linux-toradex.git/security/apparmor/include/file.h, branch v4.12-rc4 Linux kernel for Apalis and Colibri modules apparmor: change aad apparmor_audit_data macro to a fn macro 2017-01-16T09:18:47+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:43:02+00:00 ef88a7ac55fdd3bf6ac3942b83aa29311b45339b The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen <john.johansen@canonical.com> 
The aad macro can replace aad strings when it is not intended to. Switch
to a fn macro so it is only applied when intended.

Also at the same time cleanup audit_data initialization by putting
common boiler plate behind a macro, and dropping the gfp_t parameter
which will become useless.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: change op from int to const char * 2017-01-16T09:18:46+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:43:01+00:00 47f6e5cc7355e4ff2fd7ace919aa9e291077c26b Having ops be an integer that is an index into an op name table is awkward and brittle. Every op change requires an edit for both the op constant and a string in the table. Instead switch to using const strings directly, eliminating the need for the table that needs to be kept in sync. Signed-off-by: John Johansen <john.johansen@canonical.com> 
Having ops be an integer that is an index into an op name table is
awkward and brittle. Every op change requires an edit for both the
op constant and a string in the table. Instead switch to using const
strings directly, eliminating the need for the table that needs to
be kept in sync.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: constify aa_path_link() 2016-03-28T04:47:26+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T19:07:03+00:00 3539aaf670cdd68a37314cd5db400c0c77287c88 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[apparmor] constify struct path * in a bunch of helpers 2016-03-28T03:48:14+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T18:18:14+00:00 2c7661ff419580f5c06ea409e31407e0ff52cb95 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
apparmor: fix sparse warnings 2013-04-28T07:39:35+00:00 John Johansen john.johansen@canonical.com 2013-02-21T21:25:44+00:00 53fe8b9961716033571d9799005bfdbbafa5162c Fix a couple of warning reported by sparse Signed-off-by: John Johansen <john.johansen@canonical.com> 
Fix a couple of warning reported by sparse

Signed-off-by: John Johansen <john.johansen@canonical.com>
userns: Convert apparmor to use kuid and kgid where appropriate 2012-09-21T10:13:21+00:00 Eric W. Biederman ebiederm@xmission.com 2012-02-08T00:33:13+00:00 2db81452931eb51cc739d6e495cf1bd4860c3c99 Cc: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 
Cc: John Johansen <john.johansen@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
AppArmor: Fix underflow in xindex calculation 2012-02-27T19:38:21+00:00 John Johansen john.johansen@canonical.com 2012-02-22T08:32:30+00:00 8b964eae204d791421677ec56b94a7b18cf8740d If the xindex value stored in the accept tables is 0, the extraction of that value will result in an underflow (0 - 4). In properly compiled policy this should not happen for file rules but it may be possible for other rule types in the future. To exploit this underflow a user would have to be able to load a corrupt policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel memory or know of a compiler error resulting in the flaw being present for loaded policy (no such flaw is known at this time). Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 
If the xindex value stored in the accept tables is 0, the extraction of
that value will result in an underflow (0 - 4).

In properly compiled policy this should not happen for file rules but
it may be possible for other rule types in the future.

To exploit this underflow a user would have to be able to load a corrupt
policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel
memory or know of a compiler error resulting in the flaw being present
for loaded policy (no such flaw is known at this time).

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
headers: path.h redux 2011-01-10T16:51:44+00:00 Alexey Dobriyan adobriyan@gmail.com 2011-01-10T06:17:10+00:00 37721e1b0cf98cb65895f234d8c500d270546529 Remove path.h from sched.h and other files. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Remove path.h from sched.h and other files.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
AppArmor: file enforcement routines 2010-08-02T05:35:14+00:00 John Johansen john.johansen@canonical.com 2010-07-29T21:48:04+00:00 6380bd8ddf613b29f478396308b591867d401de4 AppArmor does files enforcement via pathname matching. Matching is done at file open using a dfa match engine. Permission is against the final file object not parent directories, ie. the traversal of directories as part of the file match is implicitly allowed. In the case of nonexistant files (creation) permissions are checked against the target file not the directory. eg. In case of creating the file /dir/new, permissions are checked against the match /dir/new not against /dir/. The permissions for matches are currently stored in the dfa accept table, but this will change to allow for dfa reuse and also to allow for sharing of wider accept states. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 
AppArmor does files enforcement via pathname matching.  Matching is done
at file open using a dfa match engine.  Permission is against the final
file object not parent directories, ie. the traversal of directories
as part of the file match is implicitly allowed.  In the case of nonexistant
files (creation) permissions are checked against the target file not the
directory.  eg. In case of creating the file /dir/new, permissions are
checked against the match /dir/new not against /dir/.

The permissions for matches are currently stored in the dfa accept table,
but this will change to allow for dfa reuse and also to allow for sharing
of wider accept states.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>