linux/security/apparmor
Stephen Smalley b21507e272 proc,security: move restriction on writing /proc/pid/attr nodes to proc
Processes can only alter their own security attributes via
/proc/pid/attr nodes.  This is presently enforced by each individual
security module and is also imposed by the Linux credentials
implementation, which only allows a task to alter its own credentials.
Move the check enforcing this restriction from the individual
security modules to proc_pid_attr_write() before calling the security hook,
and drop the unnecessary task argument to the security hook since it can
only ever be the current task.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2017-01-09 10:07:31 -05:00
..
include apparmor: fix module parameters can be changed after policy is locked 2016-07-12 08:43:10 -07:00
.gitignore AppArmor: remove af_names.h from .gitignore 2012-09-01 08:35:34 -07:00
apparmorfs.c fs: Replace CURRENT_TIME with current_time() for inode timestamps 2016-09-27 21:06:21 -04:00
audit.c apparmor: fix uninitialized lsm_audit member 2016-07-12 08:43:10 -07:00
capability.c apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
context.c apparmor: change how profile replacement update is done 2013-08-14 11:42:06 -07:00
crypto.c apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling 2016-07-27 17:39:26 +10:00
domain.c apparmor: fix change_hat not finding hat after policy replacement 2016-11-21 18:01:28 +11:00
file.c apparmor: fix uninitialized lsm_audit member 2016-07-12 08:43:10 -07:00
ipc.c apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
Kconfig apparmor: add parameter to control whether policy hashing is used 2016-07-12 08:43:10 -07:00
lib.c nick kvfree() from apparmor 2014-05-06 14:02:53 -04:00
lsm.c proc,security: move restriction on writing /proc/pid/attr nodes to proc 2017-01-09 10:07:31 -05:00
Makefile apparmor: add the ability to report a sha1 hash of loaded policy 2013-08-14 11:42:08 -07:00
match.c apparmor: do not expose kernel stack 2016-07-12 08:43:10 -07:00
path.c apparmor: internal paths should be treated as disconnected 2016-07-12 08:43:10 -07:00
policy_unpack.c apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling 2016-07-27 17:39:26 +10:00
policy.c apparmor: fix module parameters can be changed after policy is locked 2016-07-12 08:43:10 -07:00
procattr.c apparmor: add interface files for profiles and namespaces 2013-08-14 11:42:07 -07:00
resource.c apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task 2016-07-12 08:43:10 -07:00
sid.c AppArmor: core policy routines 2010-08-02 15:38:37 +10:00