/* * AppArmor security module * * This file contains AppArmor capability mediation functions * * Copyright (C) 1998-2008 Novell/SUSE * Copyright 2009-2010 Canonical Ltd. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, version 2 of the * License. */ #include #include #include #include "include/apparmor.h" #include "include/capability.h" #include "include/context.h" #include "include/policy.h" #include "include/audit.h" /* * Table of capability names: we generate it from capabilities.h. */ #include "capability_names.h" struct aa_fs_entry aa_fs_entry_caps[] = { AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK), { } }; struct audit_cache { struct aa_profile *profile; kernel_cap_t caps; }; static DEFINE_PER_CPU(struct audit_cache, audit_cache); /** * audit_cb - call back for capability components of audit struct * @ab - audit buffer (NOT NULL) * @va - audit struct to audit data from (NOT NULL) */ static void audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " capname="); audit_log_untrustedstring(ab, capability_names[sa->u.cap]); } /** * audit_caps - audit a capability * @profile: profile being tested for confinement (NOT NULL) * @cap: capability tested * @error: error code returned by test * * Do auditing of capability and handle, audit/complain/kill modes switching * and duplicate message elimination. * * Returns: 0 or sa->error on success, error code on failure */ static int audit_caps(struct aa_profile *profile, int cap, int error) { struct audit_cache *ent; int type = AUDIT_APPARMOR_AUTO; struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; sa.type = LSM_AUDIT_DATA_CAP; sa.aad = &aad; sa.u.cap = cap; sa.aad->op = OP_CAPABLE; sa.aad->error = error; if (likely(!error)) { /* test if auditing is being forced */ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && !cap_raised(profile->caps.audit, cap))) return 0; type = AUDIT_APPARMOR_AUDIT; } else if (KILL_MODE(profile) || cap_raised(profile->caps.kill, cap)) { type = AUDIT_APPARMOR_KILL; } else if (cap_raised(profile->caps.quiet, cap) && AUDIT_MODE(profile) != AUDIT_NOQUIET && AUDIT_MODE(profile) != AUDIT_ALL) { /* quiet auditing */ return error; } /* Do simple duplicate message elimination */ ent = &get_cpu_var(audit_cache); if (profile == ent->profile && cap_raised(ent->caps, cap)) { put_cpu_var(audit_cache); if (COMPLAIN_MODE(profile)) return complain_error(error); return error; } else { aa_put_profile(ent->profile); ent->profile = aa_get_profile(profile); cap_raise(ent->caps, cap); } put_cpu_var(audit_cache); return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb); } /** * profile_capable - test if profile allows use of capability @cap * @profile: profile being enforced (NOT NULL, NOT unconfined) * @cap: capability to test if allowed * * Returns: 0 if allowed else -EPERM */ static int profile_capable(struct aa_profile *profile, int cap) { return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM; } /** * aa_capable - test permission to use capability * @profile: profile being tested against (NOT NULL) * @cap: capability to be tested * @audit: whether an audit record should be generated * * Look up capability in profile capability set. * * Returns: 0 on success, or else an error code. */ int aa_capable(struct aa_profile *profile, int cap, int audit) { int error = profile_capable(profile, cap); if (!audit) { if (COMPLAIN_MODE(profile)) return complain_error(error); return error; } return audit_caps(profile, cap, error); } eload'/>

author	Dmitry Torokhov <dmitry.torokhov@gmail.com>	2016-11-12 10:45:48 -0800
committer	Dmitry Torokhov <dmitry.torokhov@gmail.com>	2016-11-16 17:25:31 -0800
commit	e9fb7cc63801d3dc71b60ca11c4d08f68f879a53 (patch)
tree	3e1f7a1af7b8b4db4daa95f160534e0d4eb3c410
parent	324ae0958cab5ccdf2851ef0348ba1cb8ad4e34a (diff)

Input: psmouse - disable automatic probing of BYD touchpads

BYD automatic protocol detection is extremely unreliable and is often triggers false positives on regular mice, Sentelic touchpads, and other devices. BYD has several documents that have recommended detection sequence, but they conflict with each other and, as far as I can see, still would not produce unique enough output to reliably differentiate BYD from other PS/2 devices. OEMs sourcing BYD devices also do not do us any favors by not supplying any reasonable DMI data and instead leaving turds like "To Be Filled By O.E.M." in place of vendor data, or "System Serial Number" as serial number. On top of that BYD is not truly modern multitouch controller, but rather a single-touch transitional device that only reports absolute coordinates at the beginning of finger contact and then reverts to reporting displacements, and thus not very precise; the only benefit from using BYD mode vs the legacy PS/2 mode is possibility of edge scrolling. Given the above, and the fact that BYD devices are somewhat uncommon, let's disable automatic detection of BYD devices. Users who know they have BYD trackpads or want to experiment can attempt to activate BYD protocol via sysfs: echo -n "byd" > /sys/bus/serio/devices/serio1/drvctl Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=151691 Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=175421 Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=120781 Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=121281 Fixes: 98ee37714493 ("Input: byd - add BYD PS/2 touchpad driver") Cc: stable@vger.kernel.org # 4.6+ Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>