aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
AgeCommit message (Expand)AuthorFilesLines
2019-10-05integrity: remove pointless subdir-$(CONFIG_...)Masahiro Yamada1-2/+0
2019-10-05integrity: remove unneeded, broken attempt to add -fshort-wcharMasahiro Yamada1-1/+0
2019-09-28Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds4-3/+55
2019-08-29ima: ima_api: Use struct_size() in kzalloc()Gustavo A. R. Silva1-2/+2
2019-08-29ima: use struct_size() in kzalloc()Gustavo A. R. Silva1-3/+2
2019-08-28ima: Fix use after free in ima_read_modsig()Thiago Jung Bauermann1-1/+2
2019-08-19kexec: Allow kexec_file() with appropriate IMA policy when locked downMatthew Garrett3-1/+53
2019-08-19kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCEJiri Bohac2-2/+2
2019-08-05ima: fix freeing ongoing ahash_requestSascha Hauer1-0/+5
2019-08-05ima: always return negative code for errorSascha Hauer1-1/+4
2019-08-05ima: Store the measurement again when appraising a modsigThiago Jung Bauermann4-7/+47
2019-08-05ima: Define ima-modsig templateThiago Jung Bauermann8-6/+156
2019-08-05ima: Collect modsigThiago Jung Bauermann5-5/+60
2019-08-05ima: Implement support for module-style appended signaturesThiago Jung Bauermann8-23/+209
2019-08-05ima: Factor xattr_verify() out of ima_appraise_measurement()Thiago Jung Bauermann1-60/+81
2019-08-05ima: Add modsig appraise_type option for module-style appended signaturesThiago Jung Bauermann6-2/+62
2019-08-05integrity: Select CONFIG_KEYS instead of depending on itThiago Jung Bauermann1-1/+1
2019-08-01ima: initialize the "template" field with the default templateMimi Zohar1-2/+4
2019-07-10Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds6-39/+29
2019-07-08Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds13-67/+363
2019-07-08Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds6-29/+39
2019-07-08Merge tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-2/+2
2019-06-30integrity: Introduce struct evm_xattrThiago Jung Bauermann3-7/+14
2019-06-30ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definitionThiago Jung Bauermann1-1/+7
2019-06-30IMA: Define a new template field bufPrakhar Srivastava5-1/+33
2019-06-27keys: Replace uid/gid/perm permissions checking with an ACLDavid Howells6-29/+39
2019-06-26keys: Add a 'recurse' flag for keyring searchesDavid Howells1-2/+2
2019-06-24IMA: Define a new hook to measure the kexec boot command line argumentsPrakhar Srivastava4-0/+81
2019-06-19IMA: support for per policy rule template formatsMatthew Garrett7-27/+76
2019-06-17integrity: Fix __integrity_init_keyring() section mismatchGeert Uytterhoeven1-2/+3
2019-06-14ima: Use designated initializers for struct ima_event_dataThiago Jung Bauermann2-6/+11
2019-06-14ima: use the lsm policy update notifierJanne Karhunen3-20/+106
2019-06-14x86/ima: fix the Kconfig dependency for IMA_ARCH_POLICYNayna Jain1-1/+2
2019-06-14ima: Make arch_policy_entry staticYueHaibing1-1/+1
2019-06-05treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441Thomas Gleixner23-110/+23
2019-06-04ima: prevent a file already mmap'ed write to be mmap'ed executeMimi Zohar1-2/+30
2019-05-31Merge branch 'next-fixes-for-5.2-rc' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds2-12/+19
2019-05-30treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152Thomas Gleixner1-5/+1
2019-05-29ima: show rules with IMA_INMASK correctlyRoberto Sassu1-9/+12
2019-05-29evm: check hash algorithm passed to init_desc()Roberto Sassu1-0/+3
2019-05-21treewide: Add SPDX license identifier - Makefile/KconfigThomas Gleixner4-0/+4
2019-05-19ima: fix wrong signed policy requirement when not appraisingPetr Vorel1-3/+4
2019-05-07Merge tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-5/+5
2019-05-06Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds3-7/+9
2019-04-26s390/ipl: read IPL report at early bootMartin Schwidefsky3-5/+50
2019-04-25crypto: shash - remove shash_desc::flagsEric Biggers2-5/+0
2019-04-18integrity: support EC-RDSA signatures for asymmetric_verifyVitaly Chikunov1-2/+9
2019-03-27audit: link integrity evm_write_xattrs record to syscall eventRichard Guy Briggs1-5/+5
2019-03-10Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds4-6/+36
2019-03-10Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds4-9/+38
2019-03-07Merge tag 'audit-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds2-6/+3
2019-03-07Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-0/+6
2019-03-04get rid of legacy 'get_ds()' functionLinus Torvalds1-1/+1
2019-02-22security: mark expected switch fall-throughs and add a missing breakGustavo A. R. Silva3-0/+6
2019-02-13tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()Roberto Sassu3-1/+31
2019-02-13tpm: retrieve digest size of unknown algorithms with PCR readRoberto Sassu1-5/+5
2019-02-04evm: Use defined constant for UUID representationAndy Shevchenko1-2/+1
2019-02-04ima: define ima_post_create_tmpfile() hook and add missing callMimi Zohar1-2/+33
2019-02-04evm: remove set but not used variable 'xattr'YueHaibing1-5/+1
2019-02-04integrity, KEYS: add a reference to platform keyringKairui Song1-0/+3
2019-01-31audit: remove unused actx param from audit_rule_matchRichard Guy Briggs2-6/+3
2019-01-02Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds1-2/+3
2019-01-02Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds11-92/+633
2018-12-29Merge tag 'kconfig-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/ma...Linus Torvalds1-2/+2
2018-12-28mm: convert totalram_pages and totalhigh_pages variables to atomicArun KS1-1/+1
2018-12-27Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-2/+1
2018-12-27Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds12-17/+10
2018-12-27Merge tag 'audit-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2018-12-22treewide: surround Kconfig file paths with double quotesMasahiro Yamada1-2/+2
2018-12-20security: integrity: partial revert of make ima_main explicitly non-modularPaul Gortmaker1-1/+1
2018-12-17ima: cleanup the match_token policy codeMimi Zohar1-5/+5
2018-12-17integrity: Remove references to module keyringThiago Jung Bauermann2-4/+2
2018-12-17Merge tag 'tpmdd-next-20181217' of git://git.infradead.org/users/jjs/linux-tp...James Morris1-2/+3
2018-12-17Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...James Morris11-91/+634
2018-12-17Merge tag 'v4.20-rc7' into next-generalJames Morris1-0/+1
2018-12-12ima: Use inode_is_open_for_writeNikolay Borisov1-1/+1
2018-12-12ima: Support platform keyring for kernel appraisalNayna Jain1-2/+12
2018-12-12efi: Allow the "db" UEFI variable to be suppressedJosh Boyer1-10/+35
2018-12-12efi: Import certificates from UEFI Secure BootJosh Boyer2-1/+173
2018-12-12efi: Add an EFI signature blob parserDave Howells2-1/+110
2018-12-12integrity: Load certs to the platform keyringNayna Jain3-24/+86
2018-12-12integrity: Define a trusted platform keyringNayna Jain5-16/+81
2018-12-12security: audit and remove any unnecessary uses of module.hPaul Gortmaker10-10/+7
2018-12-12security: integrity: make evm_main explicitly non-modularPaul Gortmaker1-4/+1
2018-12-12security: integrity: make ima_main explicitly non-modularPaul Gortmaker1-4/+3
2018-12-11ima: don't measure/appraise files on efivarfsMimi Zohar1-1/+3
2018-12-11x86/ima: define arch_get_ima_policy() for x86Eric Richter1-1/+9
2018-12-11ima: add support for arch specific policiesNayna Jain1-2/+70
2018-12-11ima: refactor ima_init_policy()Nayna Jain1-41/+56
2018-12-11ima: prevent kexec_load syscall based on runtime secureboot flagNayna Jain1-6/+13
2018-11-26audit: use current whenever possiblePaul Moore1-1/+1
2018-11-20crypto: drop mask=CRYPTO_ALG_ASYNC from 'shash' tfm allocationsEric Biggers1-2/+1
2018-11-13integrity: support new struct public_key_signature encoding fieldMimi Zohar1-0/+1
2018-11-13integrity: support new struct public_key_signature encoding fieldMimi Zohar1-0/+1
2018-11-13tpm: use u32 instead of int for PCR indexTomas Winkler1-2/+3
2018-10-25Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds9-43/+54
2018-10-10LSM: Record LSM name in struct lsm_infoKees Cook1-0/+1
2018-10-10LSM: Convert security_initcall() into DEFINE_LSM()Kees Cook1-1/+3
2018-10-10LSM: Convert from initcall to struct lsm_infoKees Cook1-0/+1
2018-10-10ima: open a new file instance if no read permissionsGoldwyn Rodrigues1-20/+34
2018-10-10ima: fix showing large 'violations' or 'runtime_measurements_count'Eric Biggers1-3/+3
2018-10-10security/integrity: remove unnecessary 'init_keyring' variableEric Biggers1-7/+1
2018-10-10security/integrity: constify some read-only dataEric Biggers8-13/+16
2018-08-15Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds11-45/+102
2018-08-15Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds4-16/+10
2018-08-15Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-17/+158
2018-07-28ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL insteadStefan Berger4-8/+4
2018-07-28ima: Use tpm_default_chip() and call TPM functions with a tpm_chipStefan Berger4-9/+7
2018-07-22EVM: fix return value check in evm_write_xattrs()Wei Yongjun1-2/+2
2018-07-18integrity: prevent deadlock during digsig verification.Mikhail Kurinnoi1-0/+23
2018-07-18evm: Allow non-SHA1 digital signaturesMatthew Garrett4-31/+46
2018-07-18evm: Don't deadlock if a crypto algorithm is unavailableMatthew Garrett1-1/+2
2018-07-18integrity: silence warning when CONFIG_SECURITYFS is not enabledSudeep Holla1-3/+6
2018-07-18ima: Differentiate auditing policy rules from "audit" actionsStefan Berger1-2/+2
2018-07-18ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not setStefan Berger3-1/+21
2018-07-18ima: Use audit_log_format() rather than audit_log_string()Stefan Berger2-7/+2
2018-07-18ima: Call audit_log_string() rather than logging it untrustedStefan Berger1-1/+1
2018-07-16ima: based on policy warn about loading firmware (pre-allocated buffer)Mimi Zohar1-0/+8
2018-07-16module: replace the existing LSM hook in init_moduleMimi Zohar1-13/+10
2018-07-16ima: add build time policyMimi Zohar2-3/+101
2018-07-16ima: based on policy require signed firmware (sysfs fallback)Mimi Zohar1-1/+9
2018-07-16ima: based on policy require signed kexec kernel imagesMimi Zohar3-0/+30
2018-07-12IMA: don't propagate opened through the entire thingAl Viro3-12/+12
2018-06-07Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds13-83/+362
2018-06-06Merge tag 'audit-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds2-2/+2
2018-06-01EVM: unlock on error path in evm_read_xattrs()Dan Carpenter1-1/+3
2018-05-31EVM: prevent array underflow in evm_write_xattrs()Dan Carpenter1-1/+1
2018-05-31EVM: Fix null dereference on xattr when xattr fails to allocateColin Ian King1-2/+4
2018-05-31EVM: fix memory leak of temporary buffer 'temp'Colin Ian King1-0/+2
2018-05-31IMA: use list_splice_tail_init_rcu() instead of its open coded variantPetko Manolov1-15/+2
2018-05-31ima: use match_string() helperYisheng Xie1-7/+4
2018-05-22ima: fix updating the ima_appraise flagMimi Zohar1-9/+19
2018-05-22ima: based on policy verify firmware signatures (pre-allocated buffer)Mimi Zohar1-0/+1
2018-05-22ima: define a new policy condition based on the filesystem nameMimi Zohar1-1/+24
2018-05-18EVM: Allow runtime modification of the set of verified xattrsMatthew Garrett4-4/+188
2018-05-18EVM: turn evm_config_xattrnames into a listMatthew Garrett3-39/+57
2018-05-17integrity: Add an integrity directory in securityfsMatthew Garrett4-4/+52
2018-05-17ima: Remove unused variable ima_initializedPetr Vorel2-6/+2
2018-05-17ima: Unify loggingPetr Vorel3-2/+9
2018-05-17ima: Reflect correct permissions for policyPetr Vorel1-0/+2
2018-05-14audit: use inline function to get audit contextRichard Guy Briggs2-2/+2
2018-05-03evm: Don't update hmacs in user ns mountsSeth Forshee1-1/+2
2018-03-25ima: Fallback to the builtin hash algorithmPetr Vorel2-0/+15
2018-03-25ima: Add smackfs to the default appraise/measure listMartin Townsend1-0/+2
2018-03-25evm: check for remount ro in progress before writingSascha Hauer1-2/+6
2018-03-25ima: Improvements in ima_appraise_measurement()Thiago Jung Bauermann1-13/+22
2018-03-25ima: Simplify ima_eventsig_init()Thiago Jung Bauermann1-8/+3
2018-03-25integrity: Remove unused macro IMA_ACTION_RULE_FLAGSThiago Jung Bauermann1-1/+0
2018-03-25ima: drop vla in ima_audit_measurement()Tycho Andersen1-6/+10
2018-03-25ima: Fix Kconfig to select TPM 2.0 CRB interfaceJiandi An1-0/+1
2018-03-23evm: Constify *integrity_status_msg[]Hernán Gonzalez1-1/+1
2018-03-23evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.cHernán Gonzalez3-4/+3
2018-03-23ima: fail signature verification based on policyMimi Zohar4-6/+14
2018-03-23ima: clear IMA_HASHMimi Zohar1-1/+1
2018-03-23ima: re-evaluate files on privileged mounted filesystemsMimi Zohar1-2/+11
2018-03-23ima: fail file signature verification on non-init mounted filesystemsMimi Zohar1-1/+14
2018-03-23IMA: Support using new creds in appraisal policyMatthew Garrett7-29/+79
2018-02-22integrity/security: fix digsig.c build error with header fileRandy Dunlap1-0/+1
2018-02-07Merge tag 'iversion-v4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-1/+1
2018-02-02ima: re-initialize iint->atomic_flagsMimi Zohar1-0/+1
2018-02-01iversion: Rename make inode_cmp_iversion{+raw} to inode_eq_iversion{+raw}Goffredo Baroncelli1-1/+1
2018-01-31Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds3-3/+3
2018-01-31Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds11-105/+294
2018-01-29IMA: switch IMA over to new i_version APIJeff Layton2-2/+4
2018-01-18ima/policy: fix parsing of fsuuidMike Rapoport1-1/+1
2018-01-08tpm: use struct tpm_chip for tpm_chip_find_get()Jarkko Sakkinen3-3/+3
2017-12-18ima: Use i_version only when filesystem supports itSascha Hauer1-1/+2
2017-12-18integrity: remove unneeded initializations in integrity_iint_cache entriesJeff Layton1-4/+0
2017-12-18ima: log message to module appraisal errorBruno E. O. Meneguele1-1/+3
2017-12-18ima: pass filename to ima_rdwr_violation_check()Roberto Sassu1-3/+3
2017-12-18ima: Fix line continuation formatJoe Perches1-6/+5
2017-12-18ima: support new "hash" and "dont_hash" policy actionsMimi Zohar5-20/+63
2017-12-13ima: Use i_version only when filesystem supports itSascha Hauer1-1/+2
2017-12-11ima: re-introduce own integrity cache lockDmitry Kasatkin4-40/+77
2017-12-11EVM: Add support for portable signature formatMatthew Garrett5-21/+91
2017-12-11EVM: Allow userland to permit modification of EVM-protected metadataMatthew Garrett3-12/+53
2017-12-11ima: relax requiring a file signature for new files with zero lengthMimi Zohar1-1/+2
2017-11-20ima: do not update security.ima if appraisal status is not INTEGRITY_PASSRoberto Sassu1-0/+3
2017-11-14Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-39/+17
2017-11-13Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds13-110/+108
2017-11-08ima: Remove redundant conditional operatorThiago Jung Bauermann1-2/+2
2017-11-08ima: Fix bool initialization/comparisonThomas Meyer2-4/+4
2017-11-08ima: check signature enforcement against cmdline param instead of CONFIGBruno E. O. Meneguele1-3/+3
2017-11-08ima: fix hash algorithm initializationBoshi Wang1-0/+4
2017-11-08EVM: Only complain about a missing HMAC key onceMatthew Garrett1-1/+1
2017-11-08EVM: Allow userspace to signal an RSA key has been loadedMatthew Garrett2-12/+20
2017-11-08EVM: Include security.apparmor in EVM measurementsMatthew Garrett1-0/+3
2017-11-08integrity: use kernel_read_file_from_path() to read x509 certsChristoph Hellwig4-56/+13
2017-11-08ima: always measure and audit files in policyMimi Zohar3-30/+56
2017-11-08ima: don't remove the securityfs policy fileMimi Zohar1-2/+2
2017-11-03ima: move to generic async completionGilad Ben-Yossef1-39/+17
2017-11-02License cleanup: add SPDX GPL-2.0 license identifier to files with no licenseGreg Kroah-Hartman2-0/+2
2017-07-05Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds12-177/+211
2017-06-21ima: Log the same audit cause whenever a file has no signatureThiago Jung Bauermann1-1/+2
2017-06-21ima: Simplify policy_func_show.Thiago Jung Bauermann2-62/+21
2017-06-21integrity: Small code improvementsThiago Jung Bauermann6-9/+11
2017-06-21ima: fix get_binary_runtime_size()Roberto Sassu1-1/+1
2017-06-21ima: use ima_parse_buf() to parse template dataRoberto Sassu1-31/+13
2017-06-21ima: use ima_parse_buf() to parse measurements headersRoberto Sassu1-52/+28
2017-06-21ima: introduce ima_parse_buf()Roberto Sassu2-0/+67
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-29 06:11:12 +0000