kernel/linux.git/security/apparmor/include/policy.h, branch v6.1.168Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.1.1682022-07-19T09:55:45+00:00apparmor: allow label to carry debug flags2022-07-19T09:55:45+00:00John Johansenjohn.johansen@canonical.com2022-03-26T08:46:18+00:00urn:sha1:c1ed5da197652318341fd36333d45e8e6d5c3359
Allow labels to have debug flags that can be used to trigger debug output
only from profiles/labels that are marked. This can help reduce debug
output by allowing debug to be target to a specific confinement condition.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: fix overlapping attachment computation2022-07-19T09:52:36+00:00John Johansenjohn.johansen@canonical.com2022-03-26T08:58:15+00:00urn:sha1:2504db207146543736e877241f3b3de005cbe056
When finding the profile via patterned attachments, the longest left
match is being set to the static compile time value and not using the
runtime computed value.
Fix this by setting the candidate value to the greater of the
precomputed value or runtime computed value.
Fixes: 21f606610502 ("apparmor: improve overlapping domain attachment resolution")
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: update policy capable checks to use a label2021-02-07T12:13:54+00:00John Johansenjohn.johansen@canonical.com2020-07-01T00:00:11+00:00urn:sha1:92de220a7f336367127351da58cff691da5bb17b
Previously the policy capable checks assumed they were using the
current task. Make them take the task label so the query can be
made against an arbitrary task.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: fix PROFILE_MEDIATES for untrusted input2019-06-18T23:04:16+00:00John Johansenjohn.johansen@canonical.com2019-05-26T13:42:23+00:00urn:sha1:23375b13f98c5464c2b4d15f983cc062940f1f4e
While commit 11c236b89d7c2 ("apparmor: add a default null dfa") ensure
every profile has a policy.dfa it does not resize the policy.start[]
to have entries for every possible start value. Which means
PROFILE_MEDIATES is not safe to use on untrusted input. Unforunately
commit b9590ad4c4f2 ("apparmor: remove POLICY_MEDIATES_SAFE") did not
take into account the start value usage.
The input string in profile_query_cb() is user controlled and is not
properly checked to be within the limited start[] entries, even worse
it can't be as userspace policy is allowed to make us of entries types
the kernel does not know about. This mean usespace can currently cause
the kernel to access memory up to 240 entries beyond the start array
bounds.
Cc: stable@vger.kernel.org
Fixes: b9590ad4c4f2 ("apparmor: remove POLICY_MEDIATES_SAFE")
Signed-off-by: John Johansen <john.johansen@canonical.com>
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 4412019-06-05T15:37:17+00:00Thomas Gleixnertglx@linutronix.de2019-06-01T08:08:55+00:00urn:sha1:b886d83c5b621abc84ff9616f14c529be3f6b147
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation version 2 of the license
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 315 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Armijn Hemel <armijn@tjaldur.nl>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
apparmor: Parse secmark policy2018-10-03T13:18:38+00:00Matthew Garrettmjg59@google.com2018-05-24T20:27:46+00:00urn:sha1:9caafbe2b4cf4c635826a2832e93cf648605de8b
Add support for parsing secmark policy provided by userspace, and
store that in the overall policy.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: remove POLICY_MEDIATES_SAFE2018-03-14T00:25:49+00:00John Johansenjohn.johansen@canonical.com2018-03-03T09:59:02+00:00urn:sha1:b9590ad4c4f2fedc364016613f2af74ea7758bea
The unpack code now makes sure every profile has a dfa so the safe
version of POLICY_MEDIATES is no longer needed.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: add base infastructure for socket mediation2018-03-14T00:25:48+00:00John Johansenjohn.johansen@canonical.com2017-07-19T06:18:33+00:00urn:sha1:56974a6fcfef69ee0825bd66ed13e92070ac5224
version 2 - Force an abi break. Network mediation will only be
available in v8 abi complaint policy.
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.
the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]
DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )
PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
eg.
network,
network inet,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: convert attaching profiles via xattrs to use dfa matching2018-02-09T19:30:02+00:00John Johansenjohn.johansen@canonical.com2017-12-12T23:28:05+00:00urn:sha1:73f488cd903938e78979d50e081a0314ad142351
This converts profile attachment based on xattrs to a fixed extended
conditional using dfa matching.
This has a couple of advantages
- pattern matching can be used for the xattr match
- xattrs can be optional for an attachment or marked as required
- the xattr attachment conditional will be able to be combined with
other extended conditionals when the flexible extended conditional
work lands.
The xattr fixed extended conditional is appended to the xmatch
conditional. If an xattr attachment is specified the profile xmatch
will be generated regardless of whether there is a pattern match on
the executable name.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
apparmor: Add support for attaching profiles via xattr, presence and value2018-02-09T19:30:02+00:00Matthew Garrettmjg59@google.com2018-02-08T20:37:19+00:00urn:sha1:8e51f9087f4024d20f70f4d9831e1f45d8088331
Make it possible to tie Apparmor profiles to the presence of one or more
extended attributes, and optionally their values. An example usecase for
this is to automatically transition to a more privileged Apparmor profile
if an executable has a valid IMA signature, which can then be appraised
by the IMA subsystem.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>