kernel

mirror of https://github.com/ukui/kernel.git synced 2026-03-09 10:07:04 -07:00

Author	SHA1	Message	Date
John Johansen	edf4e7b7b9	apparmor: fix bad debug check in apparmor_secid_to_secctx() apparmor_secid_to_secctx() has a bad debug statement tripping on a condition handle by the code. When kconfig SECURITY_APPARMOR_DEBUG is enabled the debug WARN_ON will trip when **secdata is NULL resulting in the following trace. ------------[ cut here ]------------ AppArmor WARN apparmor_secid_to_secctx: ((!secdata)): WARNING: CPU: 0 PID: 14826 at security/apparmor/secid.c:82 apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 14826 Comm: syz-executor1 Not tainted 4.19.0-rc1+ #193 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 panic+0x238/0x4e7 kernel/panic.c:184 __warn.cold.8+0x163/0x1ba kernel/panic.c:536 report_bug+0x252/0x2d0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:993 RIP: 0010:apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82 Code: c7 c7 40 66 58 87 e8 6a 6d 0f fe 0f 0b e9 6c fe ff ff e8 3e aa 44 fe 48 c7 c6 80 67 58 87 48 c7 c7 a0 65 58 87 e8 4b 6d 0f fe <0f> 0b e9 3f fe ff ff 48 89 df e8 fc a7 83 fe e9 ed fe ff ff bb f4 RSP: 0018:ffff8801ba1bed10 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8801ba1beed0 RCX: ffffc9000227e000 RDX: 0000000000018482 RSI: ffffffff8163ac01 RDI: 0000000000000001 RBP: ffff8801ba1bed30 R08: ffff8801b80ec080 R09: ffffed003b603eca R10: ffffed003b603eca R11: ffff8801db01f657 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801ba1beed0 security_secid_to_secctx+0x63/0xc0 security/security.c:1314 ctnetlink_secctx_size net/netfilter/nf_conntrack_netlink.c:621 [inline] ctnetlink_nlmsg_size net/netfilter/nf_conntrack_netlink.c:659 [inline] ctnetlink_conntrack_event+0x303/0x1470 net/netfilter/nf_conntrack_netlink.c:706 nf_conntrack_eventmask_report+0x55f/0x930 net/netfilter/nf_conntrack_ecache.c:151 nf_conntrack_event_report include/net/netfilter/nf_conntrack_ecache.h:112 [inline] nf_ct_delete+0x33c/0x5d0 net/netfilter/nf_conntrack_core.c:601 nf_ct_iterate_cleanup+0x48c/0x5e0 net/netfilter/nf_conntrack_core.c:1892 nf_ct_iterate_cleanup_net+0x23c/0x2d0 net/netfilter/nf_conntrack_core.c:1974 ctnetlink_flush_conntrack net/netfilter/nf_conntrack_netlink.c:1226 [inline] ctnetlink_del_conntrack+0x66c/0x850 net/netfilter/nf_conntrack_netlink.c:1258 nfnetlink_rcv_msg+0xd88/0x1070 net/netfilter/nfnetlink.c:228 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454 nfnetlink_rcv+0x1c0/0x4d0 net/netfilter/nfnetlink.c:560 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x290 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f7bc6e03c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f7bc6e046d4 RCX: 0000000000457089 RDX: 0000000000000000 RSI: 0000000020d65000 RDI: 0000000000000003 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004d4588 R14: 00000000004c8d5c R15: 0000000000000000 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds.. CC: <stable@vger.kernel.org> #4.18 Fixes: `c092921219` ("apparmor: add support for mapping secids and using secctxes") Reported-by: syzbot+21016130b0580a9de3b5@syzkaller.appspotmail.com Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-09-03 11:15:29 -07:00
Linus Torvalds	57bb8e37d7	Merge tag 'apparmor-pr-2018-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull apparmor updates from John Johansen: "There is nothing major this time just four bug fixes and a patch to remove some dead code: Cleanups: - remove no-op permission check in policy_unpack Bug fixes: - fix an error code in __aa_create_ns() - fix failure to audit context info in build_change_hat - check buffer bounds when mapping permissions mask - fully initialize aa_perms struct when answering userspace query" * tag 'apparmor-pr-2018-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: remove no-op permission check in policy_unpack apparmor: fix an error code in __aa_create_ns() apparmor: Fix failure to audit context info in build_change_hat apparmor: Fully initialize aa_perms struct when answering userspace query apparmor: Check buffer bounds when mapping permissions mask	2018-08-24 13:00:33 -07:00
John Johansen	c037bd6158	apparmor: remove no-op permission check in policy_unpack The patch `736ec752d9`: "AppArmor: policy routines for loading and unpacking policy" from Jul 29, 2010, leads to the following static checker warning: security/apparmor/policy_unpack.c:410 verify_accept() warn: bitwise AND condition is false here security/apparmor/policy_unpack.c:413 verify_accept() warn: bitwise AND condition is false here security/apparmor/policy_unpack.c 392 #define DFA_VALID_PERM_MASK 0xffffffff 393 #define DFA_VALID_PERM2_MASK 0xffffffff 394 395 /** 396 * verify_accept - verify the accept tables of a dfa 397 * @dfa: dfa to verify accept tables of (NOT NULL) 398 * @flags: flags governing dfa 399 * 400 * Returns: 1 if valid accept tables else 0 if error 401 / 402 static bool verify_accept(struct aa_dfa dfa, int flags) 403 { 404 int i; 405 406 /* verify accept permissions */ 407 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { 408 int mode = ACCEPT_TABLE(dfa)[i]; 409 410 if (mode & ~DFA_VALID_PERM_MASK) 411 return 0; 412 413 if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK) 414 return 0; fixes: `736ec752d9` ("AppArmor: policy routines for loading and unpacking policy") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-08-22 18:44:42 -07:00
Dan Carpenter	0a6b29230e	apparmor: fix an error code in __aa_create_ns() We should return error pointers in this function. Returning NULL results in a NULL dereference in the caller. Fixes: `73688d1ed0` ("apparmor: refactor prepare_ns() and make usable from different views") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-08-21 16:24:56 -07:00
John Johansen	24b87a16fe	apparmor: Fix failure to audit context info in build_change_hat Cleans up clang warning: warning: variable 'info' set but not used [-Wunused-but-set-variable] Fixes: `89dbf1962a` ("apparmor: move change_hat mediation to using labels") Reported-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-07-20 03:25:25 -07:00
Tyler Hicks	f4585bc20f	apparmor: Fully initialize aa_perms struct when answering userspace query Fully initialize the aa_perms struct in profile_query_cb() to avoid the potential of using an uninitialized struct member's value in a response to a query from userspace. Detected by CoverityScan CID#1415126 ("Uninitialized scalar variable") Fixes: `4f3b3f2d79` ("apparmor: add profile permission query ability") Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-07-19 16:29:13 -07:00
Tyler Hicks	7f3ebcf2b1	apparmor: Check buffer bounds when mapping permissions mask Don't read past the end of the buffer containing permissions characters or write past the end of the destination string. Detected by CoverityScan CID#1415361, 1415376 ("Out-of-bounds access") Fixes: `e53cfe6c7c` ("apparmor: rework perm mapping to a slightly broader set") Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-07-19 16:24:43 -07:00
Al Viro	9481769208	->file_open(): lose cred argument Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>	2018-07-12 10:04:15 -04:00
Linus Torvalds	463f202172	Merge tag 'apparmor-pr-2018-06-13' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull AppArmor updates from John Johansen: "Features - add support for mapping secids and using secctxes - add the ability to get a task's secid - add support for audit rule filtering Cleanups: - multiple typo fixes - Convert to use match_string() helper - update git and wiki locations in AppArmor docs - improve get_buffers macro by using get_cpu_ptr - Use an IDR to allocate apparmor secids Bug fixes: - fix 'seclen' is never less than zero - fix mediation of prlimit - fix memory leak when deduping profile load - fix ptrace read check - fix memory leak of rule on error exit path" tag 'apparmor-pr-2018-06-13' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: (21 commits) apparmor: fix ptrace read check apparmor: fix memory leak when deduping profile load apparmor: fix mediation of prlimit apparmor: fixup secid map conversion to using IDR apparmor: Use an IDR to allocate apparmor secids apparmor: Fix memory leak of rule on error exit path apparmor: modify audit rule support to support profile stacks apparmor: Add support for audit rule filtering apparmor: update git and wiki locations in AppArmor docs apparmor: Convert to use match_string() helper apparmor: improve get_buffers macro by using get_cpu_ptr apparmor: fix '*seclen' is never less than zero apparmor: fix typo "preconfinement" apparmor: fix typo "independent" apparmor: fix typo "traverse" apparmor: fix typo "type" apparmor: fix typo "replace" apparmor: fix typo "comparison" apparmor: fix typo "loosen" apparmor: add the ability to get a task's secid ...	2018-06-14 16:11:28 +09:00
Kees Cook	6396bb2215	treewide: kzalloc() -> kcalloc() The kzalloc() function has a 2-factor argument form, kcalloc(). This patch replaces cases of: kzalloc(a * b, gfp) with: kcalloc(a * b, gfp) as well as handling cases of: kzalloc(a * b * c, gfp) with: kzalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kzalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kzalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kzalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) \| kzalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kzalloc( - sizeof(u8) * (COUNT) + COUNT , ...) \| kzalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) \| kzalloc( - sizeof(char) * (COUNT) + COUNT , ...) \| kzalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) \| kzalloc( - sizeof(u8) * COUNT + COUNT , ...) \| kzalloc( - sizeof(__u8) * COUNT + COUNT , ...) \| kzalloc( - sizeof(char) * COUNT + COUNT , ...) \| kzalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) \| - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) \| - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) \| - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) \| - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) \| - kzalloc + kcalloc ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) \| - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) \| - kzalloc + kcalloc ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kzalloc + kcalloc ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kzalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) \| kzalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) \| kzalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) \| kzalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) \| kzalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) \| kzalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) \| kzalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) \| kzalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kzalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) \| kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) \| kzalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) \| kzalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) \| kzalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) \| kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kzalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) \| kzalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) \| kzalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) \| kzalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) \| kzalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) \| kzalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) \| kzalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) \| kzalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kzalloc(C1 * C2 * C3, ...) \| kzalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) \| kzalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) \| kzalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) \| kzalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kzalloc(sizeof(THING) * C2, ...) \| kzalloc(sizeof(TYPE) * C2, ...) \| kzalloc(C1 * C2 * C3, ...) \| kzalloc(C1 * C2, ...) \| - kzalloc + kcalloc ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) \| - kzalloc + kcalloc ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) \| - kzalloc + kcalloc ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) \| - kzalloc + kcalloc ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) \| - kzalloc + kcalloc ( - (E1) * E2 + E1, E2 , ...) \| - kzalloc + kcalloc ( - (E1) * (E2) + E1, E2 , ...) \| - kzalloc + kcalloc ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org>	2018-06-12 16:19:22 -07:00
John Johansen	338d0be437	apparmor: fix ptrace read check The ptrace read check is incorrect resulting in policy that is broader than it needs to be. Fix the check so that read access permission can be properly detected when other ptrace flags are set. Fixes: `b2d09ae449` ("apparmor: move ptrace checks to using labels") Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:51:02 -07:00
John Johansen	3ddae9876a	apparmor: fix memory leak when deduping profile load AppArmor is leaking the newly loaded profile and its proxy when the profile is an exact match to the currently loaded version. In this case the dedup check results in the profile being skipped and put without dealing with the proxy ref thus not breaking a circular refcount and causing a leak. BugLink: http://bugs.launchpad.net/bugs/1750594 Fixes: `5d5182cae4` ("apparmor: move to per loaddata files, instead of replicating in profiles") Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:51:01 -07:00
John Johansen	11c92f144b	apparmor: fix mediation of prlimit For primit apparmor requires that if target confinement does not match the setting task's confinement, the setting task requires CAP_SYS_RESOURCE. Unfortunately this was broken when rlimit enforcement was reworked to support labels. Fixes: `86b92cb782` ("apparmor: move resource checks to using labels") Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:51:01 -07:00
John Johansen	a4c3f89c9b	apparmor: fixup secid map conversion to using IDR The IDR conversion did not handle an error case for when allocating a mapping fails, and it did not ensure that mappings did not allocate or use a 0 value, which is used as an invalid secid. Which is used when a mapping fails. Fixes: 3ae7eb49a2be ("apparmor: Use an IDR to allocate apparmor secids") Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:50:49 -07:00
Matthew Wilcox	99cc45e486	apparmor: Use an IDR to allocate apparmor secids Replace the custom usage of the radix tree to store a list of free IDs with the IDR. Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:50:49 -07:00
Tyler Hicks	52e8c38001	apparmor: Fix memory leak of rule on error exit path Currently on the error exit path the allocated rule is not free'd causing a memory leak. Fix this by calling aa_audit_rule_free(). Detected by CoverityScan, CID#1468966 ("Resource leaks") Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile stacks") Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:50:48 -07:00
John Johansen	2ab47dae54	apparmor: modify audit rule support to support profile stacks Allows for audit rules, where a rule could specify a profile stack A//&B, while extending the current semantic so if the label specified in the audit rule is a subset of the secid it is considered a match. Eg. if the secid resolves to the label stack A//&B//&C Then an audit rule specifying a label of A - would match B - would match C - would match D - would not A//&B - would match as a subset A//&C - would match as a subset B//&C - would match as a subset A//&B//&C - would match A//&D - would not match, because while A does match, D is also specified and does not Note: audit rules are currently assumed to be coming from the root namespace. Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:50:48 -07:00
Matthew Garrett	e79c26d040	apparmor: Add support for audit rule filtering This patch adds support to Apparmor for integrating with audit rule filtering. Right now it only handles SUBJ_ROLE, interpreting it as a single component of a label. This is sufficient to get Apparmor working with IMA's appraisal rules without any modifications on the IMA side. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:50:47 -07:00
Andy Shevchenko	5d8779a5cd	apparmor: Convert to use match_string() helper The new helper returns index of the matching string in an array. We are going to use it here. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Jay Freyensee <why2jjj.linux@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-06-07 01:50:40 -07:00
John Johansen	38125c2c2b	apparmor: improve get_buffers macro by using get_cpu_ptr Refactor get_buffers so the cpu_ptr can be obtained in the outer layer, instead of inside the macro. This also enables us to cleanup the code and use get_cpu_ptr, to handle the preempt_disable() Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>	2018-06-07 01:49:21 -07:00
John Johansen	52e7128ebb	apparmor: fix 'seclen' is never less than zero smatch warnings: security/apparmor/secid.c:162 apparmor_secid_to_secctx() warn: unsigned 'seclen' is never less than zero. vim +162 security/apparmor/secid.c 140 141 int apparmor_secid_to_secctx(u32 secid, char *secdata, u32 seclen) 142 { 143 /* TODO: cache secctx and ref count so we don't have to recreate / 144 struct aa_label label = aa_secid_to_label(secid); 145 146 AA_BUG(!secdata); 147 AA_BUG(!seclen); 148 149 if (!label) 150 return -EINVAL; 151 152 if (secdata) 153 seclen = aa_label_asxprint(secdata, root_ns, label, 154 FLAG_SHOW_MODE \| FLAG_VIEW_SUBNS \| 155 FLAG_HIDDEN_UNCONFINED \| 156 FLAG_ABS_ROOT, GFP_ATOMIC); 157 else 158 seclen = aa_label_snxprint(NULL, 0, root_ns, label, 159 FLAG_SHOW_MODE \| FLAG_VIEW_SUBNS \| 160 FLAG_HIDDEN_UNCONFINED \| 161 FLAG_ABS_ROOT); > 162 if (*seclen < 0) 163 return -ENOMEM; 164 165 return 0; 166 } 167 Fixes: `c092921219` ("apparmor: add support for mapping secids and using secctxes") Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-05-08 08:34:08 -07:00
Zygmunt Krynicki	3107e8cb92	apparmor: fix typo "preconfinement" Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-05-03 00:50:46 -07:00
Zygmunt Krynicki	68a1a0c68c	apparmor: fix typo "independent" Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-05-03 00:50:30 -07:00
Zygmunt Krynicki	5d2371e123	apparmor: fix typo "traverse" Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-05-03 00:50:12 -07:00
Zygmunt Krynicki	69ad4a44a2	apparmor: fix typo "type" Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-05-03 00:49:56 -07:00

1 2 3 4 5 ...

473 Commits