mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 18:11:39 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/selinux/include
History
Paul Moore 4c0ddc8712 selinux: add proper NULL termination to the secclass_map permissions 
commit e4c82eafb6 upstream.

This patch adds the missing NULL termination to the "bpf" and
"perf_event" object class permission lists.

This missing NULL termination should really only affect the tools
under scripts/selinux, with the most important being genheaders.c,
although in practice this has not been an issue on any of my dev/test
systems.  If the problem were to manifest itself it would likely
result in bogus permissions added to the end of the object class;
thankfully with no access control checks using these bogus
permissions and no policies defining these permissions the impact
would likely be limited to some noise about undefined permissions
during policy load.

Cc: stable@vger.kernel.org
Fixes: ec27c3568a ("selinux: bpf: Add selinux check for eBPF syscall operations")
Fixes: da97e18458 ("perf_event: Add support for LSM and SELinux checks")
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-05-14 09:49:59 +02:00
..
audit.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
avc.h selinux: fall back to ref-walk if audit is required 2019-12-09 18:37:47 -05:00
avc_ss.h selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
classmap.h selinux: add proper NULL termination to the secclass_map permissions 2021-05-14 09:49:59 +02:00
conditional.h selinux: move policy commit after updating selinuxfs 2020-08-17 20:50:22 -04:00
ibpkey.h selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND. 2020-01-10 11:56:37 -05:00
initial_sid_to_string.h selinux: remove unused initial SIDs and improve handling 2020-02-27 19:34:24 -05:00
netif.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
netlabel.h selinux: netlabel: Remove unused inline function 2020-05-12 20:16:33 -04:00
netnode.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
netport.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
objsec.h selinux: randomize layout of key structures 2019-12-18 21:26:06 -05:00
policycap.h scripts/selinux,selinux: update mdp to enable policy capabilities 2020-08-17 20:42:00 -04:00
policycap_names.h scripts/selinux,selinux: update mdp to enable policy capabilities 2020-08-17 20:42:00 -04:00
security.h selinux: fix variable scope issue in live sidtab conversion 2021-03-30 14:31:53 +02:00
xfrm.h security: Remove rtnl_lock() in selinux_xfrm_notify_policyload() 2018-03-29 13:47:53 -04:00