kernel/linux.git/security/apparmor/label.c, branch v6.4.15

apparmor: remove useless static inline functions

2022-10-25T05:35:11+00:00

Remove the following useless static inline functions: 1. label_is_visible() is a static function in security/apparmor/label.c, and it's not used, aa_ns_visible() can do the same things as it, so it's redundant. 2. is_deleted() is a static function in security/apparmor/file.c, and it's not used since commit aebd873e8d3e ("apparmor: refactor path name lookup and permission checks around labels"), so it's redundant. They are redundant, so remove them. Signed-off-by: Gaosheng Cui Signed-off-by: John Johansen

apparmor: Fix regression in stacking due to label flags

2022-10-03T21:49:04+00:00

The unconfined label flag is not being computed correctly. It should only be set if all the profiles in the vector are set, which is different than what is required for the debug and stale flag that are set if any on the profile flags are set. Fixes: c1ed5da19765 ("apparmor: allow label to carry debug flags") Signed-off-by: John Johansen

apparmor: refactor profile rules and attachments

2022-10-03T21:49:04+00:00

In preparation for moving from a single set of rules and a single attachment to multiple rulesets and attachments separate from the profile refactor attachment information and ruleset info into their own structures. Signed-off-by: John Johansen

apparmor: preparse for state being more than just an integer

2022-10-03T21:49:03+00:00

Convert from an unsigned int to a state_t for state position. This is a step in prepping for the state position carrying some additional flags, and a limited form of backtracking to support variables. Signed-off-by: John Johansen

apparmor: convert policy lookup to use accept as an index

2022-10-03T21:49:03+00:00

Remap polidydb dfa accept table from embedded perms to an index, and then move the perm lookup to use the accept entry as an index into the perm table. This is done so that the perm table can be separated from the dfa, allowing dfa accept to index to share expanded permission sets. Signed-off-by: John Johansen

apparmor: compute policydb permission on profile load

2022-10-03T21:49:03+00:00

Rather than computing policydb permissions for each access permissions can be computed once on profile load and stored for lookup. Signed-off-by: John Johansen

apparmor: allow label to carry debug flags

2022-07-19T09:55:45+00:00

Allow labels to have debug flags that can be used to trigger debug output only from profiles/labels that are marked. This can help reduce debug output by allowing debug to be target to a specific confinement condition. Signed-off-by: John Johansen

apparmor: fix aa_label_asxprint return check

2022-07-09T22:13:59+00:00

Clang static analysis reports this issue label.c:1802:3: warning: 2nd function call argument is an uninitialized value pr_info("%s", str); ^~~~~~~~~~~~~~~~~~ str is set from a successful call to aa_label_asxprint(&str, ...) On failure a negative value is returned, not a -1. So change the check. Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") Signed-off-by: Tom Rix Signed-off-by: John Johansen

apparmor: Fix kernel-doc

2022-07-09T22:13:59+00:00

Fix function name in security/apparmor/label.c, policy.c, procattr.c kernel-doc comment to remove some warnings found by clang(make W=1 LLVM=1). security/apparmor/label.c:499: warning: expecting prototype for aa_label_next_not_in_set(). Prototype was for __aa_label_next_not_in_set() instead security/apparmor/label.c:2147: warning: expecting prototype for __aa_labelset_udate_subtree(). Prototype was for __aa_labelset_update_subtree() instead security/apparmor/policy.c:434: warning: expecting prototype for aa_lookup_profile(). Prototype was for aa_lookupn_profile() instead security/apparmor/procattr.c:101: warning: expecting prototype for aa_setprocattr_chagnehat(). Prototype was for aa_setprocattr_changehat() instead Reported-by: Abaci Robot Signed-off-by: Yang Li Signed-off-by: John Johansen

apparmor: fix absroot causing audited secids to begin with =

2022-07-09T22:13:58+00:00

AppArmor is prefixing secids that are converted to secctx with the = to indicate the secctx should only be parsed from an absolute root POV. This allows catching errors where secctx are reparsed back into internal labels. Unfortunately because audit is using secid to secctx conversion this means that subject and object labels can result in a very unfortunate == that can break audit parsing. eg. the subj==unconfined term in the below audit message type=USER_LOGIN msg=audit(1639443365.233:160): pid=1633 uid=0 auid=1000 ses=3 subj==unconfined msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.122.1 addr=192.168.122.1 terminal=/dev/pts/1 res=success' Fix this by switch the prepending of = to a _. This still works as a special character to flag this case without breaking audit. Also move this check behind debug as it should not be needed during normal operqation. Fixes: 26b7899510ae ("apparmor: add support for absolute root view based labels") Reported-by: Casey Schaufler Signed-off-by: John Johansen