AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
46dcf66d6e
kernel_optimize_test/block
History
Alistair Delva cc73242889 block: Check ADMIN before NICE for IOPRIO_CLASS_RT 
commit 94c4b4fd25e6c3763941bdec3ad54f2204afa992 upstream.

Booting to Android userspace on 5.14 or newer triggers the following
SELinux denial:

avc: denied { sys_nice } for comm="init" capability=23
     scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=capability
     permissive=0

Init is PID 0 running as root, so it already has CAP_SYS_ADMIN. For
better compatibility with older SEPolicy, check ADMIN before NICE.

Fixes: 9d3a39a5f1 ("block: grant IOPRIO_CLASS_RT to CAP_SYS_NICE")
Signed-off-by: Alistair Delva <adelva@google.com>
Cc: Khazhismel Kumykov <khazhy@google.com>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: selinux@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: kernel-team@android.com
Cc: stable@vger.kernel.org # v5.14+
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Serge Hallyn <serge@hallyn.com>
Link: https://lore.kernel.org/r/20211115181655.3608659-1-adelva@google.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-26 10:39:19 +01:00
..
partitions partitions: msdos: fix one-byte get_unaligned() 2021-07-20 16:05:39 +02:00
badblocks.c
bfq-cgroup.c
bfq-iosched.c Revert "block, bfq: honor already-setup queue merges" 2021-10-06 15:55:56 +02:00
bfq-iosched.h
bfq-wf2q.c
bio-integrity.c
bio.c bio: fix page leak bio_add_hw_page failure 2021-09-15 09:50:47 +02:00
blk-cgroup-rwstat.c
blk-cgroup-rwstat.h
blk-cgroup.c blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd 2021-09-30 10:11:07 +02:00
blk-core.c blkcg: Remove extra blkcg_bio_issue_init 2021-11-26 10:39:13 +01:00
blk-crypto-fallback.c
blk-crypto-internal.h
blk-crypto.c blk-crypto: fix check for too-large dun_bytes 2021-09-15 09:50:30 +02:00
blk-exec.c
blk-flush.c blk-mq: fix is_flush_rq 2021-09-12 08:58:27 +02:00
blk-integrity.c block: flush the integrity workqueue in blk_integrity_unregister 2021-09-30 10:11:06 +02:00
blk-ioc.c
blk-iocost.c blk-iocost: fix lockdep warning on blkcg->lock 2021-09-03 10:09:22 +02:00
blk-iolatency.c blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() 2021-08-12 13:22:08 +02:00
blk-lib.c
blk-map.c
blk-merge.c block: return ELEVATOR_DISCARD_MERGE if possible 2021-09-15 09:50:28 +02:00
blk-mq-cpumap.c
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output 2021-10-27 09:56:46 +02:00
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
blk-mq-sched.h
blk-mq-sysfs.c
blk-mq-tag.c blk-mq: avoid to iterate over stale request 2021-09-30 10:11:05 +02:00
blk-mq-tag.h blk-mq: clear stale request in tags->rq[] before freeing one request pool 2021-07-14 16:55:58 +02:00
blk-mq-virtio.c
blk-mq.c block: remove inaccurate requeue check 2021-11-18 14:03:58 +01:00
blk-mq.h blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter 2021-07-14 16:55:58 +02:00
blk-pm.c
blk-pm.h
blk-rq-qos.c rq-qos: fix missed wake-ups in rq_qos_throttle try two 2021-07-19 09:45:00 +02:00
blk-rq-qos.h block: fix race between adding/removing rq qos and normal IO 2021-07-14 16:56:00 +02:00
blk-settings.c
blk-stat.c
blk-stat.h
blk-sysfs.c
blk-throttle.c blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() 2021-09-26 14:09:01 +02:00
blk-timeout.c
blk-wbt.c blk-wbt: make sure throttle is enabled properly 2021-07-14 16:56:12 +02:00
blk-wbt.h blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() 2021-07-14 16:56:12 +02:00
blk-zoned.c blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN 2021-09-18 13:40:06 +02:00
blk.h block: bump max plugged deferred size from 16 to 32 2021-11-18 14:03:57 +01:00
bounce.c
bsg-lib.c
bsg.c scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND 2021-09-18 13:40:11 +02:00
cmdline-parser.c
elevator.c block: return ELEVATOR_DISCARD_MERGE if possible 2021-09-15 09:50:28 +02:00
genhd.c
ioctl.c
ioprio.c block: Check ADMIN before NICE for IOPRIO_CLASS_RT 2021-11-26 10:39:19 +01:00
Kconfig
Kconfig.iosched
keyslot-manager.c
kyber-iosched.c
Makefile
mq-deadline.c block: return ELEVATOR_DISCARD_MERGE if possible 2021-09-15 09:50:28 +02:00
opal_proto.h
scsi_ioctl.c
sed-opal.c
t10-pi.c