linux/security/integrity
Paul Moore 6326948f94 lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
The security_task_getsecid_subj() LSM hook invites misuse by allowing
callers to specify a task even though the hook is only safe when the
current task is referenced.  Fix this by removing the task_struct
argument to the hook, requiring LSM implementations to use the
current task.  While we are changing the hook declaration we also
rename the function to security_current_getsecid_subj() in an effort
to reinforce that the hook captures the subjective credentials of the
current task and not an arbitrary task on the system.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-11-22 17:52:47 -05:00
..
evm evm: mark evm_fixmode as __ro_after_init 2021-10-28 18:52:49 -04:00
ima lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
platform_certs efi: Don't use knowledge about efi_guid_t internals 2021-08-27 16:01:27 +02:00
digsig_asymmetric.c ima: Support EC keys for signature verification 2021-03-26 19:41:59 +11:00
digsig.c ima: enable loading of build time generated key on .ima keyring 2021-04-09 10:40:20 -04:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity_audit.c integrity: Use current_uid() in integrity_audit_message() 2020-08-31 17:46:50 -04:00
integrity.h crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00