Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 5b774238e8afade606657196d68092e1d2028a4f / security
  1. 135122f smackfs: restrict bytes count in smk_set_cipso() by Tetsuo Handa · 3 years, 7 months ago
  2. bfb8eb8 selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC by Minchan Kim · 3 years, 5 months ago
  3. 4020615 evm: fix writing <securityfs>/evm overflow by Mimi Zohar · 3 years, 7 months ago
  4. 74e9d92 evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded by Roberto Sassu · 3 years, 6 months ago
  5. d7dfaf1 evm: Execute evm_inode_init_security() only when an HMAC key is loaded by Roberto Sassu · 3 years, 6 months ago
  6. a6c85a8 x86/efi: remove unused variables by YueHaibing · 5 years ago
  7. e20b90e certs: Add EFI_CERT_X509_GUID support for dbx entries by Eric Snowberg · 3 years, 10 months ago
  8. 06ab9df x86/efi: move common keyring handler functions to new file by Nayna Jain · 5 years ago
  9. 8aa7285 security: commoncap: fix -Wstringop-overread warning by Arnd Bergmann · 3 years, 8 months ago
  10. 752589c integrity: double check iint_cache was initialized by Mimi Zohar · 3 years, 8 months ago
  11. 47a5d1b Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") by Eric W. Biederman · 3 years, 8 months ago
  12. 4ceb5ca smackfs: restrict bytes count in smackfs write functions by Sabyrzhan Tasbolatov · 3 years, 10 months ago
  13. 2910038 KEYS: trusted: Fix migratable=1 failing by Jarkko Sakkinen · 3 years, 10 months ago
  14. 0fec327 certs: Fix blacklist flag type confusion by David Howells · 4 years ago
  15. 33a2e62 capabilities: Don't allow writing ambiguous v3 file capabilities by Eric W. Biederman · 4 years ago
  16. 091b409 ima: Free IMA measurement buffer after kexec syscall by Lakshmi Ramasubramanian · 3 years, 9 months ago
  17. e436d3f ima: Free IMA measurement buffer on error by Lakshmi Ramasubramanian · 3 years, 9 months ago
  18. 3d5afca evm: Fix memleak in init_desc by Dinghao Liu · 3 years, 10 months ago
  19. 43e3cf4 cap: fix conversions on getxattr by Miklos Szeredi · 3 years, 10 months ago
  20. 08eb8a7 dump_common_audit_data(): fix racy accesses to ->d_name by Al Viro · 3 years, 10 months ago
  21. 26d72a8 ima: Don't modify file descriptor mode on the fly by Roberto Sassu · 4 years ago
  22. c807042 selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling by Paul Moore · 4 years ago
  23. 4aae08a selinux: fix error initialization in inode_doinit_with_dentry() by Tianyue Ren · 4 years, 1 month ago
  24. c4405cd ima: extend boot_aggregate with kernel measurements by Maurizio Drocco · 4 years, 5 months ago
  25. 68dae71b selinux: Fix error return code in sel_ib_pkey_sid_slow() by Chen Zhou · 4 years ago
  26. 801863f evm: Check size of security.evm before using it by Roberto Sassu · 4 years, 2 months ago
  27. 68e3b25 ima: Don't ignore errors from crypto_shash_update() by Roberto Sassu · 4 years, 2 months ago
  28. 8ebf2b7 device_cgroup: Fix RCU list debugging warning by Amol Grover · 4 years, 7 months ago
  29. f72a51e selinux: sel_avc_get_stat_idx should increase position index by Vasily Averin · 4 years, 10 months ago
  30. b7316f5 selinux: allow labeling before policy is loaded by Jonathan Lebon · 5 years ago
  31. b2b8438 Smack: prevent underflow in smk_set_cipso() by Dan Carpenter · 4 years, 4 months ago
  32. 6749926 Smack: fix another vsscanf out of bounds by Dan Carpenter · 4 years, 4 months ago
  33. 2092075 ima: Have the LSM free its audit rule by Tyler Hicks · 4 years, 4 months ago
  34. df6aeb5 ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime by Bruno Meneguele · 4 years, 4 months ago
  35. 5f5fb7c Smack: fix use-after-free in smk_write_relabel_self() by Eric Biggers · 4 years, 4 months ago
  36. d79e57db4 apparmor: ensure that dfa state tables have entries by John Johansen · 4 years, 8 months ago
  37. ae3c09e selinux: fix double free by Tom Rix · 4 years, 5 months ago
  38. a78c65c apparmor: fix nnp subset test for unconfined by John Johansen · 5 years ago
  39. 039a79e apparmor: check/put label on apparmor_sk_clone_security() by Mauricio Faria de Oliveira · 4 years, 6 months ago
  40. 88bc3e0 apparmor: fix introspection of of task mode for unconfined tasks by John Johansen · 4 years, 5 months ago
  41. e131e70 ima: Set again build_ima_appraise variable by Krzysztof Struczynski · 4 years, 7 months ago
  42. 2600136 ima: Remove redundant policy rule set in add_rules() by Krzysztof Struczynski · 4 years, 7 months ago
  43. 6de5045 evm: Fix possible memory leak in evm_calc_hmac_or_hash() by Roberto Sassu · 4 years, 7 months ago
  44. ce7f038 ima: Remove __init annotation from ima_pcrread() by Roberto Sassu · 4 years, 5 months ago
  45. f387759c ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() by Roberto Sassu · 4 years, 6 months ago
  46. 6471238 ima: Directly assign the ima_default_policy pointer to ima_rules by Roberto Sassu · 4 years, 6 months ago
  47. 4ce29d9 ima: Evaluate error in init_ima() by Roberto Sassu · 4 years, 8 months ago
  48. 5f7272b ima: Switch to ima_hash_algo for boot aggregate by Roberto Sassu · 4 years, 8 months ago
  49. 0698eac ima: Fix ima digest hash table key calculation by Krzysztof Struczynski · 4 years, 7 months ago
  50. b208332 selinux: fix error return code in policydb_read() by Wei Yongjun · 4 years, 7 months ago
  51. 6eec65c9 lockdown: Allow unprivileged users to see lockdown status by Jeremy Cline · 4 years, 6 months ago
  52. 9c09a77 Smack: slab-out-of-bounds in vsscanf by Casey Schaufler · 4 years, 7 months ago
  53. 0b11ec4 mm: add kvfree_sensitive() for freeing sensitive data objects by Waiman Long · 4 years, 5 months ago
  54. 3f14df5 smack: avoid unused 'sip' variable warning by Arnd Bergmann · 4 years, 7 months ago
  55. 1610cd9 evm: Fix RCU list related warnings by Madhuparna Bhowmik · 4 years, 7 months ago
  56. 99c63ba powerpc/xmon: Restrict when kernel is locked down by Christopher M. Riedl · 5 years ago
  57. 68fe063 exec: Always set cap_ambient in cap_bprm_set_creds by Eric W. Biederman · 4 years, 6 months ago
  58. 870a45e apparmor: Fix aa_label refcnt leak in policy_update by Xiyu Yang · 4 years, 7 months ago
  59. 054934a apparmor: fix potential label refcnt leak in aa_change_profile by Xiyu Yang · 4 years, 8 months ago
  60. 97d817b apparmor: Fix use-after-free in aa_audit_rule_init by Navid Emamdoost · 5 years ago
  61. dd540f2 evm: Fix a small race in init_desc() by Dan Carpenter · 4 years, 6 months ago
  62. 48bbd44 ima: Fix return value of ima_write_policy() by Roberto Sassu · 4 years, 7 months ago
  63. 1066327 evm: Check also if *tfm is an error pointer in init_desc() by Roberto Sassu · 4 years, 7 months ago
  64. 4aedc53 ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() by Roberto Sassu · 4 years, 7 months ago
  65. eeef0d9 selinux: properly handle multiple messages in selinux_netlink_send() by Paul Moore · 4 years, 7 months ago
  66. 419d8fb KEYS: Avoid false positive ENOMEM error on key read by Waiman Long · 4 years, 8 months ago
  67. f1afcf9 KEYS: Don't write out to userspace while holding key semaphore by Waiman Long · 4 years, 8 months ago
  68. a0aaafe keys: Fix proc_keys_next to increase position index by Vasily Averin · 4 years, 7 months ago
  69. 4b67e5a KEYS: reaching the keys quotas correctly by Yang Xu · 4 years, 9 months ago
  70. 4a1e1dda efi: Only print errors about failing to get certs if EFI vars are found by Javier Martinez Canillas · 4 years, 9 months ago
  71. e8807eb ima: ima/lsm policy rule loading logic bug fixes by Janne Karhunen · 4 years, 10 months ago
  72. 111749f selinux: ensure we cleanup the internal AVC counters on error in avc_update() by Jaihind Yadav · 5 years ago
  73. 0e44cd8 selinux: ensure we cleanup the internal AVC counters on error in avc_insert() by Paul Moore · 5 years ago
  74. 2d8fdc5 selinux: fall back to ref-walk if audit is required by Stephen Smalley · 5 years ago
  75. 875e01d selinux: fix regression introduced by move_mount(2) syscall by Stephen Smalley · 4 years, 10 months ago
  76. 3b2e595 selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" by Stephen Smalley · 5 years ago
  77. 59c458d broken ping to ipv6 linklocal addresses on debian buster by Casey Schaufler · 4 years, 10 months ago
  78. 99652ee tomoyo: Use atomic_t for statistics counter by Tetsuo Handa · 4 years, 11 months ago
  79. 1b32e6e tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). by Tetsuo Handa · 5 years ago
  80. e0d2bf5 apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock by John Johansen · 4 years, 11 months ago
  81. 9c24cc6 tomoyo: Don't use nifty names on sockets. by Tetsuo Handa · 5 years ago
  82. 4f13232 apparmor: fix unsigned len comparison with less than zero by Colin Ian King · 5 years ago
  83. 359efcc efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN by Javier Martinez Canillas · 5 years ago
  84. 2ef4591 Merge tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux by Linus Torvalds · 5 years ago
  85. 7a8beb7 integrity: remove pointless subdir-$(CONFIG_...) by Masahiro Yamada · 5 years ago
  86. 6b190d3 integrity: remove unneeded, broken attempt to add -fshort-wchar by Masahiro Yamada · 5 years ago
  87. 2a52439 selinux: fix context string corruption in convert_context() by Ondrej Mosnacek · 5 years ago
  88. aefcf2f Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security by Linus Torvalds · 5 years ago
  89. f1f2f61 Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity by Linus Torvalds · 5 years ago
  90. 9f75c82 KEYS: trusted: correctly initialize digests and fix locking issue by Roberto Sassu · 5 years ago
  91. e94f8cc Merge tag 'smack-for-5.4-rc1' of git://github.com/cschaufler/smack-next by Linus Torvalds · 5 years ago
  92. 1b5fb41 Merge tag 'safesetid-bugfix-5.4' of git://github.com/micah-morton/linux by Linus Torvalds · 5 years ago
  93. 5825a95 Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux by Linus Torvalds · 5 years ago
  94. 21ab858 LSM: SafeSetID: Stop releasing uninitialized ruleset by Micah Morton · 5 years ago
  95. f8a9bc6 security: constify some arrays in lockdown LSM by Matthew Garrett · 5 years ago
  96. d41a3ef keys: Fix missing null pointer check in request_key_auth_describe() by Hillf Danton · 5 years ago
  97. 169ce0c selinux: fix residual uses of current_security() for the SELinux blob by Stephen Smalley · 5 years ago
  98. e5bfad3 smack: use GFP_NOFS while holding inode_smack::smk_lock by Eric Biggers · 5 years ago
  99. 3f4287e security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() by Jia-Ju Bai · 5 years ago
  100. a1a07f2 smack: fix some kernel-doc notations by luanshi · 5 years ago