linux-toradex.git/security/apparmor/include, branch v3.10.78 Linux kernel for Apalis and Colibri modules userns: Convert apparmor to use kuid and kgid where appropriate 2012-09-21T10:13:21+00:00 Eric W. Biederman ebiederm@xmission.com 2012-02-08T00:33:13+00:00 2db81452931eb51cc739d6e495cf1bd4860c3c99 Cc: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 
Cc: John Johansen <john.johansen@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
apparmor: move task from common_audit_data to apparmor_audit_data 2012-04-09T16:23:02+00:00 Eric Paris eparis@redhat.com 2012-04-04T19:01:42+00:00 0972c74ecba4878baa5f97bb78b242c0eefacfb6 apparmor is the only LSM that uses the common_audit_data tsk field. Instead of making all LSMs pay for the stack space move the aa usage into the apparmor_audit_data. Signed-off-by: Eric Paris <eparis@redhat.com> 
apparmor is the only LSM that uses the common_audit_data tsk field.
Instead of making all LSMs pay for the stack space move the aa usage into
the apparmor_audit_data.

Signed-off-by: Eric Paris <eparis@redhat.com>
LSM: shrink sizeof LSM specific portion of common_audit_data 2012-04-03T16:48:40+00:00 Eric Paris eparis@redhat.com 2012-04-03T16:37:02+00:00 3b3b0e4fc15efa507b902d90cea39e496a523c3b Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
AppArmor: add const qualifiers to string arrays 2012-03-15T02:09:13+00:00 Jan Engelhardt jengelh@medozas.de 2012-03-14T12:30:36+00:00 2d4cee7e3a2b9f9c3237672cc136e20dbad0e2ce Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: John Johansen <john.johansen@canonical.com> 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: John Johansen <john.johansen@canonical.com>
AppArmor: Add ability to load extended policy 2012-03-15T02:09:03+00:00 John Johansen john.johansen@canonical.com 2012-02-16T15:07:53+00:00 ad5ff3db53c68c2f12936bc74ea5dfe0af943592 Add the base support for the new policy extensions. This does not bring any additional functionality, or change current semantics. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 
Add the base support for the new policy extensions. This does not bring
any additional functionality, or change current semantics.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
AppArmor: Move path failure information into aa_get_name and rename 2012-03-14T13:15:25+00:00 John Johansen john.johansen@canonical.com 2012-02-16T14:20:33+00:00 57fa1e18091e66b7e1002816523cb218196a882e Move the path name lookup failure messages into the main path name lookup routine, as the information is useful in more than just aa_path_perm. Also rename aa_get_name to aa_path_name as it is not getting a reference counted object with a corresponding put fn. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 
Move the path name lookup failure messages into the main path name lookup
routine, as the information is useful in more than just aa_path_perm.

Also rename aa_get_name to aa_path_name as it is not getting a reference
counted object with a corresponding put fn.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
AppArmor: Update dfa matching routines. 2012-03-14T13:15:24+00:00 John Johansen john.johansen@canonical.com 2012-02-16T14:20:26+00:00 0fe1212d0539eb6c1e27d388711172d786e299cc Update aa_dfa_match so that it doesn't result in an input string being walked twice (once to get its length and another time to match) Add a single step functions aa_dfa_next Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 
Update aa_dfa_match so that it doesn't result in an input string being
walked twice (once to get its length and another time to match)

Add a single step functions
  aa_dfa_next

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
AppArmor: Fix underflow in xindex calculation 2012-02-27T19:38:21+00:00 John Johansen john.johansen@canonical.com 2012-02-22T08:32:30+00:00 8b964eae204d791421677ec56b94a7b18cf8740d If the xindex value stored in the accept tables is 0, the extraction of that value will result in an underflow (0 - 4). In properly compiled policy this should not happen for file rules but it may be possible for other rule types in the future. To exploit this underflow a user would have to be able to load a corrupt policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel memory or know of a compiler error resulting in the flaw being present for loaded policy (no such flaw is known at this time). Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 
If the xindex value stored in the accept tables is 0, the extraction of
that value will result in an underflow (0 - 4).

In properly compiled policy this should not happen for file rules but
it may be possible for other rule types in the future.

To exploit this underflow a user would have to be able to load a corrupt
policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel
memory or know of a compiler error resulting in the flaw being present
for loaded policy (no such flaw is known at this time).

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
AppArmor: Fix dropping of allowed operations that are force audited 2012-02-27T19:38:21+00:00 John Johansen john.johansen@canonical.com 2012-02-22T08:20:26+00:00 ade3ddc01e2e426cc24c744be85dcaad4e8f8aba The audit permission flag, that specifies an audit message should be provided when an operation is allowed, was being ignored in some cases. This is because the auto audit mode (which determines the audit mode from system flags) was incorrectly assigned the same value as audit mode. The shared value would result in messages that should be audited going through a second evaluation as to whether they should be audited based on the auto audit, resulting in some messages being dropped. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com> 
The audit permission flag, that specifies an audit message should be
provided when an operation is allowed, was being ignored in some cases.

This is because the auto audit mode (which determines the audit mode from
system flags) was incorrectly assigned the same value as audit mode. The
shared value would result in messages that should be audited going through
a second evaluation as to whether they should be audited based on the
auto audit, resulting in some messages being dropped.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
AppArmor: export known rlimit names/value mappings in securityfs 2012-02-27T19:38:19+00:00 Kees Cook kees@ubuntu.com 2012-01-27T00:29:23+00:00 d384b0a1a35f87f0ad70c29518f98f922b1c15cb Since the parser needs to know which rlimits are known to the kernel, export the list via a mask file in the "rlimit" subdirectory in the securityfs "features" directory. Signed-off-by: Kees Cook <kees@ubuntu.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 
Since the parser needs to know which rlimits are known to the kernel,
export the list via a mask file in the "rlimit" subdirectory in the
securityfs "features" directory.

Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>