Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / b21507e272627c434e8dd74e8d51fd8245281b59
commitb21507e272627c434e8dd74e8d51fd8245281b59[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Mon Jan 09 10:07:31 2017 -0500
committerPaul Moore <paul@paul-moore.com>Mon Jan 09 10:07:31 2017 -0500
tree3c8453724f6429e2bae5cd3cc9266104c2e6feea
parentbe0554c9bf9f7cc96f5205df8f8bd3573b74320e [diff]
proc,security: move restriction on writing /proc/pid/attr nodes to proc

Processes can only alter their own security attributes via
/proc/pid/attr nodes.  This is presently enforced by each individual
security module and is also imposed by the Linux credentials
implementation, which only allows a task to alter its own credentials.
Move the check enforcing this restriction from the individual
security modules to proc_pid_attr_write() before calling the security hook,
and drop the unnecessary task argument to the security hook since it can
only ever be the current task.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
7 files changed
tree: 3c8453724f6429e2bae5cd3cc9266104c2e6feea
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README