.7.4
-
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0002-smack-fix-cache-of-access-labels.patch
deleted file mode 100644
index c516f3aa5..000000000
--- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0002-smack-fix-cache-of-access-labels.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
-Date: Tue, 12 Jan 2016 21:23:40 +0100
-Subject: [PATCH 2/4] smack: fix cache of access labels
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Before this commit, removing the access property of
-a file, aka, the extended attribute security.SMACK64
-was not effictive until the cache had been cleaned.
-
-This patch fixes that problem.
-
-Signed-off-by: José Bollo <jobol@nonadev.net>
-Acked-by: Casey Schaufler <casey@schaufler-ca.com>
----
- security/smack/smack_lsm.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index b20ef06..b2bcb14 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
- * Don't do anything special for these.
- * XATTR_NAME_SMACKIPIN
- * XATTR_NAME_SMACKIPOUT
-- * XATTR_NAME_SMACKEXEC
- */
-- if (strcmp(name, XATTR_NAME_SMACK) == 0)
-+ if (strcmp(name, XATTR_NAME_SMACK) == 0) {
-+ struct super_block *sbp = d_backing_inode(dentry)->i_sb;
-+ struct superblock_smack *sbsp = sbp->s_security;
-+
-+ isp->smk_inode = sbsp->smk_default;
-+ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
- isp->smk_task = NULL;
- else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
- isp->smk_mmap = NULL;
---
-2.7.4
-
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0003-Smack-ignore-null-signal-in-smack_task_kill.patch
deleted file mode 100644
index c9180bb9f..000000000
--- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0003-Smack-ignore-null-signal-in-smack_task_kill.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001
-From: Rafal Krypa <r.krypa@samsung.com>
-Date: Mon, 4 Apr 2016 11:14:53 +0200
-Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill
-
-Kill with signal number 0 is commonly used for checking PID existence.
-Smack treated such cases like any other kills, although no signal is
-actually delivered when sig == 0.
-
-Checking permissions when sig == 0 didn't prevent an unprivileged caller
-from learning whether PID exists or not. When it existed, kernel returned
-EPERM, when it didn't - ESRCH. The only effect of policy check in such
-case is noise in audit logs.
-
-This change lets Smack silently ignore kill() invocations with sig == 0.
-
-Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
-Acked-by: Casey Schaufler <casey@schaufler-ca.com>
----
- security/smack/smack_lsm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index b2bcb14..cf8a93f 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
- struct smack_known *tkp = smk_of_task_struct(p);
- int rc;
-
-+ if (!sig)
-+ return 0; /* null signal; existence test */
-+
- smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
- smk_ad_setfield_u_tsk(&ad, p);
- /*
---
-2.7.4
-
diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch
deleted file mode 100644
index a1eeac3d7..000000000
--- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c8bbb0f916de54610513e376070aea531af19dd6 Mon Sep 17 00:00:00 2001
-From: jooseong lee <jooseong.lee@samsung.com>
-Date: Thu, 3 Nov 2016 10:55:43 +0100
-Subject: [PATCH 4/4] Smack: Assign smack_known_web label for kernel thread's
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Assign smack_known_web label for kernel thread's socket in the sk_alloc_security hook
-
-Creating struct sock by sk_alloc function in various kernel subsystems
-like bluetooth dosen't call smack_socket_post_create(). In such case,
-received sock label is the floor('_') label and makes access deny.
-
-Refers-to: https://review.tizen.org/gerrit/#/c/80717/4
-
-Change-Id: I2e5c9359bfede84a988fd4d4d74cdb9dfdfc52d8
-Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- security/smack/smack_lsm.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index cf8a93f..21651bc 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -2321,8 +2321,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
- if (ssp == NULL)
- return -ENOMEM;
-
-- ssp->smk_in = skp;
-- ssp->smk_out = skp;
-+ /*
-+ * Sockets created by kernel threads receive web label.
-+ */
-+ if (unlikely(current->flags & PF_KTHREAD)) {
-+ ssp->smk_in = &smack_known_web;
-+ ssp->smk_out = &smack_known_web;
-+ } else {
-+ ssp->smk_in = skp;
-+ ssp->smk_out = skp;
-+ }
- ssp->smk_packet = NULL;
-
- sk->sk_security = ssp;
---
-2.7.4
-