kernel/linux.git/security/apparmor/include, branch v6.1.85

apparmor: Free up __cleanup() name

2024-02-23T08:12:51+00:00

commit 9a1f37ebcfe061721564042254719dc8fd5c9fa0 upstream. In order to use __cleanup for __attribute__((__cleanup__(func))) the name must not be used for anything else. Avoid the conflict. Signed-off-by: Peter Zijlstra (Intel) Acked-by: John Johansen Link: https://lkml.kernel.org/r/20230612093537.536441207%40infradead.org Signed-off-by: Greg Kroah-Hartman

apparmor: test: make static symbols visible during kunit testing

2023-11-20T10:52:09+00:00

[ Upstream commit b11e51dd70947107fa4076c6286dce301671afc1 ] Use macros, VISIBLE_IF_KUNIT and EXPORT_SYMBOL_IF_KUNIT, to allow static symbols to be conditionally set to be visible during apparmor_policy_unpack_test, which removes the need to include the testing file in the implementation file. Change the namespace of the symbols that are now conditionally visible (by adding the prefix aa_) to avoid confusion with symbols of the same name. Allow the test to be built as a module and namespace the module name from policy_unpack_test to apparmor_policy_unpack_test to improve clarity of the module name. Provide an example of how static symbols can be dealt with in testing. Signed-off-by: Rae Moar Reviewed-by: David Gow Acked-by: John Johansen Signed-off-by: Shuah Khan Stable-dep-of: 8884ba07786c ("apparmor: fix invalid reference on profile->disconnected") Signed-off-by: Sasha Levin

apparmor: move ptrace mediation to more logical task.{h,c}

2022-07-19T11:14:22+00:00

AppArmor split out task oriented controls to their own logical file a while ago. Ptrace mediation is better grouped with task than ipc, so move it. Signed-off-by: John Johansen

apparmor: extend policydb permission set by making use of the xbits

2022-07-19T09:57:15+00:00

The policydb permission set has left the xbits unused. Make them available for mediation. Signed-off-by: John Johansen

apparmor: allow label to carry debug flags

2022-07-19T09:55:45+00:00

Allow labels to have debug flags that can be used to trigger debug output only from profiles/labels that are marked. This can help reduce debug output by allowing debug to be target to a specific confinement condition. Signed-off-by: John Johansen

apparmor: fix overlapping attachment computation

2022-07-19T09:52:36+00:00

When finding the profile via patterned attachments, the longest left match is being set to the static compile time value and not using the runtime computed value. Fix this by setting the candidate value to the greater of the precomputed value or runtime computed value. Fixes: 21f606610502 ("apparmor: improve overlapping domain attachment resolution") Signed-off-by: John Johansen

apparmor: disable showing the mode as part of a secid to secctx

2022-07-14T00:18:29+00:00

Displaying the mode as part of the seectx takes up unnecessary memory, makes it so we can't use refcounted secctx so we need to alloc/free on every conversion from secid to secctx and introduces a space that could be potentially mishandled by tooling. Eg. In an audit record we get subj_type=firefix (enforce) Having the mode reported is not necessary, and might even be confusing eg. when writing an audit rule to match the above record field you would use -F subj_type=firefox ie. the mode is not included. AppArmor provides ways to find the mode without reporting as part of the secctx. So disable this by default before its use is wide spread and we can't. For now we add a sysctl to control the behavior as we can't guarantee no one is using this. Acked-by: Andrea Righi Signed-off-by: John Johansen

apparmor: Convert secid mapping to XArrays instead of IDR

2022-07-14T00:16:02+00:00

XArrays are a better match than IDR for how AppArmor is mapping secids. Specifically AppArmor is trying to keep the allocation dense. XArrays also have the advantage of avoiding the complexity IDRs preallocation. In addition this avoids/fixes a lockdep issue raised in the LKML thread "Linux 5.18-rc4" where there is a report of an interaction between apparmor and IPC, this warning may have been spurious as the reported issue is in a per-cpu local lock taken by the IDR. With the one side in the IPC id allocation and the other in AppArmor's secid allocation. Description by John Johansen Message-Id: <226cee6a-6ca1-b603-db08-8500cd8f77b7@gnuweeb.org> Signed-off-by: Matthew Wilcox Signed-off-by: John Johansen

apparmor: add a kernel label to use on kernel objects

2022-07-13T23:37:21+00:00

Separate kernel objects from unconfined. This is done so we can distinguish between the two in debugging, auditing and in preparation for being able to replace unconfined, which is not appropriate for the kernel. The kernel label will continue to behave similar to unconfined. Acked-by: Jon Tourville Signed-off-by: John Johansen

apparmor: make export of raw binary profile to userspace optional

2022-07-09T22:13:59+00:00

Embedded systems have limited space and don't need the introspection or checkpoint restore capability provided by exporting the raw profile binary data so make it so make it a config option. This will reduce run time memory use and also speed up policy loads. Signed-off-by: John Johansen