kernel/linux.git/security/apparmor/label.c, branch v4.14.58

apparmor: fix incorrect type assignment when freeing proxies

2017-09-22T20:00:58+00:00

sparse reports poisoning the proxy->label before freeing the struct is resulting in a sparse build warning. ../security/apparmor/label.c:52:30: warning: incorrect type in assignment (different address spaces) ../security/apparmor/label.c:52:30: expected struct aa_label [noderef] *label ../security/apparmor/label.c:52:30: got struct aa_label * fix with RCU_INIT_POINTER as this is one of those cases where rcu_assign_pointer() is not needed. Signed-off-by: John Johansen

apparmor: add support for absolute root view based labels

2017-09-22T20:00:58+00:00

With apparmor policy virtualization based on policy namespace View's we don't generally want/need absolute root based views, however there are cases like debugging and some secid based conversions where using a root based view is important. Signed-off-by: John Johansen Acked-by: Seth Arnold

apparmor: cleanup conditional check for label in label_print

2017-09-22T20:00:57+00:00

Signed-off-by: John Johansen Acked-by: Seth Arnold

apparmor: Redundant condition: prev_ns. in [label.c:1498]

2017-09-22T20:00:57+00:00

Reported-by: David Binderman Signed-off-by: John Johansen

apparmor: add the base fns() for domain labels

2017-06-11T00:11:38+00:00

Begin moving apparmor to using broader domain labels, that will allow run time computation of domain type splitting via "stacking" of profiles into a domain label vec. Signed-off-by: John Johansen