aboutsummaryrefslogtreecommitdiff
path: root/security/apparmor/policy_unpack.c
AgeCommit message (Collapse)AuthorFilesLines
2013-08-14apparmor: add the ability to report a sha1 hash of loaded policyJohn Johansen1-6/+14
Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <[email protected]> Acked-by: Seth Arnold <[email protected]>
2013-08-14apparmor: add an optional profile attachment string for profilesJohn Johansen1-0/+3
Add the ability to take in and report a human readable profile attachment string for profiles so that attachment specifications can be easily inspected. Signed-off-by: John Johansen <[email protected]> Acked-by: Seth Arnold <[email protected]>
2013-08-14apparmor: allow setting any profile into the unconfined stateJohn Johansen1-2/+6
Allow emulating the default profile behavior from boot, by allowing loading of a profile in the unconfined state into a new NS. Signed-off-by: John Johansen <[email protected]> Acked-by: Seth Arnold <[email protected]>
2013-08-14apparmor: make free_profile available outside of policy.cJohn Johansen1-2/+2
Signed-off-by: John Johansen <[email protected]>
2013-08-14apparmor: provide base for multiple profiles to be replaced at onceJohn Johansen1-28/+86
previously profiles had to be loaded one at a time, which could result in cases where a replacement of a set would partially succeed, and then fail resulting in inconsistent policy. Allow multiple profiles to replaced "atomically" so that the replacement either succeeds or fails for the entire set of profiles. Signed-off-by: John Johansen <[email protected]>
2013-04-28apparmor: remove sid from profilesJohn Johansen1-1/+0
The sid is not going to be a direct property of a profile anymore, instead it will be directly related to the label, and the profile will pickup a label back reference. For null-profiles replace the use of sid with a per namespace unique id. Signed-off-by: John Johansen <[email protected]> Acked-by: Kees Cook <[email protected]>
2013-04-28apparmor: move perm defines into policy_unpackJohn Johansen1-0/+3
Signed-off-by: John Johansen <[email protected]> Acked-by: Steve Beattie <[email protected]>
2012-04-09LSM: do not initialize common_audit_data to 0Eric Paris1-1/+1
It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris <[email protected]>
2012-04-09LSM: remove the COMMON_AUDIT_DATA_INIT type expansionEric Paris1-1/+1
Just open code it so grep on the source code works better. Signed-off-by: Eric Paris <[email protected]>
2012-04-03LSM: shrink sizeof LSM specific portion of common_audit_dataEric Paris1-9/+11
Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
2012-03-14AppArmor: Add ability to load extended policyJohn Johansen1-1/+23
Add the base support for the new policy extensions. This does not bring any additional functionality, or change current semantics. Signed-off-by: John Johansen <[email protected]> Acked-by: Kees Cook <[email protected]>
2012-03-14AppArmor: Fix oops in policy unpack auditingJohn Johansen1-2/+3
Post unpacking of policy a verification pass is made on x transition indexes. When this fails a call to audit_iface is made resulting in an oops, because audit_iface is expecting a valid buffer position but since the failure comes from post unpack verification there is none. Make the position argument optional so that audit_iface can be called from post unpack verification. Signed-off-by: John Johansen <[email protected]>
2012-02-27AppArmor: Add mising end of structure test to caps unpackingJohn Johansen1-0/+2
The unpacking of struct capsx is missing a check for the end of the caps structure. This can lead to unpack failures depending on what else is packed into the policy file being unpacked. Signed-off-by: John Johansen <[email protected]> Acked-by: Kees Cook <[email protected]>
2011-09-09apparmor: sparse fix: rename shadowed variables in policy_unpack.cJames Morris1-6/+6
Fix the following warnings: security/apparmor/policy_unpack.c:384:35: warning: symbol 'size' shadows an earlier one security/apparmor/policy_unpack.c:370:24: originally declared here security/apparmor/policy_unpack.c:443:29: warning: symbol 'tmp' shadows an earlier one security/apparmor/policy_unpack.c:434:21: originally declared here Signed-off-by: James Morris <[email protected]> Acked-by: John Johansen <[email protected]>
2011-05-19Create Documentation/security/,Randy Dunlap1-2/+2
move LSM-, credentials-, and keys-related files from Documentation/ to Documentation/security/, add Documentation/security/00-INDEX, and update all occurrences of Documentation/<moved_file> to Documentation/security/<moved_file>.
2011-03-31Fix common misspellingsLucas De Marchi1-1/+1
Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <[email protected]>
2010-08-02AppArmor: policy routines for loading and unpacking policyJohn Johansen1-0/+703
AppArmor policy is loaded in a platform independent flattened binary stream. Verify and unpack the data converting it to the internal format needed for enforcement. Signed-off-by: John Johansen <[email protected]> Signed-off-by: James Morris <[email protected]>
Powered by cgit, Gruvboxed by Blaster4385.