Stephen Smalley 6b4f3d0105 usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill ... commit d178bc3a70 ("user namespace: usb: make usb urbs user namespace aware (v2)") changed kill_pid_info_as_uid to kill_pid_info_as_cred, saving and passing a cred structure instead of uids. Since the secid can be obtained from the cred, drop the secid fields from the usb_dev_state and async structures, and drop the secid argument to kill_pid_info_as_cred. Replace the secid argument to security_task_kill with the cred. Update SELinux, Smack, and AppArmor to use the cred, which avoids the need for Smack and AppArmor to use a secid at all in this hook. Further changes to Smack might still be required to take full advantage of this change, since it should now be possible to perform capability checking based on the supplied cred. The changes to Smack and AppArmor have only been compile-tested. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com>		2018-03-07 09:05:53 +11:00
..
Kconfig	Smack: Signal delivery as an append operation	2016-09-08 13:22:56 -07:00
Makefile	Smack: Repair netfilter dependency	2015-01-23 10:08:19 -08:00
smack.h	Smack: Privilege check on key operations	2018-01-10 09:29:14 -08:00
smack_access.c	Smack: Privilege check on key operations	2018-01-10 09:29:14 -08:00
smack_lsm.c	usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill	2018-03-07 09:05:53 +11:00
smack_netfilter.c	netfilter: nf_hook_ops structs can be const	2017-07-31 19:10:44 +02:00
smackfs.c	fs: constify tree_descr arrays passed to simple_fill_super()	2017-04-26 23:54:06 -04:00