Chenbo Feng f66e448cfd selinux: bpf: Add addtional check for bpf object file receive ... Introduce a bpf object related check when sending and receiving files through unix domain socket as well as binder. It checks if the receiving process have privilege to read/write the bpf map or use the bpf program. This check is necessary because the bpf maps and programs are using a anonymous inode as their shared inode so the normal way of checking the files and sockets when passing between processes cannot work properly on eBPF object. This check only works when the BPF_SYSCALL is configured. Signed-off-by: Chenbo Feng <fengc@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: James Morris <james.l.morris@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2017-10-20 13:32:59 +01:00
..
apparmor	+ Features	2017-09-23 05:33:29 -10:00
integrity	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2017-07-05 11:26:35 -07:00
keys	security/keys: rewrite all of big_key crypto	2017-09-25 23:31:58 +01:00
loadpin	security: mark LSM hooks as __ro_after_init	2017-03-06 11:00:15 +11:00
selinux	selinux: bpf: Add addtional check for bpf object file receive	2017-10-20 13:32:59 +01:00
smack	lsm: fix smack_inode_removexattr and xattr_getsecurity memleak	2017-10-04 18:03:15 +11:00
tomoyo	exec: Rename bprm->cred_prepared to called_set_creds	2017-08-01 12:02:48 -07:00
yama	doc: ReSTify Yama.txt	2017-05-18 10:33:04 -06:00
commoncap.c	Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2017-09-24 11:40:41 -07:00
device_cgroup.c
inode.c	securityfs: add the ability to support symlinks	2017-06-08 12:51:43 -07:00
Kconfig	include/linux/string.h: add the option of fortified string.h functions	2017-07-12 16:26:03 -07:00
lsm_audit.c	lsm_audit: update my email address	2017-08-17 15:33:39 -04:00
Makefile
min_addr.c
security.c	security: bpf: Add LSM hooks for bpf object related syscall	2017-10-20 13:32:59 +01:00