kernel/linux.git/security/apparmor/task.c, branch v6.6.132Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.1322023-11-28T17:20:07+00:00apparmor: pass cred through to audit info.2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-20T03:48:48+00:00urn:sha1:690f33e1edf5cd996b54094409de0067ae3fa216
[ Upstream commit 90c436a64a6e20482a9a613c47eb4af2e8a5328e ]
The cred is needed to properly audit some messages, and will be needed
in the future for uid conditional mediation. So pass it through to
where the apparmor_audit_data struct gets defined.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: rename audit_data->label to audit_data->subj_label2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-19T07:46:09+00:00urn:sha1:30b3669d40ad2400dfac75d1250596b5b0cb241b
[ Upstream commit d20f5a1a6e792d22199c9989ec7ab9e95c48d60c ]
rename audit_data's label field to subj_label to better reflect its
use. Also at the same time drop unneeded assignments to ->subj_label
as the later call to aa_check_perms will do the assignment if needed.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: combine common_audit_data and apparmor_audit_data2023-11-28T17:20:07+00:00John Johansenjohn.johansen@canonical.com2022-09-14T07:20:12+00:00urn:sha1:c57bc80f4508acd8c52bd89b01d324889065320d
[ Upstream commit bd7bd201ca46c211c3ab251ca9854787d1331a2f ]
Everywhere where common_audit_data is used apparmor audit_data is also
used. We can simplify the code and drop the use of the aad macro
everywhere by combining the two structures.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
apparmor: Simplify obtain the newest label on a cred2022-10-03T21:49:04+00:00Gaosheng Cuicuigaosheng1@huawei.com2022-09-23T09:21:18+00:00urn:sha1:adaa9a3f72e6f98538bfac54f6dc4afc0537f410
In aa_get_task_label(), aa_get_newest_cred_label(__task_cred(task))
can do the same things as aa_get_newest_label(__aa_task_raw_label(task)),
so we can replace it and remove __aa_task_raw_label() to simplify the code.
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: rework profile->rules to be a list2022-10-03T21:49:04+00:00John Johansenjohn.johansen@canonical.com2022-09-06T03:47:36+00:00urn:sha1:1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590
Convert profile->rules to a list as the next step towards supporting
multiple rulesets in a profile. For this step only support a single
list entry item. The logic for iterating the list will come as a
separate step.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: refactor profile rules and attachments2022-10-03T21:49:04+00:00John Johansenjohn.johansen@canonical.com2022-07-30T00:17:31+00:00urn:sha1:217af7e2f4deb629aaa49622685ccfee923898ca
In preparation for moving from a single set of rules and a single
attachment to multiple rulesets and attachments separate from the
profile refactor attachment information and ruleset info into their
own structures.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: add mediation class information to auditing2022-10-03T21:49:03+00:00John Johansenjohn.johansen@canonical.com2022-04-19T23:25:55+00:00urn:sha1:8c4b785a86be1219f7d50f7b38266c454d6a9bbc
Audit messages currently don't contain the mediation class which can
make them less clear than they should be in some circumstances. With
newer mediation classes coming this potential confusion will become
worse.
Fix this by adding the mediatin class to the messages.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: move ptrace mediation to more logical task.{h,c}2022-07-19T11:14:22+00:00John Johansenjohn.johansen@canonical.com2021-11-23T07:28:32+00:00urn:sha1:eac931254d99c5aeb12ace02366dd338c4371164
AppArmor split out task oriented controls to their own logical file
a while ago. Ptrace mediation is better grouped with task than
ipc, so move it.
Signed-off-by: John Johansen <john.johansen@canonical.com>
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 4412019-06-05T15:37:17+00:00Thomas Gleixnertglx@linutronix.de2019-06-01T08:08:55+00:00urn:sha1:b886d83c5b621abc84ff9616f14c529be3f6b147
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation version 2 of the license
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 315 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Armijn Hemel <armijn@tjaldur.nl>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
AppArmor: Abstract use of cred security blob2019-01-08T21:18:44+00:00Casey Schauflercasey@schaufler-ca.com2018-09-22T00:17:59+00:00urn:sha1:69b5a44a95bb86f3ad8a50bf2e354057ec450082
Don't use the cred->security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>