linux/security/selinux/ss
Linus Torvalds 5807fcaa9b Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:

 - EVM gains support for loading an x509 cert from the kernel
   (EVM_LOAD_X509), into the EVM trusted kernel keyring.

 - Smack implements 'file receive' process-based permission checking for
   sockets, rather than just depending on inode checks.

 - Misc enhancments for TPM & TPM2.

 - Cleanups and bugfixes for SELinux, Keys, and IMA.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (41 commits)
  selinux: Inode label revalidation performance fix
  KEYS: refcount bug fix
  ima: ima_write_policy() limit locking
  IMA: policy can be updated zero times
  selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()
  selinux: export validatetrans decisions
  gfs2: Invalid security labels of inodes when they go invalid
  selinux: Revalidate invalid inode security labels
  security: Add hook to invalidate inode security labels
  selinux: Add accessor functions for inode->i_security
  security: Make inode argument of inode_getsecid non-const
  security: Make inode argument of inode_getsecurity non-const
  selinux: Remove unused variable in selinux_inode_init_security
  keys, trusted: seal with a TPM2 authorization policy
  keys, trusted: select hash algorithm for TPM2 chips
  keys, trusted: fix: *do not* allow duplicate key options
  tpm_ibmvtpm: properly handle interrupted packet receptions
  tpm_tis: Tighten IRQ auto-probing
  tpm_tis: Refactor the interrupt setup
  tpm_tis: Get rid of the duplicate IRQ probing code
  ...
2016-01-17 19:13:15 -08:00
..
avtab.c selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
avtab.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
conditional.c selinux: fix bug in conditional rules handling 2015-11-24 13:44:32 -05:00
conditional.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
constraint.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
context.h SELinux: allow default source/target selectors for user/role/range 2012-04-09 12:22:47 -04:00
ebitmap.c selinux: don't waste ebitmap space when importing NetLabel categories 2015-07-09 14:20:36 -04:00
ebitmap.h netlabel: shorter names for the NetLabel catmap funcs/structs 2014-08-01 11:17:37 -04:00
hashtab.c selinux: conditionally reschedule in hashtab_insert while loading selinux policy 2014-05-15 17:07:55 -04:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
mls_types.h SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
mls.c selinux: reconcile security_netlbl_secattr_to_sid() and mls_import_netlbl_cat() 2015-04-06 20:15:55 -04:00
mls.h doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
policydb.c selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
policydb.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
services.c selinux: export validatetrans decisions 2015-12-24 11:09:41 -05:00
services.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
sidtab.c selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
sidtab.h selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
status.c selinux: fix up style problem on /selinux/status 2010-10-21 10:12:41 +11:00
symtab.c selinux: fix error codes in symtab_init() 2010-08-02 15:35:04 +10:00
symtab.h