diff options
| author | Jiri Kosina <jkosina@suse.com> | 2025-03-26 13:42:07 +0100 |
|---|---|---|
| committer | Jiri Kosina <jkosina@suse.com> | 2025-03-26 13:42:07 +0100 |
| commit | b3cc7428a32202936904b5b07cf9f135025bafd6 (patch) | |
| tree | d4a1a6180ac5939fccd92acd6f8d7d1388575c4a /security/security.c | |
| parent | db52926fb0be40e1d588a346df73f5ea3a34a4c6 (diff) | |
| parent | 01601fdd40ecf4467c8ae4d215dbb7d2a0599a2c (diff) | |
Merge branch 'for-6.15/amd_sfh' into for-linus
From: Mario Limonciello <mario.limonciello@amd.com>
Some platforms include a human presence detection (HPD) sensor. When
enabled and a user is detected a wake event will be emitted from the
sensor fusion hub that software can react to.
Example use cases are "wake from suspend on approach" or to "lock
when leaving".
This is currently enabled by default on supported systems, but users
can't control it. This essentially means that wake on approach is
enabled which is a really surprising behavior to users that don't
expect it.
Instead of defaulting to enabled add a sysfs knob that users can
use to enable the feature if desirable and set it to disabled by
default.
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index 39df4451455bc..143561ebc3e89 100644 --- a/security/security.c +++ b/security/security.c @@ -1248,6 +1248,12 @@ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) * to 1 if AT_SECURE should be set to request libc enable secure mode. @bprm * contains the linux_binprm structure. * + * If execveat(2) is called with the AT_EXECVE_CHECK flag, bprm->is_check is + * set. The result must be the same as without this flag even if the execution + * will never really happen and @bprm will always be dropped. + * + * This hook must not change current->cred, only @bprm->cred. + * * Return: Returns 0 if the hook is successful and permission is granted. */ int security_bprm_creds_for_exec(struct linux_binprm *bprm) @@ -3097,6 +3103,10 @@ int security_file_receive(struct file *file) * Save open-time permission checking state for later use upon file_permission, * and recheck access if anything has changed since inode_permission. * + * We can check if a file is opened for execution (e.g. execve(2) call), either + * directly or indirectly (e.g. ELF's ld.so) by checking file->f_flags & + * __FMODE_EXEC . + * * Return: Returns 0 if permission is granted. */ int security_file_open(struct file *file) |