Darkangeel_hd
/
lineage_android_kernel_xiaomi_sdm845
mirror of https://github.com/Darkangeel-hd/lineage_android_kernel_xiaomi_sdm845.git
1
0
Fork 0
Code Issues Releases Wiki Activity
lineage_android_kernel_xiao.../include/linux
History
Stephen Smalley 006ebb40d3 Security: split proc ptrace checking into read vs. attach 
Enable security modules to distinguish reading of process state via
proc from full ptrace access by renaming ptrace_may_attach to
ptrace_may_access and adding a mode argument indicating whether only
read access or full attach access is requested.  This allows security
modules to permit access to reading process state without granting
full ptrace access.  The base DAC/capability checking remains unchanged.

Read access to /proc/pid/mem continues to apply a full ptrace attach
check since check_mem_permission() already requires the current task
to already be ptracing the target.  The other ptrace checks within
proc for elements like environ, maps, and fds are changed to pass the
read mode instead of attach.

In the SELinux case, we model such reading of process state as a
reading of a proc file labeled with the target process' label.  This
enables SELinux policy to permit such reading of process state without
permitting control or manipulation of the target process, as there are
a number of cases where programs probe for such information via proc
but do not need to be able to control the target (e.g. procps,
lsof, PolicyKit, ConsoleKit).  At present we have to choose between
allowing full ptrace in policy (more permissive than required/desired)
or breaking functionality (or in some cases just silencing the denials
via dontaudit rules but this can hide genuine attacks).

This version of the patch incorporates comments from Casey Schaufler
(change/replace existing ptrace_may_attach interface, pass access
mode), and Chris Wright (provide greater consistency in the checking).

Note that like their predecessors __ptrace_may_attach and
ptrace_may_attach, the __ptrace_may_access and ptrace_may_access
interfaces use different return value conventions from each other (0
or -errno vs. 1 or 0).  I retained this difference to avoid any
changes to the caller logic but made the difference clearer by
changing the latter interface to return a bool rather than an int and
by adding a comment about it to ptrace.h for any future callers.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: James Morris <jmorris@namei.org>
 		2008-07-14 15:01:47 +10:00
..
amba
byteorder
can
dvb
hdlc
i2c
isdn
lockd
mfd
mlx4
mmc
mtd
netfilter
netfilter_arp
netfilter_bridge
netfilter_ipv4
netfilter_ipv6
nfsd
raid
rtc
spi
ssb
sunrpc
tc_act
tc_ematch
unaligned
usb
8250_pci.h
Kbuild kbuild: fix a.out.h export to userspace with O= build. 2008-06-27 23:13:54 +02:00
a.out.h Remove #ifdef CONFIG_ARCH_SUPPORTS_AOUT from <linux/a.out.h> 2008-06-16 10:20:58 -07:00
ac97_codec.h
acct.h
acpi.h
acpi_pmtmr.h
adb.h
adfs_fs.h
adfs_fs_i.h
adfs_fs_sb.h
aer.h
affs_hardblocks.h
agp_backend.h agp: more boolean conversions. 2008-06-19 10:42:17 +10:00
agpgart.h agp: more boolean conversions. 2008-06-19 10:42:17 +10:00
aio.h
aio_abi.h
amifd.h
amifdreg.h
amigaffs.h
anon_inodes.h
apm-emulation.h
apm_bios.h
arcdevice.h
arcfb.h
async_tx.h
ata.h
ata_platform.h
atalk.h
atm.h
atm_eni.h
atm_he.h
atm_idt77105.h
atm_nicstar.h
atm_suni.h
atm_tcp.h
atm_zatm.h
atmapi.h
atmarp.h
atmbr2684.h
atmclip.h
atmdev.h
atmel-ssc.h
atmel_pdc.h
atmel_pwm.h
atmel_serial.h
atmel_tc.h
atmioc.h
atmlec.h
atmmpc.h
atmppp.h
atmsap.h
atmsvc.h
attribute_container.h
audit.h [PATCH] remove useless argument type in audit_filter_user() 2008-06-24 23:36:35 -04:00
auto_fs.h
auto_fs4.h
auxvec.h
ax25.h
b1lli.h
b1pcmcia.h
backing-dev.h
backlight.h
baycom.h
bcd.h
bfs_fs.h
binfmts.h
bio.h
bit_spinlock.h
bitmap.h
bitops.h
bitrev.h
blkdev.h
blkpg.h
blktrace_api.h
blockgroup_lock.h
bootmem.h Add return value to reserve_bootmem_node() 2008-06-21 11:25:10 -07:00
bottom_half.h
bpqether.h
bsg.h
buffer_head.h
bug.h
cache.h
can.h
capability.h security: filesystem capabilities: fix fragile setuid fixup code 2008-07-04 10:40:08 -07:00
capi.h
cciss_ioctl.h
cd1400.h
cdev.h
cdk.h
cdrom.h
cfag12864b.h Miguel Ojeda has moved 2008-07-04 10:40:05 -07:00
cgroup.h
cgroup_subsys.h
cgroupstats.h
chio.h
circ_buf.h
clk.h
clockchips.h
clocksource.h
cm4000_cs.h
cn_proc.h
coda.h
coda_cache.h
coda_fs_i.h
coda_linux.h
coda_psdev.h
coff.h
com20020.h
compat.h
compiler-gcc.h
compiler-gcc3.h
compiler-gcc4.h
compiler-intel.h
compiler.h
completion.h
comstats.h
concap.h
configfs.h
connector.h
console.h
console_struct.h
consolemap.h
const.h
cpu.h
cpufreq.h
cpuidle.h
cpumask.h cpumask: introduce new APIs 2008-07-04 10:40:09 -07:00
cpuset.h
cramfs_fs.h
cramfs_fs_sb.h
crash_dump.h
crc-ccitt.h
crc-itu-t.h
crc7.h
crc16.h
crc32.h
crc32c.h
crypto.h
cryptohash.h
ctype.h
cuda.h
cyclades.h
cyclomx.h
cycx_cfm.h
cycx_drv.h
cycx_x25.h
dca.h
dcache.h [patch 2/4] fs: make struct file arg to d_path const 2008-06-23 11:52:30 -04:00
dccp.h
dcookies.h
debug_locks.h Move _RET_IP_ and _THIS_IP_ to include/linux/kernel.h 2008-07-05 13:10:50 -07:00
debugfs.h
debugobjects.h
delay.h
delayacct.h
device-mapper.h
device.h
device_cgroup.h
devpts_fs.h
dio.h
dirent.h
display.h
dlm.h
dlm_device.h
dlm_netlink.h
dlm_plock.h
dlmconstants.h
dm-dirty-log.h
dm-io.h
dm-ioctl.h
dm-kcopyd.h
dm9000.h
dma-attrs.h
dma-mapping.h
dmaengine.h
dmapool.h
dmar.h
dmi.h
dn.h
dnotify.h
dqblk_v1.h
dqblk_v2.h
dqblk_xfs.h
ds1wm.h
ds1286.h
ds17287rtc.h
dtlk.h
edac.h
edd.h
eeprom_93cx6.h
efi.h
efs_fs_sb.h
efs_vh.h
eisa.h
elevator.h
elf-em.h
elf-fdpic.h
elf.h
elfcore-compat.h
elfcore.h
elfnote.h
enclosure.h
err.h
errno.h
errqueue.h
etherdevice.h
ethtool.h
eventfd.h
eventpoll.h
exportfs.h
ext2_fs.h
ext2_fs_sb.h
ext3_fs.h
ext3_fs_i.h
ext3_fs_sb.h
ext3_jbd.h
f75375s.h
fadvise.h
falloc.h
fault-inject.h
fb.h
fcdevice.h
fcntl.h
fd.h
fd1772.h
fddidevice.h
fdreg.h
fdtable.h
fib_rules.h
file.h
filter.h
firewire-cdev.h
firewire-constants.h
firmware.h firmware: fix the request_firmware() dummy 2008-07-04 10:40:04 -07:00
flat.h
font.h
freezer.h
fs.h Properly notify block layer of sync writes 2008-07-01 09:07:34 +02:00
fs_enet_pd.h
fs_stack.h
fs_struct.h
fs_uart_pd.h
fsl_devices.h
fsnotify.h
fuse.h
futex.h
gameport.h
gen_stats.h
genalloc.h
generic_acl.h
generic_serial.h
genetlink.h
genhd.h
getcpu.h
gfp.h
gfs2_ondisk.h
gigaset_dev.h
gpio.h
gpio_keys.h
gpio_mouse.h
hardirq.h
harrier_defs.h
hash.h
hayesesp.h
hdlc.h
hdlcdrv.h
hdpu_features.h
hdreg.h
hid-debug.h
hid.h
hiddev.h
hidraw.h
highmem.h
highuid.h
hil.h
hil_mlc.h
hippidevice.h
hp_sdc.h
hpet.h
hrtimer.h
htirq.h
hugetlb.h
hw_random.h
hwmon-sysfs.h
hwmon-vid.h
hwmon.h
hysdn_if.h
i2c-algo-bit.h
i2c-algo-pca.h
i2c-algo-pcf.h
i2c-algo-sgi.h
i2c-dev.h
i2c-gpio.h
i2c-id.h
i2c-ocores.h
i2c-pca-platform.h
i2c-pnx.h
i2c-pxa.h
i2c.h i2c: Fix bad hint about irqs in i2c.h 2008-07-01 22:38:18 +02:00
i2o-dev.h
i2o.h
i8k.h
i8042.h
ibmtr.h
icmp.h
icmpv6.h
ide.h ide: add __ide_default_irq() inline helper 2008-07-08 19:27:22 +02:00
idr.h
ieee80211.h
if.h
if_addr.h
if_addrlabel.h
if_arcnet.h
if_arp.h
if_bonding.h
if_bridge.h
if_cablemodem.h
if_ec.h
if_eql.h
if_ether.h
if_fc.h
if_fddi.h
if_frad.h
if_hippi.h
if_infiniband.h
if_link.h
if_ltalk.h
if_macvlan.h
if_packet.h
if_plip.h
if_ppp.h
if_pppol2tp.h
if_pppox.h
if_slip.h
if_strip.h
if_tr.h
if_tun.h
if_tunnel.h ipv6 sit: Avoid extra need for compat layer in PRL management. 2008-06-16 16:48:20 -07:00
if_vlan.h
igmp.h
in.h
in6.h
in_route.h
inet.h
inet_diag.h
inet_lro.h net/inet_lro: remove setting skb->ip_summed when not LRO-able 2008-06-27 20:09:00 -07:00
inetdevice.h
init.h
init_ohci1394_dma.h
init_task.h
initrd.h
inotify.h
input-polldev.h
input.h Input: add KEY_MEDIA_REPEAT definition 2008-06-30 09:25:12 -04:00
interrupt.h
io.h
ioc3.h
ioc4.h
iocontext.h
ioctl.h
iommu-helper.h
ioport.h
ioprio.h
ip.h
ip6_tunnel.h
ipc.h
ipc_namespace.h
ipmi.h
ipmi_msgdefs.h
ipmi_smi.h
ipsec.h
ipv6.h
ipv6_route.h
ipx.h
irda.h
irq.h
irq_cpustat.h
irqflags.h
irqreturn.h
isa.h
isapnp.h
iscsi_ibft.h
isdn.h
isdn_divertif.h
isdn_ppp.h
isdnif.h
isicom.h
iso_fs.h
istallion.h
ivtv.h
ivtvfb.h
ixjuser.h
jbd.h
jbd2.h
jffs2.h
jhash.h
jiffies.h
journal-head.h
joystick.h
kallsyms.h
kbd_diacr.h
kbd_kern.h
kbuild.h
kd.h
kdebug.h
kdev_t.h
kernel.h Move _RET_IP_ and _THIS_IP_ to include/linux/kernel.h 2008-07-05 13:10:50 -07:00
kernel_stat.h
kernelcapi.h
kexec.h
key-type.h
key-ui.h
key.h
keyboard.h
keyctl.h
kfifo.h
kgdb.h
klist.h
kmalloc_sizes.h
kmod.h
kobj_map.h
kobject.h
kprobes.h
kref.h
ks0108.h Miguel Ojeda has moved 2008-07-04 10:40:05 -07:00
kthread.h
ktime.h
kvm.h
kvm_host.h KVM: close timer injection race window in __vcpu_run 2008-06-24 12:16:59 +03:00
kvm_para.h
kvm_types.h
lapb.h
latencytop.h
lcd.h
leds.h
lguest.h
lguest_launcher.h
libata.h
libps2.h
license.h
limits.h
linkage.h
linux_logo.h
list.h
llc.h
lm_interface.h
lmb.h
lockdep.h
log2.h
loop.h
lp.h
lzo.h
m48t86.h
magic.h
major.h
maple.h
marker.h
math64.h add an inlined version of iter_div_u64_rem 2008-06-12 10:47:58 +02:00
matroxfb.h
mbcache.h
mbus.h
mc6821.h
mc146818rtc.h
mca-legacy.h
mca.h
mdio-bitbang.h
memcontrol.h
memory.h
memory_hotplug.h
mempolicy.h
mempool.h
memstick.h
meye.h
migrate.h
mii.h
minix_fs.h
miscdevice.h
mm.h pagemap: pass mm into pagewalkers 2008-06-12 18:05:41 -07:00
mm_inline.h
mm_types.h
mman.h
mmtimer.h
mmzone.h
mnt_namespace.h
mod_devicetable.h
module.h
moduleloader.h
moduleparam.h
mount.h
mpage.h
mqueue.h
mroute.h
mroute6.h
msdos_fs.h
msg.h
msi.h
mtio.h
mutex-debug.h
mutex.h
mv643xx.h
mv643xx_eth.h
mv643xx_i2c.h
n_r3964.h
namei.h
nbd.h
ncp.h
ncp_fs.h
ncp_fs_i.h
ncp_fs_sb.h
ncp_mount.h
ncp_no.h
neighbour.h
net.h
netdevice.h include/linux/netdevice.h: don't export MAX_HEADER to userspace 2008-06-27 19:54:54 -07:00
netfilter.h
netfilter_arp.h
netfilter_bridge.h
netfilter_decnet.h
netfilter_ipv4.h
netfilter_ipv6.h
netlink.h
netpoll.h
netrom.h
nfs.h
nfs2.h
nfs3.h
nfs4.h
nfs4_acl.h
nfs4_mount.h
nfs_fs.h
nfs_fs_i.h
nfs_fs_sb.h
nfs_idmap.h
nfs_mount.h
nfs_page.h
nfs_xdr.h
nfsacl.h
nfsd_idmap.h
nl80211.h
nls.h
nmi.h
node.h
nodemask.h
notifier.h
nsc_gpio.h
nsproxy.h
nubus.h
numa.h
nvram.h
of.h
of_device.h
of_gpio.h
of_i2c.h
of_platform.h
oom.h
oprofile.h
page-flags.h
page-isolation.h
pageblock-flags.h
pagemap.h
pagevec.h
param.h
parport.h
parport_pc.h
parser.h
patchkey.h
path.h
pci-acpi.h
pci-aspm.h
pci.h x86: PAT export resource_wc in pci sysfs 2008-06-12 10:12:42 +02:00
pci_hotplug.h
pci_ids.h olpc: sdhci: add quirk for the Marvell CaFe's vdd/powerup issue 2008-07-04 10:40:09 -07:00
pci_regs.h
pcieport_if.h
pda_power.h
percpu.h
percpu_counter.h
personality.h
pfkeyv2.h
pfn.h
pg.h
phantom.h
phonedev.h
phy.h
phy_fixed.h
pid.h
pid_namespace.h
pim.h
pipe_fs_i.h
pkt_cls.h
pkt_sched.h
pktcdvd.h
platform_device.h
plist.h
pm.h
pm_legacy.h
pm_qos_params.h
pm_wakeup.h
pmu.h
pnp.h
poison.h
poll.h
posix-timers.h
posix_acl.h
posix_acl_xattr.h
posix_types.h
power_supply.h
ppdev.h
ppp-comp.h
ppp_channel.h
ppp_defs.h
prctl.h
preempt.h
prefetch.h
prio_heap.h
prio_tree.h
proc_fs.h proc_fs.h: move struct mm_struct forward-declaration 2008-06-12 18:05:40 -07:00
profile.h
proportions.h
ptrace.h Security: split proc ptrace checking into read vs. attach 2008-07-14 15:01:47 +10:00
qnx4_fs.h
qnxtypes.h
quicklist.h
quota.h
quotaio_v1.h
quotaio_v2.h
quotaops.h
radeonfb.h
radix-tree.h
raid_class.h
ramfs.h
random.h
raw.h
rbtree.h
rcuclassic.h
rculist.h Introduce rculist.h 2008-07-04 10:40:07 -07:00
rcupdate.h
rcupreempt.h
rcupreempt_trace.h
reboot.h
reciprocal_div.h
regset.h
reiserfs_acl.h
reiserfs_fs.h
reiserfs_fs_i.h
reiserfs_fs_sb.h
reiserfs_xattr.h
relay.h
res_counter.h
resource.h
resume-trace.h
rfkill.h
rio.h
rio_drv.h
rio_ids.h
rio_regs.h
rmap.h
romfs_fs.h
root_dev.h
rose.h
route.h
rslib.h
rtc-v3020.h
rtc.h
rtmutex.h
rtnetlink.h
rwsem-spinlock.h
rwsem.h
rxrpc.h
sc26198.h
scatterlist.h
scc.h
sched.h
screen_info.h
sctp.h
scx200.h
scx200_gpio.h
sdla.h
seccomp.h
securebits.h security: filesystem capabilities: fix fragile setuid fixup code 2008-07-04 10:40:08 -07:00
security.h Security: split proc ptrace checking into read vs. attach 2008-07-14 15:01:47 +10:00
selection.h
selinux.h
selinux_netlink.h
sem.h
semaphore.h
seq_file.h
seq_file_net.h
seqlock.h
serial.h
serial167.h
serialP.h
serial_8250.h
serial_core.h
serial_pnx8xxx.h
serial_reg.h
serial_sci.h
serio.h
shm.h
shmem_fs.h
signal.h
signalfd.h
skbuff.h
slab.h Christoph has moved 2008-07-04 10:40:04 -07:00
slab_def.h
slob_def.h
slub_def.h Christoph has moved 2008-07-04 10:40:04 -07:00
sm501-regs.h
sm501.h
smb.h
smb_fs.h
smb_fs_i.h
smb_fs_sb.h
smb_mount.h
smbno.h
smc91x.h
smp.h
smp_lock.h
snmp.h
socket.h
sockios.h
som.h
sonet.h
sony-laptop.h
sonypi.h
sort.h
sound.h
soundcard.h
spinlock.h
spinlock_api_smp.h
spinlock_api_up.h
spinlock_types.h
spinlock_types_up.h
spinlock_up.h
splice.h
srcu.h
stacktrace.h
stallion.h
start_kernel.h
stat.h
statfs.h
stddef.h
stop_machine.h
string.h
stringify.h
superhyway.h
suspend.h
suspend_ioctls.h
svga.h
swap.h
swapops.h
synclink.h
sys.h
syscalls.h
sysctl.h
sysdev.h
sysfs.h
sysrq.h
sysv_fs.h
task_io_accounting.h
task_io_accounting_ops.h
taskstats.h
taskstats_kern.h
tc.h
tcp.h tcp: Revert 'process defer accept as established' changes. 2008-06-12 16:34:35 -07:00
telephony.h
termios.h
textsearch.h
textsearch_fsm.h
tfrc.h
thermal.h thermal: Create CONFIG_THERMAL_HWMON=n 2008-06-25 19:25:42 -04:00
thread_info.h
threads.h
tick.h
tifm.h
time.h always_inline timespec_add_ns 2008-06-12 10:48:00 +02:00
timer.h
timerfd.h
times.h
timex.h
tiocl.h
tipc.h
tipc_config.h
topology.h
toshiba.h
transport_class.h
trdevice.h
tsacct_kern.h
tty.h
tty_driver.h tty_driver: Update required method documentation 2008-06-23 10:36:47 -07:00
tty_flip.h
tty_ldisc.h
types.h
uaccess.h
udf_fs_i.h
udp.h
uinput.h
uio.h
uio_driver.h
ultrasound.h
un.h
unistd.h
unwind.h
usb.h
usb_usual.h
usbdevice_fs.h
user.h
user_namespace.h
utime.h
uts.h
utsname.h
vermagic.h
veth.h
vfs.h
via.h
video_decoder.h
video_encoder.h
video_output.h
videodev.h
videodev2.h
videotext.h
virtio.h
virtio_9p.h
virtio_balloon.h
virtio_blk.h
virtio_config.h
virtio_console.h
virtio_net.h
virtio_pci.h
virtio_ring.h
virtio_rng.h
vmalloc.h
vmstat.h
vt.h
vt_buffer.h
vt_kern.h
w1-gpio.h
wait.h
wanrouter.h
watchdog.h
wireless.h
wm97xx.h
workqueue.h
writeback.h
x25.h
xattr.h
xfrm.h xfrm: Add a XFRM_STATE_AF_UNSPEC flag to xfrm_usersa_info 2008-07-10 16:55:37 -07:00
xilinxfb.h
yam.h
zconf.h
zlib.h
zorro.h
zorro_ids.h
zutil.h