linux/security/apparmor/include, branch v3.4.84

LSM: shrink sizeof LSM specific portion of common_audit_data

2012-04-03T16:48:40Z

Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris Signed-off-by: Linus Torvalds

AppArmor: add const qualifiers to string arrays

2012-03-15T02:09:13Z

Signed-off-by: Jan Engelhardt Signed-off-by: John Johansen

AppArmor: Add ability to load extended policy

2012-03-15T02:09:03Z

Add the base support for the new policy extensions. This does not bring any additional functionality, or change current semantics. Signed-off-by: John Johansen Acked-by: Kees Cook

AppArmor: Move path failure information into aa_get_name and rename

2012-03-14T13:15:25Z

Move the path name lookup failure messages into the main path name lookup routine, as the information is useful in more than just aa_path_perm. Also rename aa_get_name to aa_path_name as it is not getting a reference counted object with a corresponding put fn. Signed-off-by: John Johansen Acked-by: Kees Cook

AppArmor: Update dfa matching routines.

2012-03-14T13:15:24Z

Update aa_dfa_match so that it doesn't result in an input string being walked twice (once to get its length and another time to match) Add a single step functions aa_dfa_next Signed-off-by: John Johansen Acked-by: Kees Cook

AppArmor: Fix underflow in xindex calculation

2012-02-27T19:38:21Z

If the xindex value stored in the accept tables is 0, the extraction of that value will result in an underflow (0 - 4). In properly compiled policy this should not happen for file rules but it may be possible for other rule types in the future. To exploit this underflow a user would have to be able to load a corrupt policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel memory or know of a compiler error resulting in the flaw being present for loaded policy (no such flaw is known at this time). Signed-off-by: John Johansen Acked-by: Kees Cook

AppArmor: Fix dropping of allowed operations that are force audited

2012-02-27T19:38:21Z

The audit permission flag, that specifies an audit message should be provided when an operation is allowed, was being ignored in some cases. This is because the auto audit mode (which determines the audit mode from system flags) was incorrectly assigned the same value as audit mode. The shared value would result in messages that should be audited going through a second evaluation as to whether they should be audited based on the auto audit, resulting in some messages being dropped. Signed-off-by: John Johansen Acked-by: Kees Cook

AppArmor: export known rlimit names/value mappings in securityfs

2012-02-27T19:38:19Z

Since the parser needs to know which rlimits are known to the kernel, export the list via a mask file in the "rlimit" subdirectory in the securityfs "features" directory. Signed-off-by: Kees Cook Signed-off-by: John Johansen

AppArmor: add "file" details to securityfs

2012-02-27T19:38:18Z

Create the "file" directory in the securityfs for tracking features related to files. Signed-off-by: Kees Cook Signed-off-by: John Johansen

AppArmor: add initial "features" directory to securityfs

2012-02-27T19:38:17Z

This adds the "features" subdirectory to the AppArmor securityfs to display boolean features flags and the known capability mask. Signed-off-by: Kees Cook Signed-off-by: John Johansen