Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.21 2025-05-17T08:52:25+00:00 2025-05-17T08:52:25+00:00 Randy Dunlap rdunlap@infradead.org 2025-05-03T04:49:19+00:00 urn:sha1:a949b46e7d82ef0fed09aa0590442156d44d39b1 Fix kernel-doc warnings in apparmor header files as reported by scripts/kernel-doc: cred.h:128: warning: expecting prototype for end_label_crit_section(). Prototype was for end_current_label_crit_section() instead file.h:108: warning: expecting prototype for aa_map_file_perms(). Prototype was for aa_map_file_to_perms() instead lib.h:159: warning: Function parameter or struct member 'hname' not described in 'basename' lib.h:159: warning: Excess function parameter 'name' description in 'basename' match.h:21: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * The format used for transition tables is based on the GNU flex table perms.h:109: warning: Function parameter or struct member 'accum' not described in 'aa_perms_accum_raw' perms.h:109: warning: Function parameter or struct member 'addend' not described in 'aa_perms_accum_raw' perms.h:136: warning: Function parameter or struct member 'accum' not described in 'aa_perms_accum' perms.h:136: warning: Function parameter or struct member 'addend' not described in 'aa_perms_accum' Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Ryan Lee <ryan.lee@canonical.com> Cc: John Johansen <john.johansen@canonical.com> Cc: John Johansen <john@apparmor.net> Cc: apparmor@lists.ubuntu.com Cc: linux-security-module@vger.kernel.org Cc: Paul Moore <paul@paul-moore.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-01-18T14:47:12+00:00 John Johansen john.johansen@canonical.com 2022-09-07T19:46:30+00:00 urn:sha1:c05e705812d179f4b85aeacc34a555a42bc4f9ac Extend af_unix mediation to support fine grained controls based on the type (abstract, anonymous, fs), the address, and the labeling on the socket. This allows for using socket addresses to label and the socket and control which subjects can communicate. The unix rule format follows standard apparmor rules except that fs based unix sockets can be mediated by existing file rules. None fs unix sockets can be mediated by a unix socket rule. Where The address of an abstract unix domain socket begins with the @ character, similar to how they are reported (as paths) by netstat -x. The address then follows and may contain pattern matching and any characters including the null character. In apparmor null characters must be specified by using an escape sequence \000 or \x00. The pattern matching is the same as is used by file path matching so * will not match / even though it has no special meaning with in an abstract socket name. Eg. allow unix addr=@*, Autobound unix domain sockets have a unix sun_path assigned to them by the kernel, as such specifying a policy based address is not possible. The autobinding of sockets can be controlled by specifying the special auto keyword. Eg. allow unix addr=auto, To indicate that the rule only applies to auto binding of unix domain sockets. It is important to note this only applies to the bind permission as once the socket is bound to an address it is indistinguishable from a socket that have an addr bound with a specified name. When the auto keyword is used with other permissions or as part of a peer addr it will be replaced with a pattern that can match an autobound socket. Eg. For some kernels allow unix rw addr=auto, It is important to note, this pattern may match abstract sockets that were not autobound but have an addr that fits what is generated by the kernel when autobinding a socket. Anonymous unix domain sockets have no sun_path associated with the socket address, however it can be specified with the special none keyword to indicate the rule only applies to anonymous unix domain sockets. Eg. allow unix addr=none, If the address component of a rule is not specified then the rule applies to autobind, abstract and anonymous sockets. The label on the socket can be compared using the standard label= rule conditional. Eg. allow unix addr=@foo peer=(label=bar), see man apparmor.d for full syntax description. Signed-off-by: John Johansen <john.johansen@canonical.com> 2025-01-18T14:47:12+00:00 John Johansen john.johansen@canonical.com 2023-07-23T09:30:33+00:00 urn:sha1:2e12c5f060176ede209673e4f63ea5d0e3c5814c This is a step towards merging the file and policy state machines. With the switch to extended permissions the state machine's ACCEPT2 table became unused freeing it up to store state specific flags. The first flags to be stored are FLAG_OWNER and FLAG other which paves the way towards merging the file and policydb perms into a single permission table. Currently Lookups based on the objects ownership conditional will still need separate fns, this will be address in a following patch. Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-10-18T22:30:38+00:00 John Johansen john.johansen@canonical.com 2022-09-20T03:48:48+00:00 urn:sha1:90c436a64a6e20482a9a613c47eb4af2e8a5328e The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2023-08-08T20:16:13+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2023-07-25T14:12:59+00:00 urn:sha1:980a5808686e29f4e2b3cd412a9e0c9ebaac2910 After changes in commit 33bf60cabcc7 ("LSM: Infrastructure management of the file security"), aa_alloc_file_ctx() and aa_free_file_ctx() are no longer used, so remove them, and also remove aa_get_file_label() because it seems that it's never been used before. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2022-09-14T07:46:07+00:00 urn:sha1:65f7f666f21ce374628d58b3cc48515070f31e72 Make __aa_path_perm() static as it's only used inside apparmor/file.c. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-09-06T06:53:29+00:00 urn:sha1:0bece4fa97a2bd397da66d4fced78f76eb214a3e accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-07-16T10:29:19+00:00 urn:sha1:ae6d35ed0a481824a8730c39d5b319c8a76ea00e Allow the xindex to have 2^24 entries. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-05-16T11:37:08+00:00 urn:sha1:b06a62ebf5a3f041b22def1608f1a8ab9bbfa951 Now that the permission remapping macros aren't needed anywhere except during profile unpack, move them. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-01-17T21:43:49+00:00 urn:sha1:33fc95d8293cfca352ac875668857293e22d7d51 Convert from an unsigned int to a state_t for state position. This is a step in prepping for the state position carrying some additional flags, and a limited form of backtracking to support variables. Signed-off-by: John Johansen <john.johansen@canonical.com>