kernel/linux.git/security/apparmor/domain.c, branch v6.12.81

apparmor: fix x_table_lookup when stacking is not the first entry

2025-08-20T16:30:47+00:00

[ Upstream commit a9eb185be84e998aa9a99c7760534ccc06216705 ] x_table_lookup currently does stacking during label_parse() if the target specifies a stack but its only caller ensures that it will never be used with stacking. Refactor to slightly simplify the code in x_to_label(), this also fixes a long standing problem where x_to_labels check on stacking is only on the first element to the table option list, instead of the element that is found and used. Signed-off-by: John Johansen Signed-off-by: Sasha Levin

apparmor: declare stack_msg as static

2023-11-19T08:48:12+00:00

stack_msg in upstream code is only used in securit/apparmor/domain.c so declare it as static. Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-kbuild-all/202311092251.TwKSNZ0u-lkp@intel.com/ Signed-off-by: John Johansen

apparmor: Fix one kernel-doc comment

2023-10-23T07:26:05+00:00

Fix one kernel-doc comment to silence the warnings: security/apparmor/domain.c:46: warning: Function parameter or member 'to_cred' not described in 'may_change_ptraced_domain' security/apparmor/domain.c:46: warning: Excess function parameter 'cred' description in 'may_change_ptraced_domain' Reported-by: Abaci Robot Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=7036 Signed-off-by: Yang Li Signed-off-by: John Johansen

apparmor: allow restricting unprivileged change_profile

2023-10-18T22:48:44+00:00

unprivileged unconfined can use change_profile to alter the confinement set by the mac admin. Allow restricting unprivileged unconfined by still allowing change_profile but stacking the change against unconfined. This allows unconfined to still apply system policy but allows the task to enter the new confinement. If unprivileged unconfined is required a sysctl is provided to switch to the previous behavior. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: refcount the pdb

2023-10-18T22:30:47+00:00

With the move to permission tables the dfa is no longer a stand alone entity when used, needing a minimum of a permission table. However it still could be shared among different pdbs each using a different permission table. Instead of duping the permission table when sharing a pdb, add a refcount to the pdb so it can be easily shared. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: pass cred through to audit info.

2023-10-18T22:30:38+00:00

The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: Fix kernel-doc warnings in apparmor/domain.c

2023-07-10T08:06:04+00:00

Fix kernel-doc warnings: security/apparmor/domain.c:279: warning: Function parameter or member 'perms' not described in 'change_profile_perms' security/apparmor/domain.c:380: warning: Function parameter or member 'bprm' not described in 'find_attach' security/apparmor/domain.c:380: warning: Function parameter or member 'head' not described in 'find_attach' security/apparmor/domain.c:380: warning: Function parameter or member 'info' not described in 'find_attach' security/apparmor/domain.c:380: warning: Function parameter or member 'name' not described in 'find_attach' security/apparmor/domain.c:558: warning: Function parameter or member 'info' not described in 'x_to_label' Signed-off-by: Gaosheng Cui Signed-off-by: John Johansen

apparmor: make aa_set_current_onexec return void

2023-07-10T00:30:51+00:00

Change the return type to void since it always return 0, and no need to do the checking in aa_set_current_onexec. Signed-off-by: Quanfa Fu Reviewed-by: "Tyler Hicks (Microsoft)" Signed-off-by: John Johansen

fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap

2023-01-19T08:24:29+00:00

Convert to struct mnt_idmap. Remove legacy file_mnt_user_ns() and mnt_user_ns(). Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner Reviewed-by: Christoph Hellwig Signed-off-by: Christian Brauner (Microsoft)

fs: port ->permission() to pass mnt_idmap

2023-01-19T08:24:28+00:00

Convert to struct mnt_idmap. Last cycle we merged the necessary infrastructure in 256c8aed2b42 ("fs: introduce dedicated idmap type for mounts"). This is just the conversion to struct mnt_idmap. Currently we still pass around the plain namespace that was attached to a mount. This is in general pretty convenient but it makes it easy to conflate namespaces that are relevant on the filesystem with namespaces that are relevent on the mount level. Especially for non-vfs developers without detailed knowledge in this area this can be a potential source for bugs. Once the conversion to struct mnt_idmap is done all helpers down to the really low-level helpers will take a struct mnt_idmap argument instead of two namespace arguments. This way it becomes impossible to conflate the two eliminating the possibility of any bugs. All of the vfs and all filesystems only operate on struct mnt_idmap. Acked-by: Dave Chinner Reviewed-by: Christoph Hellwig Signed-off-by: Christian Brauner (Microsoft)