kernel/linux.git/security/apparmor/include/policy.h, branch linux-4.13.y

apparmor: switch from profiles to using labels on contexts

2017-06-11T00:11:38+00:00

Begin the actual switch to using domain labels by storing them on the context and converting the label to a singular profile where possible. Signed-off-by: John Johansen

apparmor: add fn to test if profile supports a given mediation class

2017-06-11T00:11:29+00:00

Signed-off-by: John Johansen

apparmor: provide finer control over policy management

2017-06-11T00:11:20+00:00

Signed-off-by: John Johansen

apparmor: move permissions into their own file to be more easily shared

2017-06-08T19:51:53+00:00

Signed-off-by: John Johansen

apparmor: allow profiles to provide info to disconnected paths

2017-06-08T18:29:34+00:00

Signed-off-by: John Johansen

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2017-02-21T20:49:56+00:00

Pull security layer updates from James Morris: "Highlights: - major AppArmor update: policy namespaces & lots of fixes - add /sys/kernel/security/lsm node for easy detection of loaded LSMs - SELinux cgroupfs labeling support - SELinux context mounts on tmpfs, ramfs, devpts within user namespaces - improved TPM 2.0 support" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (117 commits) tpm: declare tpm2_get_pcr_allocation() as static tpm: Fix expected number of response bytes of TPM1.2 PCR Extend tpm xen: drop unneeded chip variable tpm: fix misspelled "facilitate" in module parameter description tpm_tis: fix the error handling of init_tis() KEYS: Use memzero_explicit() for secret data KEYS: Fix an error code in request_master_key() sign-file: fix build error in sign-file.c with libressl selinux: allow changing labels for cgroupfs selinux: fix off-by-one in setprocattr tpm: silence an array overflow warning tpm: fix the type of owned field in cap_t tpm: add securityfs support for TPM 2.0 firmware event log tpm: enhance read_log_of() to support Physical TPM event log tpm: enhance TPM 2.0 PCR extend to support multiple banks tpm: implement TPM 2.0 capability to get active PCR banks tpm: fix RC value check in tpm2_seal_trusted tpm_tis: fix iTPM probe via probe_itpm() function tpm: Begin the process to deprecate user_read_timer tpm: remove tpm_read_index and tpm_write_index from tpm.h ...

apparmor: support querying extended trusted helper extra data

2017-01-16T09:18:51+00:00

Allow a profile to carry extra data that can be queried via userspace. This provides a means to store extra data in a profile that a trusted helper can extract and use from live policy. Signed-off-by: William Hua Signed-off-by: John Johansen

apparmor: change op from int to const char *

2017-01-16T09:18:46+00:00

Having ops be an integer that is an index into an op name table is awkward and brittle. Every op change requires an edit for both the op constant and a string in the table. Instead switch to using const strings directly, eliminating the need for the table that needs to be kept in sync. Signed-off-by: John Johansen

apparmor: pass the subject profile into profile replace/remove

2017-01-16T09:18:43+00:00

This is just setup for new ns specific .load, .replace, .remove interface files. Signed-off-by: John Johansen

apparmor: allow introspecting the loaded policy pre internal transform

2017-01-16T09:18:42+00:00

Store loaded policy and allow introspecting it through apparmorfs. This has several uses from debugging, policy validation, and policy checkpoint and restore for containers. Signed-off-by: John Johansen