android_kernel_xiaomi_sm8350/mm
Eric Paris ed03218951 security: Protection for exploiting null dereference using mmap
Add a new security check on mmap operations to see if the user is attempting
to mmap to low area of the address space.  The amount of space protected is
indicated by the new proc tunable /proc/sys/vm/mmap_min_addr and defaults to
0, preserving existing behavior.

This patch uses a new SELinux security class "memprotect."  Policy already
contains a number of allow rules like a_t self:process * (unconfined_t being
one of them) which mean that putting this check in the process class (its
best current fit) would make it useless as all user processes, which we also
want to protect against, would be allowed. By taking the memprotect name of
the new class it will also make it possible for us to move some of the other
memory protect permissions out of 'process' and into the new class next time
we bump the policy version number (which I also think is a good future idea)

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2007-07-11 22:52:29 -04:00
..
allocpercpu.c
backing-dev.c
bootmem.c
bounce.c
fadvise.c
filemap_xip.c xip sendfile removal 2007-07-10 08:04:15 +02:00
filemap.c sendfile: kill generic_file_sendfile() 2007-07-10 08:04:14 +02:00
filemap.h
fremap.c
highmem.c
hugetlb.c Rework ptep_set_access_flags and fix sun4c 2007-06-16 13:16:16 -07:00
internal.h
Kconfig
madvise.c
Makefile
memory_hotplug.c memory hotplug: fix unnecessary calling of init_currenty_empty_zone() 2007-06-01 08:18:29 -07:00
memory.c Rework ptep_set_access_flags and fix sun4c 2007-06-16 13:16:16 -07:00
mempolicy.c
mempool.c
migrate.c
mincore.c
mlock.c
mmap.c security: Protection for exploiting null dereference using mmap 2007-07-11 22:52:29 -04:00
mmzone.c
mprotect.c
mremap.c security: Protection for exploiting null dereference using mmap 2007-07-11 22:52:29 -04:00
msync.c
nommu.c security: Protection for exploiting null dereference using mmap 2007-07-11 22:52:29 -04:00
oom_kill.c
page_alloc.c mm: Fix memory/cpu hotplug section mismatch and oops. 2007-06-15 16:18:08 -07:00
page_io.c
page-writeback.c
pdflush.c
prio_tree.c
quicklist.c
readahead.c
rmap.c mm: kill validate_anon_vma to avoid mapcount BUG 2007-06-28 11:34:53 -07:00
shmem_acl.c
shmem.c shmem: convert to using splice instead of sendfile() 2007-07-10 08:04:15 +02:00
slab.c Fix slab redzone alignment 2007-07-05 15:54:13 -07:00
slob.c
slub.c slub: remove useless EXPORT_SYMBOL 2007-07-06 11:45:11 -07:00
sparse.c Move three functions that are only needed for CONFIG_MEMORY_HOTPLUG 2007-06-08 17:23:33 -07:00
swap_state.c
swap.c
swapfile.c
thrash.c
tiny-shmem.c
truncate.c
util.c
vmalloc.c
vmscan.c
vmstat.c mm: fixup /proc/vmstat output 2007-07-06 10:26:50 -07:00