linux-toradex.git/security/apparmor/audit.c, branch v3.13.5 Linux kernel for Apalis and Colibri modules apparmor: remove parent task info from audit logging 2013-10-30T04:34:04+00:00 John Johansen john.johansen@canonical.com 2013-10-08T12:39:02+00:00 4a7fc3018f05f4305723b508b12f3be13b7c4875 The reporting of the parent task info is a vestage from old versions of apparmor. The need for this information was removed by unique null- profiles before apparmor was upstreamed so remove this info from logging. Signed-off-by: John Johansen <john.johansen@canonical.com> 
The reporting of the parent task info is a vestage from old versions of
apparmor. The need for this information was removed by unique null-
profiles before apparmor was upstreamed so remove this info from logging.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: remove tsk field from the apparmor_audit_struct 2013-10-30T04:33:52+00:00 John Johansen john.johansen@canonical.com 2013-10-08T12:37:26+00:00 61e3fb8acaea0ca4303ef123bae7edf8435dc2b7 Now that aa_capabile no longer sets the task field it can be removed and the lsm_audit version of the field can be used. Signed-off-by: John Johansen <john.johansen@canonical.com> 
Now that aa_capabile no longer sets the task field it can be removed
and the lsm_audit version of the field can be used.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: fix the audit type table 2013-04-28T07:37:41+00:00 John Johansen john.johansen@canonical.com 2013-02-19T00:13:34+00:00 b492d50bf597b87ab7ea1e738ec837f74b11594e The audit type table is missing a comma so that KILLED comes out as KILLEDAUTO. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <sbeattie@ubuntu.com> 
The audit type table is missing a comma so that KILLED comes out as
KILLEDAUTO.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
apparmor: move task from common_audit_data to apparmor_audit_data 2012-04-09T16:23:02+00:00 Eric Paris eparis@redhat.com 2012-04-04T19:01:42+00:00 0972c74ecba4878baa5f97bb78b242c0eefacfb6 apparmor is the only LSM that uses the common_audit_data tsk field. Instead of making all LSMs pay for the stack space move the aa usage into the apparmor_audit_data. Signed-off-by: Eric Paris <eparis@redhat.com> 
apparmor is the only LSM that uses the common_audit_data tsk field.
Instead of making all LSMs pay for the stack space move the aa usage into
the apparmor_audit_data.

Signed-off-by: Eric Paris <eparis@redhat.com>
lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' 2012-04-03T16:49:59+00:00 Linus Torvalds torvalds@linux-foundation.org 2012-04-02T22:48:12+00:00 b61c37f57988567c84359645f8202a7c84bc798a It just bloats the audit data structure for no good reason, since the only time those fields are filled are just before calling the common_lsm_audit() function, which is also the only user of those fields. So just make them be the arguments to common_lsm_audit(), rather than bloating that structure that is passed around everywhere, and is initialized in hot paths. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.

So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03T16:48:40+00:00 Eric Paris eparis@redhat.com 2012-04-03T16:37:02+00:00 3b3b0e4fc15efa507b902d90cea39e496a523c3b Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
AppArmor: add const qualifiers to string arrays 2012-03-15T02:09:13+00:00 Jan Engelhardt jengelh@medozas.de 2012-03-14T12:30:36+00:00 2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: John Johansen <john.johansen@canonical.com> 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: John Johansen <john.johansen@canonical.com>
AppArmor: Fix dropping of allowed operations that are force audited 2012-02-27T19:38:21+00:00 John Johansen john.johansen@canonical.com 2012-02-22T08:20:26+00:00 ade3ddc01e2e426cc24c744be85dcaad4e8f8aba The audit permission flag, that specifies an audit message should be provided when an operation is allowed, was being ignored in some cases. This is because the auto audit mode (which determines the audit mode from system flags) was incorrectly assigned the same value as audit mode. The shared value would result in messages that should be audited going through a second evaluation as to whether they should be audited based on the auto audit, resulting in some messages being dropped. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 
The audit permission flag, that specifies an audit message should be
provided when an operation is allowed, was being ignored in some cases.

This is because the auto audit mode (which determines the audit mode from
system flags) was incorrectly assigned the same value as audit mode. The
shared value would result in messages that should be audited going through
a second evaluation as to whether they should be audited based on the
auto audit, resulting in some messages being dropped.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
apparmor: add missing rcu_dereference() 2011-12-09T01:08:41+00:00 Kees Cook keescook@chromium.org 2011-12-09T00:25:48+00:00 2053c4727c5a891bf182397e425b6cb87b2ae613 Adds a missed rcu_dereference() around real_parent. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 
Adds a missed rcu_dereference() around real_parent.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
AppArmor: basic auditing infrastructure. 2010-08-02T05:35:11+00:00 John Johansen john.johansen@canonical.com 2010-07-29T21:47:58+00:00 67012e8209df95a8290d135753ff5145431a666e Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 
Update lsm_audit for AppArmor specific data, and add the core routines for
AppArmor uses for auditing.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>