Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris: - EVM gains support for loading an x509 cert from the kernel (EVM_LOAD_X509), into the EVM trusted kernel keyring. - Smack implements 'file receive' process-based permission checking for sockets, rather than just depending on inode checks. - Misc enhancments for TPM & TPM2. - Cleanups and bugfixes for SELinux, Keys, and IMA. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (41 commits) selinux: Inode label revalidation performance fix KEYS: refcount bug fix ima: ima_write_policy() limit locking IMA: policy can be updated zero times selinux: rate-limit netlink message warnings in selinux_nlmsg_perm() selinux: export validatetrans decisions gfs2: Invalid security labels of inodes when they go invalid selinux: Revalidate invalid inode security labels security: Add hook to invalidate inode security labels selinux: Add accessor functions for inode->i_security security: Make inode argument of inode_getsecid non-const security: Make inode argument of inode_getsecurity non-const selinux: Remove unused variable in selinux_inode_init_security keys, trusted: seal with a TPM2 authorization policy keys, trusted: select hash algorithm for TPM2 chips keys, trusted: fix: *do not* allow duplicate key options tpm_ibmvtpm: properly handle interrupted packet receptions tpm_tis: Tighten IRQ auto-probing tpm_tis: Refactor the interrupt setup tpm_tis: Get rid of the duplicate IRQ probing code ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2016-01-17 19:13:15 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> 2016-01-17 19:13:15 -0800
commit: 5807fcaa9bf7dd87241df739161c119cf78a6bc4 (patch)
tree: 4ed1e647a0ae0f315db3b9066c9235020c439649 /kernel
parent: Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit (diff)
parent: Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into next (diff)
download: linux-dev-5807fcaa9bf7dd87241df739161c119cf78a6bc4.tar.xz
linux-dev-5807fcaa9bf7dd87241df739161c119cf78a6bc4.zip
3 files changed, 5 insertions, 5 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index d6dd95cc59e6..3a3e5deeda8d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1719,7 +1719,7 @@ static inline int audit_copy_fcaps(struct audit_names *name,
 
 /* Copy inode data into an audit_names. */
 void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,
-		      const struct inode *inode)
+		      struct inode *inode)
 {
 	name->ino   = inode->i_ino;
 	name->dev   = inode->i_sb->s_dev;
diff --git a/kernel/audit.h b/kernel/audit.h
index de6cbb7cf547..cbbe6bb6496e 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -207,7 +207,7 @@ extern u32 audit_ever_enabled;
 
 extern void audit_copy_inode(struct audit_names *name,
 			     const struct dentry *dentry,
-			     const struct inode *inode);
+			     struct inode *inode);
 extern void audit_log_cap(struct audit_buffer *ab, char *prefix,
 			  kernel_cap_t *cap);
 extern void audit_log_name(struct audit_context *context,
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b86cc04959de..195ffaee50b9 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1754,7 +1754,7 @@ void __audit_inode(struct filename *name, const struct dentry *dentry,
 		   unsigned int flags)
 {
 	struct audit_context *context = current->audit_context;
-	const struct inode *inode = d_backing_inode(dentry);
+	struct inode *inode = d_backing_inode(dentry);
 	struct audit_names *n;
 	bool parent = flags & AUDIT_INODE_PARENT;
 
@@ -1848,12 +1848,12 @@ void __audit_file(const struct file *file)
  * must be hooked prior, in order to capture the target inode during
  * unsuccessful attempts.
  */
-void __audit_inode_child(const struct inode *parent,
+void __audit_inode_child(struct inode *parent,
 			 const struct dentry *dentry,
 			 const unsigned char type)
 {
 	struct audit_context *context = current->audit_context;
-	const struct inode *inode = d_backing_inode(dentry);
+	struct inode *inode = d_backing_inode(dentry);
 	const char *dname = dentry->d_name.name;
 	struct audit_names *n, *found_parent = NULL, *found_child = NULL;
author	Linus Torvalds <torvalds@linux-foundation.org>	2016-01-17 19:13:15 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	2016-01-17 19:13:15 -0800
commit	5807fcaa9bf7dd87241df739161c119cf78a6bc4 (patch)
tree	4ed1e647a0ae0f315db3b9066c9235020c439649 /kernel
parent	Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit (diff)
parent	Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into next (diff)
download	linux-dev-5807fcaa9bf7dd87241df739161c119cf78a6bc4.tar.xz linux-dev-5807fcaa9bf7dd87241df739161c119cf78a6bc4.zip