evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/security/apparmor
History
John Johansen be79d7fa43 apparmor: fix change_hat not finding hat after policy replacement 
commit 3d40658c977769ce2138f286cf131537bf68bdfe upstream.

After a policy replacement, the task cred may be out of date and need
to be updated. However change_hat is using the stale profiles from
the out of date cred resulting in either: a stale profile being applied
or, incorrect failure when searching for a hat profile as it has been
migrated to the new parent profile.

Fixes: 01e2b670aa (failure to find hat)
Fixes: 898127c34e (stale policy being applied)
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000287
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-12-02 09:09:01 +01:00
..
include Apparmor: mediated_filesystem() should use dentry->d_sb not inode->i_sb 2015-02-22 11:38:39 -05:00
.gitignore AppArmor: remove af_names.h from .gitignore 2012-09-01 08:35:34 -07:00
apparmorfs.c apparmor: fix ref count leak when profile sha1 hash is read 2016-08-16 09:30:49 +02:00
audit.c apparmor: remove parent task info from audit logging 2013-10-29 21:34:04 -07:00
capability.c apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
context.c apparmor: change how profile replacement update is done 2013-08-14 11:42:06 -07:00
crypto.c apparmor: Use shash crypto API interface for profile hashes 2013-09-30 09:53:59 +10:00
domain.c apparmor: fix change_hat not finding hat after policy replacement 2016-12-02 09:09:01 +01:00
file.c VFS: security/: d_backing_inode() annotations 2015-04-15 15:06:56 -04:00
ipc.c apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
Kconfig apparmor: clarify CRYPTO dependency 2015-10-22 11:11:28 +11:00
lib.c nick kvfree() from apparmor 2014-05-06 14:02:53 -04:00
lsm.c Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
Makefile apparmor: add the ability to report a sha1 hash of loaded policy 2013-08-14 11:42:08 -07:00
match.c apparmor: reserve and mask off the top 8 bits of the base field 2013-04-28 00:37:32 -07:00
path.c Apparmor: Use d_is_positive/negative() rather than testing dentry->d_inode 2015-02-22 11:38:39 -05:00
policy.c apparmor: fix memleak of the profile hash 2013-10-16 11:53:59 +11:00
policy_unpack.c apparmor: add the ability to report a sha1 hash of loaded policy 2013-08-14 11:42:08 -07:00
procattr.c apparmor: add interface files for profiles and namespaces 2013-08-14 11:42:07 -07:00
resource.c apparmor: relax the restrictions on setting rlimits 2013-04-28 00:36:46 -07:00
sid.c