redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/security
History
Kees Cook 4f2d99b06b firmware_loader: Use security_post_load_data() 
Now that security_post_load_data() is wired up, use it instead
of the NULL file argument style of security_post_read_file(),
and update the security_kernel_load_data() call to indicate that a
security_kernel_post_load_data() call is expected.

Wire up the IMA check to match earlier logic. Perhaps a generalized
change to ima_post_load_data() might look something like this:

    return process_buffer_measurement(buf, size,
                                      kernel_load_data_id_str(load_id),
                                      read_idmap[load_id] ?: FILE_CHECK,
                                      0, NULL);

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Link: https://lore.kernel.org/r/20201002173828.2099543-10-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-10-05 13:37:03 +02:00
..
apparmor treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
bpf bpf: lsm: Initialize the BPF LSM hooks 2020-03-30 01:34:00 +02:00
integrity firmware_loader: Use security_post_load_data() 2020-10-05 13:37:03 +02:00
keys treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
loadpin LSM: Introduce kernel_post_load_data() hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid
selinux LSM: Introduce kernel_post_load_data() hook 2020-10-05 13:37:03 +02:00
smack treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
tomoyo treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
yama sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
commoncap.c exec: Compute file based creds only once 2020-05-29 22:00:54 -05:00
device_cgroup.c device_cgroup: Cleanup cgroup eBPF device filter code 2020-04-13 14:41:54 -04:00
inode.c
Kconfig Replace HTTP links with HTTPS ones: security 2020-08-06 12:00:05 -07:00
Kconfig.hardening security: allow using Clang's zero initialization for stack variables 2020-06-16 02:06:23 -07:00
lsm_audit.c audit: purge audit_log_string from the intra-kernel audit API 2020-07-21 11:12:31 -04:00
Makefile device_cgroup: Cleanup cgroup eBPF device filter code 2020-04-13 14:41:54 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c LSM: Introduce kernel_post_load_data() hook 2020-10-05 13:37:03 +02:00