OpenCloudOS-Kernel/security/tomoyo
Linus Torvalds 0302e28dee Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
 "Highlights:

  IMA:
   - provide ">" and "<" operators for fowner/uid/euid rules

  KEYS:
   - add a system blacklist keyring

   - add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
     functionality to userland via keyctl()

  LSM:
   - harden LSM API with __ro_after_init

   - add prlmit security hook, implement for SELinux

   - revive security_task_alloc hook

  TPM:
   - implement contextual TPM command 'spaces'"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
  tpm: Fix reference count to main device
  tpm_tis: convert to using locality callbacks
  tpm: fix handling of the TPM 2.0 event logs
  tpm_crb: remove a cruft constant
  keys: select CONFIG_CRYPTO when selecting DH / KDF
  apparmor: Make path_max parameter readonly
  apparmor: fix parameters so that the permission test is bypassed at boot
  apparmor: fix invalid reference to index variable of iterator line 836
  apparmor: use SHASH_DESC_ON_STACK
  security/apparmor/lsm.c: set debug messages
  apparmor: fix boolreturn.cocci warnings
  Smack: Use GFP_KERNEL for smk_netlbl_mls().
  smack: fix double free in smack_parse_opts_str()
  KEYS: add SP800-56A KDF support for DH
  KEYS: Keyring asymmetric key restrict method with chaining
  KEYS: Restrict asymmetric key linkage using a specific keychain
  KEYS: Add a lookup_restriction function for the asymmetric key type
  KEYS: Add KEYCTL_RESTRICT_KEYRING
  KEYS: Consistent ordering for __key_link_begin and restrict check
  KEYS: Add an optional lookup_restriction hook to key_type
  ...
2017-05-03 08:50:52 -07:00
..
policy tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
.gitignore tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
Kconfig tomoyo: Use bin2c to generate builtin-policy.h 2015-04-07 21:27:45 +02:00
Makefile tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
audit.c tomoyo: Use sensible time interface 2014-06-12 16:18:45 +02:00
common.c tomoyo: Use sensible time interface 2014-06-12 16:18:45 +02:00
common.h tomoyo: constify assorted struct path * 2016-03-28 00:47:23 -04:00
condition.c VFS: security/: d_backing_inode() annotations 2015-04-15 15:06:56 -04:00
domain.c sched/headers: Prepare to use <linux/rcuupdate.h> instead of <linux/rculist.h> in <linux/sched.h> 2017-03-02 08:42:38 +01:00
environ.c TOMOYO: Add environment variable name restriction support. 2011-09-14 08:27:05 +10:00
file.c TOMOYO: Use designated initializers 2017-03-30 17:37:45 +11:00
gc.c security: tomoyo: simplify the gc kthread creation 2016-06-06 20:23:55 +10:00
group.c sched/headers: Prepare to use <linux/rcuupdate.h> instead of <linux/rculist.h> in <linux/sched.h> 2017-03-02 08:42:38 +01:00
load_policy.c usermodehelper: use UMH_WAIT_PROC consistently 2012-03-23 16:58:41 -07:00
memory.c vfs: make the string hashes salt the hash 2016-06-10 20:21:46 -07:00
mount.c tomoyo: constify assorted struct path * 2016-03-28 00:47:23 -04:00
network.c new helper: uaccess_kernel() 2017-03-28 16:43:25 -04:00
realpath.c fs: rename "rename2" i_op to "rename" 2016-09-27 11:03:58 +02:00
securityfs_if.c convert a bunch of open-coded instances of memdup_user_nul() 2016-01-04 10:26:58 -05:00
tomoyo.c TOMOYO: Use designated initializers 2017-03-30 17:37:45 +11:00
util.c sched/headers: Prepare to use <linux/rcuupdate.h> instead of <linux/rculist.h> in <linux/sched.h> 2017-03-02 08:42:38 +01:00