OpenCloudOS-Kernel/security/apparmor
Kees Cook 993b3ab064 apparmor: Refactor to remove bprm_secureexec hook
The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds
hook since it's dealing with the same information, and all of the details
are finalized during the first call to the bprm_set_creds hook via
prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
via bprm->called_set_creds).

Here, all the comments describe how secureexec is actually calculated
during bprm_set_creds, so this actually does it, drops the bprm flag that
was being used internally by AppArmor, and drops the bprm_secureexec hook.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
2017-08-01 12:03:06 -07:00
..
include apparmor: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:06 -07:00
.gitignore AppArmor: remove af_names.h from .gitignore 2012-09-01 08:35:34 -07:00
Kconfig apparmor: add debug assert AA_BUG and Kconfig to control debug info 2017-01-16 01:18:24 -08:00
Makefile apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
apparmorfs.c apparmor: export that basic profile namespaces are supported 2017-06-10 17:11:48 -07:00
audit.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
capability.c apparmor: move capability checks to using labels 2017-06-10 17:11:40 -07:00
context.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
crypto.c apparmor: use SHASH_DESC_ON_STACK 2017-04-07 08:58:35 +10:00
domain.c apparmor: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:06 -07:00
file.c apparmor: put back designators in struct initialisers 2017-06-28 15:50:43 +10:00
ipc.c apparmor: allow ptrace checks to be finer grained than just capability 2017-06-10 17:11:42 -07:00
label.c apparmor: add the base fns() for domain labels 2017-06-10 17:11:38 -07:00
lib.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
lsm.c apparmor: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:06 -07:00
match.c doc: ReSTify apparmor.txt 2017-05-18 10:32:38 -06:00
nulldfa.in apparmor: add a default null dfa 2017-01-16 01:18:34 -08:00
path.c apparmor: Move path lookup to using preallocated buffers 2017-06-08 11:29:34 -07:00
policy.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
policy_ns.c apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
policy_unpack.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-07-05 11:26:35 -07:00
procattr.c apparmor: switch getprocattr to using label_print fns() 2017-06-10 17:11:39 -07:00
resource.c apparmor: move resource checks to using labels 2017-06-10 17:11:40 -07:00
secid.c apparmor: rename sid to secid 2017-01-16 00:42:17 -08:00