a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bb1e083ed4
android_kernel_samsung_a7y1.../security
History
John Johansen 98e984f0da apparmor: fix module parameters can be changed after policy is locked 
commit 58acf9d911c8831156634a44d0b022d683e1e50c upstream.

the policy_lock parameter is a one way switch that prevents policy
from being further modified. Unfortunately some of the module parameters
can effectively modify policy by turning off enforcement.

split policy_admin_capable into a view check and a full admin check,
and update the admin check to test the policy_lock parameter.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-07 12:31:21 +02:00
..
apparmor apparmor: fix module parameters can be changed after policy is locked 2020-04-07 12:31:21 +02:00
defex_lsm
dsms
integrity ima: always return negative code for error 2020-04-07 08:07:54 +02:00
keys keys: Fix missing null pointer check in request_key_auth_describe() 2020-04-06 21:37:05 +02:00
mstdrv
proca
samsung
sdp
selinux selinux: fix memory leak in policydb_init() 2020-04-06 20:27:38 +02:00
smack smack: use GFP_NOFS while holding inode_smack::smk_lock 2020-04-07 08:07:26 +02:00
tima_uevent
tomoyo
tz_iccc
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig
lsm_audit.c
Makefile
min_addr.c
security.c