android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3899c1d158
android_kernel_asus_sm8350/security
History
Christian Göttsche 3899c1d158 security: keys: perform capable check only on privileged operations 
[ Upstream commit 2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7 ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-23 10:59:39 +02:00
..
apparmor apparmor: Use pointer to struct aa_label for lbs_cred 2023-01-18 11:41:17 +01:00
integrity IMA: allow/fix UML builds 2023-08-30 16:27:11 +02:00
keys security: keys: perform capable check only on privileged operations 2023-09-23 10:59:39 +02:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown lockdown: also lock down previous kgdb use 2022-06-06 08:33:48 +02:00
safesetid LSM: SafeSetID: Stop releasing uninitialized ruleset 2019-09-17 11:27:05 -07:00
selinux selinux: don't use make's grouped targets feature yet 2023-06-09 10:29:02 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-15 14:18:22 +02:00
tomoyo tomoyo: fix broken dependency on *.conf.default 2023-02-06 07:52:35 +01:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 17:57:55 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-18 11:41:50 +01:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig fortify: Explicitly disable Clang support 2021-11-21 13:38:50 +01:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:26:16 +01:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c ima: Align ima_file_mmap() parameters with mmap_file LSM hook 2023-03-11 16:44:02 +01:00