OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-kernel/security/keys
History
Christian Göttsche 896e9e5778 security: keys: perform capable check only on privileged operations 
[ Upstream commit 2d7f105edb ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-13 09:42:23 +02:00
..
encrypted-keys KEYS: encrypted: fix key instantiation with user-provided data 2022-12-21 17:48:11 +01:00
trusted-keys security: keys: Modify mismatched function name 2023-07-27 08:50:43 +02:00
Kconfig KEYS: trusted: allow use of TEE as backend without TCG_TPM support 2022-05-23 18:47:50 +03:00
Makefile
big_key.c big_keys: Use struct for internal payload 2022-05-16 16:02:21 -07:00
compat.c
compat_dh.c
dh.c crypto: dh - constify struct dh's pointer members 2022-03-03 10:47:50 +12:00
gc.c
internal.h KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALL 2022-09-21 17:32:48 -07:00
key.c
keyctl.c security: keys: perform capable check only on privileged operations 2023-09-13 09:42:23 +02:00
keyctl_pkey.c KEYS: fix length validation in keyctl_pkey_params_get_2() 2022-03-08 10:33:18 +02:00
keyring.c security/keys: Remove inconsistent __user annotation 2022-10-05 00:25:56 +03:00
permission.c
persistent.c
proc.c
process_keys.c
request_key.c keys: Fix linking a duplicate key to a keyring's assoc_array 2023-07-27 08:50:24 +02:00
request_key_auth.c
sysctl.c
user_defined.c