review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Micah Morton <mortonm@chromium.org>
	Tue, 8 Jan 2019 00:10:53 +0000 (16:10 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 23 Jan 2020 07:21:29 +0000 (08:21 +0100)
commit	87ca9aaf0c0042f526452e3baa95317f9049613f
tree	b5254d776cfe3ac6ab3957d4af66d49c52179dc0	tree \| snapshot
parent	991d8c73d53bb4f05b54d2cffdbd7285aaba3d77	commit \| diff

LSM: generalize flag passing to security_capable

[ Upstream commit c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f ]

This patch provides a general mechanism for passing flags to the
security_capable LSM hook. It replaces the specific 'audit' flag that is
used to tell security_capable whether it should log an audit message for
the given capability check. The reason for generalizing this flag
passing is so we can add an additional flag that signifies whether
security_capable is being called by a setid syscall (which is needed by
the proposed SafeSetID LSM).

Signed-off-by: Micah Morton <mortonm@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/linux/lsm_hooks.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
kernel/capability.c		diff \| blob \| history
kernel/seccomp.c		diff \| blob \| history
security/apparmor/capability.c		diff \| blob \| history
security/apparmor/include/capability.h		diff \| blob \| history
security/apparmor/ipc.c		diff \| blob \| history
security/apparmor/lsm.c		diff \| blob \| history
security/apparmor/resource.c		diff \| blob \| history
security/commoncap.c		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/smack/smack_access.c		diff \| blob \| history