Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.132 2023-11-28T17:20:07+00:00 2023-11-28T17:20:07+00:00 John Johansen john.johansen@canonical.com 2022-09-20T03:48:48+00:00 urn:sha1:690f33e1edf5cd996b54094409de0067ae3fa216 [ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ] The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-10-03T21:49:04+00:00 Xiu Jianfeng xiujianfeng@huawei.com 2022-09-14T07:46:07+00:00 urn:sha1:65f7f666f21ce374628d58b3cc48515070f31e72 Make __aa_path_perm() static as it's only used inside apparmor/file.c. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:04+00:00 John Johansen john.johansen@canonical.com 2022-09-06T06:53:29+00:00 urn:sha1:0bece4fa97a2bd397da66d4fced78f76eb214a3e accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-07-16T10:29:19+00:00 urn:sha1:ae6d35ed0a481824a8730c39d5b319c8a76ea00e Allow the xindex to have 2^24 entries. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-05-16T11:37:08+00:00 urn:sha1:b06a62ebf5a3f041b22def1608f1a8ab9bbfa951 Now that the permission remapping macros aren't needed anywhere except during profile unpack, move them. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2022-01-17T21:43:49+00:00 urn:sha1:33fc95d8293cfca352ac875668857293e22d7d51 Convert from an unsigned int to a state_t for state position. This is a step in prepping for the state position carrying some additional flags, and a limited form of backtracking to support variables. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:03+00:00 John Johansen john.johansen@canonical.com 2020-11-19T18:37:48+00:00 urn:sha1:53bdc46f4bdd20d477afb374767cabe627fd04ae file_rules and policydb are almost the same and will need the same features in the future so combine them. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:02+00:00 John Johansen john.johansen@canonical.com 2020-11-12T18:07:25+00:00 urn:sha1:754f209b811ac462e00ed0f79b48047c446f5c43 fperm computation is only needed during policy_unpack so move the code there to isolate it fromt the run time code. Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-10-03T21:49:02+00:00 Mike Salvatore mike.salvatore@canonical.com 2020-03-30T20:43:29+00:00 urn:sha1:408d53e923bd852d5d80243a642004163db53a87 Rather than computing file permissions for each file access, file permissions can be computed once on profile load and stored for lookup. Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2022-07-19T09:57:15+00:00 John Johansen john.johansen@canonical.com 2022-03-25T12:20:02+00:00 urn:sha1:f567e7fada03d4c9c5f646a439ad2356371c4147 The policydb permission set has left the xbits unused. Make them available for mediation. Signed-off-by: John Johansen <john.johansen@canonical.com>