AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
5c658e19a7
kernel_optimize_test/security/selinux
History
Chenbo Feng f66e448cfd selinux: bpf: Add addtional check for bpf object file receive 
Introduce a bpf object related check when sending and receiving files
through unix domain socket as well as binder. It checks if the receiving
process have privilege to read/write the bpf map or use the bpf program.
This check is necessary because the bpf maps and programs are using a
anonymous inode as their shared inode so the normal way of checking the
files and sockets when passing between processes cannot work properly on
eBPF object. This check only works when the BPF_SYSCALL is configured.

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-20 13:32:59 +01:00
..
include selinux: bpf: Add selinux check for eBPF syscall operations 2017-10-20 13:32:59 +01:00
ss selinux: update my email address 2017-08-17 15:32:55 -04:00
.gitignore
avc.c selinux/stable-4.14 PR 20170831 2017-09-12 13:21:00 -07:00
exports.c
hooks.c selinux: bpf: Add addtional check for bpf object file receive 2017-10-20 13:32:59 +01:00
ibpkey.c selinux: Add a cache for quicker retreival of PKey SIDs 2017-05-23 12:28:12 -04:00
Kconfig security: introduce CONFIG_SECURITY_WRITABLE_HOOKS 2017-03-06 11:00:12 +11:00
Makefile selinux: Add a cache for quicker retreival of PKey SIDs 2017-05-23 12:28:12 -04:00
netif.c
netlabel.c
netlink.c
netnode.c
netport.c
nlmsgtab.c rtnetlink: add NEWCACHEREPORT message type 2017-06-21 11:22:52 -04:00
selinuxfs.c Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 16:05:24 -07:00
xfrm.c