linux-toradex.git/security/apparmor/include/label.h, branch v4.17-rc1 Linux kernel for Apalis and Colibri modules apparmor: provide a bounded version of label_parse 2018-02-09T19:30:01+00:00 John Johansen john.johansen@canonical.com 2017-09-06T23:33:56+00:00 95652cac83605d96cf3849e80e3e3f4dce74f5da some label/context sources might not be guaranteed to be null terminiated provide a size bounded version of label parse to deal with these. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
some label/context sources might not be guaranteed to be null terminiated
provide a size bounded version of label parse to deal with these.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: use the dfa to do label parse string splitting 2018-02-09T19:30:01+00:00 John Johansen john.johansen@canonical.com 2017-09-06T21:57:59+00:00 6e0654d20ed9679cbf75a0ff7cd786e364f7f09a The current split scheme is actually wrong in that it splits ///& where that is invalid and should fail. Use the dfa to do a proper bounded split without having to worry about getting the string processing right in code. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
The current split scheme is actually wrong in that it splits
  ///&

where that is invalid and should fail. Use the dfa to do a proper
bounded split without having to worry about getting the string
processing right in code.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: add support for absolute root view based labels 2017-09-22T20:00:58+00:00 John Johansen john.johansen@canonical.com 2017-08-06T12:39:08+00:00 26b7899510ae243e392960704ebdba52d05fbb13 With apparmor policy virtualization based on policy namespace View's we don't generally want/need absolute root based views, however there are cases like debugging and some secid based conversions where using a root based view is important. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 
With apparmor policy virtualization based on policy namespace View's
we don't generally want/need absolute root based views, however there
are cases like debugging and some secid based conversions where
using a root based view is important.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: add the base fns() for domain labels 2017-06-11T00:11:38+00:00 John Johansen john.johansen@canonical.com 2017-06-09T13:19:19+00:00 f1bd904175e8190ce14aedee37e207ab51fe3b30 Begin moving apparmor to using broader domain labels, that will allow run time computation of domain type splitting via "stacking" of profiles into a domain label vec. Signed-off-by: John Johansen <john.johansen@canonical.com> 
Begin moving apparmor to using broader domain labels, that will allow
run time computation of domain type splitting via "stacking" of
profiles into a domain label vec.

Signed-off-by: John Johansen <john.johansen@canonical.com>