mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-24 03:15:59 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/tomoyo
History
Casey Schaufler f3b8788cde LSM: Identify modules by more than name 
Create a struct lsm_id to contain identifying information about Linux
Security Modules (LSMs). At inception this contains the name of the
module and an identifier associated with the security module.  Change
the security_add_hooks() interface to use this structure.  Change the
individual modules to maintain their own struct lsm_id and pass it to
security_add_hooks().

The values are for LSM identifiers are defined in a new UAPI
header file linux/lsm.h. Each existing LSM has been updated to
include it's LSMID in the lsm_id.

The LSM ID values are sequential, with the oldest module
LSM_ID_CAPABILITY being the lowest value and the existing modules
numbered in the order they were included in the main line kernel.
This is an arbitrary convention for assigning the values, but
none better presents itself. The value 0 is defined as being invalid.
The values 1-99 are reserved for any special case uses which may
arise in the future. This may include attributes of the LSM
infrastructure itself, possibly related to namespacing or network
attribute management. A special range is identified for such attributes
to help reduce confusion for developers unfamiliar with LSMs.

LSM attribute values are defined for the attributes presented by
modules that are available today. As with the LSM IDs, The value 0
is defined as being invalid. The values 1-99 are reserved for any
special case uses which may arise in the future.

Cc: linux-security-module <linux-security-module@vger.kernel.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Mickael Salaun <mic@digikod.net>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Nacked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[PM: forward ported beyond v6.6 due merge window changes]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2023-11-12 22:54:42 -05:00
..
policy tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
audit.c tomoyo: replace tomoyo_round2() with kmalloc_size_roundup() 2023-03-01 23:46:12 +09:00
common.c tomoyo: add format attributes to functions 2023-07-23 21:25:28 +09:00
common.h tomoyo: remove unused function declaration 2023-08-13 22:07:15 +09:00
condition.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
domain.c tomoyo: refactor deprecated strncpy 2023-08-05 19:55:10 +09:00
environ.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
gc.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
group.c tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). 2019-12-16 23:02:27 +09:00
Kconfig tomoyo: Update website link 2023-01-13 23:11:38 +09:00
load_policy.c TOMOYO: fix __setup handlers return values 2022-02-24 07:45:07 +09:00
Makefile tomoyo: Omit use of bin2c 2023-01-09 21:46:50 +09:00
memory.c tomoyo: Fix null pointer check 2020-11-27 19:36:11 +09:00
mount.c tomoyo: Coding style fix. 2019-01-24 14:50:27 -08:00
network.c tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD 2021-03-28 13:11:29 +09:00
realpath.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
securityfs_if.c tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
tomoyo.c LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
util.c tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2021-12-15 20:13:55 +09:00