file.c - OpenGrok cross reference for /openbmc/linux/security/apparmor/file.c

Deleted Added

sdiffudifftextold (e53cfe6c..)new (aa9aeea8..)

file.c (e53cfe6c7caa79ccdccce53e600dae522acb1c84)	file.c (aa9aeea8d4c3dfb9297723c4340671ef88e372d3)
1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor mediation of files 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 42 unchanged lines hidden (view full) --- 51 * @ab: audit_buffer (NOT NULL) 52 * @va: audit struct to audit values of (NOT NULL) 53 / 54static void file_audit_cb(struct audit_buffer ab, void va) 55{ 56 struct common_audit_data sa = va; 57 kuid_t fsuid = current_fsuid(); 58	1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor mediation of files 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 42 unchanged lines hidden (view full) --- 51 * @ab: audit_buffer (NOT NULL) 52 * @va: audit struct to audit values of (NOT NULL) 53 / 54static void file_audit_cb(struct audit_buffer ab, void va) 55{ 56 struct common_audit_data sa = va; 57 kuid_t fsuid = current_fsuid(); 58
59 if (aad(sa)->fs.request & AA_AUDIT_FILE_MASK) {	59 if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
60 audit_log_format(ab, " requested_mask=");	60 audit_log_format(ab, " requested_mask=");
61 audit_file_mask(ab, aad(sa)->fs.request);	61 audit_file_mask(ab, aad(sa)->request);
62 }	62 }
63 if (aad(sa)->fs.denied & AA_AUDIT_FILE_MASK) {	63 if (aad(sa)->denied & AA_AUDIT_FILE_MASK) {
64 audit_log_format(ab, " denied_mask=");	64 audit_log_format(ab, " denied_mask=");
65 audit_file_mask(ab, aad(sa)->fs.denied);	65 audit_file_mask(ab, aad(sa)->denied);
66 }	66 }
67 if (aad(sa)->fs.request & AA_AUDIT_FILE_MASK) {	67 if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
68 audit_log_format(ab, " fsuid=%d", 69 from_kuid(&init_user_ns, fsuid)); 70 audit_log_format(ab, " ouid=%d", 71 from_kuid(&init_user_ns, aad(sa)->fs.ouid)); 72 } 73 74 if (aad(sa)->fs.target) { 75 audit_log_format(ab, " target="); --- 19 unchanged lines hidden (view full) --- 95int aa_audit_file(struct aa_profile profile, struct file_perms perms, 96 const char op, u32 request, const char name, 97 const char target, kuid_t ouid, const char info, int error) 98{ 99 int type = AUDIT_APPARMOR_AUTO; 100 DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_TASK, op); 101 102 sa.u.tsk = NULL;	68 audit_log_format(ab, " fsuid=%d", 69 from_kuid(&init_user_ns, fsuid)); 70 audit_log_format(ab, " ouid=%d", 71 from_kuid(&init_user_ns, aad(sa)->fs.ouid)); 72 } 73 74 if (aad(sa)->fs.target) { 75 audit_log_format(ab, " target="); --- 19 unchanged lines hidden (view full) --- 95int aa_audit_file(struct aa_profile profile, struct file_perms perms, 96 const char op, u32 request, const char name, 97 const char target, kuid_t ouid, const char info, int error) 98{ 99 int type = AUDIT_APPARMOR_AUTO; 100 DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_TASK, op); 101 102 sa.u.tsk = NULL;
103 aad(&sa)->fs.request = request;	103 aad(&sa)->request = request;
104 aad(&sa)->name = name; 105 aad(&sa)->fs.target = target; 106 aad(&sa)->fs.ouid = ouid; 107 aad(&sa)->info = info; 108 aad(&sa)->error = error; 109 sa.u.tsk = NULL; 110 111 if (likely(!aad(&sa)->error)) { 112 u32 mask = perms->audit; 113 114 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) 115 mask = 0xffff; 116 117 /* mask off perms that are not being force audited */	104 aad(&sa)->name = name; 105 aad(&sa)->fs.target = target; 106 aad(&sa)->fs.ouid = ouid; 107 aad(&sa)->info = info; 108 aad(&sa)->error = error; 109 sa.u.tsk = NULL; 110 111 if (likely(!aad(&sa)->error)) { 112 u32 mask = perms->audit; 113 114 if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) 115 mask = 0xffff; 116 117 /* mask off perms that are not being force audited */
118 aad(&sa)->fs.request &= mask;	118 aad(&sa)->request &= mask;
119	119
120 if (likely(!aad(&sa)->fs.request))	120 if (likely(!aad(&sa)->request))
121 return 0; 122 type = AUDIT_APPARMOR_AUDIT; 123 } else { 124 /* only report permissions that were denied */	121 return 0; 122 type = AUDIT_APPARMOR_AUDIT; 123 } else { 124 /* only report permissions that were denied */
125 aad(&sa)->fs.request = aad(&sa)->fs.request & ~perms->allow; 126 AA_BUG(!aad(&sa)->fs.request);	125 aad(&sa)->request = aad(&sa)->request & ~perms->allow; 126 AA_BUG(!aad(&sa)->request);
127	127
128 if (aad(&sa)->fs.request & perms->kill)	128 if (aad(&sa)->request & perms->kill)
129 type = AUDIT_APPARMOR_KILL; 130 131 /* quiet known rejects, assumes quiet and kill do not overlap */	129 type = AUDIT_APPARMOR_KILL; 130 131 /* quiet known rejects, assumes quiet and kill do not overlap */
132 if ((aad(&sa)->fs.request & perms->quiet) &&	132 if ((aad(&sa)->request & perms->quiet) &&
133 AUDIT_MODE(profile) != AUDIT_NOQUIET && 134 AUDIT_MODE(profile) != AUDIT_ALL)	133 AUDIT_MODE(profile) != AUDIT_NOQUIET && 134 AUDIT_MODE(profile) != AUDIT_ALL)
135 aad(&sa)->fs.request &= ~perms->quiet;	135 aad(&sa)->request &= ~perms->quiet;
136	136
137 if (!aad(&sa)->fs.request)	137 if (!aad(&sa)->request)
138 return COMPLAIN_MODE(profile) ? 0 : aad(&sa)->error; 139 } 140	138 return COMPLAIN_MODE(profile) ? 0 : aad(&sa)->error; 139 } 140
141 aad(&sa)->fs.denied = aad(&sa)->fs.request & ~perms->allow;	141 aad(&sa)->denied = aad(&sa)->request & ~perms->allow;
142 return aa_audit(type, profile, &sa, file_audit_cb); 143} 144 145/** 146 * map_old_perms - map old file perms layout to the new layout 147 * @old: permission set in old mapping 148 * 149 * Returns: new permission mapping --- 301 unchanged lines hidden ---	142 return aa_audit(type, profile, &sa, file_audit_cb); 143} 144 145/** 146 * map_old_perms - map old file perms layout to the new layout 147 * @old: permission set in old mapping 148 * 149 * Returns: new permission mapping --- 301 unchanged lines hidden ---