review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Stephen Smalley <sds@tycho.nsa.gov>
	Fri, 13 Dec 2019 20:28:38 +0000 (15:28 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Thu, 19 Dec 2019 02:26:06 +0000 (21:26 -0500)
commit	5c108d4e18f80be01965792726c81b105fbd677a
tree	5232e3ccd8383887072b4f8f3f7587e8ff237c99	tree \| snapshot
parent	6c5a682e6497cb1f7a67303ce098462a36bed362	commit \| diff

selinux: randomize layout of key structures

Randomize the layout of key selinux data structures.
Initially this is applied to the selinux_state, selinux_ss,
policydb, and task_security_struct data structures.

NB To test/use this mechanism, one must install the
necessary build-time dependencies, e.g. gcc-plugin-devel on Fedora,
and enable CONFIG_GCC_PLUGIN_RANDSTRUCT in the kernel configuration.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Kees Cook <keescook@chromium.org>
[PM: double semi-colon fixed]
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/selinux/include/objsec.h		diff \| blob \| history
security/selinux/include/security.h		diff \| blob \| history
security/selinux/ss/policydb.h		diff \| blob \| history
security/selinux/ss/services.h		diff \| blob \| history