Christian Göttsche 896e9e5778 security: keys: perform capable check only on privileged operations ... [ Upstream commit 2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7 ] If the current task fails the check for the queried capability via `capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message. Issuing such denial messages unnecessarily can lead to a policy author granting more privileges to a subject than needed to silence them. Reorder CAP_SYS_ADMIN checks after the check whether the operation is actually privileged. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-09-13 09:42:23 +02:00
..
encrypted-keys	KEYS: encrypted: fix key instantiation with user-provided data	2022-12-21 17:48:11 +01:00
trusted-keys	security: keys: Modify mismatched function name	2023-07-27 08:50:43 +02:00
big_key.c	big_keys: Use struct for internal payload	2022-05-16 16:02:21 -07:00
compat.c
compat_dh.c
dh.c	crypto: dh - constify struct dh's pointer members	2022-03-03 10:47:50 +12:00
gc.c
internal.h	KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALL	2022-09-21 17:32:48 -07:00
Kconfig	KEYS: trusted: allow use of TEE as backend without TCG_TPM support	2022-05-23 18:47:50 +03:00
key.c	certs: Fix blacklist flag type confusion	2021-01-21 16:16:10 +00:00
keyctl.c	security: keys: perform capable check only on privileged operations	2023-09-13 09:42:23 +02:00
keyctl_pkey.c	KEYS: fix length validation in keyctl_pkey_params_get_2()	2022-03-08 10:33:18 +02:00
keyring.c	security/keys: Remove inconsistent __user annotation	2022-10-05 00:25:56 +03:00
Makefile
permission.c
persistent.c
proc.c
process_keys.c	ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring	2021-10-20 10:34:20 -05:00
request_key.c	keys: Fix linking a duplicate key to a keyring's assoc_array	2023-07-27 08:50:24 +02:00
request_key_auth.c
sysctl.c
user_defined.c