acrn-kernel/security/selinux
Paul Moore f4d653dcaa selinux: implement the security_uring_cmd() LSM hook
Add a SELinux access control for the iouring IORING_OP_URING_CMD
command.  This includes the addition of a new permission in the
existing "io_uring" object class: "cmd".  The subject of the new
permission check is the domain of the process requesting access, the
object is the open file which points to the device/file that is the
target of the IORING_OP_URING_CMD operation.  A sample policy rule
is shown below:

  allow <domain> <file>:io_uring { cmd };

Cc: stable@vger.kernel.org
Fixes: ee692a21e9 ("fs,io_uring: add infrastructure for uring-cmd")
Signed-off-by: Paul Moore <paul@paul-moore.com>
2022-08-26 11:19:43 -04:00
..
include selinux: implement the security_uring_cmd() LSM hook 2022-08-26 11:19:43 -04:00
ss selinux: Add boundary check in put_entry() 2022-06-14 21:52:37 -04:00
.gitignore
Kconfig
Makefile
avc.c selinux: declare data arrays const 2022-05-03 15:53:49 -04:00
hooks.c selinux: implement the security_uring_cmd() LSM hook 2022-08-26 11:19:43 -04:00
ibpkey.c selinux: various sparse fixes 2022-02-01 19:08:28 -05:00
ima.c selinux/stable-5.18 PR 20220321 2022-03-21 20:47:54 -07:00
netif.c
netlabel.c security: pass asoc to sctp_assoc_request and sctp_sk_clone 2021-11-03 11:09:20 +00:00
netlink.c
netnode.c selinux: various sparse fixes 2022-02-01 19:08:28 -05:00
netport.c selinux: various sparse fixes 2022-02-01 19:08:28 -05:00
nlmsgtab.c selinux: resolve checkpatch errors 2022-05-03 13:59:15 -04:00
selinuxfs.c selinux: don't sleep when CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is true 2022-04-14 16:44:21 -04:00
status.c
xfrm.c selinux: use correct type for context length 2022-02-18 10:45:54 -05:00