Li Peng [Thu, 16 Jan 2014 06:08:53 +0000 (14:08 +0800)]
config: enable autofs
Change-Id: I6264ca3240bce29758bb185b7ded0d880c29c455
Signed-off-by: Li Peng <peng.li@intel.com>
Alex Wu [Tue, 7 Jan 2014 06:49:17 +0000 (14:49 +0800)]
Revert "change max swapchain number to 10 and 2 buffer per chain"
The patch reverted make weston open framebuffer failed.
Change-Id: I8fd54077a75097f55c21fb1fc3bbd20f67b71fd4
Signed-off-by: Alex Wu <zhiwen.wu@linux.intel.com>
Alex Wu [Mon, 6 Jan 2014 11:10:38 +0000 (19:10 +0800)]
touch: Don't set BTN_2 bit for keybit
Since Synaptics device is used as a multi-touch device instead of
a touchpad, we should not set BTN_2 bit for it. Otherwise, some
use space program, e.g. weston, may recoginize this device as a
touchpad.
Change-Id: I1b1d2d86dd5ed4d8d3573acdc793f5e387d23ace
Signed-off-by: Alex Wu <zhiwen.wu@linux.intel.com>
Alex Wu [Wed, 11 Sep 2013 03:09:02 +0000 (11:09 +0800)]
config: Open "CONFIG_FRAMEBUFFER_CONSOLE" opts.
Without this, weston can not display anything on the screen.
Change-Id: I6104413b704f7e6a6e0171d1e9b0aaf32e5133b6
Signed-off-by: Alex Wu <zhiwen.wu@linux.intel.com>
Chengwei Yang [Tue, 7 Jan 2014 01:14:21 +0000 (17:14 -0800)]
Merge "Add default smack manifest" into tizen
Chengwei Yang [Sat, 4 Jan 2014 03:46:25 +0000 (11:46 +0800)]
Add default smack manifest
Change-Id: Id1594e599581d7cb593f6701397d8f682dd3f6c1
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Casey Schaufler [Thu, 21 Nov 2013 08:55:10 +0000 (10:55 +0200)]
Smack: Cgroup filesystem access
The cgroup filesystems are not mounted using conventional
mechanisms. This prevents the use of mount options to
set Smack attributes. This patch makes the behavior
of cgroup filesystems compatable with the way systemd
uses them.
Change-Id: I1e0429f133db9e14117dc754d682dec08221354c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
c25bbcf39c1c3a2ce9aaea532f4ba51bf00d48c4)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Casey Schaufler [Tue, 22 Oct 2013 18:47:45 +0000 (11:47 -0700)]
Smack: Ptrace access check mode
When the ptrace security hooks were split the addition of
a mode parameter was not taken advantage of in the Smack
ptrace access check. This changes the access check from
always looking for read and write access to using the
passed mode. This will make use of /proc much happier.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I979f36da1b26d0fba5d73744f340422aaae5cc74
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
dfb6577817caddd151dda1c4a3be2d2b314fba57)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Casey Schaufler [Sat, 12 Oct 2013 01:06:39 +0000 (18:06 -0700)]
Smack: Implement lock security mode
Linux file locking does not follow the same rules
as other mechanisms. Even though it is a write operation
a process can set a read lock on files which it has open
only for read access. Two programs with read access to
a file can use read locks to communicate.
This is not acceptable in a Mandatory Access Control
environment. Smack treats setting a read lock as the
write operation that it is. Unfortunately, many programs
assume that setting a read lock is a read operation.
These programs are unhappy in the Smack environment.
This patch introduces a new access mode (lock) to address
this problem. A process with lock access to a file can
set a read lock. A process with write access to a file can
set a read lock or a write lock. This prevents a situation
where processes are granted write access just so they can
set read locks.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I9bf4df25088d2dd49aadfa0ced844b147ad1c81d
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
96c833ab84c190078efd6b24d9bb6ee6514d2d02)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Rafal Krypa [Fri, 9 Aug 2013 09:47:07 +0000 (11:47 +0200)]
Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytes
Smack interface for loading rules has always parsed only single rule from
data written to it. This requires user program to call one write() per
each rule it wants to load.
This change makes it possible to write multiple rules, separated by new
line character. Smack will load at most PAGE_SIZE-1 characters and properly
return number of processed bytes. In case when user buffer is larger, it
will be additionally truncated. All characters after last \n will not get
parsed to avoid partial rule near input buffer boundary.
Change-Id: I81766925a9522fcb811fe3046850cdc45067838a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
d2e0d1c07d510529e97b544bb007ff06cf1669e4)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Casey Schaufler [Mon, 5 Aug 2013 20:21:22 +0000 (13:21 -0700)]
Smack: IPv6 casting error fix for 3.11
The original implementation of the Smack IPv6 port based
local controls works most of the time using a sockaddr as
a temporary variable, but not always as it overflows in
some circumstances. The correct data is a sockaddr_in6.
A struct sockaddr isn't as large as a struct sockaddr_in6.
There would need to be casting one way or the other. This
patch gets it the right way.
Change-Id: Iac627fa0ddb77e3ff4b8c9c81bd838141a5638e9
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
9b27db2d839e7aabe7d60f8ff6198ffa195b475d)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Casey Schaufler [Fri, 28 Jun 2013 20:47:07 +0000 (13:47 -0700)]
Smack: network label match fix
The Smack code that matches incoming CIPSO tags with Smack labels
reaches through the NetLabel interfaces and compares the network
data with the CIPSO header associated with a Smack label. This was
done in a ill advised attempt to optimize performance. It works
so long as the categories fit in a single capset, but this isn't
always the case.
This patch changes the Smack code to use the appropriate NetLabel
interfaces to compare the incoming CIPSO header with the CIPSO
header associated with a label. It will always match the CIPSO
headers correctly.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I22a2fd758b5a7764cbeb3ebf9f4dadd12d5b170b
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
5d10a57e98373f562c0f57b07ee0f265f785964e)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Tomasz Stanislawski [Tue, 11 Jun 2013 12:55:13 +0000 (14:55 +0200)]
security: smack: add a hash table to quicken smk_find_entry()
Accepted for the smack-next tree after changing the number of
slots from 128 to 16.
This patch adds a hash table to quicken searching of a smack label by its name.
Basically, the patch improves performance of SMACK initialization. Parsing of
rules involves translation from a string to a smack_known (aka label) entity
which is done in smk_find_entry().
The current implementation of the function iterates over a global list of
smack_known resulting in O(N) complexity for smk_find_entry(). The total
complexity of SMACK initialization becomes O(rules * labels). Therefore it
scales quadratically with a complexity of a system.
Applying the patch reduced the complexity of smk_find_entry() to O(1) as long
as number of label is in hundreds. If the number of labels is increased please
update SMACK_HASH_SLOTS constant defined in security/smack/smack.h. Introducing
the configuration of this constant with Kconfig or cmdline might be a good
idea.
The size of the hash table was adjusted experimentally. The rule set used by
TIZEN contains circa 17K rules for 500 labels. The table above contains
results of SMACK initialization using 'time smackctl apply' bash command.
The 'Ref' is a kernel without this patch applied. The consecutive values
refers to value of SMACK_HASH_SLOTS. Every measurement was repeated three
times to reduce noise.
| Ref | 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128 | 256 | 512
--------------------------------------------------------------------------------------------
Run1 | 1.156 | 1.096 | 0.883 | 0.764 | 0.692 | 0.667 | 0.649 | 0.633 | 0.634 | 0.629 | 0.620
Run2 | 1.156 | 1.111 | 0.885 | 0.764 | 0.694 | 0.661 | 0.649 | 0.651 | 0.634 | 0.638 | 0.623
Run3 | 1.160 | 1.107 | 0.886 | 0.764 | 0.694 | 0.671 | 0.661 | 0.638 | 0.631 | 0.624 | 0.638
AVG | 1.157 | 1.105 | 0.885 | 0.764 | 0.693 | 0.666 | 0.653 | 0.641 | 0.633 | 0.630 | 0.627
Surprisingly, a single hlist is slightly faster than a double-linked list.
The speed-up saturates near 64 slots. Therefore I chose value 128 to provide
some margin if more labels were used.
It looks that IO becomes a new bottleneck.
Change-Id: Ib1f7bf9f52337b07ccfab10e8fdf52014bd3b466
Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
afe16280f7f3740b8644dcae9993c71bdeacff83)
[cherry pick and fix a hlist_for_each_entry_rcu() para backport issue]
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Tomasz Stanislawski [Thu, 6 Jun 2013 07:30:50 +0000 (09:30 +0200)]
security: smack: fix memleak in smk_write_rules_list()
The smack_parsed_rule structure is allocated. If a rule is successfully
installed then the last reference to the object is lost. This patch fixes this
leak. Moreover smack_parsed_rule is allocated on stack because it no longer
needed ofter smk_write_rules_list() is finished.
Change-Id: I5b4dcadc6a9d675ab630b23c00edeaf595b5b857
Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
2ee409b5009476618833fd7dccb3ee382bfaaa9c)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Tetsuo Handa [Wed, 24 Jul 2013 20:44:02 +0000 (05:44 +0900)]
xattr: Constify ->name member of "struct xattr".
Since everybody sets kstrdup()ed constant string to "struct xattr"->name but
nobody modifies "struct xattr"->name , we can omit kstrdup() and its failure
checking by constifying ->name member of "struct xattr".
Change-Id: I6cb5cd7f29c01956dd0d1579af81a518a5936071
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Joel Becker <jlbec@evilplan.org> [ocfs2]
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Tested-by: Paul Moore <paul@paul-moore.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
1ff243e2568c443807cf699fce52a9ddecc2fcef)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
David Quigley [Wed, 22 May 2013 16:50:35 +0000 (12:50 -0400)]
Security: Add Hook to test if the particular xattr is part of a MAC model.
The interface to request security labels from user space is the xattr
interface. When requesting the security label from an NFS server it is
important to make sure the requested xattr actually is a MAC label. This allows
us to make sure that we get the desired semantics from the attribute instead of
something else such as capabilities or a time based LSM.
Change-Id: I283f116953f958877826ba772661b5755986ac99
Acked-by: Eric Paris <eparis@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com>
Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg>
Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg>
Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
(cherry picked from commit
9cf5cc4f969032b8f571025845a59fce3ba2a17c)
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Li Peng [Wed, 11 Dec 2013 02:26:25 +0000 (10:26 +0800)]
packaging: add openssl as build dependency
Signed-off-by: Li Peng <peng.li@intel.com>
Prajwal Mohan [Mon, 9 Dec 2013 22:50:43 +0000 (14:50 -0800)]
elfutils-libelf-devel is now libelf-devel. Changing spec file BuildRequires to reflect that
flyan [Wed, 27 Nov 2013 13:38:35 +0000 (21:38 +0800)]
atomisp2: Fix spinlock not be initialized when used bug
When isp->sw_contex.power_lock used in atomisp_ospm_dphy_down at probe,
but the lock not be initiallized at the moment,
untill the first video device opened,
so there will be a spinlock bad magic panic message
when CONFIG_DEBUG_SPINLOCK enable.
TZSP-8062: spinlock bad magic on CPU#0, udevd/134
Signed-off-by: Yan Feilong <flyanb@isoftstone.com>
flyan [Thu, 28 Nov 2013 07:38:25 +0000 (15:38 +0800)]
atomisp2: Modifed atomisp firmware load asynchronously
Drivers could not load firmware with request_firmware
in the probe path with new udev verssion,
this will deferred probe about 30s.
After reboot, atomisp probe have not finished when open camera immediately,
so camera application will be crash.
we use asynchronously request_firmware_nowait replace request_firmware.
TZSP-8015:Camera application crashes often right after launch
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Li Peng [Thu, 28 Nov 2013 02:52:51 +0000 (10:52 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Thu, 28 Nov 2013 02:26:55 +0000 (10:26 +0800)]
gfx: enlarge XPROC workaround memory pool size
200 isn't enough for X/DRI memory allocation, it will cause
DRI memory allocation failure in usersapce, increase to 4096
Signed-off-by: Li Peng <peng.li@intel.com>
Austin Zhang [Wed, 27 Nov 2013 13:13:39 +0000 (21:13 +0800)]
PM: charger: bq24192: Report specific events to userspace for UI usage
So that the user space app can monitor this uevent for improving the UX
Fix jira-8113.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Austin Zhang [Tue, 26 Nov 2013 04:53:13 +0000 (12:53 +0800)]
PM: net: wireless: bcmdhd: Put the WIFI into/out low power while screen off/on
Using the screen off/on notification, to put the WIFI silicon into the low
power mode/high performance mode.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
flyan [Wed, 20 Nov 2013 07:57:32 +0000 (15:57 +0800)]
atomisp2: set initial streaming state to disabled
If user space application fails to explicitly disable streaming before
closing the device, the streaming state will be left with an incorrect
value. This will possible make it impossible to reopen the device.
This fixes an issue where after camera application has crashed, the
camera device can not be opened any more.
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Li Peng [Mon, 18 Nov 2013 01:55:26 +0000 (09:55 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Fri, 15 Nov 2013 03:09:36 +0000 (11:09 +0800)]
config: no HDMI port on Geek, disable driver config""
we are confirmed that no HDMI support on Geek, so disble it
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Fri, 15 Nov 2013 01:34:33 +0000 (09:34 +0800)]
change max swapchain number to 10 and 2 buffer per chain
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 12 Nov 2013 08:34:22 +0000 (16:34 +0800)]
Revert "config: no HDMI port on Geek, disable driver config"
This reverts commit
d3eefea32d3b26ae66228052ab0817d9b72db547.
In fact we still need HDMI config option
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 12 Nov 2013 02:36:40 +0000 (10:36 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 12 Nov 2013 02:22:33 +0000 (10:22 +0800)]
config: no HDMI port on Geek, disable driver config
Signed-off-by: Li Peng <peng.li@intel.com>
liuwei [Tue, 5 Nov 2013 08:41:34 +0000 (16:41 +0800)]
touchscreen: fixed tzsp-7689 (multitouch issue)
becasue the touch driver no report mt_slot event, cause evdevmultitouch can`t track multitouch
so add mt_slot event report for supprot multitouch
Signed-off-by: liuwei <weix.a.liu@intel.com>
Li Hualiang [Tue, 5 Nov 2013 03:27:38 +0000 (11:27 +0800)]
Fix bugs: TZSP-7837, WIFI strength icon on status bar does not display synchronization with current WIFI strength.
Heikki Krogerus [Mon, 4 Nov 2013 11:36:43 +0000 (13:36 +0200)]
packaging: update changelog
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Daniel van der Wath [Thu, 31 Oct 2013 14:45:01 +0000 (14:45 +0000)]
gfx: When creating a CmdQueue for a swapchain, keep calling OSLockResource() for a second instead of giving up after the first failure.
flyan [Thu, 31 Oct 2013 09:51:13 +0000 (17:51 +0800)]
confg:Enable bu64291 focus driver
enable bu64291 focus for camera capture
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Austin Zhang [Thu, 31 Oct 2013 07:06:28 +0000 (15:06 +0800)]
Enable perf pkg generating
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Wu zheng [Thu, 31 Oct 2013 03:22:26 +0000 (11:22 +0800)]
Remove HACK: serial: mfd: disable runtime PM temporarily
Change-Id: I9ded1dd299bd498788a8a5478aca2f921c70cfd2
Yan Zhang [Wed, 30 Oct 2013 08:55:16 +0000 (16:55 +0800)]
Disable tiling mode for Topaz temporarily;
Li Peng [Wed, 30 Oct 2013 05:47:58 +0000 (13:47 +0800)]
gfx: Reset irq sequence number to 1 at te disable
It should always one number ahead of screen update count, so when
driver come back from DSR and there is UI operation happened, driver
can still make the screen update
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Wed, 30 Oct 2013 02:17:04 +0000 (10:17 +0800)]
Revert "gfx: enable DSR"
This reverts commit
5fd5cd375b764f0a5a592fd76ed0d140d4a29575.
We see DSR causes some impact to UI operation, disable it for a while
until we know the root cause and have a real fix
Signed-off-by: Li Peng <peng.li@intel.com>
Austin Zhang [Tue, 29 Oct 2013 09:20:33 +0000 (17:20 +0800)]
PM: hwmon: sensor: gyroscope: Added screen off notifier callback
Added screen off notifier callback for gyroscope, so that this
sensor will be disabled once the screen is off. Otherwise, this
sensor will still waste power under screen-off but non-suspend
cases.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
Austin Zhang [Tue, 29 Oct 2013 08:18:07 +0000 (16:18 +0800)]
PM: hwmon: sensor: accelerator: Added screen off notifier callback
Added screen off notifier callback for accelerator, so that this
sensor will be disabled once the screen is off; Otherwise, this
sensor will still wake up processor frequently and spend a lot of
time (so power) to handle its ISR even though the screen is off
but the system is not in suspend status.
Signed-off-by: Austin Zhang <austin.zhang@intel.com>
flyan [Sat, 19 Oct 2013 09:08:12 +0000 (17:08 +0800)]
config: camera flash support
enable adp1650 camera flash for camera capture
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Li Peng [Fri, 18 Oct 2013 07:39:25 +0000 (15:39 +0800)]
Update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Fri, 18 Oct 2013 07:34:47 +0000 (15:34 +0800)]
gfx: enable DSR
It saves power at display on idle per power team test
Signed-off-by: Li Peng <peng.li@intel.com>
flyan [Wed, 16 Oct 2013 13:30:19 +0000 (21:30 +0800)]
atomisp: Add VIDIOC_ENUM_FRAMESIZES ioctl
Add atomisp enum framesizs ioctl surppot
This ioctl allows applications to enumerate all frame sizes that the¬¬
device supports for the given pixel format
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Yan Feilong <feilongx.yan@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
qizuyong [Wed, 16 Oct 2013 14:31:05 +0000 (22:31 +0800)]
OV9740:add flip function for ov9740
add horizontal flip & vertical flip function for sensor ov9740
Signed-off-by: Zhou Tongwei <tong.weix.zhou@intel.com>
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Signed-off-by: qizuyong <zyqi@isoftstone.com>
Chengwei Yang [Mon, 14 Oct 2013 05:07:55 +0000 (13:07 +0800)]
Revert "Revert "gfx/fb: another work around to enable X with frame buffer""
This reverts commit
702c633a32677d68777dd426da17cc194bf78689.
Chengwei Yang [Mon, 14 Oct 2013 03:33:05 +0000 (11:33 +0800)]
Revert "Revert "gfx/fb: work around to enable X with frame buffer""
This reverts commit
afab00354524f8f41b61bb3f9fab39dc0d16b360.
Li Peng [Wed, 9 Oct 2013 03:39:13 +0000 (11:39 +0800)]
packaging: update changelog
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Wed, 9 Oct 2013 02:41:28 +0000 (10:41 +0800)]
gfx: forbid DSR during pageflip
enable DSR again after page flip is done
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 8 Oct 2013 07:44:58 +0000 (15:44 +0800)]
gfx: Disable DSR until it is ready
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 8 Oct 2013 07:32:35 +0000 (15:32 +0800)]
gfx: enable async flip
Signed-off-by: Li Peng <peng.li@intel.com>
Heikki Krogerus [Mon, 30 Sep 2013 06:31:00 +0000 (09:31 +0300)]
packaging: update changelog
Atomisp changes.
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Li Peng [Fri, 27 Sep 2013 09:41:49 +0000 (17:41 +0800)]
gfx: skip psbfb_mmap interface
This function cause kernel reboot failure and it is safe to skip
driver fb_mmap support.
Signed-off-by: Li Peng <peng.li@intel.com>
tieyang [Thu, 26 Sep 2013 03:19:02 +0000 (11:19 +0800)]
config: add atomisp driver and camera sensor driver
beacause OV8830 and OV9740 depend on atomisp, so we set
CONFIG_VIDEO_OV8830=y & CONFIG_VIDEO_OV9740=y to ensure
ov8830&ov9740 register into the kernel before atomisp
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Signed-off-by: Tie Yang <yangx.tie@intel.com>
tieyang [Thu, 26 Sep 2013 03:07:56 +0000 (11:07 +0800)]
atomisp: modify atomisp parameters
RESERVED_MEMORY_POOL_SIZE_IN_PAGE is refer to android platform of geek
Signed-off-by: Qi Zuyong <zuyongx.qi@intel.com>
Signed-off-by: Tie Yang <yangx.tie@intel.com>
Wu Zheng [Wed, 25 Sep 2013 09:38:41 +0000 (17:38 +0800)]
HACK: serial: mfd: disable runtime PM temporarily
We can't wait for BT LPM because broadcom support is slowly.
It will block BT LPM enabling and Bluetooth enabling.
We need to enable BT, so that it doesn't block project milestone.
Then we continue checking and getting broadcom support to enable BT LPM.
Signed-off-by: Wu Zheng <wu.zheng@intel.com>
Greg Hunt [Tue, 24 Sep 2013 17:46:15 +0000 (18:46 +0100)]
Ported linux_framebuffer_mrst from josephine, this improves flip chain functionality
Signed-off-by: Greg Hunt <greg.hunt@mobica.com>
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 24 Sep 2013 02:51:41 +0000 (10:51 +0800)]
Revert "gfx/fb: another work around to enable X with frame buffer"
This reverts commit
9e2b4b572f80595edcf7d6ebc6b28459f8c42b64.
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 24 Sep 2013 02:44:39 +0000 (10:44 +0800)]
Revert "gfx/fb: work around to enable X with frame buffer"
This reverts commit
a5975db250d468ff7400a93fd67a3f118db56957.
Signed-off-by: Li Peng <peng.li@intel.com>
Wu Zheng [Tue, 24 Sep 2013 03:14:53 +0000 (11:14 +0800)]
Bluetooth: Fix authentication if acl data comes before remote feature evt
If remote device sends l2cap info request before read_remote_ext_feature
completes then mgmt_connected will be sent in hci_acldata_packet() and
remote name request wont be sent and eventually authentication wont happen
commit
7b064edae38d62d8587a8c574f93b53ce75ae749 upstream
Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
[ made apply on top of v3.4 ]
Signed-off-by: Wu Zheng <wu.zheng@intel.com>
Wu Zheng [Tue, 24 Sep 2013 03:07:10 +0000 (11:07 +0800)]
x86: tizen_clovertrail_defconfig: enable bluetooth stack
Signed-off-by: Wu Zheng <wu.zheng@intel.com>
Li Peng [Tue, 24 Sep 2013 08:43:29 +0000 (16:43 +0800)]
update changelog for gfx driver integrate
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Sun, 22 Sep 2013 03:10:50 +0000 (11:10 +0800)]
gfx: PM control through dpms interface
enable gfx device suspend/resume at dpms off/on to fit with Tizen PM framework
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Sun, 22 Sep 2013 06:49:08 +0000 (14:49 +0800)]
config: backlight control support
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Sun, 22 Sep 2013 02:35:25 +0000 (10:35 +0800)]
config: Disable ANDROID_PARANOID_NETWORK
For less strict security in socket creation
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Wed, 18 Sep 2013 08:43:39 +0000 (16:43 +0800)]
gfx: Don't change scale property and swapchain property in mode setting
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Tue, 17 Sep 2013 08:32:26 +0000 (16:32 +0800)]
gfx: Fix wrong attribute in device memory map
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Mon, 16 Sep 2013 13:58:23 +0000 (21:58 +0800)]
gfx: Fix DRI2 authenticate failure
Signed-off-by: Li Peng <peng.li@intel.com>
Li Peng [Thu, 12 Sep 2013 01:47:33 +0000 (09:47 +0800)]
gfx: Enable build config SUPPORT_PVRSRV_GET_DC_SYSTEM_BUFFER
Signed-off-by: Li Peng <peng.li@intel.com>
Yin Kangkai [Wed, 18 Sep 2013 00:53:34 +0000 (08:53 +0800)]
Enable sensors for ZTE Geek
Geek has these sensors:
Accel: lsm330d_a
Gyro: lsm330d_g
Compass: akm8963
Ambient light and proximity: tmd2771x
No pressure sensor.
Also removed don't needed sensors configs.
Change-Id: Idfef539e381b937d93026e14a966925c524d03e6
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yin Kangkai [Tue, 10 Sep 2013 09:28:42 +0000 (17:28 +0800)]
Battery/charger/bq24192: add charger online sysfs interface
Add sysfs interface "online" to indicate whether charger is online or not.
Interface is here:
/sys/devices/pci0000:00/0000:00:00.5/i2c-2/2-006b/online
Or
/sys/class/power_supply/bq24192_charger/device/online
Pre-OS needs this flag to update the UI (charger is inserted or not).
Change-Id: I5dc683c22461d3b632fd983465b9282fb8b9d3a7
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yin Kangkai [Mon, 9 Sep 2013 05:46:48 +0000 (13:46 +0800)]
Battery/charger/bq24192: fix charging status
Add the charger throttle logic for bq24192, and fix the charging status.
Before this fix, battery (max17047) is in state "Discharging" even after you
inserted AC charger or USB. e.g.:
-sh-4.1# pwd
/sys/class/power_supply
-sh-4.1# ls
ac bq24192_charger max17047_battery usb wireless
-sh-4.1# cat ac/online
1
-sh-4.1# cat max17047_battery/status
Discharging
Change-Id: I94e428cd023eb1d3d1d36471a16bffd7580c644d
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yin Kangkai [Mon, 9 Sep 2013 02:29:45 +0000 (10:29 +0800)]
battery/charger/bq24192: indent only
Indent using the scripts/Lindent
Change-Id: I9a73915eb1438458c5312f8e62c5d3cd7da1d1de
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
vivian,zhang [Thu, 5 Sep 2013 08:22:13 +0000 (16:22 +0800)]
audio: export jack status through /sys/devices/platform/jack/earjack_online
Sound driver should set jack status: earjack_online, the status is
required for earjack type detecting in avsystem (Tizen audio middleware
project), which is used for enabling speaker & headset runtime switch feature
Change-Id: I1be3eb575b8d1af48f76e4d55bae9490c967fc32
Signed-off-by: Vivian Zhang <vivian.zhang@intel.com>
Yin Kangkai [Wed, 4 Sep 2013 03:25:16 +0000 (11:25 +0800)]
smack: enable smack in defconfig for Tizen
Change-Id: Ia1ab6aea69c0f8e58c44297126be9b3e1635d128
Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Yan Yin [Tue, 21 Feb 2012 09:23:26 +0000 (17:23 +0800)]
Enable proc fs to print more than 32 groups entries
from security-server-0.0.1/include/SLP_security-server_PG.h:
"In kernel version 2.6, there is a file in proc file system
"/proc/[pid]/status" which describes various information about the
process as text, it has a line named "Groups:" and it lists the group
IDs that the process is belonged to. B
ut there is a drawback in this file, it only shows at most 32 group IDs,
if number of groups of the process is bigger than 32, it ignores
them.
To enable to show all the groups you have to patch the kernel source
code to show more groups than 32, but there is another drawback. All
files in the proc file system has size limit to 4k bytes because the
file buffer size is 4k bytes, so it's not possible to show all possible
groups of the process(64k), but currently number of all groups in the
LiMo platform is much lower than the size, so it's not a big problem.
But near future we need to apply this patch into kernel mainline source
code by any form.
Heikki Krogerus [Tue, 3 Sep 2013 10:59:23 +0000 (13:59 +0300)]
packaging: update changelog
Enabling Smack support.
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Heikki Krogerus [Tue, 3 Sep 2013 10:07:56 +0000 (13:07 +0300)]
x86: defconfig: enable smack on clovertrail
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Passion,Zhao [Mon, 3 Jun 2013 03:42:24 +0000 (11:42 +0800)]
Smack: Fix the bug smackcipso can't set CIPSO correctly
commit
0fcfee61d63b82c1eefb5b1a914240480f17d63f upstream
Bug report: https://tizendev.org/bugs/browse/TDIS-3891
The reason is userspace libsmack only use "smackfs/cipso2" long-label interface,
but the code's logical is still for orginal fixed length label. Now update
smack_cipso_apply() to support flexible label (<=256 including tailing '\0')
There is also a bug in kernel/security/smack/smackfs.c:
When smk_set_cipso() parsing the CIPSO setting from userspace, the offset of
CIPSO level should be "strlen(label)+1" instead of "strlen(label)"
Signed-off-by: Passion,Zhao <passion.zhao@intel.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tetsuo Handa [Mon, 27 May 2013 11:11:27 +0000 (20:11 +0900)]
Smack: Fix possible NULL pointer dereference at smk_netlbl_mls()
commit
8cd77a0bd4b4a7d02c2a6926a69585d8088ee721 upstream
netlbl_secattr_catmap_alloc(GFP_ATOMIC) can return NULL.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Thu, 23 May 2013 01:43:07 +0000 (18:43 -0700)]
Smack: Add smkfstransmute mount option
commit
e830b39412ca2bbedd7508243f21c04d57ad543c upstream
Suppliment the smkfsroot mount option with another, smkfstransmute,
that does the same thing but also marks the root inode as
transmutting. This allows a freshly created filesystem to
be mounted with a transmutting heirarchy.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Thu, 23 May 2013 01:43:03 +0000 (18:43 -0700)]
Smack: Improve access check performance
commit
2f823ff8bec03a1e6f9e11fd0c4d54e4c7d09532 upstream
Each Smack label that the kernel has seen is added to a
list of labels. The list of access rules for a given subject
label hangs off of the label list entry for the label.
This patch changes the structures that contain subject
labels to point at the label list entry rather that the
label itself. Doing so removes a label list lookup in
smk_access() that was accounting for the largest single
chunk of Smack overhead.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Thu, 23 May 2013 01:42:56 +0000 (18:42 -0700)]
Smack: Local IPv6 port based controls
commit
c673944347edfd4362b10eea11ac384a582b1cf5 upstream
Smack does not provide access controls on IPv6 communications.
This patch introduces a mechanism for maintaining Smack lables
for local IPv6 communications. It is based on labeling local ports.
The behavior should be compatible with any future "real" IPv6
support as it provides no interfaces for users to manipulate
the labeling. Remote IPv6 connections use the ambient label
the same way that unlabeled IPv4 packets are treated.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Tue, 2 Apr 2013 18:41:18 +0000 (11:41 -0700)]
Smack: include magic.h in smackfs.c
commit
958d2c2f4ad905e3ffa1711d19184d21d9b00cc1 upstream
As reported for linux-next: Tree for Apr 2 (smack)
Add the required include for smackfs.c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Igor Zhbanov [Tue, 19 Mar 2013 09:49:47 +0000 (13:49 +0400)]
Fix NULL pointer dereference in smack_inode_unlink() and smack_inode_rmdir()
commit
cdb56b60884c687ea396ae96a418554739b40129 upstream
This patch fixes kernel Oops because of wrong common_audit_data type
in smack_inode_unlink() and smack_inode_rmdir().
When SMACK security module is enabled and SMACK logging is on (/smack/logging
is not zero) and you try to delete the file which
1) you cannot delete due to SMACK rules and logging of failures is on
or
2) you can delete and logging of success is on,
you will see following:
Unable to handle kernel NULL pointer dereference at virtual address
000002d7
[<...>] (strlen+0x0/0x28)
[<...>] (audit_log_untrustedstring+0x14/0x28)
[<...>] (common_lsm_audit+0x108/0x6ac)
[<...>] (smack_log+0xc4/0xe4)
[<...>] (smk_curacc+0x80/0x10c)
[<...>] (smack_inode_unlink+0x74/0x80)
[<...>] (security_inode_unlink+0x2c/0x30)
[<...>] (vfs_unlink+0x7c/0x100)
[<...>] (do_unlinkat+0x144/0x16c)
The function smack_inode_unlink() (and smack_inode_rmdir()) need
to log two structures of different types. First of all it does:
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
This will set common audit data type to LSM_AUDIT_DATA_DENTRY
and store dentry for auditing (by function smk_curacc(), which in turn calls
dump_common_audit_data(), which is actually uses provided data and logs it).
/*
* You need write access to the thing you're unlinking
*/
rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
if (rc == 0) {
/*
* You also need write access to the containing directory
*/
Then this function wants to log anoter data:
smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
smk_ad_setfield_u_fs_inode(&ad, dir);
The function sets inode field, but don't change common_audit_data type.
rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
}
So the dump_common_audit() function incorrectly interprets inode structure
as dentry, and Oops will happen.
This patch reinitializes common_audit_data structures with correct type.
Also I removed unneeded
smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
initialization, because both dentry and inode pointers are stored
in the same union.
Signed-off-by: Igor Zhbanov <i.zhbanov@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Thu, 10 Jan 2013 18:42:00 +0000 (19:42 +0100)]
Smack: add support for modification of existing rules
commit
e05b6f982a049113a88a1750e13fdb15298cbed4 upstream
Rule modifications are enabled via /smack/change-rule. Format is as follows:
"Subject Object rwaxt rwaxt"
First two strings are subject and object labels up to 255 characters.
Third string contains permissions to enable.
Fourth string contains permissions to disable.
All unmentioned permissions will be left unchanged.
If no rule previously existed, it will be created.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Tue, 27 Nov 2012 15:29:07 +0000 (16:29 +0100)]
Smack: add missing support for transmute bit in smack_str_from_perm()
commit
a87d79ad7cfa299aa14bb22758313dec33909875 upstream
This fixes audit logs for granting or denial of permissions to show
information about transmute bit.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Tue, 27 Nov 2012 15:28:11 +0000 (16:28 +0100)]
Smack: prevent revoke-subject from failing when unseen label is written to it
commit
d15d9fad16f6aa459cf4926a1d3aba36b004e9a2 upstream
Special file /smack/revoke-subject will silently accept labels that are not
present on the subject label list. Nothing has to be done for such labels,
as there are no rules for them to revoke.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Fri, 2 Nov 2012 01:14:32 +0000 (18:14 -0700)]
Smack: create a sysfs mount point for smackfs
commit
e93072374112db9dc86635934ee761249be28370 upstream
There are a number of "conventions" for where to put LSM filesystems.
Smack adheres to none of them. Create a mount point at /sys/fs/smackfs
for mounting smackfs so that Smack can be conventional.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Fri, 2 Nov 2012 18:28:11 +0000 (11:28 -0700)]
Smack: use select not depends in Kconfig
commit
111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a upstream
The components NETLABEL and SECURITY_NETWORK are required by
Smack. Using "depends" in Kconfig hides the Smack option
if the user hasn't figured out that they need to be enabled
while using make menuconfig. Using select is a better choice.
Because select is not recursive depends on NET and SECURITY
are added. The reflects similar usage in TOMOYO and AppArmor.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Wed, 22 Aug 2012 18:44:03 +0000 (11:44 -0700)]
Smack: setprocattr memory leak fix
commit
46a2f3b9e99353cc63e15563e8abee71162330f7 upstream
The data structure allocations being done in prepare_creds
are duplicated in smack_setprocattr. This results in the
structure allocated in prepare_creds being orphaned and
never freed. The duplicate code is removed from
smack_setprocattr.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Wed, 11 Jul 2012 15:49:30 +0000 (17:49 +0200)]
Smack: implement revoking all rules for a subject label
commit
449543b0436a9146b855aad39eab76ae4853e88d upstream
Add /smack/revoke-subject special file. Writing a SMACK label to this file will
set the access to '-' for all access rules with that subject label.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Fri, 10 Aug 2012 00:46:38 +0000 (17:46 -0700)]
Smack: remove task_wait() hook.
commit
c00bedb368ae02a066aed8a888afc286c1df2e60 upstream
On 12/20/2011 11:20 PM, Jarkko Sakkinen wrote:
> Allow SIGCHLD to be passed to child process without
> explicit policy. This will help to keep the access
> control policy simple and easily maintainable with
> complex applications that require use of multiple
> security contexts. It will also help to keep them
> as isolated as possible.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
I have a slightly different version that applies to the
current smack-next tree.
Allow SIGCHLD to be passed to child process without
explicit policy. This will help to keep the access
control policy simple and easily maintainable with
complex applications that require use of multiple
security contexts. It will also help to keep them
as isolated as possible.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c | 37 ++++++++-----------------------------
1 files changed, 8 insertions(+), 29 deletions(-)
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Alan Cox [Thu, 26 Jul 2012 21:47:11 +0000 (14:47 -0700)]
smack: off by one error
commit
3b9fc37280c521b086943f9aedda767f5bf3b2d3 upstream
Consider the input case of a rule that consists entirely of non space
symbols followed by a \0. Say 64 + \0
In this case strlen(data) = 64
kzalloc of subject and object are 64 byte objects
sscanfdata, "%s %s %s", subject, ...)
will put 65 bytes into subject.
Signed-off-by: Alan Cox <alan@linux.intel.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Rafal Krypa [Mon, 9 Jul 2012 17:36:34 +0000 (19:36 +0200)]
Smack: don't show empty rules when /smack/load or /smack/load2 is read
commit
65ee7f45cf075adcdd6b6ef365f5a5507f1ea5c5 upstream
This patch removes empty rules (i.e. with access set to '-') from the
rule list presented to user space.
Smack by design never removes labels nor rules from its lists. Access
for a rule may be set to '-' to effectively disable it. Such rules would
show up in the listing generated when /smack/load or /smack/load2 is
read. This may cause clutter if many rules were disabled.
As a rule with access set to '-' is equivalent to no rule at all, they
may be safely hidden from the listing.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Tue, 19 Jun 2012 02:01:36 +0000 (19:01 -0700)]
Smack: user access check bounds
commit
3518721a8932b2a243f415c374aef020380efc9d upstream
Some of the bounds checking used on the /smack/access
interface was lost when support for long labels was
added. No kernel access checks are affected, however
this is a case where /smack/access could be used
incorrectly and fail to detect the error. This patch
reintroduces the original checks.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Casey Schaufler [Tue, 5 Jun 2012 22:28:30 +0000 (15:28 -0700)]
Smack: onlycap limits on CAP_MAC_ADMIN
commit
1880eff77e7a7cb46c68fae7cfa33f72f0a6e70e upstream
Smack is integrated with the POSIX capabilities scheme,
using the capabilities CAP_MAC_OVERRIDE and CAP_MAC_ADMIN to
determine if a process is allowed to ignore Smack checks or
change Smack related data respectively. Smack provides an
additional restriction that if an onlycap value is set
by writing to /smack/onlycap only tasks with that Smack
label are allowed to use CAP_MAC_OVERRIDE.
This change adds CAP_MAC_ADMIN as a capability that is affected
by the onlycap mechanism.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
projects / platform / kernel / kernel-clovertrail.git / log