Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2023-10-18T22:30:38+00:00 2023-10-18T22:30:38+00:00 John Johansen john.johansen@canonical.com 2022-09-20T03:48:48+00:00 urn:sha1:90c436a64a6e20482a9a613c47eb4af2e8a5328e The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-08-08T20:16:13+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2023-07-25T14:12:59+00:00 urn:sha1:980a5808686e29f4e2b3cd412a9e0c9ebaac2910 After changes in commit 33bf60cabcc7 ("LSM: Infrastructure management of the file security"), aa_alloc_file_ctx() and aa_free_file_ctx() are no longer used, so remove them, and also remove aa_get_file_label() because it seems that it's never been used before. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2022-09-14T07:46:07+00:00 urn:sha1:65f7f666f21ce374628d58b3cc48515070f31e72 Make __aa_path_perm() static as it's only used inside apparmor/file.c. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-09-06T06:53:29+00:00 urn:sha1:0bece4fa97a2bd397da66d4fced78f76eb214a3e accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-07-16T10:29:19+00:00 urn:sha1:ae6d35ed0a481824a8730c39d5b319c8a76ea00e Allow the xindex to have 2^24 entries. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-05-16T11:37:08+00:00 urn:sha1:b06a62ebf5a3f041b22def1608f1a8ab9bbfa951 Now that the permission remapping macros aren't needed anywhere except during profile unpack, move them. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-01-17T21:43:49+00:00 urn:sha1:33fc95d8293cfca352ac875668857293e22d7d51 Convert from an unsigned int to a state_t for state position. This is a step in prepping for the state position carrying some additional flags, and a limited form of backtracking to support variables. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2020-11-19T18:37:48+00:00 urn:sha1:53bdc46f4bdd20d477afb374767cabe627fd04ae file_rules and policydb are almost the same and will need the same features in the future so combine them. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:02+00:00 John Johansen john.johansen@canonical.com 2020-11-12T18:07:25+00:00 urn:sha1:754f209b811ac462e00ed0f79b48047c446f5c43 fperm computation is only needed during policy_unpack so move the code there to isolate it fromt the run time code. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:02+00:00 Mike Salvatore mike.salvatore@canonical.com 2020-03-30T20:43:29+00:00 urn:sha1:408d53e923bd852d5d80243a642004163db53a87 Rather than computing file permissions for each file access, file permissions can be computed once on profile load and stored for lookup. Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>