diff options
author | Matt Ranostay <matt.ranostay@konsulko.com> | 2018-02-15 15:22:25 -0800 |
---|---|---|
committer | Matt Ranostay <matt.ranostay@konsulko.com> | 2018-02-15 15:23:00 -0800 |
commit | e0a51284c21ac0c7187b2f972923023e907f4bc5 (patch) | |
tree | 43e143bd6fa6268e41404abc3e1d9f32dd15f079 /meta-app-framework/recipes-kernel | |
parent | 317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (diff) |
linux-yocto: remove redundant patches from recipe
Changes have been merged in the 4.12 kernel and are no longer needed to applied
Change-Id: I5173a40d95a87a2bdba1666519d6ad09118a52eb
Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
Diffstat (limited to 'meta-app-framework/recipes-kernel')
5 files changed, 0 insertions, 207 deletions
diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend deleted file mode 100644 index 5ae62d586..000000000 --- a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend +++ /dev/null @@ -1,11 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.12:" - -#------------------------------------------------------------------------- -# smack patches for handling bluetooth - -SRC_URI_append_with-lsm-smack = "\ - file://0002-smack-fix-cache-of-access-labels.patch \ - file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ - file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ -" - diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch deleted file mode 100644 index 4021e5d38..000000000 --- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0001-Smack-File-receive-for-sockets.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001 -From: Casey Schaufler <casey@schaufler-ca.com> -Date: Mon, 7 Dec 2015 14:34:32 -0800 -Subject: [PATCH 1/4] Smack: File receive for sockets - -The existing file receive hook checks for access on -the file inode even for UDS. This is not right, as -the inode is not used by Smack to make access checks -for sockets. This change checks for an appropriate -access relationship between the receiving (current) -process and the socket. If the process can't write -to the socket's send label or the socket's receive -label can't write to the process fail. - -This will allow the legitimate cases, where the -socket sender and socket receiver can freely communicate. -Only strangly set socket labels should cause a problem. - -Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> ---- - security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index ff81026..b20ef06 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file) - int may = 0; - struct smk_audit_info ad; - struct inode *inode = file_inode(file); -+ struct socket *sock; -+ struct task_smack *tsp; -+ struct socket_smack *ssp; - - if (unlikely(IS_PRIVATE(inode))) - return 0; - - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); - smk_ad_setfield_u_fs_path(&ad, file->f_path); -+ -+ if (S_ISSOCK(inode->i_mode)) { -+ sock = SOCKET_I(inode); -+ ssp = sock->sk->sk_security; -+ tsp = current_security(); -+ /* -+ * If the receiving process can't write to the -+ * passed socket or if the passed socket can't -+ * write to the receiving process don't accept -+ * the passed socket. -+ */ -+ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); -+ rc = smk_bu_file(file, may, rc); -+ if (rc < 0) -+ return rc; -+ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); -+ rc = smk_bu_file(file, may, rc); -+ return rc; -+ } - /* - * This code relies on bitmasks. - */ --- -2.7.4 - diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0002-smack-fix-cache-of-access-labels.patch deleted file mode 100644 index c516f3aa5..000000000 --- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0002-smack-fix-cache-of-access-labels.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net> -Date: Tue, 12 Jan 2016 21:23:40 +0100 -Subject: [PATCH 2/4] smack: fix cache of access labels -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Before this commit, removing the access property of -a file, aka, the extended attribute security.SMACK64 -was not effictive until the cache had been cleaned. - -This patch fixes that problem. - -Signed-off-by: José Bollo <jobol@nonadev.net> -Acked-by: Casey Schaufler <casey@schaufler-ca.com> ---- - security/smack/smack_lsm.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index b20ef06..b2bcb14 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) - * Don't do anything special for these. - * XATTR_NAME_SMACKIPIN - * XATTR_NAME_SMACKIPOUT -- * XATTR_NAME_SMACKEXEC - */ -- if (strcmp(name, XATTR_NAME_SMACK) == 0) -+ if (strcmp(name, XATTR_NAME_SMACK) == 0) { -+ struct super_block *sbp = d_backing_inode(dentry)->i_sb; -+ struct superblock_smack *sbsp = sbp->s_security; -+ -+ isp->smk_inode = sbsp->smk_default; -+ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) - isp->smk_task = NULL; - else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) - isp->smk_mmap = NULL; --- -2.7.4 - diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0003-Smack-ignore-null-signal-in-smack_task_kill.patch deleted file mode 100644 index c9180bb9f..000000000 --- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0003-Smack-ignore-null-signal-in-smack_task_kill.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001 -From: Rafal Krypa <r.krypa@samsung.com> -Date: Mon, 4 Apr 2016 11:14:53 +0200 -Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill - -Kill with signal number 0 is commonly used for checking PID existence. -Smack treated such cases like any other kills, although no signal is -actually delivered when sig == 0. - -Checking permissions when sig == 0 didn't prevent an unprivileged caller -from learning whether PID exists or not. When it existed, kernel returned -EPERM, when it didn't - ESRCH. The only effect of policy check in such -case is noise in audit logs. - -This change lets Smack silently ignore kill() invocations with sig == 0. - -Signed-off-by: Rafal Krypa <r.krypa@samsung.com> -Acked-by: Casey Schaufler <casey@schaufler-ca.com> ---- - security/smack/smack_lsm.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index b2bcb14..cf8a93f 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, - struct smack_known *tkp = smk_of_task_struct(p); - int rc; - -+ if (!sig) -+ return 0; /* null signal; existence test */ -+ - smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); - smk_ad_setfield_u_tsk(&ad, p); - /* --- -2.7.4 - diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch deleted file mode 100644 index a1eeac3d7..000000000 --- a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.12/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch +++ /dev/null @@ -1,49 +0,0 @@ -From c8bbb0f916de54610513e376070aea531af19dd6 Mon Sep 17 00:00:00 2001 -From: jooseong lee <jooseong.lee@samsung.com> -Date: Thu, 3 Nov 2016 10:55:43 +0100 -Subject: [PATCH 4/4] Smack: Assign smack_known_web label for kernel thread's -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Assign smack_known_web label for kernel thread's socket in the sk_alloc_security hook - -Creating struct sock by sk_alloc function in various kernel subsystems -like bluetooth dosen't call smack_socket_post_create(). In such case, -received sock label is the floor('_') label and makes access deny. - -Refers-to: https://review.tizen.org/gerrit/#/c/80717/4 - -Change-Id: I2e5c9359bfede84a988fd4d4d74cdb9dfdfc52d8 -Signed-off-by: jooseong lee <jooseong.lee@samsung.com> -Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - security/smack/smack_lsm.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index cf8a93f..21651bc 100644 ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -2321,8 +2321,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) - if (ssp == NULL) - return -ENOMEM; - -- ssp->smk_in = skp; -- ssp->smk_out = skp; -+ /* -+ * Sockets created by kernel threads receive web label. -+ */ -+ if (unlikely(current->flags & PF_KTHREAD)) { -+ ssp->smk_in = &smack_known_web; -+ ssp->smk_out = &smack_known_web; -+ } else { -+ ssp->smk_in = skp; -+ ssp->smk_out = skp; -+ } - ssp->smk_packet = NULL; - - sk->sk_security = ssp; --- -2.7.4 - |