selinux: Implement the watch_key security hook - linux

diff options

author	David Howells <dhowells@redhat.com>	2020-01-14 18:07:13 +0100
committer	David Howells <dhowells@redhat.com>	2020-05-19 16:47:15 +0200
commit	3e412ccc22e25666772094fb5ca01af056c54471 (patch)
tree	adf880d0ca933b12eef91835374adf0edaa9f8a0 /init
parent	keys: Make the KEY_NEED_* perms an enum rather than a mask (diff)
download	linux-3e412ccc22e25666772094fb5ca01af056c54471.tar.xz linux-3e412ccc22e25666772094fb5ca01af056c54471.zip

selinux: Implement the watch_key security hook

Implement the watch_key security hook to make sure that a key grants the caller View permission in order to set a watch on a key. For the moment, the watch_devices security hook is left unimplemented as it's not obvious what the object should be since the queue is global and didn't previously exist. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: James Morris <jamorris@linux.microsoft.com>

Diffstat (limited to 'init')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: