Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 8528806abed5a759ce2061206d5152a89350ef63 / security
  1. f038185 Fix incorrect type in assignment of ipv6 port for audit by Casey Schaufler · 2 years, 10 months ago
  2. 448857f selinux: allow FIOCLEX and FIONCLEX with policy capability by Richard Haines · 2 years, 10 months ago
  3. 4b9b60b selinux: use correct type for context length by Christian Göttsche · 2 years, 10 months ago
  4. 2784604 LSM: general protection fault in legacy_parse_param by Casey Schaufler · 3 years ago
  5. 60605ac TOMOYO: fix __setup handlers return values by Randy Dunlap · 2 years, 10 months ago
  6. d788ad4 EVM: fix the evm= __setup handler return value by Randy Dunlap · 2 years, 10 months ago
  7. 962d1f5 selinux: check return value of sel_make_avc_files by Christian Göttsche · 3 years ago
  8. 10ee566 KEYS: fix length validation in keyctl_pkey_params_get_2() by Eric Biggers · 3 years ago
  9. 8027ba4 ima: Do not print policy rule with inactive LSM labels by Stefan Berger · 2 years, 11 months ago
  10. 8171c8a ima: Allow template selection with ima_template[_fmt]= after ima_hash= by Roberto Sassu · 2 years, 11 months ago
  11. 0795b71 ima: Remove ima_policy file before directory by Stefan Berger · 3 years ago
  12. 7fea2e5 integrity: check the return value of audit_log_start() by Xiaoke Wang · 3 years ago
  13. f446089 selinux: fix double free of cond_list on error paths by Vratislav Bendel · 2 years, 11 months ago
  14. b2b1b49 selinux: fix potential memleak in selinux_add_opt() by Bernard Zhao · 3 years, 1 month ago
  15. 4833ad4 selinux: initialize proto variable in selinux_ip_postroute_compat() by Tom Rix · 3 years ago
  16. 0643d91 tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() by Tetsuo Handa · 3 years ago
  17. e2048a1 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok(). by Dmitry Vyukov · 3 years ago
  18. b17dd53 selinux: fix NULL-pointer dereference when hashtab allocation fails by Ondrej Mosnacek · 3 years, 1 month ago
  19. eaafc59 fortify: Explicitly disable Clang support by Kees Cook · 3 years, 8 months ago
  20. 851b622 apparmor: fix error check by Tom Rix · 4 years, 3 months ago
  21. d337537 smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi by Tetsuo Handa · 3 years, 2 months ago
  22. c11aecb smackfs: use __GFP_NOFAIL for smk_cipso_doi() by Tetsuo Handa · 3 years, 2 months ago
  23. 3fac6fe smackfs: Fix use-after-free in netlbl_catmap_walk() by Pawan Gupta · 3 years, 4 months ago
  24. c7400e2 evm: mark evm_fixmode as __ro_after_init by Austin Kim · 3 years, 2 months ago
  25. db04fb4 selinux: fix race condition when computing ocontext SIDs by Ondrej Mosnacek · 3 years, 5 months ago
  26. 0d9f4ae binder: use cred instead of task for selinux checks by Todd Kjos · 3 years, 2 months ago
  27. df19d95 Smack: Fix wrong semantics in smk_access_entry() by Tianjia Zhang · 3 years, 6 months ago
  28. 34d099a IMA: remove the dependency on CRYPTO_MD5 by THOBY Simon · 3 years, 4 months ago
  29. 5cc1ee3 IMA: remove -Wmissing-prototypes warning by Austin Kim · 3 years, 6 months ago
  30. d8c3859 bpf: Add lockdown check for probe_write_user helper by Daniel Borkmann · 3 years, 5 months ago
  31. f4984f6 selinux: correct the return value when loads initial sids by Xiu Jianfeng · 3 years, 5 months ago
  32. 3780348 smackfs: restrict bytes count in smk_set_cipso() by Tetsuo Handa · 3 years, 9 months ago
  33. f383718 selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC by Minchan Kim · 3 years, 7 months ago
  34. 912d16a evm: fix writing <securityfs>/evm overflow by Mimi Zohar · 3 years, 8 months ago
  35. 5312426 evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded by Roberto Sassu · 3 years, 8 months ago
  36. 7b84c7d evm: Execute evm_inode_init_security() only when an HMAC key is loaded by Roberto Sassu · 3 years, 8 months ago
  37. 1573d59 integrity: Load mokx variables into the blacklist keyring by Eric Snowberg · 4 years ago
  38. 4510906 certs: Add EFI_CERT_X509_GUID support for dbx entries by Eric Snowberg · 4 years ago
  39. 31c9a4b KEYS: trusted: Fix memory leak on object td by Colin Ian King · 3 years, 8 months ago
  40. 6b4b3b8 ima: Fix the error code for restoring the PCR value by Li Huafei · 3 years, 10 months ago
  41. 09a119a security: keys: trusted: fix TPM2 authorizations by James Bottomley · 4 years ago
  42. 4c0ddc8 selinux: add proper NULL termination to the secclass_map permissions by Paul Moore · 3 years, 8 months ago
  43. f37b9c142 security: commoncap: fix -Wstringop-overread warning by Arnd Bergmann · 3 years, 9 months ago
  44. bf84ef2 KEYS: trusted: Fix TPM reservation for seal/unseal by James Bottomley · 3 years, 8 months ago
  45. a28124e selinux: fix race between old and new sidtab by Ondrej Mosnacek · 3 years, 9 months ago
  46. fd75d73 selinux: fix cond_list corruption when changing booleans by Ondrej Mosnacek · 3 years, 9 months ago
  47. 4f29b08 selinux: make nslot handling in avtab more robust by Ondrej Mosnacek · 3 years, 9 months ago
  48. 546f7fc integrity: double check iint_cache was initialized by Mimi Zohar · 3 years, 9 months ago
  49. 19c9967 selinux: fix variable scope issue in live sidtab conversion by Ondrej Mosnacek · 3 years, 9 months ago
  50. 9731e08 selinux: don't log MAC_POLICY_LOAD record on failed policy load by Ondrej Mosnacek · 3 years, 9 months ago
  51. 5d5422a Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") by Eric W. Biederman · 3 years, 10 months ago
  52. aa40f5e tomoyo: recognize kernel threads correctly by Tetsuo Handa · 4 years ago
  53. e004209 tomoyo: ignore data race while checking quota by Tetsuo Handa · 4 years ago
  54. fa5b656 smackfs: restrict bytes count in smackfs write functions by Sabyrzhan Tasbolatov · 4 years ago
  55. 67118bb KEYS: trusted: Reserve TPM for seal and unseal operations by Jarkko Sakkinen · 4 years ago
  56. 54c527c KEYS: trusted: Fix migratable=1 failing by Jarkko Sakkinen · 4 years ago
  57. 9d83cc1 KEYS: trusted: Fix incorrect handling of tpm_get_random() by Jarkko Sakkinen · 4 years ago
  58. 2fe9215 selinux: fix inconsistency between inode_getxattr and inode_listsecurity by Amir Goldstein · 4 years ago
  59. d7b0efa certs: Fix blacklist flag type confusion by David Howells · 4 years, 1 month ago
  60. 6e223a3 watch_queue: Drop references to /dev/watch_queue by Gabriel Krisman Bertazi · 4 years, 1 month ago
  61. 54b4e5d capabilities: Don't allow writing ambiguous v3 file capabilities by Eric W. Biederman · 4 years ago
  62. c365d33 ima: Free IMA measurement buffer after kexec syscall by Lakshmi Ramasubramanian · 3 years, 11 months ago
  63. 1facf24 ima: Free IMA measurement buffer on error by Lakshmi Ramasubramanian · 3 years, 11 months ago
  64. 494e9ec evm: Fix memleak in init_desc by Dinghao Liu · 4 years ago
  65. 02dee03 cap: fix conversions on getxattr by Miklos Szeredi · 4 years ago
  66. a3fddad dump_common_audit_data(): fix racy accesses to ->d_name by Al Viro · 4 years ago
  67. 0f2206e ima: Don't modify file descriptor mode on the fly by Roberto Sassu · 4 years, 1 month ago
  68. 8f939ab Smack: Handle io_uring kernel thread privileges by Casey Schaufler · 4 years ago
  69. 6e5ea34 selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling by Paul Moore · 4 years, 2 months ago
  70. f0d7de0 selinux: fix error initialization in inode_doinit_with_dentry() by Tianyue Ren · 4 years, 3 months ago
  71. 30636a5 Merge tag 'selinux-pr-20201113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux by Linus Torvalds · 4 years, 1 month ago
  72. c350f8b selinux: Fix error return code in sel_ib_pkey_sid_slow() by Chen Zhou · 4 years, 2 months ago
  73. 4739eea ima: Replace zero-length array with flexible-array member by Gustavo A. R. Silva · 4 years, 4 months ago
  74. 81ecf91 Merge tag 'safesetid-5.10' of git://github.com/micah-morton/linux by Linus Torvalds · 4 years, 2 months ago
  75. 91989c7 task_work: cleanup notification modes by Jens Axboe · 4 years, 2 months ago
  76. 9ff9b0d Merge tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next by Linus Torvalds · 4 years, 2 months ago
  77. 840e5bb Merge tag 'integrity-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity by Linus Torvalds · 4 years, 2 months ago
  78. 726eb70 Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc by Linus Torvalds · 4 years, 2 months ago
  79. 7b54081 Merge tag 'selinux-pr-20201012' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux by Linus Torvalds · 4 years, 3 months ago
  80. 99a6740 Merge tag 'Smack-for-5.10' of git://github.com/cschaufler/smack-next by Linus Torvalds · 4 years, 3 months ago
  81. b274279 Merge tag 'tomoyo-pr-20201012' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1 by Linus Torvalds · 4 years, 3 months ago
  82. 03ca0ec LSM: SafeSetID: Fix warnings reported by test bot by Thomas Cedeno · 4 years, 5 months ago
  83. 5294bac LSM: SafeSetID: Add GID security policy handling by Thomas Cedeno · 4 years, 5 months ago
  84. 39a5101 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 by Linus Torvalds · 4 years, 3 months ago
  85. 85ed13e Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs by Linus Torvalds · 4 years, 3 months ago
  86. e6412f9 Merge tag 'efi-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip by Linus Torvalds · 4 years, 3 months ago
  87. a207516 tomoyo: Loosen pathname/domainname validation. by Tetsuo Handa · 4 years, 4 months ago
  88. edd6153 Smack: Remove unnecessary variable initialization by Casey Schaufler · 4 years, 3 months ago
  89. 0fa8e08 fs/kernel_file_read: Add "offset" arg for partial reads by Kees Cook · 4 years, 3 months ago
  90. 34736da IMA: Add support for file reads without contents by Scott Branden · 4 years, 3 months ago
  91. 2039bda LSM: Add "contents" flag to kernel_read_file hook by Kees Cook · 4 years, 3 months ago
  92. 4f2d99b firmware_loader: Use security_post_load_data() by Kees Cook · 4 years, 3 months ago
  93. b64fcae LSM: Introduce kernel_post_load_data() hook by Kees Cook · 4 years, 3 months ago
  94. 8853528 fs/kernel_read_file: Add file_size output argument by Kees Cook · 4 years, 3 months ago
  95. 113eeb5 fs/kernel_read_file: Switch buffer size arg to size_t by Kees Cook · 4 years, 3 months ago
  96. f7a4f68 fs/kernel_read_file: Remove redundant size argument by Kees Cook · 4 years, 3 months ago
  97. b89999d0 fs/kernel_read_file: Split into separate include file by Scott Branden · 4 years, 3 months ago
  98. c307459 fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum by Kees Cook · 4 years, 3 months ago
  99. 5d47b39 security/keys: remove compat_keyctl_instantiate_key_iov by Christoph Hellwig · 4 years, 3 months ago
  100. 89cd35c iov_iter: transparently handle compat iovecs in import_iovec by Christoph Hellwig · 4 years, 3 months ago