linux/security
Stephen Smalley 79af73079d Add security hooks to binder and implement the hooks for SELinux.
Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC.  The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability of a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).

These hooks have been included in the Android kernel trees since Android 4.3.

(Updated to reflect upstream relocation and changes to the binder driver,
changes to the LSM audit data structures, coding style cleanups, and
to add inline documentation for the hooks).

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Nick Kralevich <nnk@google.com>
Acked-by: Jeffrey Vander Stoep <jeffv@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-25 09:17:57 -08:00
..
apparmor module: rename KERNEL_PARAM_FL_NOARG to avoid confusion 2014-08-27 21:54:07 +09:30
integrity Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into for-linus 2014-12-16 12:49:10 +11:00
keys KEYS: close race between key lookup and freeing 2015-01-05 15:58:01 +00:00
selinux Add security hooks to binder and implement the hooks for SELinux. 2015-01-25 09:17:57 -08:00
smack Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2014-12-14 20:36:37 -08:00
tomoyo tomoyo: Fix pathname calculation breakage. 2014-08-26 21:52:09 -05:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c Add security hooks to binder and implement the hooks for SELinux. 2015-01-25 09:17:57 -08:00
commoncap.c kill f_dentry uses 2014-11-19 13:01:25 -05:00
device_cgroup.c cgroup: rename cgroup_subsys->base_cftypes to ->legacy_cftypes 2014-07-15 11:05:09 -04:00
inode.c Documentation: Docbook: Fix generated DocBook/kernel-api.xml 2014-09-09 10:34:56 +02:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
lsm_audit.c audit: anchor all pid references in the initial pid namespace 2014-03-20 10:11:55 -04:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c Add security hooks to binder and implement the hooks for SELinux. 2015-01-25 09:17:57 -08:00