kernel/linux.git/security/apparmor/include/audit.h, branch v6.6.31Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.312023-11-28T17:20:07+00:00apparmor: pass cred through to audit info.2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-20T03:48:48+00:00urn:sha1:690f33e1edf5cd996b54094409de0067ae3fa216
[ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ]
The cred is needed to properly audit some messages, and will be needed
in the future for uid conditional mediation. So pass it through to
where the apparmor_audit_data struct gets defined.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: rename audit_data->label to audit_data->subj_label2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-19T07:46:09+00:00urn:sha1:30b3669d40ad2400dfac75d1250596b5b0cb241b
[ Upstream commit d20f5a1a6e792d22199c9989ec7ab9e95c48d60c ]
rename audit_data's label field to subj_label to better reflect its
use. Also at the same time drop unneeded assignments to ->subj_label
as the later call to aa_check_perms will do the assignment if needed.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: combine common_audit_data and apparmor_audit_data2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-14T07:20:12+00:00urn:sha1:c57bc80f4508acd8c52bd89b01d324889065320d
[ Upstream commit bd7bd201ca46c211c3ab251ca9854787d1331a2f ]
Everywhere where common_audit_data is used apparmor audit_data is also
used. We can simplify the code and drop the use of the aad macro
everywhere by combining the two structures.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: add mediation class information to auditing2022-10-03T21:49:03+00:00John Johansenjohn.johansen@canonical.com2022-04-19T23:25:55+00:00urn:sha1:8c4b785a86be1219f7d50f7b38266c454d6a9bbc
Audit messages currently don't contain the mediation class which can
make them less clear than they should be in some circumstances. With
newer mediation classes coming this potential confusion will become
worse.
Fix this by adding the mediatin class to the messages.
Signed-off-by: John Johansen <john.johansen@canonical.com>
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 4412019-06-05T15:37:17+00:00Thomas Gleixnertglx@linutronix.de2019-06-01T08:08:55+00:00urn:sha1:b886d83c5b621abc84ff9616f14c529be3f6b147
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation version 2 of the license
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 315 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Armijn Hemel <armijn@tjaldur.nl>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
audit: remove unused actx param from audit_rule_match2019-02-01T04:00:15+00:00Richard Guy Briggsrgb@redhat.com2019-01-31T16:52:11+00:00urn:sha1:90462a5bd30c6ed91c6758e59537d047d7878ff9
The audit_rule_match() struct audit_context *actx parameter is not used
by any in-tree consumers (selinux, apparmour, integrity, smack).
The audit context is an internal audit structure that should only be
accessed by audit accessor functions.
It was part of commit 03d37d25e0f9 ("LSM/Audit: Introduce generic
Audit LSM hooks") but appears to have never been used.
Remove it.
Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/107
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: fixed the referenced commit title]
Signed-off-by: Paul Moore <paul@paul-moore.com>
apparmor: Add support for audit rule filtering2018-06-07T08:50:47+00:00Matthew Garrettmjg59@google.com2018-04-16T18:23:58+00:00urn:sha1:e79c26d04043b15de64f082d4da52e9fff7ca607
This patch adds support to Apparmor for integrating with audit rule
filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
single component of a label. This is sufficient to get Apparmor working
with IMA's appraisal rules without any modifications on the IMA side.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: add base infastructure for socket mediation2018-03-14T00:25:48+00:00John Johansenjohn.johansen@canonical.com2017-07-19T06:18:33+00:00urn:sha1:56974a6fcfef69ee0825bd66ed13e92070ac5224
version 2 - Force an abi break. Network mediation will only be
available in v8 abi complaint policy.
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.
the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]
DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )
PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
eg.
network,
network inet,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: audit unknown signal numbers2018-02-09T19:30:01+00:00John Johansenjohn.johansen@canonical.com2018-02-01T11:32:02+00:00urn:sha1:3acfd5f54ca16c15c36ac2f218357f2707b7edb8
Allow apparmor to audit the number of a signal that it does not
provide a mapping for and is currently being reported only as
unknown.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: fix resource audit messages when auditing peer2018-02-09T19:30:00+00:00John Johansenjohn.johansen@canonical.com2018-02-09T12:57:39+00:00urn:sha1:b5beb07ad32ab533027aa988d96a44965ec116f7
Resource auditing is using the peer field which is not available
when the rlim data struct is used, because it is a different element
of the same union. Accessing peer during resource auditing could
cause garbage log entries or even oops the kernel.
Move the rlim data block into the same struct as the peer field
so they can be used together.
CC: <stable@vger.kernel.org>
Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>