summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-06-11apparmor: move ptrace checks to using labelsJohn Johansen5-80/+58
2017-06-11apparmor: add cross check permission helper macrosJohn Johansen1-1/+41
2017-06-11apparmor: move resource checks to using labelsJohn Johansen3-42/+80
2017-06-11apparmor: move capability checks to using labelsJohn Johansen5-29/+58
2017-06-11apparmor: update query interface to support label queriesJohn Johansen1-7/+39
2017-06-11apparmor: switch getprocattr to using label_print fns()John Johansen3-37/+27
2017-06-11apparmor: switch from profiles to using labels on contextsJohn Johansen20-529/+686
2017-06-11apparmor: add the base fns() for domain labelsJohn Johansen2-0/+2561
2017-06-11apparmor: revalidate files during execJohn Johansen4-0/+81
2017-06-11apparmor: cleanup rename XXX_file_context() to XXX_file_ctx()John Johansen2-11/+16
2017-06-11apparmor: convert aa_change_XXX bool parameters to flagsJohn Johansen5-32/+29
2017-06-11apparmor: cleanup remove unused and not fully implemented profile renameJohn Johansen1-37/+2
2017-06-11apparmor: refactor updating profiles to the newest parentJohn Johansen1-4/+31
2017-06-11apparmor: share profile name on replacementJohn Johansen3-9/+72
2017-06-11apparmor: convert to profile block critical sectionsJohn Johansen8-56/+162
2017-06-11apparmor: move bprm_committing_creds/committed_creds to lsm.cJohn Johansen3-32/+30
2017-06-11apparmor: fix display of ns nameJohn Johansen1-1/+1
2017-06-11apparmor: fix apparmor_query dataJohn Johansen1-2/+6
2017-06-11apparmor: fix policy load/remove semanticsJohn Johansen2-15/+13
2017-06-11apparmor: add namespace lookup fns()John Johansen3-4/+73
2017-06-11apparmor: cleanup __find_child()John Johansen1-8/+8
2017-06-11apparmor: provide information about path buffer size at bootJohn Johansen1-2/+9
2017-06-11apparmor: add profile permission query abilityJohn Johansen1-1/+102
2017-06-11apparmor: switch from file_perms to aa_permsJohn Johansen5-48/+29
2017-06-11apparmor: add gerneric permissions struct and support fnsJohn Johansen4-17/+153
2017-06-11apparmor: add fn to test if profile supports a given mediation classJohn Johansen1-0/+10
2017-06-11apparmor: speed up transactional queriesJohn Johansen1-11/+114
2017-06-11apparmor: add label data availability to the feature setJohn Johansen1-0/+10
2017-06-11apparmor: add mkdir/rmdir interface to manage policy namespacesJohn Johansen1-1/+94
2017-06-11apparmor: add policy revision file interfaceJohn Johansen4-1/+116
2017-06-11apparmor: provide finer control over policy managementJohn Johansen3-23/+35
2017-06-09security/selinux: allow security_sb_clone_mnt_opts to enable/disable native l...Scott Mayhew2-4/+38
2017-06-09selinux: use kmem_cache for ebitmapJunil Lee3-6/+27
2017-06-09apparmor: rework perm mapping to a slightly broader setJohn Johansen5-53/+133
2017-06-09KEYS: fix refcount_inc() on zeroMark Rutland1-7/+4
2017-06-09KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP APIMat Martineau2-103/+171
2017-06-09KEYS: DH: ensure the KDF counter is properly alignedEric Biggers1-13/+3
2017-06-09KEYS: DH: don't feed uninitialized "otherinfo" into KDFEric Biggers1-1/+1
2017-06-09KEYS: DH: forbid using digest_null as the KDF hashEric Biggers1-1/+11
2017-06-09KEYS: sanitize key structs before freeingEric Biggers1-3/+1
2017-06-09KEYS: trusted: sanitize all key materialEric Biggers1-28/+22
2017-06-09KEYS: encrypted: sanitize all key materialEric Biggers1-18/+13
2017-06-09KEYS: user_defined: sanitize key payloadsEric Biggers1-4/+12
2017-06-09KEYS: sanitize add_key() and keyctl() key payloadsEric Biggers1-3/+9
2017-06-09KEYS: fix freeing uninitialized memory in key_update()Eric Biggers1-3/+2
2017-06-09KEYS: fix dereferencing NULL payload with nonzero lengthEric Biggers1-2/+2
2017-06-09KEYS: encrypted: use constant-time HMAC comparisonEric Biggers1-2/+3
2017-06-09KEYS: encrypted: fix race causing incorrect HMAC calculationsEric Biggers1-83/+32
2017-06-09KEYS: encrypted: fix buffer overread in valid_master_desc()Eric Biggers1-16/+15
2017-06-09KEYS: encrypted: avoid encrypting/decrypting stack buffersEric Biggers1-8/+9