summaryrefslogtreecommitdiff
path: root/security/apparmor/include/file.h
AgeCommit message (Collapse)AuthorFilesLines
2017-01-16apparmor: change aad apparmor_audit_data macro to a fn macroJohn Johansen1-1/+1
The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen <john.johansen@canonical.com>
2017-01-16apparmor: change op from int to const char *John Johansen1-4/+5
Having ops be an integer that is an index into an op name table is awkward and brittle. Every op change requires an edit for both the op constant and a string in the table. Instead switch to using const strings directly, eliminating the need for the table that needs to be kept in sync. Signed-off-by: John Johansen <john.johansen@canonical.com>
2016-03-28apparmor: constify aa_path_link()Al Viro1-1/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-03-28[apparmor] constify struct path * in a bunch of helpersAl Viro1-1/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-04-28apparmor: fix sparse warningsJohn Johansen1-7/+7
Fix a couple of warning reported by sparse Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-09-21userns: Convert apparmor to use kuid and kgid where appropriateEric W. Biederman1-2/+2
Cc: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-02-27AppArmor: Fix underflow in xindex calculationJohn Johansen1-1/+1
If the xindex value stored in the accept tables is 0, the extraction of that value will result in an underflow (0 - 4). In properly compiled policy this should not happen for file rules but it may be possible for other rule types in the future. To exploit this underflow a user would have to be able to load a corrupt policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel memory or know of a compiler error resulting in the flaw being present for loaded policy (no such flaw is known at this time). Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
2011-01-10headers: path.h reduxAlexey Dobriyan1-2/+1
Remove path.h from sched.h and other files. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-08-02AppArmor: file enforcement routinesJohn Johansen1-0/+217
AppArmor does files enforcement via pathname matching. Matching is done at file open using a dfa match engine. Permission is against the final file object not parent directories, ie. the traversal of directories as part of the file match is implicitly allowed. In the case of nonexistant files (creation) permissions are checked against the target file not the directory. eg. In case of creating the file /dir/new, permissions are checked against the match /dir/new not against /dir/. The permissions for matches are currently stored in the dfa accept table, but this will change to allow for dfa reuse and also to allow for sharing of wider accept states. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
generated by cgit v1.2.3 (git 2.39.0) at 2026-05-13 08:51:22 +0300