Casey Schaufler [Fri, 28 Jun 2013 20:47:07 +0000 (13:47 -0700)]
Smack: network label match fix
The Smack code that matches incoming CIPSO tags with Smack labels
reaches through the NetLabel interfaces and compares the network
data with the CIPSO header associated with a Smack label. This was
done in a ill advised attempt to optimize performance. It works
so long as the categories fit in a single capset, but this isn't
always the case.
This patch changes the Smack code to use the appropriate NetLabel
interfaces to compare the incoming CIPSO header with the CIPSO
header associated with a label. It will always match the CIPSO
headers correctly.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I22a2fd758b5a7764cbeb3ebf9f4dadd12d5b170b
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
5d10a57e98373f562c0f57b07ee0f265f785964e)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Tomasz Stanislawski [Tue, 11 Jun 2013 12:55:13 +0000 (14:55 +0200)]
security: smack: add a hash table to quicken smk_find_entry()
Accepted for the smack-next tree after changing the number of
slots from 128 to 16.
This patch adds a hash table to quicken searching of a smack label by its name.
Basically, the patch improves performance of SMACK initialization. Parsing of
rules involves translation from a string to a smack_known (aka label) entity
which is done in smk_find_entry().
The current implementation of the function iterates over a global list of
smack_known resulting in O(N) complexity for smk_find_entry(). The total
complexity of SMACK initialization becomes O(rules * labels). Therefore it
scales quadratically with a complexity of a system.
Applying the patch reduced the complexity of smk_find_entry() to O(1) as long
as number of label is in hundreds. If the number of labels is increased please
update SMACK_HASH_SLOTS constant defined in security/smack/smack.h. Introducing
the configuration of this constant with Kconfig or cmdline might be a good
idea.
The size of the hash table was adjusted experimentally. The rule set used by
TIZEN contains circa 17K rules for 500 labels. The table above contains
results of SMACK initialization using 'time smackctl apply' bash command.
The 'Ref' is a kernel without this patch applied. The consecutive values
refers to value of SMACK_HASH_SLOTS. Every measurement was repeated three
times to reduce noise.
| Ref | 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128 | 256 | 512
--------------------------------------------------------------------------------------------
Run1 | 1.156 | 1.096 | 0.883 | 0.764 | 0.692 | 0.667 | 0.649 | 0.633 | 0.634 | 0.629 | 0.620
Run2 | 1.156 | 1.111 | 0.885 | 0.764 | 0.694 | 0.661 | 0.649 | 0.651 | 0.634 | 0.638 | 0.623
Run3 | 1.160 | 1.107 | 0.886 | 0.764 | 0.694 | 0.671 | 0.661 | 0.638 | 0.631 | 0.624 | 0.638
AVG | 1.157 | 1.105 | 0.885 | 0.764 | 0.693 | 0.666 | 0.653 | 0.641 | 0.633 | 0.630 | 0.627
Surprisingly, a single hlist is slightly faster than a double-linked list.
The speed-up saturates near 64 slots. Therefore I chose value 128 to provide
some margin if more labels were used.
It looks that IO becomes a new bottleneck.
Change-Id: Ib1f7bf9f52337b07ccfab10e8fdf52014bd3b466
Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
afe16280f7f3740b8644dcae9993c71bdeacff83)
[cherry pick and fix a hlist_for_each_entry_rcu() para backport issue]
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Tomasz Stanislawski [Thu, 6 Jun 2013 07:30:50 +0000 (09:30 +0200)]
security: smack: fix memleak in smk_write_rules_list()
The smack_parsed_rule structure is allocated. If a rule is successfully
installed then the last reference to the object is lost. This patch fixes this
leak. Moreover smack_parsed_rule is allocated on stack because it no longer
needed ofter smk_write_rules_list() is finished.
Change-Id: I5b4dcadc6a9d675ab630b23c00edeaf595b5b857
Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
2ee409b5009476618833fd7dccb3ee382bfaaa9c)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Tetsuo Handa [Wed, 24 Jul 2013 20:44:02 +0000 (05:44 +0900)]
xattr: Constify ->name member of "struct xattr".
Since everybody sets kstrdup()ed constant string to "struct xattr"->name but
nobody modifies "struct xattr"->name , we can omit kstrdup() and its failure
checking by constifying ->name member of "struct xattr".
Change-Id: I6cb5cd7f29c01956dd0d1579af81a518a5936071
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Joel Becker <jlbec@evilplan.org> [ocfs2]
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Tested-by: Paul Moore <paul@paul-moore.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
1ff243e2568c443807cf699fce52a9ddecc2fcef)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
David Quigley [Wed, 22 May 2013 16:50:35 +0000 (12:50 -0400)]
Security: Add Hook to test if the particular xattr is part of a MAC model.
The interface to request security labels from user space is the xattr
interface. When requesting the security label from an NFS server it is
important to make sure the requested xattr actually is a MAC label. This allows
us to make sure that we get the desired semantics from the attribute instead of
something else such as capabilities or a time based LSM.
Change-Id: I283f116953f958877826ba772661b5755986ac99
Acked-by: Eric Paris <eparis@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com>
Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg>
Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg>
Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
9cf5cc4f969032b8f571025845a59fce3ba2a17c)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Li Peng [Wed, 11 Dec 2013 02:26:25 +0000 (10:26 +0800)]
packaging: add openssl as build dependency
Signed-off-by: Li Peng <peng.li@intel.com>
Prajwal Mohan [Mon, 9 Dec 2013 22:50:43 +0000 (14:50 -0800)]
elfutils-libelf-devel is now libelf-devel. Changing spec file BuildRequires to reflect that
flyan [Wed, 27 Nov 2013 13:38:35 +0000 (21:38 +0800)]
atomisp2: Fix spinlock not be initialized when used bug
When isp->sw_contex.power_lock used in atomisp_ospm_dphy_down at probe,
but the lock not be initiallized at the moment,
untill the first video device opened,
so there will be a spinlock bad magic panic message
when CONFIG_DEBUG_SPINLOCK enable.
TZSP-8062: spinlock bad magic on CPU#0, udevd/134
Signed-off-by: Yan Feilong <flyanb@isoftstone.com>
flyan [Thu, 28 Nov 2013 07:38:25 +0000 (15:38 +0800)]
atomisp2: Modifed atomisp firmware load asynchronously
Drivers could not load firmware with request_firmware
in the probe path with new udev verssion,
this will deferred probe about 30s.
After reboot, atomisp probe have not finished when open camera immediately,
so camera application will be crash.
we use asynchronously request_firmware_nowait replace request_firmware.
TZSP-8015:Camera application crashes often right after launch
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Li Peng [Thu, 28 Nov 2013 02:52:51 +0000 (10:52 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Thu, 28 Nov 2013 02:26:55 +0000 (10:26 +0800)]
gfx: enlarge XPROC workaround memory pool size
200 isn't enough for X/DRI memory allocation, it will cause
DRI memory allocation failure in usersapce, increase to 4096
Signed-off-by: Li Peng <peng.li@intel.com>
Austin Zhang [Wed, 27 Nov 2013 13:13:39 +0000 (21:13 +0800)]
PM: charger: bq24192: Report specific events to userspace for UI usage
So that the user space app can monitor this uevent for improving the UX
Fix jira-8113.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Austin Zhang [Tue, 26 Nov 2013 04:53:13 +0000 (12:53 +0800)]
PM: net: wireless: bcmdhd: Put the WIFI into/out low power while screen off/on
Using the screen off/on notification, to put the WIFI silicon into the low
power mode/high performance mode.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
flyan [Wed, 20 Nov 2013 07:57:32 +0000 (15:57 +0800)]
atomisp2: set initial streaming state to disabled
If user space application fails to explicitly disable streaming before
closing the device, the streaming state will be left with an incorrect
value. This will possible make it impossible to reopen the device.
This fixes an issue where after camera application has crashed, the
camera device can not be opened any more.
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Li Peng [Mon, 18 Nov 2013 01:55:26 +0000 (09:55 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Fri, 15 Nov 2013 03:09:36 +0000 (11:09 +0800)]
config: no HDMI port on Geek, disable driver config""
we are confirmed that no HDMI support on Geek, so disble it
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Fri, 15 Nov 2013 01:34:33 +0000 (09:34 +0800)]
change max swapchain number to 10 and 2 buffer per chain
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 12 Nov 2013 08:34:22 +0000 (16:34 +0800)]
Revert "config: no HDMI port on Geek, disable driver config"
This reverts commit
d3eefea32d3b26ae66228052ab0817d9b72db547.
In fact we still need HDMI config option
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 12 Nov 2013 02:36:40 +0000 (10:36 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 12 Nov 2013 02:22:33 +0000 (10:22 +0800)]
config: no HDMI port on Geek, disable driver config
Signed-off-by: Li Peng <peng.li@intel.com>
liuwei [Tue, 5 Nov 2013 08:41:34 +0000 (16:41 +0800)]
touchscreen: fixed tzsp-7689 (multitouch issue)
becasue the touch driver no report mt_slot event, cause evdevmultitouch can`t track multitouch
so add mt_slot event report for supprot multitouch
Signed-off-by: liuwei <weix.a.liu@intel.com>
Li Hualiang [Tue, 5 Nov 2013 03:27:38 +0000 (11:27 +0800)]
Fix bugs: TZSP-7837, WIFI strength icon on status bar does not display synchronization with current WIFI strength.
Heikki Krogerus [Mon, 4 Nov 2013 11:36:43 +0000 (13:36 +0200)]
packaging: update changelog
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Daniel van der Wath [Thu, 31 Oct 2013 14:45:01 +0000 (14:45 +0000)]
gfx: When creating a CmdQueue for a swapchain, keep calling OSLockResource() for a second instead of giving up after the first failure.
flyan [Thu, 31 Oct 2013 09:51:13 +0000 (17:51 +0800)]
confg:Enable bu64291 focus driver
enable bu64291 focus for camera capture
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Austin Zhang [Thu, 31 Oct 2013 07:06:28 +0000 (15:06 +0800)]
Enable perf pkg generating
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Wu zheng [Thu, 31 Oct 2013 03:22:26 +0000 (11:22 +0800)]
Remove HACK: serial: mfd: disable runtime PM temporarily
Change-Id: I9ded1dd299bd498788a8a5478aca2f921c70cfd2
Yan Zhang [Wed, 30 Oct 2013 08:55:16 +0000 (16:55 +0800)]
Disable tiling mode for Topaz temporarily;
Li Peng [Wed, 30 Oct 2013 05:47:58 +0000 (13:47 +0800)]
gfx: Reset irq sequence number to 1 at te disable
It should always one number ahead of screen update count, so when
driver come back from DSR and there is UI operation happened, driver
can still make the screen update
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Wed, 30 Oct 2013 02:17:04 +0000 (10:17 +0800)]
Revert "gfx: enable DSR"
This reverts commit
5fd5cd375b764f0a5a592fd76ed0d140d4a29575.
We see DSR causes some impact to UI operation, disable it for a while
until we know the root cause and have a real fix
Signed-off-by: Li Peng <peng.li@intel.com>
Austin Zhang [Tue, 29 Oct 2013 09:20:33 +0000 (17:20 +0800)]
PM: hwmon: sensor: gyroscope: Added screen off notifier callback
Added screen off notifier callback for gyroscope, so that this
sensor will be disabled once the screen is off. Otherwise, this
sensor will still waste power under screen-off but non-suspend
cases.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Austin Zhang [Tue, 29 Oct 2013 08:18:07 +0000 (16:18 +0800)]
PM: hwmon: sensor: accelerator: Added screen off notifier callback
Added screen off notifier callback for accelerator, so that this
sensor will be disabled once the screen is off; Otherwise, this
sensor will still wake up processor frequently and spend a lot of
time (so power) to handle its ISR even though the screen is off
but the system is not in suspend status.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
flyan [Sat, 19 Oct 2013 09:08:12 +0000 (17:08 +0800)]
config: camera flash support
enable adp1650 camera flash for camera capture
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Li Peng [Fri, 18 Oct 2013 07:39:25 +0000 (15:39 +0800)]
Update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Fri, 18 Oct 2013 07:34:47 +0000 (15:34 +0800)]
gfx: enable DSR
It saves power at display on idle per power team test
Signed-off-by: Li Peng <peng.li@intel.com>
flyan [Wed, 16 Oct 2013 13:30:19 +0000 (21:30 +0800)]
atomisp: Add VIDIOC_ENUM_FRAMESIZES ioctl
Add atomisp enum framesizs ioctl surppot
This ioctl allows applications to enumerate all frame sizes that the¬¬
device supports for the given pixel format
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
qizuyong [Wed, 16 Oct 2013 14:31:05 +0000 (22:31 +0800)]
OV9740:add flip function for ov9740
add horizontal flip & vertical flip function for sensor ov9740
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Signed-off-by: qizuyong <zyqi@isoftstone.com>
Chengwei Yang [Mon, 14 Oct 2013 05:07:55 +0000 (13:07 +0800)]
Revert "Revert "gfx/fb: another work around to enable X with frame buffer""
This reverts commit
702c633a32677d68777dd426da17cc194bf78689.
Chengwei Yang [Mon, 14 Oct 2013 03:33:05 +0000 (11:33 +0800)]
Revert "Revert "gfx/fb: work around to enable X with frame buffer""
This reverts commit
afab00354524f8f41b61bb3f9fab39dc0d16b360.
Li Peng [Wed, 9 Oct 2013 03:39:13 +0000 (11:39 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Wed, 9 Oct 2013 02:41:28 +0000 (10:41 +0800)]
gfx: forbid DSR during pageflip
enable DSR again after page flip is done
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 8 Oct 2013 07:44:58 +0000 (15:44 +0800)]
gfx: Disable DSR until it is ready
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 8 Oct 2013 07:32:35 +0000 (15:32 +0800)]
gfx: enable async flip
Signed-off-by: Li Peng <peng.li@intel.com>
Heikki Krogerus [Mon, 30 Sep 2013 06:31:00 +0000 (09:31 +0300)]
packaging: update changelog
Atomisp changes.
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Li Peng [Fri, 27 Sep 2013 09:41:49 +0000 (17:41 +0800)]
gfx: skip psbfb_mmap interface
This function cause kernel reboot failure and it is safe to skip
driver fb_mmap support.
Signed-off-by: Li Peng <peng.li@intel.com>
tieyang [Thu, 26 Sep 2013 03:19:02 +0000 (11:19 +0800)]
config: add atomisp driver and camera sensor driver
beacause OV8830 and OV9740 depend on atomisp, so we set
CONFIG_VIDEO_OV8830=y & CONFIG_VIDEO_OV9740=y to ensure
ov8830&ov9740 register into the kernel before atomisp
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Signed-off-by: Tie Yang <yangx.tie@intel.com>
tieyang [Thu, 26 Sep 2013 03:07:56 +0000 (11:07 +0800)]
atomisp: modify atomisp parameters
RESERVED_MEMORY_POOL_SIZE_IN_PAGE is refer to android platform of geek
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Signed-off-by: Tie Yang <yangx.tie@intel.com>
Wu Zheng [Wed, 25 Sep 2013 09:38:41 +0000 (17:38 +0800)]
HACK: serial: mfd: disable runtime PM temporarily
We can't wait for BT LPM because broadcom support is slowly.
It will block BT LPM enabling and Bluetooth enabling.
We need to enable BT, so that it doesn't block project milestone.
Then we continue checking and getting broadcom support to enable BT LPM.
Signed-off-by: Wu Zheng <wu.zheng@intel.com>
Greg Hunt [Tue, 24 Sep 2013 17:46:15 +0000 (18:46 +0100)]
Ported linux_framebuffer_mrst from josephine, this improves flip chain functionality
Signed-off-by: Greg Hunt <greg.hunt@mobica.com>
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 24 Sep 2013 02:51:41 +0000 (10:51 +0800)]
Revert "gfx/fb: another work around to enable X with frame buffer"
This reverts commit
9e2b4b572f80595edcf7d6ebc6b28459f8c42b64.
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 24 Sep 2013 02:44:39 +0000 (10:44 +0800)]
Revert "gfx/fb: work around to enable X with frame buffer"
This reverts commit
a5975db250d468ff7400a93fd67a3f118db56957.
Signed-off-by: Li Peng <peng.li@intel.com>
Wu Zheng [Tue, 24 Sep 2013 03:14:53 +0000 (11:14 +0800)]
Bluetooth: Fix authentication if acl data comes before remote feature evt
If remote device sends l2cap info request before read_remote_ext_feature
completes then mgmt_connected will be sent in hci_acldata_packet() and
remote name request wont be sent and eventually authentication wont happen
commit
7b064edae38d62d8587a8c574f93b53ce75ae749 upstream
Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
[ made apply on top of v3.4 ]
Signed-off-by: Wu Zheng <wu.zheng@intel.com>
Wu Zheng [Tue, 24 Sep 2013 03:07:10 +0000 (11:07 +0800)]
x86: tizen_clovertrail_defconfig: enable bluetooth stack
Signed-off-by: Wu Zheng <wu.zheng@intel.com>
Li Peng [Tue, 24 Sep 2013 08:43:29 +0000 (16:43 +0800)]
update changelog for gfx driver integrate
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Sun, 22 Sep 2013 03:10:50 +0000 (11:10 +0800)]
gfx: PM control through dpms interface
enable gfx device suspend/resume at dpms off/on to fit with Tizen PM framework
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Sun, 22 Sep 2013 06:49:08 +0000 (14:49 +0800)]
config: backlight control support
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Sun, 22 Sep 2013 02:35:25 +0000 (10:35 +0800)]
config: Disable ANDROID_PARANOID_NETWORK
For less strict security in socket creation
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Wed, 18 Sep 2013 08:43:39 +0000 (16:43 +0800)]
gfx: Don't change scale property and swapchain property in mode setting
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 17 Sep 2013 08:32:26 +0000 (16:32 +0800)]
gfx: Fix wrong attribute in device memory map
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Mon, 16 Sep 2013 13:58:23 +0000 (21:58 +0800)]
gfx: Fix DRI2 authenticate failure
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Thu, 12 Sep 2013 01:47:33 +0000 (09:47 +0800)]
gfx: Enable build config SUPPORT_PVRSRV_GET_DC_SYSTEM_BUFFER
Signed-off-by: Li Peng <peng.li@intel.com>
Yin Kangkai [Wed, 18 Sep 2013 00:53:34 +0000 (08:53 +0800)]
Enable sensors for ZTE Geek
Geek has these sensors:
Accel: lsm330d_a
Gyro: lsm330d_g
Compass: akm8963
Ambient light and proximity: tmd2771x
No pressure sensor.
Also removed don't needed sensors configs.
Change-Id: Idfef539e381b937d93026e14a966925c524d03e6
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yin Kangkai [Tue, 10 Sep 2013 09:28:42 +0000 (17:28 +0800)]
Battery/charger/bq24192: add charger online sysfs interface
Add sysfs interface "online" to indicate whether charger is online or not.
Interface is here:
/sys/devices/pci0000:00/0000:00:00.5/i2c-2/2-006b/online
Or
/sys/class/power_supply/bq24192_charger/device/online
Pre-OS needs this flag to update the UI (charger is inserted or not).
Change-Id: I5dc683c22461d3b632fd983465b9282fb8b9d3a7
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yin Kangkai [Mon, 9 Sep 2013 05:46:48 +0000 (13:46 +0800)]
Battery/charger/bq24192: fix charging status
Add the charger throttle logic for bq24192, and fix the charging status.
Before this fix, battery (max17047) is in state "Discharging" even after you
inserted AC charger or USB. e.g.:
-sh-4.1# pwd
/sys/class/power_supply
-sh-4.1# ls
ac bq24192_charger max17047_battery usb wireless
-sh-4.1# cat ac/online
1
-sh-4.1# cat max17047_battery/status
Discharging
Change-Id: I94e428cd023eb1d3d1d36471a16bffd7580c644d
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yin Kangkai [Mon, 9 Sep 2013 02:29:45 +0000 (10:29 +0800)]
battery/charger/bq24192: indent only
Indent using the scripts/Lindent
Change-Id: I9a73915eb1438458c5312f8e62c5d3cd7da1d1de
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
vivian,zhang [Thu, 5 Sep 2013 08:22:13 +0000 (16:22 +0800)]
audio: export jack status through /sys/devices/platform/jack/earjack_online
Sound driver should set jack status: earjack_online, the status is
required for earjack type detecting in avsystem (Tizen audio middleware
project), which is used for enabling speaker & headset runtime switch feature
Change-Id: I1be3eb575b8d1af48f76e4d55bae9490c967fc32
Signed-off-by: Vivian Zhang <vivian.zhang@intel.com>
Yin Kangkai [Wed, 4 Sep 2013 03:25:16 +0000 (11:25 +0800)]
smack: enable smack in defconfig for Tizen
Change-Id: Ia1ab6aea69c0f8e58c44297126be9b3e1635d128
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yan Yin [Tue, 21 Feb 2012 09:23:26 +0000 (17:23 +0800)]
Enable proc fs to print more than 32 groups entries
from security-server-0.0.1/include/SLP_security-server_PG.h:
"In kernel version 2.6, there is a file in proc file system
"/proc/[pid]/status" which describes various information about the
process as text, it has a line named "Groups:" and it lists the group
IDs that the process is belonged to. B
ut there is a drawback in this file, it only shows at most 32 group IDs,
if number of groups of the process is bigger than 32, it ignores
them.
To enable to show all the groups you have to patch the kernel source
code to show more groups than 32, but there is another drawback. All
files in the proc file system has size limit to 4k bytes because the
file buffer size is 4k bytes, so it's not possible to show all possible
groups of the process(64k), but currently number of all groups in the
LiMo platform is much lower than the size, so it's not a big problem.
But near future we need to apply this patch into kernel mainline source
code by any form.
Heikki Krogerus [Tue, 3 Sep 2013 10:59:23 +0000 (13:59 +0300)]
packaging: update changelog
Enabling Smack support.
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Heikki Krogerus [Tue, 3 Sep 2013 10:07:56 +0000 (13:07 +0300)]
x86: defconfig: enable smack on clovertrail
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Passion,Zhao [Mon, 3 Jun 2013 03:42:24 +0000 (11:42 +0800)]
Smack: Fix the bug smackcipso can't set CIPSO correctly
commit
0fcfee61d63b82c1eefb5b1a914240480f17d63f upstream
Bug report: https://tizendev.org/bugs/browse/TDIS-3891
The reason is userspace libsmack only use "smackfs/cipso2" long-label interface,
but the code's logical is still for orginal fixed length label. Now update
smack_cipso_apply() to support flexible label (<=256 including tailing '\0')
There is also a bug in kernel/security/smack/smackfs.c:
When smk_set_cipso() parsing the CIPSO setting from userspace, the offset of
CIPSO level should be "strlen(label)+1" instead of "strlen(label)"
Signed-off-by: Passion,Zhao <passion.zhao@intel.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tetsuo Handa [Mon, 27 May 2013 11:11:27 +0000 (20:11 +0900)]
Smack: Fix possible NULL pointer dereference at smk_netlbl_mls()
commit
8cd77a0bd4b4a7d02c2a6926a69585d8088ee721 upstream
netlbl_secattr_catmap_alloc(GFP_ATOMIC) can return NULL.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Thu, 23 May 2013 01:43:07 +0000 (18:43 -0700)]
Smack: Add smkfstransmute mount option
commit
e830b39412ca2bbedd7508243f21c04d57ad543c upstream
Suppliment the smkfsroot mount option with another, smkfstransmute,
that does the same thing but also marks the root inode as
transmutting. This allows a freshly created filesystem to
be mounted with a transmutting heirarchy.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Thu, 23 May 2013 01:43:03 +0000 (18:43 -0700)]
Smack: Improve access check performance
commit
2f823ff8bec03a1e6f9e11fd0c4d54e4c7d09532 upstream
Each Smack label that the kernel has seen is added to a
list of labels. The list of access rules for a given subject
label hangs off of the label list entry for the label.
This patch changes the structures that contain subject
labels to point at the label list entry rather that the
label itself. Doing so removes a label list lookup in
smk_access() that was accounting for the largest single
chunk of Smack overhead.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Thu, 23 May 2013 01:42:56 +0000 (18:42 -0700)]
Smack: Local IPv6 port based controls
commit
c673944347edfd4362b10eea11ac384a582b1cf5 upstream
Smack does not provide access controls on IPv6 communications.
This patch introduces a mechanism for maintaining Smack lables
for local IPv6 communications. It is based on labeling local ports.
The behavior should be compatible with any future "real" IPv6
support as it provides no interfaces for users to manipulate
the labeling. Remote IPv6 connections use the ambient label
the same way that unlabeled IPv4 packets are treated.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Tue, 2 Apr 2013 18:41:18 +0000 (11:41 -0700)]
Smack: include magic.h in smackfs.c
commit
958d2c2f4ad905e3ffa1711d19184d21d9b00cc1 upstream
As reported for linux-next: Tree for Apr 2 (smack)
Add the required include for smackfs.c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Igor Zhbanov [Tue, 19 Mar 2013 09:49:47 +0000 (13:49 +0400)]
Fix NULL pointer dereference in smack_inode_unlink() and smack_inode_rmdir()
commit
cdb56b60884c687ea396ae96a418554739b40129 upstream
This patch fixes kernel Oops because of wrong common_audit_data type
in smack_inode_unlink() and smack_inode_rmdir().
When SMACK security module is enabled and SMACK logging is on (/smack/logging
is not zero) and you try to delete the file which
1) you cannot delete due to SMACK rules and logging of failures is on
or
2) you can delete and logging of success is on,
you will see following:
Unable to handle kernel NULL pointer dereference at virtual address
000002d7
[<...>] (strlen+0x0/0x28)
[<...>] (audit_log_untrustedstring+0x14/0x28)
[<...>] (common_lsm_audit+0x108/0x6ac)
[<...>] (smack_log+0xc4/0xe4)
[<...>] (smk_curacc+0x80/0x10c)
[<...>] (smack_inode_unlink+0x74/0x80)
[<...>] (security_inode_unlink+0x2c/0x30)
[<...>] (vfs_unlink+0x7c/0x100)
[<...>] (do_unlinkat+0x144/0x16c)
The function smack_inode_unlink() (and smack_inode_rmdir()) need
to log two structures of different types. First of all it does:
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
This will set common audit data type to LSM_AUDIT_DATA_DENTRY
and store dentry for auditing (by function smk_curacc(), which in turn calls
dump_common_audit_data(), which is actually uses provided data and logs it).
/*
* You need write access to the thing you're unlinking
*/
rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
if (rc == 0) {
/*
* You also need write access to the containing directory
*/
Then this function wants to log anoter data:
smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
smk_ad_setfield_u_fs_inode(&ad, dir);
The function sets inode field, but don't change common_audit_data type.
rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
}
So the dump_common_audit() function incorrectly interprets inode structure
as dentry, and Oops will happen.
This patch reinitializes common_audit_data structures with correct type.
Also I removed unneeded
smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
initialization, because both dentry and inode pointers are stored
in the same union.
Signed-off-by: Igor Zhbanov <i.zhbanov@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Thu, 10 Jan 2013 18:42:00 +0000 (19:42 +0100)]
Smack: add support for modification of existing rules
commit
e05b6f982a049113a88a1750e13fdb15298cbed4 upstream
Rule modifications are enabled via /smack/change-rule. Format is as follows:
"Subject Object rwaxt rwaxt"
First two strings are subject and object labels up to 255 characters.
Third string contains permissions to enable.
Fourth string contains permissions to disable.
All unmentioned permissions will be left unchanged.
If no rule previously existed, it will be created.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Tue, 27 Nov 2012 15:29:07 +0000 (16:29 +0100)]
Smack: add missing support for transmute bit in smack_str_from_perm()
commit
a87d79ad7cfa299aa14bb22758313dec33909875 upstream
This fixes audit logs for granting or denial of permissions to show
information about transmute bit.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Tue, 27 Nov 2012 15:28:11 +0000 (16:28 +0100)]
Smack: prevent revoke-subject from failing when unseen label is written to it
commit
d15d9fad16f6aa459cf4926a1d3aba36b004e9a2 upstream
Special file /smack/revoke-subject will silently accept labels that are not
present on the subject label list. Nothing has to be done for such labels,
as there are no rules for them to revoke.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Fri, 2 Nov 2012 01:14:32 +0000 (18:14 -0700)]
Smack: create a sysfs mount point for smackfs
commit
e93072374112db9dc86635934ee761249be28370 upstream
There are a number of "conventions" for where to put LSM filesystems.
Smack adheres to none of them. Create a mount point at /sys/fs/smackfs
for mounting smackfs so that Smack can be conventional.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Fri, 2 Nov 2012 18:28:11 +0000 (11:28 -0700)]
Smack: use select not depends in Kconfig
commit
111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a upstream
The components NETLABEL and SECURITY_NETWORK are required by
Smack. Using "depends" in Kconfig hides the Smack option
if the user hasn't figured out that they need to be enabled
while using make menuconfig. Using select is a better choice.
Because select is not recursive depends on NET and SECURITY
are added. The reflects similar usage in TOMOYO and AppArmor.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Wed, 22 Aug 2012 18:44:03 +0000 (11:44 -0700)]
Smack: setprocattr memory leak fix
commit
46a2f3b9e99353cc63e15563e8abee71162330f7 upstream
The data structure allocations being done in prepare_creds
are duplicated in smack_setprocattr. This results in the
structure allocated in prepare_creds being orphaned and
never freed. The duplicate code is removed from
smack_setprocattr.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Wed, 11 Jul 2012 15:49:30 +0000 (17:49 +0200)]
Smack: implement revoking all rules for a subject label
commit
449543b0436a9146b855aad39eab76ae4853e88d upstream
Add /smack/revoke-subject special file. Writing a SMACK label to this file will
set the access to '-' for all access rules with that subject label.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Fri, 10 Aug 2012 00:46:38 +0000 (17:46 -0700)]
Smack: remove task_wait() hook.
commit
c00bedb368ae02a066aed8a888afc286c1df2e60 upstream
On 12/20/2011 11:20 PM, Jarkko Sakkinen wrote:
> Allow SIGCHLD to be passed to child process without
> explicit policy. This will help to keep the access
> control policy simple and easily maintainable with
> complex applications that require use of multiple
> security contexts. It will also help to keep them
> as isolated as possible.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
I have a slightly different version that applies to the
current smack-next tree.
Allow SIGCHLD to be passed to child process without
explicit policy. This will help to keep the access
control policy simple and easily maintainable with
complex applications that require use of multiple
security contexts. It will also help to keep them
as isolated as possible.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c | 37 ++++++++-----------------------------
1 files changed, 8 insertions(+), 29 deletions(-)
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Alan Cox [Thu, 26 Jul 2012 21:47:11 +0000 (14:47 -0700)]
smack: off by one error
commit
3b9fc37280c521b086943f9aedda767f5bf3b2d3 upstream
Consider the input case of a rule that consists entirely of non space
symbols followed by a \0. Say 64 + \0
In this case strlen(data) = 64
kzalloc of subject and object are 64 byte objects
sscanfdata, "%s %s %s", subject, ...)
will put 65 bytes into subject.
Signed-off-by: Alan Cox <alan@linux.intel.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Mon, 9 Jul 2012 17:36:34 +0000 (19:36 +0200)]
Smack: don't show empty rules when /smack/load or /smack/load2 is read
commit
65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5 upstream
This patch removes empty rules (i.e. with access set to '-') from the
rule list presented to user space.
Smack by design never removes labels nor rules from its lists. Access
for a rule may be set to '-' to effectively disable it. Such rules would
show up in the listing generated when /smack/load or /smack/load2 is
read. This may cause clutter if many rules were disabled.
As a rule with access set to '-' is equivalent to no rule at all, they
may be safely hidden from the listing.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Tue, 19 Jun 2012 02:01:36 +0000 (19:01 -0700)]
Smack: user access check bounds
commit
3518721a8932b2a243f415c374aef020380efc9d upstream
Some of the bounds checking used on the /smack/access
interface was lost when support for long labels was
added. No kernel access checks are affected, however
this is a case where /smack/access could be used
incorrectly and fail to detect the error. This patch
reintroduces the original checks.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Tue, 5 Jun 2012 22:28:30 +0000 (15:28 -0700)]
Smack: onlycap limits on CAP_MAC_ADMIN
commit
1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e upstream
Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.
This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Thu, 24 May 2012 00:46:58 +0000 (17:46 -0700)]
Smack: fix smack_new_inode bogosities
commit
eb982cb4cf6405b97ea1f9e1d10864981f269d46 upstream
In January of 2012 Al Viro pointed out three bits of code that
he titled "new_inode_smack bogosities". This patch repairs these
errors.
1. smack_sb_kern_mount() included a NULL check that is impossible.
The check and NULL case are removed.
2. smack_kb_kern_mount() included pointless locking. The locking is
removed. Since this is the only place that lock was used the lock
is removed from the superblock_smack structure.
3. smk_fill_super() incorrectly and unnecessarily set the Smack label
for the smackfs root inode. The assignment has been removed.
Targeted for git://gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Al Viro [Wed, 30 May 2012 17:30:51 +0000 (13:30 -0400)]
split ->file_mmap() into ->mmap_addr()/->mmap_file()
commit
e5467859f7f79b69fc49004403009dfdba3bec53 upstream
... i.e. file-dependent and address-dependent checks.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Al Viro [Wed, 30 May 2012 17:11:37 +0000 (13:11 -0400)]
split cap_mmap_addr() out of cap_file_mmap()
commit
d007794a182bc072a7b7479909dbd0d67ba341be upstream
... switch callers.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Eric Paris [Wed, 4 Apr 2012 17:45:40 +0000 (13:45 -0400)]
SELinux: rename dentry_open to file_open
commit
83d498569e9a7a4b92c4c5d3566f2d6a604f28c9 upstream
dentry_open takes a file, rename it to file_open
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Sun, 6 May 2012 22:22:02 +0000 (15:22 -0700)]
Smack: allow for significantly longer Smack labels v4
commit
f7112e6c9abf1c70f001dcf097c1d6e218a93f5c upstream
V4 updated to current linux-security#next
Targeted for git://gitorious.org/smack-next/kernel.git
Modern application runtime environments like to use
naming schemes that are structured and generated without
human intervention. Even though the Smack limit of 23
characters for a label name is perfectly rational for
human use there have been complaints that the limit is
a problem in environments where names are composed from
a set or sources, including vendor, author, distribution
channel and application name. Names like
softwarehouse-pgwodehouse-coolappstore-mellowmuskrats
are becoming harder to avoid. This patch introduces long
label support in Smack. Labels are now limited to 255
characters instead of the old 23.
The primary reason for limiting the labels to 23 characters
was so they could be directly contained in CIPSO category sets.
This is still done were possible, but for labels that are too
large a mapping is required. This is perfectly safe for communication
that stays "on the box" and doesn't require much coordination
between boxes beyond what would have been required to keep label
names consistent.
The bulk of this patch is in smackfs, adding and updating
administrative interfaces. Because existing APIs can't be
changed new ones that do much the same things as old ones
have been introduced.
The Smack specific CIPSO data representation has been removed
and replaced with the data format used by netlabel. The CIPSO
header is now computed when a label is imported rather than
on use. This results in improved IP performance. The smack
label is now allocated separately from the containing structure,
allowing for larger strings.
Four new /smack interfaces have been introduced as four
of the old interfaces strictly required labels be specified
in fixed length arrays.
The access interface is supplemented with the check interface:
access "Subject Object rwxat"
access2 "Subject Object rwaxt"
The load interface is supplemented with the rules interface:
load "Subject Object rwxat"
load2 "Subject Object rwaxt"
The load-self interface is supplemented with the self-rules interface:
load-self "Subject Object rwxat"
load-self2 "Subject Object rwaxt"
The cipso interface is supplemented with the wire interface:
cipso "Subject lvl cnt c1 c2 ..."
cipso2 "Subject lvl cnt c1 c2 ..."
The old interfaces are maintained for compatibility.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tetsuo Handa [Thu, 29 Mar 2012 07:19:05 +0000 (16:19 +0900)]
gfp flags for security_inode_alloc()?
commit
ceffec5541cc22486d3ff492e3d76a33a68fbfa3 upstream
Dave Chinner wrote:
> Yes, because you have no idea what the calling context is except
> for the fact that is from somewhere inside filesystem code and the
> filesystem could be holding locks. Therefore, GFP_NOFS is really the
> only really safe way to allocate memory here.
I see. Thank you.
I'm not sure, but can call trace happen where somewhere inside network
filesystem or stackable filesystem code with locks held invokes operations that
involves GFP_KENREL memory allocation outside that filesystem?
----------
[PATCH] SMACK: Fix incorrect GFP_KERNEL usage.
new_inode_smack() which can be called from smack_inode_alloc_security() needs
to use GFP_NOFS like SELinux's inode_alloc_security() does, for
security_inode_alloc() is called from inode_init_always() and
inode_init_always() is called from xfs_inode_alloc() which is using GFP_NOFS.
smack_inode_init_security() needs to use GFP_NOFS like
selinux_inode_init_security() does, for initxattrs() callback function (e.g.
btrfs_initxattrs()) which is called from security_inode_init_security() is
using GFP_NOFS.
smack_audit_rule_match() needs to use GFP_ATOMIC, for
security_audit_rule_match() can be called from audit_filter_user_rules() and
audit_filter_user_rules() is called from audit_filter_user() with RCU read lock
held.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Wed, 14 Mar 2012 02:14:19 +0000 (19:14 -0700)]
Smack: recursive tramsmute
commit
2267b13a7cad1f9dfe0073c1f902d45953f9faff upstream
The transmuting directory feature of Smack requires that
the transmuting attribute be explicitly set in all cases.
It seems the users of this facility would expect that the
transmuting attribute be inherited by subdirectories that
are created in a transmuting directory. This does not seem
to add any additional complexity to the understanding of
how the system works.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Austin Zhang [Mon, 26 Aug 2013 08:58:06 +0000 (16:58 +0800)]
Video: OV camera: Enable camera config for power investigation
Note: For performance reason, we should build-in those driver as
much as possible, but so far, we'd like to set them as module if
possible, the reason is that we can easily debug power issue for
finding culprit with those load/unload way so that we don't need
to compile and re-burn the kernel again and again.
Before product level release, we should revert such changes and
make them 'Y' as much as possible.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Austin Zhang [Mon, 26 Aug 2013 08:34:05 +0000 (16:34 +0800)]
PM: input: touchscreen: synaptics: Added screen off notifier callback
Added screen off notifier callback so that 'touch' will not light
on the LCD during one pending suspend process which is being blocked
by wakeup count from one wakeup event.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Austin Zhang [Tue, 16 Jul 2013 10:05:25 +0000 (18:05 +0800)]
PM: gfx: Added screen-off notifier.
Added notifier which would indicate the screen is being turned off,
then we should disable some devices from this stage, for example,
we should disable touch panel after screen off so that 'touch' will
not light on the LCD again when there is being pended suspend process
due to wakeup event, like insert USB cable.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Austin Zhang [Mon, 26 Aug 2013 07:01:19 +0000 (15:01 +0800)]
NFC: Disable NFC due to we don't have it
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
projects / platform / kernel / kernel-clovertrail.git / log