kernel/linux.git/security/apparmor/ipc.c, branch v6.1.168

apparmor: move ptrace mediation to more logical task.{h,c}

2022-07-19T11:14:22+00:00

AppArmor split out task oriented controls to their own logical file a while ago. Ptrace mediation is better grouped with task than ipc, so move it. Signed-off-by: John Johansen

audit: purge audit_log_string from the intra-kernel audit API

2020-07-21T15:12:31+00:00

audit_log_string() was inteded to be an internal audit function and since there are only two internal uses, remove them. Purge all external uses of it by restructuring code to use an existing audit_log_format() or using audit_log_format(). Please see the upstream issue https://github.com/linux-audit/audit-kernel/issues/84 Signed-off-by: Richard Guy Briggs Signed-off-by: Paul Moore

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441

2019-06-05T15:37:17+00:00

Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner Reviewed-by: Allison Randal Reviewed-by: Armijn Hemel Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman

LSM: generalize flag passing to security_capable

2019-01-10T22:16:06+00:00

This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton Reviewed-by: Kees Cook Signed-off-by: James Morris

apparmor: move context.h to cred.h

2018-02-09T19:30:01+00:00

Now that file contexts have been moved into file, and task context fns() and data have been split from the context, only the cred context remains in context.h so rename to cred.h to better reflect what it deals with. Signed-off-by: John Johansen

apparmor: audit unknown signal numbers

2018-02-09T19:30:01+00:00

Allow apparmor to audit the number of a signal that it does not provide a mapping for and is currently being reported only as unknown. Signed-off-by: John Johansen

apparmor: make signal label match work when matching stacked labels

2018-02-09T19:30:01+00:00

Given a label with a profile stack of A//&B or A//&C ... A ptrace rule should be able to specify a generic trace pattern with a rule like signal send A//&**, however this is failing because while the correct label match routine is called, it is being done post label decomposition so it is always being done against a profile instead of the stacked label. To fix this refactor the cross check to pass the full peer label in to the label_match. Signed-off-by: John Johansen

apparmor: fix logging of the existence test for signals

2018-02-09T19:30:00+00:00

The existence test is not being properly logged as the signal mapping maps it to the last entry in the named signal table. This is done to help catch bugs by making the 0 mapped signal value invalid so that we can catch the signal value not being filled in. When fixing the off-by-one comparision logic the reporting of the existence test was broken, because the logic behind the mapped named table was hidden. Fix this by adding a define for the name lookup and using it. Cc: Stable Fixes: f7dc4c9a855a1 ("apparmor: fix off-by-one comparison on MAXMAPPED_SIG") Signed-off-by: John Johansen

apparmor: fix ptrace label match when matching stacked labels

2018-01-12T23:49:59+00:00

Given a label with a profile stack of A//&B or A//&C ... A ptrace rule should be able to specify a generic trace pattern with a rule like ptrace trace A//&**, however this is failing because while the correct label match routine is called, it is being done post label decomposition so it is always being done against a profile instead of the stacked label. To fix this refactor the cross check to pass the full peer label in to the label_match. Fixes: 290f458a4f16 ("apparmor: allow ptrace checks to be finer grained than just capability") Cc: Stable Reported-by: Matthew Garrett Tested-by: Matthew Garrett Signed-off-by: John Johansen

apparmor: fix off-by-one comparison on MAXMAPPED_SIG

2017-11-08T18:56:22+00:00

This came in yesterday, and I have verified our regression tests were missing this and it can cause an oops. Please apply. There is a an off-by-one comparision on sig against MAXMAPPED_SIG that can lead to a read outside the sig_map array if sig is MAXMAPPED_SIG. Fix this. Verified that the check is an out of bounds case that can cause an oops. Revised: add comparison fix to second case Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals") Signed-off-by: Colin Ian King Signed-off-by: John Johansen Signed-off-by: Linus Torvalds