iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0603be7192
linux/security/apparmor
History
Paul Moore 6326948f94 lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 
The security_task_getsecid_subj() LSM hook invites misuse by allowing
callers to specify a task even though the hook is only safe when the
current task is referenced.  Fix this by removing the task_struct
argument to the hook, requiring LSM implementations to use the
current task.  While we are changing the hook declaration we also
rename the function to security_current_getsecid_subj() in an effort
to reinforce that the hook captures the subjective credentials of the
current task and not an arbitrary task on the system.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-11-22 17:52:47 -05:00
..
include + Features 2021-11-11 14:47:32 -08:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
apparmorfs.c + Features 2021-11-11 14:47:32 -08:00
audit.c audit: purge audit_log_string from the intra-kernel audit API 2020-07-21 11:12:31 -04:00
capability.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
crypto.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
domain.c apparmor: handle idmapped mounts 2021-01-24 14:27:20 +01:00
file.c apparmor: handle idmapped mounts 2021-01-24 14:27:20 +01:00
ipc.c audit: purge audit_log_string from the intra-kernel audit API 2020-07-21 11:12:31 -04:00
Kconfig Minor fixes for v5.9. 2020-08-11 14:30:36 -07:00
label.c + Features 2021-11-11 14:47:32 -08:00
lib.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
lsm.c lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
Makefile apparmor: add base infastructure for socket mediation 2018-03-13 17:25:48 -07:00
match.c apparmor: ensure that dfa state tables have entries 2020-04-08 04:42:48 -07:00
mount.c apparmor:match_mn() - constify devpath argument 2021-03-24 14:11:29 -04:00
net.c security: add const qualifier to struct sock in various places 2020-12-03 12:56:03 -08:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c security: apparmor: delete repeated words in comments 2021-02-07 04:15:46 -08:00
policy_ns.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
policy_unpack_test.c apparmor: add AppArmor KUnit tests for policy unpack 2020-01-09 16:27:43 -07:00
policy_unpack.c + Features 2021-11-11 14:47:32 -08:00
policy.c + Features 2021-11-11 14:47:32 -08:00
procattr.c apparmor: remove duplicated 'Returns:' comments 2021-11-03 15:57:51 -07:00
resource.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
secid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00