[PATCH v2 0/3] Split security_task_getsecid() into subj and obj variants
Paul Moore
paul at paul-moore.com
Thu Mar 18 20:42:17 UTC 2021
An update on the previous RFC patchset found here:
https://lore.kernel.org/linux-security-module/161377712068.87807.12246856567527156637.stgit@sifl/
Aside from being rebased to the current SELinux next branch (which
in turn is based on v5.12-rc2), this revision changes the binder
related code to always use the objective credentials as discussed
in the thread above. I've also dropped the AppArmor patch as John
has a better version in progress; in the meantime AppArmor should
continue to work exactly as it did before this patchset so there
is no harm in merging this without the AppArmor patch.
Casey, John, and Richard; I dropped your ACKs, Reviewed-by, etc.
tags as the binder changes seemed substantial enough to not
carryover your tags. I would appreciate it if you could re-review
this revision; the changes should be minimal. I did leave Mimi's
tag on this revision as she qualified it for IMA and that code
didn't change.
---
Paul Moore (3):
lsm: separate security_task_getsecid() into subjective and objective variants
selinux: clarify task subjective and objective credentials
smack: differentiate between subjective and objective task credentials
security/selinux/hooks.c | 112 ++++++++++++++++++++++++-------------
security/smack/smack.h | 18 +++++-
security/smack/smack_lsm.c | 40 ++++++++-----
3 files changed, 117 insertions(+), 53 deletions(-)
More information about the Linux-security-module-archive
mailing list