apfs/linux-apfs
0
0
Fork 0
mirror of https://github.com/linux-apfs/linux-apfs.git synced 2026-05-01 15:00:59 -07:00
Code Issues Packages Projects Releases Wiki Activity
677,884 Commits 2 Branches 0 Tags
40cde7fcc344bc77c1ec9d291dcc35ab12f078aa
Commit Graph

3279 Commits

Author SHA1 Message Date
John Johansen 40cde7fcc3 apparmor: add domain label stacking info to apparmorfs 
Now that the domain label transition is complete advertise it to
userspace.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:47 -07:00
John Johansen e00b02bb6a apparmor: move change_profile mediation to using labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:47 -07:00
John Johansen 89dbf1962a apparmor: move change_hat mediation to using labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:46 -07:00
John Johansen 93c98a484c apparmor: move exec domain mediation to using labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:46 -07:00
John Johansen 5379a33120 apparmor: support v7 transition format compatible with label_parse 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:45 -07:00
John Johansen 064dc9472f apparmor: mediate files when they are received 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:45 -07:00
John Johansen 496c931966 apparmor: rework file permission to cache file access in file->ctx 
This is a temporary step, towards using the file->ctx for delegation,
and also helps speed up file queries, until the permission lookup
cache is introduced.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:44 -07:00
John Johansen 8014370f12 apparmor: move path_link mediation to using labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:44 -07:00
John Johansen aebd873e8d apparmor: refactor path name lookup and permission checks around labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:43 -07:00
John Johansen 98c3d18232 apparmor: update aa_audit_file() to use labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:43 -07:00
John Johansen 190a95189e apparmor: move aa_file_perm() to use labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:42 -07:00
John Johansen 290f458a4f apparmor: allow ptrace checks to be finer grained than just capability 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:42 -07:00
John Johansen b2d09ae449 apparmor: move ptrace checks to using labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:41 -07:00
John Johansen ca916e8e2d apparmor: add cross check permission helper macros 
The cross check permission helper macros will help simplify code
that does cross task permission checks like ptrace.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:41 -07:00
John Johansen 86b92cb782 apparmor: move resource checks to using labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:40 -07:00
John Johansen c70c86c421 apparmor: move capability checks to using labels 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:40 -07:00
John Johansen 317d9a054e apparmor: update query interface to support label queries 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:39 -07:00
John Johansen 76a1d263ab apparmor: switch getprocattr to using label_print fns() 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:39 -07:00
John Johansen 637f688dc3 apparmor: switch from profiles to using labels on contexts 
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:38 -07:00
John Johansen f1bd904175 apparmor: add the base fns() for domain labels 
Begin moving apparmor to using broader domain labels, that will allow
run time computation of domain type splitting via "stacking" of
profiles into a domain label vec.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:38 -07:00
John Johansen 192ca6b55a apparmor: revalidate files during exec 
Instead of running file revalidation lazily when read/write are called
copy selinux and revalidate the file table on exec. This avoids
extra mediation overhead in read/write and also prevents file handles
being passed through to a grand child unchecked.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:37 -07:00
John Johansen 2835a13bbd apparmor: cleanup rename XXX_file_context() to XXX_file_ctx() 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:37 -07:00
John Johansen df8073c67f apparmor: convert aa_change_XXX bool parameters to flags 
Instead of passing multiple booleans consolidate on a single flags
field.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:36 -07:00
John Johansen dca91402e9 apparmor: cleanup remove unused and not fully implemented profile rename 
Remove the partially implemented code, until this can be properly
implemented.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:36 -07:00
John Johansen 435222bc1b apparmor: refactor updating profiles to the newest parent 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:35 -07:00