summaryrefslogtreecommitdiff
path: root/lib/mpi
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2021-02-18 23:13:40 +0300
committerPaul Moore <paul@paul-moore.com>2021-03-22 22:24:01 +0300
commiteb1231f73c4d7dc26db55e08c070e6526eaf7ee5 (patch)
treeade0ae5367df7c4b86ab11db169f12f14d641d91 /lib/mpi
parent4ebd7651bfc8992ba05b355a8036cb7fd0e8d7de (diff)
downloadlinux-eb1231f73c4d7dc26db55e08c070e6526eaf7ee5.tar.xz
selinux: clarify task subjective and objective credentials
SELinux has a function, task_sid(), which returns the task's objective credentials, but unfortunately is used in a few places where the subjective task credentials should be used. Most notably in the new security_task_getsecid_subj() LSM hook. This patch fixes this and attempts to make things more obvious by introducing a new function, task_sid_subj(), and renaming the existing task_sid() function to task_sid_obj(). This patch also adds an interesting function in task_sid_binder(). The task_sid_binder() function has a comment which hopefully describes it's reason for being, but it basically boils down to the simple fact that we can't safely access another task's subjective credentials so in the case of binder we need to stick with the objective credentials regardless. Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'lib/mpi')
0 files changed, 0 insertions, 0 deletions