Revision tags: v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40, v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3, v6.1.25, v6.1.24, v6.1.23, v6.1.22, v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13, v6.2, v6.1.12, v6.1.11, v6.1.10, v6.1.9, v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12, v6.0.11, v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77, v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3, v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69 |
|
#
690f33e1 |
| 19-Sep-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: pass cred through to audit info.
[ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ]
The cred is needed to properly audit some messages, and will be needed in the future for uid
apparmor: pass cred through to audit info.
[ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ]
The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
Revision tags: v5.15.68 |
|
#
65f7f666 |
| 14-Sep-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: make __aa_path_perm() static
Make __aa_path_perm() static as it's only used inside apparmor/file.c.
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john
apparmor: make __aa_path_perm() static
Make __aa_path_perm() static as it's only used inside apparmor/file.c.
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
Revision tags: v5.15.67, v5.15.66 |
|
#
0bece4fa |
| 06-Sep-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: make sure perm indexes are accumulated
accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replaceme
apparmor: make sure perm indexes are accumulated
accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
Revision tags: v5.15.65, v5.15.64, v5.15.63, v5.15.62, v5.15.61, v5.15.60, v5.15.59, v5.19, v5.15.58, v5.15.57, v5.15.56 |
|
#
ae6d35ed |
| 16-Jul-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: extend xindex size
Allow the xindex to have 2^24 entries.
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
Revision tags: v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50, v5.15.49, v5.15.48, v5.15.47, v5.15.46, v5.15.45, v5.15.44, v5.15.43, v5.15.42, v5.18, v5.15.41 |
|
#
b06a62eb |
| 16-May-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: move dfa perm macros into policy_unpack
Now that the permission remapping macros aren't needed anywhere except during profile unpack, move them.
Signed-off-by: John Johansen <john.johanse
apparmor: move dfa perm macros into policy_unpack
Now that the permission remapping macros aren't needed anywhere except during profile unpack, move them.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
Revision tags: v5.15.40, v5.15.39, v5.15.38, v5.15.37, v5.15.36, v5.15.35, v5.15.34, v5.15.33, v5.15.32, v5.15.31, v5.17, v5.15.30, v5.15.29, v5.15.28, v5.15.27, v5.15.26, v5.15.25, v5.15.24, v5.15.23, v5.15.22, v5.15.21, v5.15.20, v5.15.19, v5.15.18, v5.15.17, v5.4.173, v5.15.16 |
|
#
33fc95d8 |
| 17-Jan-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: preparse for state being more than just an integer
Convert from an unsigned int to a state_t for state position. This is a step in prepping for the state position carrying some additional
apparmor: preparse for state being more than just an integer
Convert from an unsigned int to a state_t for state position. This is a step in prepping for the state position carrying some additional flags, and a limited form of backtracking to support variables.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
Revision tags: v5.15.15, v5.16, v5.15.10, v5.15.9, v5.15.8, v5.15.7, v5.15.6, v5.15.5, v5.15.4, v5.15.3, v5.15.2, v5.15.1, v5.15, v5.14.14, v5.14.13, v5.14.12, v5.14.11, v5.14.10, v5.14.9, v5.14.8, v5.14.7, v5.14.6, v5.10.67, v5.10.66, v5.14.5, v5.14.4, v5.10.65, v5.14.3, v5.10.64, v5.14.2, v5.10.63, v5.14.1, v5.10.62, v5.14, v5.10.61, v5.10.60, v5.10.53, v5.10.52, v5.10.51, v5.10.50, v5.10.49, v5.13, v5.10.46, v5.10.43, v5.10.42, v5.10.41, v5.10.40, v5.10.39, v5.4.119, v5.10.36, v5.10.35, v5.10.34, v5.4.116, v5.10.33, v5.12, v5.10.32, v5.10.31, v5.10.30, v5.10.27, v5.10.26, v5.10.25, v5.10.24, v5.10.23, v5.10.22, v5.10.21, v5.10.20, v5.10.19, v5.4.101, v5.10.18, v5.10.17, v5.11, v5.10.16, v5.10.15, v5.10.14, v5.10 |
|
#
53bdc46f |
| 19-Nov-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: combine file_rules and aa_policydb into a single shared struct
file_rules and policydb are almost the same and will need the same features in the future so combine them.
Signed-off-by: Jo
apparmor: combine file_rules and aa_policydb into a single shared struct
file_rules and policydb are almost the same and will need the same features in the future so combine them.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
754f209b |
| 12-Nov-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: move fperm computation into policy_unpack
fperm computation is only needed during policy_unpack so move the code there to isolate it fromt the run time code.
Signed-off-by: John Johansen
apparmor: move fperm computation into policy_unpack
fperm computation is only needed during policy_unpack so move the code there to isolate it fromt the run time code.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
Revision tags: v5.8.17, v5.8.16, v5.8.15, v5.9, v5.8.14, v5.8.13, v5.8.12, v5.8.11, v5.8.10, v5.8.9, v5.8.8, v5.8.7, v5.8.6, v5.4.62, v5.8.5, v5.8.4, v5.4.61, v5.8.3, v5.4.60, v5.8.2, v5.4.59, v5.8.1, v5.4.58, v5.4.57, v5.4.56, v5.8, v5.7.12, v5.4.55, v5.7.11, v5.4.54, v5.7.10, v5.4.53, v5.4.52, v5.7.9, v5.7.8, v5.4.51, v5.4.50, v5.7.7, v5.4.49, v5.7.6, v5.7.5, v5.4.48, v5.7.4, v5.7.3, v5.4.47, v5.4.46, v5.7.2, v5.4.45, v5.7.1, v5.4.44, v5.7, v5.4.43, v5.4.42, v5.4.41, v5.4.40, v5.4.39, v5.4.38, v5.4.37, v5.4.36, v5.4.35, v5.4.34, v5.4.33, v5.4.32, v5.4.31, v5.4.30, v5.4.29 |
|
#
408d53e9 |
| 30-Mar-2020 |
Mike Salvatore <mike.salvatore@canonical.com> |
apparmor: compute file permissions on profile load
Rather than computing file permissions for each file access, file permissions can be computed once on profile load and stored for lookup.
Signed-o
apparmor: compute file permissions on profile load
Rather than computing file permissions for each file access, file permissions can be computed once on profile load and stored for lookup.
Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
f567e7fa |
| 25-Mar-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: extend policydb permission set by making use of the xbits
The policydb permission set has left the xbits unused. Make them available for mediation.
Signed-off-by: John Johansen <john.joha
apparmor: extend policydb permission set by making use of the xbits
The policydb permission set has left the xbits unused. Make them available for mediation.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
ef704545 |
| 25-Jan-2021 |
Randy Dunlap <rdunlap@infradead.org> |
security: apparmor: file.h: delete duplicated word
Delete the doubled word "then" in a comment.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Seth Arnold <seth.arnold@canonical.c
security: apparmor: file.h: delete duplicated word
Delete the doubled word "then" in a comment.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
453431a5 |
| 07-Aug-2020 |
Waiman Long <longman@redhat.com> |
mm, treewide: rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading.
In "kzalloc()", t
mm, treewide: rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or something. The "zero" part of the interface isn't even _relevant_.
The main reason that kzfree() exists is to clear sensitive information that should not be leaked to other future users of the same memory objects.
Rename kzfree() to kfree_sensitive() to follow the example of the recently added kvfree_sensitive() and make the intention of the API more explicit. In addition, memzero_explicit() is used to clear the memory to make sure that it won't get optimized away by the compiler.
The renaming is done by using the command sequence:
git grep -w --name-only kzfree |\ xargs sed -i 's/kzfree/kfree_sensitive/'
followed by some editing of the kfree_sensitive() kerneldoc and adding a kzfree backward compatibility macro in slab.h.
[akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h] [akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]
Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Joe Perches <joe@perches.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: David Rientjes <rientjes@google.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: "Jason A . Donenfeld" <Jason@zx2c4.com> Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
show more ...
|
Revision tags: v5.6, v5.4.28, v5.4.27, v5.4.26, v5.4.25, v5.4.24, v5.4.23, v5.4.22, v5.4.21, v5.4.20, v5.4.19, v5.4.18, v5.4.17, v5.4.16, v5.5, v5.4.15, v5.4.14, v5.4.13, v5.4.12, v5.4.11, v5.4.10, v5.4.9, v5.4.8, v5.4.7, v5.4.6, v5.4.5, v5.4.4, v5.4.3, v5.3.15, v5.4.2, v5.4.1, v5.3.14, v5.4, v5.3.13, v5.3.12, v5.3.11, v5.3.10, v5.3.9, v5.3.8, v5.3.7, v5.3.6, v5.3.5, v5.3.4, v5.3.3, v5.3.2, v5.3.1, v5.3 |
|
#
341c1fda |
| 14-Sep-2019 |
John Johansen <john.johansen@canonical.com> |
apparmor: make it so work buffers can be allocated from atomic context
In some situations AppArmor needs to be able to use its work buffers from atomic context. Add the ability to specify when in at
apparmor: make it so work buffers can be allocated from atomic context
In some situations AppArmor needs to be able to use its work buffers from atomic context. Add the ability to specify when in atomic context and hold a set of work buffers in reserve for atomic context to reduce the chance that a large work buffer allocation will need to be done.
Fixes: df323337e507 ("apparmor: Use a memory pool instead per-CPU caches") Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
Revision tags: v5.2.14, v5.3-rc8, v5.2.13, v5.2.12, v5.2.11, v5.2.10, v5.2.9, v5.2.8, v5.2.7, v5.2.6, v5.2.5, v5.2.4, v5.2.3, v5.2.2, v5.2.1, v5.2, v5.1.16, v5.1.15, v5.1.14, v5.1.13, v5.1.12, v5.1.11, v5.1.10, v5.1.9, v5.1.8, v5.1.7 |
|
#
b886d83c |
| 01-Jun-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of th
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 315 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v5.1.6, v5.1.5, v5.1.4, v5.1.3, v5.1.2, v5.1.1, v5.0.14, v5.1, v5.0.13, v5.0.12, v5.0.11, v5.0.10, v5.0.9, v5.0.8, v5.0.7, v5.0.6, v5.0.5, v5.0.4, v5.0.3, v4.19.29, v5.0.2, v4.19.28, v5.0.1, v4.19.27, v5.0, v4.19.26, v4.19.25, v4.19.24, v4.19.23, v4.19.22, v4.19.21, v4.19.20, v4.19.19, v4.19.18, v4.19.17, v4.19.16, v4.19.15, v4.19.14, v4.19.13, v4.19.12, v4.19.11, v4.19.10, v4.19.9, v4.19.8, v4.19.7, v4.19.6, v4.19.5, v4.19.4, v4.18.20, v4.19.3, v4.18.19, v4.19.2 |
|
#
33bf60ca |
| 12-Nov-2018 |
Casey Schaufler <casey@schaufler-ca.com> |
LSM: Infrastructure management of the file security
Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or
LSM: Infrastructure management of the file security
Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or free the data, instead they tell the infrastructure how much space they require.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>
show more ...
|
Revision tags: v4.18.18, v4.18.17, v4.19.1, v4.19, v4.18.16, v4.18.15, v4.18.14, v4.18.13, v4.18.12, v4.18.11, v4.18.10, v4.18.9, v4.18.7, v4.18.6, v4.18.5, v4.17.18, v4.18.4, v4.18.3, v4.17.17, v4.18.2, v4.17.16, v4.17.15, v4.18.1, v4.18, v4.17.14, v4.17.13, v4.17.12, v4.17.11, v4.17.10, v4.17.9, v4.17.8, v4.17.7, v4.17.6, v4.17.5, v4.17.4, v4.17.3, v4.17.2, v4.17.1, v4.17, v4.16, v4.15, v4.13.16, v4.14, v4.13.5, v4.13 |
|
#
993b3ab0 |
| 18-Jul-2017 |
Kees Cook <keescook@chromium.org> |
apparmor: Refactor to remove bprm_secureexec hook
The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details ar
apparmor: Refactor to remove bprm_secureexec hook
The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details are finalized during the first call to the bprm_set_creds hook via prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored via bprm->called_set_creds).
Here, all the comments describe how secureexec is actually calculated during bprm_set_creds, so this actually does it, drops the bprm flag that was being used internally by AppArmor, and drops the bprm_secureexec hook.
Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com>
show more ...
|
Revision tags: v4.12 |
|
#
8014370f |
| 09-Jun-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: move path_link mediation to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
aebd873e |
| 09-Jun-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: refactor path name lookup and permission checks around labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
98c3d182 |
| 09-Jun-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: update aa_audit_file() to use labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
190a9518 |
| 09-Jun-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: move aa_file_perm() to use labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
192ca6b5 |
| 09-Jun-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called copy selinux and revalidate the file table on exec. This avoids extra mediation overhead
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called copy selinux and revalidate the file table on exec. This avoids extra mediation overhead in read/write and also prevents file handles being passed through to a grand child unchecked.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
2835a13b |
| 09-Jun-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: cleanup rename XXX_file_context() to XXX_file_ctx()
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
2d679f3c |
| 29-May-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: switch from file_perms to aa_perms
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
e53cfe6c |
| 26-May-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: rework perm mapping to a slightly broader set
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
fc7e0b26 |
| 26-May-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: move permissions into their own file to be more easily shared
Signed-off-by: John Johansen <john.johansen@canonical.com>
|