linux/security
Kees Cook 13752fe2d7 security: introduce kernel_fw_from_file hook
In order to validate the contents of firmware being loaded, there must be
a hook to evaluate any loaded firmware that wasn't built into the kernel
itself. Without this, there is a risk that a root user could load malicious
firmware designed to mount an attack against kernel memory (e.g. via DMA).

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
2014-07-25 11:47:45 -07:00
..
apparmor sched: move no_new_privs into new atomic flags 2014-07-18 12:13:38 -07:00
integrity ima: define '.ima' as a builtin 'trusted' keyring 2014-07-17 09:35:17 -04:00
keys Merge branch 'keys-fixes' into keys-next 2014-07-22 21:55:45 +01:00
selinux Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2014-07-19 17:39:19 +10:00
smack Merge branch 'smack-for-3.16' of git://git.gitorious.org/smack-next/kernel into next 2014-05-20 14:50:09 +10:00
tomoyo get rid of pointless checks for NULL ->i_op 2014-04-01 23:19:16 -04:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c security: introduce kernel_fw_from_file hook 2014-07-25 11:47:45 -07:00
commoncap.c CAPABILITIES: remove undefined caps from all processes 2014-07-24 21:53:47 +10:00
device_cgroup.c device_cgroup: use css_has_online_children() instead of has_children() 2014-05-16 13:22:52 -04:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64 2014-02-05 14:59:14 +00:00
lsm_audit.c audit: anchor all pid references in the initial pid namespace 2014-03-20 10:11:55 -04:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c security: introduce kernel_fw_from_file hook 2014-07-25 11:47:45 -07:00