mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-31 14:25:52 +00:00
More leading whitespace cleanup. Change AppArmor patches over to -p ab style (paths start with a/ or b/ instead of dir.old/ and dir/).
This commit is contained in:
Andreas Gruenbacher
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/apparmor.h
|
||||
Index: b/security/apparmor/apparmor.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/apparmor.h
|
||||
+++ linux-2.6/security/apparmor/apparmor.h
|
||||
--- a/security/apparmor/apparmor.h
|
||||
+++ b/security/apparmor/apparmor.h
|
||||
@@ -45,14 +45,14 @@ extern int apparmor_logsyscall;
|
||||
* which is not related to profile accesses.
|
||||
*/
|
||||
@@ -252,10 +252,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
|
||||
+unsigned int aamatch(struct aadfa *dfa, const char *pathname);
|
||||
|
||||
#endif /* __APPARMOR_H */
|
||||
Index: linux-2.6/security/apparmor/apparmorfs.c
|
||||
Index: b/security/apparmor/apparmorfs.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/apparmorfs.c
|
||||
+++ linux-2.6/security/apparmor/apparmorfs.c
|
||||
--- a/security/apparmor/apparmorfs.c
|
||||
+++ b/security/apparmor/apparmorfs.c
|
||||
@@ -19,56 +19,56 @@
|
||||
#include "inline.h"
|
||||
|
||||
@@ -546,10 +546,10 @@ Index: linux-2.6/security/apparmor/apparmorfs.c
|
||||
+ if (AAFS_DENTRY)
|
||||
clear_apparmorfs();
|
||||
}
|
||||
Index: linux-2.6/security/apparmor/inline.h
|
||||
Index: b/security/apparmor/inline.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/inline.h
|
||||
+++ linux-2.6/security/apparmor/inline.h
|
||||
--- a/security/apparmor/inline.h
|
||||
+++ b/security/apparmor/inline.h
|
||||
@@ -12,42 +12,42 @@
|
||||
|
||||
#include <linux/sched.h>
|
||||
@@ -815,10 +815,10 @@ Index: linux-2.6/security/apparmor/inline.h
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
Index: linux-2.6/security/apparmor/list.c
|
||||
Index: b/security/apparmor/list.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/list.c
|
||||
+++ linux-2.6/security/apparmor/list.c
|
||||
--- a/security/apparmor/list.c
|
||||
+++ b/security/apparmor/list.c
|
||||
@@ -22,45 +22,45 @@ static LIST_HEAD(subdomain_list);
|
||||
static rwlock_t subdomain_lock = RW_LOCK_UNLOCKED;
|
||||
|
||||
@@ -1045,10 +1045,10 @@ Index: linux-2.6/security/apparmor/list.c
|
||||
seq_printf(f, "%s (%s)\n", profile->name,
|
||||
PROFILE_COMPLAIN(profile) ? "complain" : "enforce");
|
||||
return 0;
|
||||
Index: linux-2.6/security/apparmor/main.c
|
||||
Index: b/security/apparmor/main.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/main.c
|
||||
+++ linux-2.6/security/apparmor/main.c
|
||||
--- a/security/apparmor/main.c
|
||||
+++ b/security/apparmor/main.c
|
||||
@@ -28,20 +28,20 @@
|
||||
* can be associated to files which keep their reference even if apparmor is
|
||||
* unloaded
|
||||
@@ -1216,14 +1216,15 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
if (l_mode == t_mode)
|
||||
ret = 0;
|
||||
@@ -194,25 +194,25 @@ static int aa_link_perm(struct aa_profil
|
||||
@@ -194,26 +194,26 @@ static int aa_link_perm(struct aa_profil
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static int _aa_perm_vfsmount(struct aa_profile *active, struct dentry *dentry,
|
||||
- struct vfsmount *mnt, struct aa_audit *sa, int mask)
|
||||
- struct vfsmount *mnt, struct aa_audit *sa,
|
||||
+static int _aaperm_vfsmount(struct aaprofile *active, struct dentry *dentry,
|
||||
+ struct vfsmount *mnt, struct aaaudit *sa, int mask)
|
||||
+ struct vfsmount *mnt, struct aaaudit *sa,
|
||||
int mask)
|
||||
{
|
||||
int permerror, error;
|
||||
|
||||
@@ -1249,7 +1250,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
return error;
|
||||
}
|
||||
@@ -227,12 +227,12 @@ static int _aa_perm_vfsmount(struct aa_p
|
||||
@@ -228,12 +228,12 @@ static int _aa_perm_vfsmount(struct aa_p
|
||||
*
|
||||
* Return %0 (success) or error (-%ENOMEM)
|
||||
*/
|
||||
@@ -1265,7 +1266,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
if (!hat)
|
||||
goto fail;
|
||||
if (profile->flags.complain)
|
||||
@@ -252,7 +252,7 @@ int attach_nullprofile(struct aa_profile
|
||||
@@ -253,7 +253,7 @@ int attach_nullprofile(struct aa_profile
|
||||
|
||||
fail:
|
||||
kfree(hatname);
|
||||
@@ -1274,7 +1275,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
return -ENOMEM;
|
||||
}
|
||||
@@ -265,7 +265,7 @@ fail:
|
||||
@@ -266,7 +266,7 @@ fail:
|
||||
*/
|
||||
int alloc_null_complain_profile(void)
|
||||
{
|
||||
@@ -1283,7 +1284,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
if (!null_complain_profile)
|
||||
goto fail;
|
||||
|
||||
@@ -282,8 +282,8 @@ int alloc_null_complain_profile(void)
|
||||
@@ -283,8 +283,8 @@ int alloc_null_complain_profile(void)
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
@@ -1294,7 +1295,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
null_complain_profile = NULL;
|
||||
|
||||
return -ENOMEM;
|
||||
@@ -294,24 +294,24 @@ fail:
|
||||
@@ -295,24 +295,24 @@ fail:
|
||||
*/
|
||||
void free_null_complain_profile(void)
|
||||
{
|
||||
@@ -1324,7 +1325,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
sa.name = fmt;
|
||||
va_start(sa.vaval, fmt);
|
||||
sa.flags = flags;
|
||||
@@ -319,7 +319,7 @@ int aa_audit_message(struct aa_profile *
|
||||
@@ -320,7 +320,7 @@ int aa_audit_message(struct aa_profile *
|
||||
sa.error_code = 0;
|
||||
sa.result = 0; /* fake failure: force message to be logged */
|
||||
|
||||
@@ -1333,7 +1334,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
va_end(sa.vaval);
|
||||
|
||||
@@ -327,32 +327,32 @@ int aa_audit_message(struct aa_profile *
|
||||
@@ -328,32 +328,32 @@ int aa_audit_message(struct aa_profile *
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1373,7 +1374,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
{
|
||||
struct audit_buffer *ab = NULL;
|
||||
struct audit_context *ctx;
|
||||
@@ -366,7 +366,7 @@ int aa_audit(struct aa_profile *active,
|
||||
@@ -367,7 +367,7 @@ int aa_audit(struct aa_profile *active,
|
||||
|
||||
const gfp_t gfp_mask = sa->gfp_mask;
|
||||
|
||||
@@ -1382,7 +1383,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
/*
|
||||
* sa->result: 1 success, 0 failure
|
||||
@@ -388,13 +388,13 @@ int aa_audit(struct aa_profile *active,
|
||||
@@ -389,13 +389,13 @@ int aa_audit(struct aa_profile *active,
|
||||
audit_log(current->audit_context, gfp_mask, AUDIT_SD,
|
||||
"Internal error auditing event type %d (error %d)",
|
||||
sa->type, sa->error_code);
|
||||
@@ -1400,7 +1401,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
*/
|
||||
logcls = "REJECTING";
|
||||
} else {
|
||||
@@ -407,23 +407,23 @@ int aa_audit(struct aa_profile *active,
|
||||
@@ -408,23 +408,23 @@ int aa_audit(struct aa_profile *active,
|
||||
*/
|
||||
flags = sa->flags;
|
||||
if (apparmor_logsyscall)
|
||||
@@ -1428,7 +1429,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
sa->type);
|
||||
if (complain)
|
||||
error = 0;
|
||||
@@ -431,7 +431,7 @@ int aa_audit(struct aa_profile *active,
|
||||
@@ -432,7 +432,7 @@ int aa_audit(struct aa_profile *active,
|
||||
}
|
||||
|
||||
/* messages get special handling */
|
||||
@@ -1437,7 +1438,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
audit_log_vformat(ab, sa->name, sa->vaval);
|
||||
audit_log_end(ab);
|
||||
error = 0;
|
||||
@@ -442,23 +442,23 @@ int aa_audit(struct aa_profile *active,
|
||||
@@ -443,23 +443,23 @@ int aa_audit(struct aa_profile *active,
|
||||
|
||||
audit_log_format(ab, "%s ", logcls); /* REJECTING/ALLOWING/etc */
|
||||
|
||||
@@ -1469,7 +1470,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct iattr *iattr = (struct iattr*)sa->pval;
|
||||
|
||||
audit_log_format(ab,
|
||||
@@ -474,25 +474,25 @@ int aa_audit(struct aa_profile *active,
|
||||
@@ -475,25 +475,25 @@ int aa_audit(struct aa_profile *active,
|
||||
iattr->ia_valid & ATTR_CTIME ? "ctime," : "",
|
||||
sa->name);
|
||||
|
||||
@@ -1499,7 +1500,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
audit_log_format(ab, "access to syscall '%s' ", sa->name);
|
||||
|
||||
opspec_error = -EPERM;
|
||||
@@ -517,14 +517,14 @@ out:
|
||||
@@ -518,14 +518,14 @@ out:
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1517,7 +1518,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
{
|
||||
char *page, *name;
|
||||
|
||||
@@ -550,7 +550,7 @@ char *aa_get_name(struct dentry *dentry,
|
||||
@@ -551,7 +551,7 @@ char *aa_get_name(struct dentry *dentry,
|
||||
size > deleted_size &&
|
||||
strcmp(name + size - deleted_size, deleted_str) == 0)
|
||||
name[size - deleted_size] = '\0';
|
||||
@@ -1526,7 +1527,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
}
|
||||
|
||||
out:
|
||||
@@ -562,29 +562,29 @@ out:
|
||||
@@ -563,29 +563,29 @@ out:
|
||||
***********************************/
|
||||
|
||||
/**
|
||||
@@ -1562,7 +1563,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
* @active: profile to check against
|
||||
* @dentry: file to check
|
||||
* @mnt: mount of file to check
|
||||
@@ -592,26 +592,26 @@ int aa_attr(struct aa_profile *active, s
|
||||
@@ -593,26 +593,26 @@ int aa_attr(struct aa_profile *active, s
|
||||
* @xattr_name: name of xattr to check
|
||||
* @mask: access mode requested
|
||||
*/
|
||||
@@ -1594,7 +1595,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
* @active: profile to check against
|
||||
* @dentry: dentry
|
||||
* @mnt: mountpoint
|
||||
@@ -620,27 +620,27 @@ int aa_perm_xattr(struct aa_profile *act
|
||||
@@ -621,27 +621,27 @@ int aa_perm_xattr(struct aa_profile *act
|
||||
* Determine if access (mask) for dentry is authorized by active
|
||||
* profile. Result, %0 (success), -ve (error)
|
||||
*/
|
||||
@@ -1628,7 +1629,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
* @active: profile to check against
|
||||
* @dentry: requested dentry
|
||||
* @mnt: mount of file to check
|
||||
@@ -651,33 +651,33 @@ out:
|
||||
@@ -652,33 +652,33 @@ out:
|
||||
* by @active profile.
|
||||
* Result, %0 (success), -ve (error)
|
||||
*/
|
||||
@@ -1670,7 +1671,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
sa.name = NULL;
|
||||
sa.capability = cap;
|
||||
sa.flags = 0;
|
||||
@@ -685,27 +685,27 @@ int aa_capability(struct aa_profile *act
|
||||
@@ -686,27 +686,27 @@ int aa_capability(struct aa_profile *act
|
||||
sa.result = cap_raised(active->capabilities, cap);
|
||||
sa.gfp_mask = GFP_ATOMIC;
|
||||
|
||||
@@ -1693,43 +1694,42 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct dentry *link, struct vfsmount *link_mnt,
|
||||
struct dentry *target, struct vfsmount *target_mnt)
|
||||
{
|
||||
int permerror = -EPERM, error;
|
||||
int permerror = -EPERM, error;
|
||||
- struct aa_audit sa;
|
||||
+ struct aaaudit sa;
|
||||
|
||||
- sa.name = aa_get_name(link, link_mnt);
|
||||
- sa.pval = aa_get_name(target, target_mnt);
|
||||
+ sa.name = aaget_name(link, link_mnt);
|
||||
+ sa.pval = aaget_name(target, target_mnt);
|
||||
- sa.name = aa_get_name(link, link_mnt);
|
||||
- sa.pval = aa_get_name(target, target_mnt);
|
||||
+ sa.name = aaget_name(link, link_mnt);
|
||||
+ sa.pval = aaget_name(target, target_mnt);
|
||||
|
||||
if (IS_ERR(sa.name)) {
|
||||
permerror = PTR_ERR(sa.name);
|
||||
@@ -717,18 +717,18 @@ int aa_link(struct aa_profile *active,
|
||||
if (IS_ERR(sa.name)) {
|
||||
permerror = PTR_ERR(sa.name);
|
||||
@@ -718,18 +718,18 @@ int aa_link(struct aa_profile *active,
|
||||
}
|
||||
|
||||
if (sa.name && sa.pval)
|
||||
- permerror = aa_link_perm(active, sa.name, sa.pval);
|
||||
+ permerror = aalink_perm(active, sa.name, sa.pval);
|
||||
|
||||
- aa_permerror2result(permerror, &sa);
|
||||
+ aapermerror2result(permerror, &sa);
|
||||
- aa_permerror2result(permerror, &sa);
|
||||
+ aapermerror2result(permerror, &sa);
|
||||
|
||||
- sa.type = AA_AUDITTYPE_LINK;
|
||||
+ sa.type = AAAUDITTYPE_LINK;
|
||||
sa.type = AA_AUDITTYPE_LINK;
|
||||
sa.flags = 0;
|
||||
sa.gfp_mask = GFP_KERNEL;
|
||||
|
||||
- error = aa_audit(active, &sa);
|
||||
+ error = aaaudit(active, &sa);
|
||||
|
||||
- aa_put_name(sa.name);
|
||||
- aa_put_name(sa.pval);
|
||||
+ aaput_name(sa.name);
|
||||
+ aaput_name(sa.pval);
|
||||
- aa_put_name(sa.name);
|
||||
- aa_put_name(sa.pval);
|
||||
+ aaput_name(sa.name);
|
||||
+ aaput_name(sa.pval);
|
||||
|
||||
return error;
|
||||
return error;
|
||||
}
|
||||
@@ -738,27 +738,27 @@ int aa_link(struct aa_profile *active,
|
||||
@@ -739,27 +739,27 @@ int aa_link(struct aa_profile *active,
|
||||
*******************************/
|
||||
|
||||
/**
|
||||
@@ -1763,7 +1763,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
unsigned long flags;
|
||||
|
||||
newsd = alloc_subdomain(p);
|
||||
@@ -771,7 +771,7 @@ int aa_fork(struct task_struct *p)
|
||||
@@ -772,7 +772,7 @@ int aa_fork(struct task_struct *p)
|
||||
* new reference to be consistent.
|
||||
*/
|
||||
spin_lock_irqsave(&sd_lock, flags);
|
||||
@@ -1772,7 +1772,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
newsd->hat_magic = sd->hat_magic;
|
||||
spin_unlock_irqrestore(&sd_lock, flags);
|
||||
|
||||
@@ -786,18 +786,18 @@ int aa_fork(struct task_struct *p)
|
||||
@@ -787,18 +787,18 @@ int aa_fork(struct task_struct *p)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1795,7 +1795,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
int error = -ENOMEM,
|
||||
exec_mode = 0,
|
||||
find_profile = 0,
|
||||
@@ -805,17 +805,17 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -806,17 +806,17 @@ int aa_register(struct linux_binprm *bpr
|
||||
complain = 0,
|
||||
unsafe_exec = 0;
|
||||
|
||||
@@ -1817,7 +1817,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
if (!active) {
|
||||
/* Unconfined task, load profile if it exists */
|
||||
@@ -828,22 +828,22 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -829,22 +829,22 @@ int aa_register(struct linux_binprm *bpr
|
||||
/* Confined task, determine what mode inherit, unconstrained or
|
||||
* mandatory to load new profile
|
||||
*/
|
||||
@@ -1848,7 +1848,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
__FUNCTION__,
|
||||
filename);
|
||||
|
||||
@@ -851,8 +851,8 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -852,8 +852,8 @@ int aa_register(struct linux_binprm *bpr
|
||||
newprofile = &unconstrained_flag;
|
||||
break;
|
||||
|
||||
@@ -1859,7 +1859,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
__FUNCTION__,
|
||||
filename);
|
||||
|
||||
@@ -860,13 +860,13 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -861,13 +861,13 @@ int aa_register(struct linux_binprm *bpr
|
||||
find_profile_mandatory = 1;
|
||||
break;
|
||||
|
||||
@@ -1876,7 +1876,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
"(%s(%d) profile %s active %s\n",
|
||||
__FUNCTION__,
|
||||
filename,
|
||||
@@ -876,7 +876,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -877,7 +877,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
break;
|
||||
|
||||
default:
|
||||
@@ -1885,7 +1885,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
"Unknown exec qualifier %x "
|
||||
"(%s (pid %d) profile %s active %s)\n",
|
||||
__FUNCTION__,
|
||||
@@ -893,10 +893,10 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -894,10 +894,10 @@ int aa_register(struct linux_binprm *bpr
|
||||
* describing mode to execute image in.
|
||||
* Drop into null-profile (disabling secure exec).
|
||||
*/
|
||||
@@ -1898,7 +1898,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
"Unable to determine exec qualifier "
|
||||
"(%s (pid %d) profile %s active %s)\n",
|
||||
__FUNCTION__,
|
||||
@@ -912,9 +912,9 @@ find_profile:
|
||||
@@ -913,9 +913,9 @@ find_profile:
|
||||
goto apply_profile;
|
||||
|
||||
/* Locate new profile */
|
||||
@@ -1910,7 +1910,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
__FUNCTION__, newprofile->name);
|
||||
} else if (find_profile_mandatory) {
|
||||
/* Profile (mandatory) could not be found */
|
||||
@@ -926,9 +926,9 @@ find_profile:
|
||||
@@ -927,9 +927,9 @@ find_profile:
|
||||
current->pid,
|
||||
BASE_PROFILE(active)->name, active->name);
|
||||
|
||||
@@ -1922,7 +1922,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
"Profile mandatory and not found "
|
||||
"(%s(%d) profile %s active %s)\n",
|
||||
filename,
|
||||
@@ -945,7 +945,7 @@ find_profile:
|
||||
@@ -946,7 +946,7 @@ find_profile:
|
||||
|
||||
WARN_ON(active);
|
||||
|
||||
@@ -1931,7 +1931,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
__FUNCTION__,
|
||||
filename);
|
||||
} /* newprofile */
|
||||
@@ -978,15 +978,15 @@ apply_profile:
|
||||
@@ -979,15 +979,15 @@ apply_profile:
|
||||
* the transition occured before replacement.
|
||||
*
|
||||
* - If newprofile points to an actual profile (result of
|
||||
@@ -1950,7 +1950,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
__FUNCTION__);
|
||||
error = -ENOMEM;
|
||||
goto cleanup;
|
||||
@@ -995,7 +995,7 @@ apply_profile:
|
||||
@@ -996,7 +996,7 @@ apply_profile:
|
||||
|
||||
spin_lock_irqsave(&sd_lock, flags);
|
||||
|
||||
@@ -1959,7 +1959,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
if (lazy_sd) {
|
||||
if (sd) {
|
||||
/* raced by setprofile - created sd */
|
||||
@@ -1016,10 +1016,10 @@ apply_profile:
|
||||
@@ -1017,10 +1017,10 @@ apply_profile:
|
||||
if (newprofile && unlikely(newprofile->isstale)) {
|
||||
WARN_ON(newprofile == null_complain_profile);
|
||||
|
||||
@@ -1973,7 +1973,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
if (!newprofile) {
|
||||
/* Race, profile was removed, not replaced.
|
||||
@@ -1039,16 +1039,16 @@ apply_profile:
|
||||
@@ -1040,16 +1040,16 @@ apply_profile:
|
||||
* Cases 2 and 3 are marked as requiring secure exec
|
||||
* (unless policy specified "unsafe exec")
|
||||
*/
|
||||
@@ -1994,7 +1994,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
if (complain && newprofile == null_complain_profile)
|
||||
LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF,
|
||||
@@ -1059,16 +1059,16 @@ apply_profile:
|
||||
@@ -1060,16 +1060,16 @@ apply_profile:
|
||||
}
|
||||
|
||||
cleanup:
|
||||
@@ -2014,7 +2014,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
* @p: task being released
|
||||
*
|
||||
* This is called after a task has exited and the parent has reaped it.
|
||||
@@ -1077,17 +1077,17 @@ out:
|
||||
@@ -1078,17 +1078,17 @@ out:
|
||||
* This is the one case where we don't need to hold the sd_lock before
|
||||
* removing a profile from a subdomain. Once the subdomain has been
|
||||
* removed from the subdomain_list, we are no longer racing other writers.
|
||||
@@ -2037,7 +2037,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
kfree(sd);
|
||||
}
|
||||
@@ -1106,15 +1106,15 @@ void aa_release(struct task_struct *p)
|
||||
@@ -1107,15 +1107,15 @@ void aa_release(struct task_struct *p)
|
||||
*/
|
||||
static inline int do_change_hat(const char *hat_name, struct subdomain *sd)
|
||||
{
|
||||
@@ -2057,7 +2057,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
} else {
|
||||
/* There is no such subprofile change to a NULL profile.
|
||||
* The NULL profile grants no file access.
|
||||
@@ -1133,7 +1133,7 @@ static inline int do_change_hat(const ch
|
||||
@@ -1134,7 +1134,7 @@ static inline int do_change_hat(const ch
|
||||
BASE_PROFILE(sd->active)->name,
|
||||
sd->active->name);
|
||||
} else {
|
||||
@@ -2066,7 +2066,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
"Changing to NULL profile "
|
||||
"(%s(%d) profile %s active %s)\n",
|
||||
__FUNCTION__,
|
||||
@@ -1143,14 +1143,14 @@ static inline int do_change_hat(const ch
|
||||
@@ -1144,14 +1144,14 @@ static inline int do_change_hat(const ch
|
||||
sd->active->name);
|
||||
error = -EACCES;
|
||||
}
|
||||
@@ -2083,7 +2083,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
* @hat_name: specifies hat to change to
|
||||
* @hat_magic: token to validate hat change
|
||||
*
|
||||
@@ -1160,25 +1160,25 @@ static inline int do_change_hat(const ch
|
||||
@@ -1161,25 +1161,25 @@ static inline int do_change_hat(const ch
|
||||
* return to original top level profile. Returns %0 on success, error
|
||||
* otherwise.
|
||||
*/
|
||||
@@ -2114,7 +2114,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
error = -EPERM;
|
||||
goto out;
|
||||
}
|
||||
@@ -1198,7 +1198,7 @@ int aa_change_hat(const char *hat_name,
|
||||
@@ -1199,7 +1199,7 @@ int aa_change_hat(const char *hat_name,
|
||||
* parent
|
||||
*/
|
||||
if (hat_name) {
|
||||
@@ -2123,7 +2123,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
__FUNCTION__,
|
||||
hat_name,
|
||||
hat_magic);
|
||||
@@ -1232,7 +1232,7 @@ int aa_change_hat(const char *hat_name,
|
||||
@@ -1233,7 +1233,7 @@ int aa_change_hat(const char *hat_name,
|
||||
* Got here via changehat(NULL, magic)
|
||||
* Return from subprofile, back to parent
|
||||
*/
|
||||
@@ -2132,7 +2132,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
/* Reset hat_magic to zero.
|
||||
* New value will be passed on next changehat
|
||||
@@ -1243,7 +1243,7 @@ int aa_change_hat(const char *hat_name,
|
||||
@@ -1244,7 +1244,7 @@ int aa_change_hat(const char *hat_name,
|
||||
error = do_change_hat(hat_name, sd);
|
||||
}
|
||||
} else if (sd->hat_magic) {
|
||||
@@ -2141,7 +2141,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
"Invalid change_hat() magic# 0x%x "
|
||||
"(hatname %s profile %s active %s)\n",
|
||||
current->comm, current->pid,
|
||||
@@ -1255,7 +1255,7 @@ int aa_change_hat(const char *hat_name,
|
||||
@@ -1256,7 +1256,7 @@ int aa_change_hat(const char *hat_name,
|
||||
/* terminate current process */
|
||||
(void)send_sig_info(SIGKILL, NULL, current);
|
||||
} else { /* sd->hat_magic == NULL */
|
||||
@@ -2150,10 +2150,10 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
"Task was confined to current subprofile "
|
||||
"(profile %s active %s)\n",
|
||||
current->comm, current->pid,
|
||||
Index: linux-2.6/security/apparmor/match.c
|
||||
Index: b/security/apparmor/match.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/match.c
|
||||
+++ linux-2.6/security/apparmor/match.c
|
||||
--- a/security/apparmor/match.c
|
||||
+++ b/security/apparmor/match.c
|
||||
@@ -16,7 +16,7 @@
|
||||
#include <linux/module.h>
|
||||
#include "match.h"
|
||||
@@ -2254,10 +2254,10 @@ Index: linux-2.6/security/apparmor/match.c
|
||||
|
||||
return 0;
|
||||
}
|
||||
Index: linux-2.6/security/apparmor/match.h
|
||||
Index: b/security/apparmor/match.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/match.h
|
||||
+++ linux-2.6/security/apparmor/match.h
|
||||
--- a/security/apparmor/match.h
|
||||
+++ b/security/apparmor/match.h
|
||||
@@ -49,7 +49,7 @@ struct table_header {
|
||||
#define EQUIV_TABLE(DFA) ((u8 *)((DFA)->tables[YYTD_ID_EC - 1]->td_data))
|
||||
#define ACCEPT_TABLE(DFA) ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT - 1]->td_data))
|
||||
@@ -2267,10 +2267,10 @@ Index: linux-2.6/security/apparmor/match.h
|
||||
struct table_header *tables[YYTD_ID_NXT];
|
||||
|
||||
struct table_set_header th;
|
||||
Index: linux-2.6/security/apparmor/module_interface.c
|
||||
Index: b/security/apparmor/module_interface.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/module_interface.c
|
||||
+++ linux-2.6/security/apparmor/module_interface.c
|
||||
--- a/security/apparmor/module_interface.c
|
||||
+++ b/security/apparmor/module_interface.c
|
||||
@@ -15,26 +15,26 @@
|
||||
#include "inline.h"
|
||||
#include "module_interface.h"
|
||||
@@ -3066,10 +3066,10 @@ Index: linux-2.6/security/apparmor/module_interface.c
|
||||
kfree(profile->name);
|
||||
}
|
||||
|
||||
Index: linux-2.6/security/apparmor/module_interface.h
|
||||
Index: b/security/apparmor/module_interface.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/module_interface.h
|
||||
+++ linux-2.6/security/apparmor/module_interface.h
|
||||
--- a/security/apparmor/module_interface.h
|
||||
+++ b/security/apparmor/module_interface.h
|
||||
@@ -2,33 +2,33 @@
|
||||
#define __MODULEINTERFACE_H
|
||||
|
||||
@@ -3122,10 +3122,10 @@ Index: linux-2.6/security/apparmor/module_interface.h
|
||||
void *start;
|
||||
void *end;
|
||||
void *pos; /* pointer to current position in the buffer */
|
||||
Index: linux-2.6/security/apparmor/procattr.c
|
||||
Index: b/security/apparmor/procattr.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/procattr.c
|
||||
+++ linux-2.6/security/apparmor/procattr.c
|
||||
--- a/security/apparmor/procattr.c
|
||||
+++ b/security/apparmor/procattr.c
|
||||
@@ -15,7 +15,7 @@
|
||||
#include "apparmor.h"
|
||||
#include "inline.h"
|
||||
@@ -3331,10 +3331,10 @@ Index: linux-2.6/security/apparmor/procattr.c
|
||||
*/
|
||||
sd->hat_magic = 0;
|
||||
}
|
||||
Index: linux-2.6/security/apparmor/shared.h
|
||||
Index: b/security/apparmor/shared.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/shared.h
|
||||
+++ linux-2.6/security/apparmor/shared.h
|
||||
--- a/security/apparmor/shared.h
|
||||
+++ b/security/apparmor/shared.h
|
||||
@@ -13,39 +13,39 @@
|
||||
#define _SHARED_H
|
||||
|
||||
@@ -3403,10 +3403,10 @@ Index: linux-2.6/security/apparmor/shared.h
|
||||
+#define AAVALID_PERM_MASK ((1 << (POS_AAFILE_MAX + 1)) - 1)
|
||||
|
||||
#endif /* _SHARED_H */
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -66,15 +66,15 @@ MODULE_PARM_DESC(apparmor_logsyscall, "T
|
||||
static int apparmor_ptrace(struct task_struct *parent,
|
||||
struct task_struct *child)
|
||||
|
||||
@@ -4,10 +4,10 @@ only mess up the code. Pass the name of the operation in aa_audit instead.
|
||||
Use a union for the remaining users of ival in aa_audit: this is more
|
||||
readable.
|
||||
|
||||
Index: linux-2.6/security/apparmor/apparmor.h
|
||||
Index: b/security/apparmor/apparmor.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/apparmor.h
|
||||
+++ linux-2.6/security/apparmor/apparmor.h
|
||||
--- a/security/apparmor/apparmor.h
|
||||
+++ b/security/apparmor/apparmor.h
|
||||
@@ -145,8 +145,12 @@ struct aa_audit {
|
||||
gfp_t gfp_mask;
|
||||
int error_code;
|
||||
@@ -62,10 +62,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
|
||||
extern int aa_link(struct aaprofile *active,
|
||||
struct dentry *link, struct vfsmount *link_mnt,
|
||||
struct dentry *target, struct vfsmount *target_mnt);
|
||||
Index: linux-2.6/security/apparmor/main.c
|
||||
Index: b/security/apparmor/main.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/main.c
|
||||
+++ linux-2.6/security/apparmor/main.c
|
||||
--- a/security/apparmor/main.c
|
||||
+++ b/security/apparmor/main.c
|
||||
@@ -443,7 +443,7 @@ int aa_audit(struct aaprofile *active, c
|
||||
audit_log_format(ab, "%s ", logcls); /* REJECTING/ALLOWING/etc */
|
||||
|
||||
@@ -221,10 +221,10 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
sa.flags = 0;
|
||||
sa.error_code = 0;
|
||||
sa.result = cap_raised(active->capabilities, cap);
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -244,7 +244,7 @@ static int apparmor_inode_mkdir(struct i
|
||||
active = get_active_aaprofile();
|
||||
|
||||
|
||||
@@ -12,10 +12,10 @@ Patch is not in mainline -- pending AppArmor code submission to lkml
|
||||
kernel/audit.c | 6 ++++--
|
||||
2 files changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: linux-2.6/include/linux/audit.h
|
||||
Index: b/include/linux/audit.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/include/linux/audit.h
|
||||
+++ linux-2.6/include/linux/audit.h
|
||||
--- a/include/linux/audit.h
|
||||
+++ b/include/linux/audit.h
|
||||
@@ -110,6 +110,8 @@
|
||||
#define AUDIT_LAST_KERN_ANOM_MSG 1799
|
||||
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
|
||||
@@ -35,10 +35,10 @@ Index: linux-2.6/include/linux/audit.h
|
||||
extern void audit_log_format(struct audit_buffer *ab,
|
||||
const char *fmt, ...)
|
||||
__attribute__((format(printf,2,3)));
|
||||
Index: linux-2.6/kernel/audit.c
|
||||
Index: b/kernel/audit.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/kernel/audit.c
|
||||
+++ linux-2.6/kernel/audit.c
|
||||
--- a/kernel/audit.c
|
||||
+++ b/kernel/audit.c
|
||||
@@ -956,8 +956,7 @@ static inline int audit_expand(struct au
|
||||
* will be called a second time. Currently, we assume that a printk
|
||||
* can't format message larger than 1024 bytes, so we don't either.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -24,6 +24,15 @@
|
||||
/* struct subdomain write update lock (read side is RCU). */
|
||||
spinlock_t sd_lock = SPIN_LOCK_UNLOCKED;
|
||||
@@ -10,8 +10,8 @@ Index: linux-2.6/security/apparmor/lsm.c
|
||||
+int apparmor_enabled=1;
|
||||
+static int __init apparmor_enabled_setup(char *str)
|
||||
+{
|
||||
+ apparmor_enabled = simple_strtol(str, NULL, 0);
|
||||
+ return 1;
|
||||
+ apparmor_enabled = simple_strtol(str, NULL, 0);
|
||||
+ return 1;
|
||||
+}
|
||||
+__setup("apparmor=", apparmor_enabled_setup);
|
||||
+
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/Kconfig
|
||||
Index: b/security/apparmor/Kconfig
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/Kconfig
|
||||
+++ linux-2.6/security/apparmor/Kconfig
|
||||
--- a/security/apparmor/Kconfig
|
||||
+++ b/security/apparmor/Kconfig
|
||||
@@ -1,8 +1,9 @@
|
||||
config SECURITY_APPARMOR
|
||||
- tristate "AppArmor support"
|
||||
@@ -15,10 +15,10 @@ Index: linux-2.6/security/apparmor/Kconfig
|
||||
Required userspace tools (if they are not included in your
|
||||
distribution) and further information may be found at
|
||||
<http://forge.novell.com/modules/xfmod/project/?apparmor>
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -54,36 +54,6 @@ int apparmor_logsyscall = 0;
|
||||
module_param_named(logsyscall, apparmor_logsyscall, int, S_IRUSR);
|
||||
MODULE_PARM_DESC(apparmor_logsyscall, "Toggle AppArmor logsyscall mode");
|
||||
@@ -124,16 +124,16 @@ Index: linux-2.6/security/apparmor/lsm.c
|
||||
-MODULE_DESCRIPTION("AppArmor process confinement");
|
||||
-MODULE_AUTHOR("Tony Jones <tonyj@suse.de>");
|
||||
-MODULE_LICENSE("GPL");
|
||||
Index: linux-2.6/security/Makefile
|
||||
Index: b/security/Makefile
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/Makefile
|
||||
+++ linux-2.6/security/Makefile
|
||||
--- a/security/Makefile
|
||||
+++ b/security/Makefile
|
||||
@@ -16,7 +16,7 @@ obj-$(CONFIG_SECURITY) += security.o d
|
||||
# Must precede capability.o in order to stack properly.
|
||||
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
|
||||
ifeq ($(CONFIG_SECURITY_APPARMOR),y)
|
||||
-obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o
|
||||
+obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o commoncap.o
|
||||
-obj-y += apparmor/built-in.o
|
||||
+obj-y += apparmor/built-in.o commoncap.o
|
||||
endif
|
||||
obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o
|
||||
obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/apparmor.h
|
||||
Index: b/security/apparmor/apparmor.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/apparmor.h
|
||||
+++ linux-2.6/security/apparmor/apparmor.h
|
||||
--- a/security/apparmor/apparmor.h
|
||||
+++ b/security/apparmor/apparmor.h
|
||||
@@ -68,7 +68,7 @@ struct flagval {
|
||||
#define AA_EXEC_MODIFIER_MASK(mask) ((mask) & AA_EXEC_MODIFIERS)
|
||||
#define AA_EXEC_MASK(mask) ((mask) & (AA_EXEC_MODIFIERS | AA_EXEC_UNSAFE))
|
||||
@@ -135,10 +135,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
|
||||
+unsigned int aa_match(struct aa_dfa *dfa, const char *pathname);
|
||||
|
||||
#endif /* __APPARMOR_H */
|
||||
Index: linux-2.6/security/apparmor/apparmorfs.c
|
||||
Index: b/security/apparmor/apparmorfs.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/apparmorfs.c
|
||||
+++ linux-2.6/security/apparmor/apparmorfs.c
|
||||
--- a/security/apparmor/apparmorfs.c
|
||||
+++ b/security/apparmor/apparmorfs.c
|
||||
@@ -19,7 +19,7 @@
|
||||
#include "inline.h"
|
||||
|
||||
@@ -198,10 +198,10 @@ Index: linux-2.6/security/apparmor/apparmorfs.c
|
||||
+ if (AA_FS_DENTRY)
|
||||
clear_apparmorfs();
|
||||
}
|
||||
Index: linux-2.6/security/apparmor/inline.h
|
||||
Index: b/security/apparmor/inline.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/inline.h
|
||||
+++ linux-2.6/security/apparmor/inline.h
|
||||
--- a/security/apparmor/inline.h
|
||||
+++ b/security/apparmor/inline.h
|
||||
@@ -44,10 +44,10 @@ static inline int aa_sub_defined(void)
|
||||
}
|
||||
|
||||
@@ -350,10 +350,10 @@ Index: linux-2.6/security/apparmor/inline.h
|
||||
return p;
|
||||
} else {
|
||||
AA_DEBUG("%s: skipping %s\n", __FUNCTION__, p->name);
|
||||
Index: linux-2.6/security/apparmor/list.c
|
||||
Index: b/security/apparmor/list.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/list.c
|
||||
+++ linux-2.6/security/apparmor/list.c
|
||||
--- a/security/apparmor/list.c
|
||||
+++ b/security/apparmor/list.c
|
||||
@@ -28,9 +28,9 @@ static rwlock_t subdomain_lock = RW_LOCK
|
||||
* Search the profile list for profile @name. Return refcounted profile on
|
||||
* success, NULL on failure.
|
||||
@@ -474,10 +474,10 @@ Index: linux-2.6/security/apparmor/list.c
|
||||
seq_printf(f, "%s (%s)\n", profile->name,
|
||||
PROFILE_COMPLAIN(profile) ? "complain" : "enforce");
|
||||
return 0;
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -66,7 +66,7 @@ MODULE_PARM_DESC(apparmor_logsyscall, "T
|
||||
static int apparmor_ptrace(struct task_struct *parent,
|
||||
struct task_struct *child)
|
||||
@@ -877,10 +877,10 @@ Index: linux-2.6/security/apparmor/lsm.c
|
||||
} else {
|
||||
/* unknown operation */
|
||||
AA_WARN("%s: Unknown setprocattr command '%.*s' by task %s(%d) "
|
||||
Index: linux-2.6/security/apparmor/main.c
|
||||
Index: b/security/apparmor/main.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/main.c
|
||||
+++ linux-2.6/security/apparmor/main.c
|
||||
--- a/security/apparmor/main.c
|
||||
+++ b/security/apparmor/main.c
|
||||
@@ -28,7 +28,7 @@
|
||||
* can be associated to files which keep their reference even if apparmor is
|
||||
* unloaded
|
||||
@@ -935,16 +935,19 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
const char *link, const char *target)
|
||||
{
|
||||
int l_mode, t_mode, ret = -EPERM;
|
||||
@@ -194,7 +194,7 @@ static int aa_link_perm(struct aaprofile
|
||||
@@ -194,8 +194,9 @@ static int aa_link_perm(struct aaprofile
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static int _aa_perm_vfsmount(struct aaprofile *active, struct dentry *dentry,
|
||||
- struct vfsmount *mnt, struct aa_audit *sa, int mask)
|
||||
+static int _aa_perm_vfsmount(struct aa_profile *active, struct dentry *dentry,
|
||||
struct vfsmount *mnt, struct aa_audit *sa, int mask)
|
||||
+ struct vfsmount *mnt, struct aa_audit *sa,
|
||||
+ int mask)
|
||||
{
|
||||
int permerror, error;
|
||||
@@ -227,12 +227,12 @@ static int _aa_perm_vfsmount(struct aapr
|
||||
|
||||
@@ -227,12 +228,12 @@ static int _aa_perm_vfsmount(struct aapr
|
||||
*
|
||||
* Return %0 (success) or error (-%ENOMEM)
|
||||
*/
|
||||
@@ -960,7 +963,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
if (!hat)
|
||||
goto fail;
|
||||
if (profile->flags.complain)
|
||||
@@ -252,7 +252,7 @@ int attach_nullprofile(struct aaprofile
|
||||
@@ -252,7 +253,7 @@ int attach_nullprofile(struct aaprofile
|
||||
|
||||
fail:
|
||||
kfree(hatname);
|
||||
@@ -969,7 +972,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
return -ENOMEM;
|
||||
}
|
||||
@@ -265,7 +265,7 @@ fail:
|
||||
@@ -265,7 +266,7 @@ fail:
|
||||
*/
|
||||
int alloc_null_complain_profile(void)
|
||||
{
|
||||
@@ -978,7 +981,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
if (!null_complain_profile)
|
||||
goto fail;
|
||||
|
||||
@@ -282,8 +282,8 @@ int alloc_null_complain_profile(void)
|
||||
@@ -282,8 +283,8 @@ int alloc_null_complain_profile(void)
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
@@ -989,7 +992,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
null_complain_profile = NULL;
|
||||
|
||||
return -ENOMEM;
|
||||
@@ -294,7 +294,7 @@ fail:
|
||||
@@ -294,7 +295,7 @@ fail:
|
||||
*/
|
||||
void free_null_complain_profile(void)
|
||||
{
|
||||
@@ -998,7 +1001,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
null_complain_profile = NULL;
|
||||
}
|
||||
|
||||
@@ -305,7 +305,7 @@ void free_null_complain_profile(void)
|
||||
@@ -305,7 +306,7 @@ void free_null_complain_profile(void)
|
||||
* @flags: audit flags
|
||||
* @fmt: varargs fmt
|
||||
*/
|
||||
@@ -1007,7 +1010,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
const char *fmt, ...)
|
||||
{
|
||||
int ret;
|
||||
@@ -332,7 +332,7 @@ int aa_audit_message(struct aaprofile *a
|
||||
@@ -332,7 +333,7 @@ int aa_audit_message(struct aaprofile *a
|
||||
* @msg: string describing syscall being rejected
|
||||
* @gfp: memory allocation flags
|
||||
*/
|
||||
@@ -1016,7 +1019,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
const char *msg)
|
||||
{
|
||||
struct aa_audit sa;
|
||||
@@ -352,7 +352,7 @@ int aa_audit_syscallreject(struct aaprof
|
||||
@@ -352,7 +353,7 @@ int aa_audit_syscallreject(struct aaprof
|
||||
* @active: profile to check against
|
||||
* @sa: audit event
|
||||
*/
|
||||
@@ -1025,7 +1028,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
{
|
||||
struct audit_buffer *ab = NULL;
|
||||
struct audit_context *ctx;
|
||||
@@ -567,7 +567,7 @@ out:
|
||||
@@ -567,7 +568,7 @@ out:
|
||||
* @dentry: file to check
|
||||
* @iattr: attribute changes requested
|
||||
*/
|
||||
@@ -1034,7 +1037,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct vfsmount *mnt, struct iattr *iattr)
|
||||
{
|
||||
int error;
|
||||
@@ -592,7 +592,7 @@ int aa_attr(struct aaprofile *active, st
|
||||
@@ -592,7 +593,7 @@ int aa_attr(struct aaprofile *active, st
|
||||
* @xattr_name: name of xattr to check
|
||||
* @mask: access mode requested
|
||||
*/
|
||||
@@ -1043,7 +1046,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct vfsmount *mnt, const char *operation,
|
||||
const char *xattr_name, int mask)
|
||||
{
|
||||
@@ -620,7 +620,7 @@ int aa_perm_xattr(struct aaprofile *acti
|
||||
@@ -620,7 +621,7 @@ int aa_perm_xattr(struct aaprofile *acti
|
||||
* Determine if access (mask) for dentry is authorized by active
|
||||
* profile. Result, %0 (success), -ve (error)
|
||||
*/
|
||||
@@ -1052,7 +1055,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct vfsmount *mnt, int mask)
|
||||
{
|
||||
int error = 0;
|
||||
@@ -651,7 +651,7 @@ out:
|
||||
@@ -651,7 +652,7 @@ out:
|
||||
* by @active profile.
|
||||
* Result, %0 (success), -ve (error)
|
||||
*/
|
||||
@@ -1061,7 +1064,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct vfsmount *mnt, const char *operation, int mask)
|
||||
{
|
||||
struct aa_audit sa;
|
||||
@@ -672,7 +672,7 @@ int aa_perm_dir(struct aaprofile *active
|
||||
@@ -672,7 +673,7 @@ int aa_perm_dir(struct aaprofile *active
|
||||
* Look up capability in active profile capability set.
|
||||
* Return %0 (success), -%EPERM (error)
|
||||
*/
|
||||
@@ -1070,7 +1073,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
{
|
||||
int error = 0;
|
||||
struct aa_audit sa;
|
||||
@@ -697,7 +697,7 @@ int aa_capability(struct aaprofile *acti
|
||||
@@ -697,7 +698,7 @@ int aa_capability(struct aaprofile *acti
|
||||
* @target: dentry for link target
|
||||
* @mnt: vfsmount (-EXDEV is link and target are not on same vfsmount)
|
||||
*/
|
||||
@@ -1079,7 +1082,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct dentry *link, struct vfsmount *link_mnt,
|
||||
struct dentry *target, struct vfsmount *target_mnt)
|
||||
{
|
||||
@@ -796,8 +796,8 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -796,8 +797,8 @@ int aa_register(struct linux_binprm *bpr
|
||||
{
|
||||
char *filename;
|
||||
struct file *filp = bprm->file;
|
||||
@@ -1090,7 +1093,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
int error = -ENOMEM,
|
||||
exec_mode = 0,
|
||||
find_profile = 0,
|
||||
@@ -815,7 +815,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -815,7 +816,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
|
||||
error = 0;
|
||||
|
||||
@@ -1099,7 +1102,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
if (!active) {
|
||||
/* Unconfined task, load profile if it exists */
|
||||
@@ -828,7 +828,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -828,7 +829,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
/* Confined task, determine what mode inherit, unconstrained or
|
||||
* mandatory to load new profile
|
||||
*/
|
||||
@@ -1108,7 +1111,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
unsafe_exec = exec_mode & AA_EXEC_UNSAFE;
|
||||
|
||||
if (exec_mode) {
|
||||
@@ -893,7 +893,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
@@ -893,7 +894,7 @@ int aa_register(struct linux_binprm *bpr
|
||||
* describing mode to execute image in.
|
||||
* Drop into null-profile (disabling secure exec).
|
||||
*/
|
||||
@@ -1117,7 +1120,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
unsafe_exec = 1;
|
||||
} else {
|
||||
AA_WARN("%s: Rejecting exec(2) of image '%s'. "
|
||||
@@ -926,7 +926,7 @@ find_profile:
|
||||
@@ -926,7 +927,7 @@ find_profile:
|
||||
current->pid,
|
||||
BASE_PROFILE(active)->name, active->name);
|
||||
|
||||
@@ -1126,7 +1129,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
} else {
|
||||
AA_WARN("REJECTING exec(2) of image '%s'. "
|
||||
"Profile mandatory and not found "
|
||||
@@ -1016,8 +1016,8 @@ apply_profile:
|
||||
@@ -1016,8 +1017,8 @@ apply_profile:
|
||||
if (newprofile && unlikely(newprofile->isstale)) {
|
||||
WARN_ON(newprofile == null_complain_profile);
|
||||
|
||||
@@ -1137,7 +1140,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
newprofile = aa_profilelist_find(filename);
|
||||
|
||||
@@ -1048,7 +1048,7 @@ apply_profile:
|
||||
@@ -1048,7 +1049,7 @@ apply_profile:
|
||||
}
|
||||
|
||||
aa_switch(sd, newprofile);
|
||||
@@ -1146,7 +1149,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
if (complain && newprofile == null_complain_profile)
|
||||
LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF,
|
||||
@@ -1061,7 +1061,7 @@ apply_profile:
|
||||
@@ -1061,7 +1062,7 @@ apply_profile:
|
||||
cleanup:
|
||||
aa_put_name(filename);
|
||||
|
||||
@@ -1155,7 +1158,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
out:
|
||||
return error;
|
||||
@@ -1106,7 +1106,7 @@ void aa_release(struct task_struct *p)
|
||||
@@ -1106,7 +1107,7 @@ void aa_release(struct task_struct *p)
|
||||
*/
|
||||
static inline int do_change_hat(const char *hat_name, struct subdomain *sd)
|
||||
{
|
||||
@@ -1164,7 +1167,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
int error = 0;
|
||||
|
||||
sub = __aa_find_profile(hat_name, &BASE_PROFILE(sd->active)->sub);
|
||||
@@ -1114,7 +1114,7 @@ static inline int do_change_hat(const ch
|
||||
@@ -1114,7 +1115,7 @@ static inline int do_change_hat(const ch
|
||||
if (sub) {
|
||||
/* change hat */
|
||||
aa_switch(sd, sub);
|
||||
@@ -1173,10 +1176,10 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
} else {
|
||||
/* There is no such subprofile change to a NULL profile.
|
||||
* The NULL profile grants no file access.
|
||||
Index: linux-2.6/security/apparmor/match.c
|
||||
Index: b/security/apparmor/match.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/match.c
|
||||
+++ linux-2.6/security/apparmor/match.c
|
||||
--- a/security/apparmor/match.c
|
||||
+++ b/security/apparmor/match.c
|
||||
@@ -16,7 +16,7 @@
|
||||
#include <linux/module.h>
|
||||
#include "match.h"
|
||||
@@ -1260,10 +1263,10 @@ Index: linux-2.6/security/apparmor/match.c
|
||||
|
||||
return 0;
|
||||
}
|
||||
Index: linux-2.6/security/apparmor/module_interface.c
|
||||
Index: b/security/apparmor/module_interface.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/module_interface.c
|
||||
+++ linux-2.6/security/apparmor/module_interface.c
|
||||
--- a/security/apparmor/module_interface.c
|
||||
+++ b/security/apparmor/module_interface.c
|
||||
@@ -17,24 +17,24 @@
|
||||
|
||||
/* aa_code defined in module_interface.h */
|
||||
@@ -1605,10 +1608,10 @@ Index: linux-2.6/security/apparmor/module_interface.c
|
||||
}
|
||||
|
||||
if (profile->name) {
|
||||
Index: linux-2.6/security/apparmor/procattr.c
|
||||
Index: b/security/apparmor/procattr.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/procattr.c
|
||||
+++ linux-2.6/security/apparmor/procattr.c
|
||||
--- a/security/apparmor/procattr.c
|
||||
+++ b/security/apparmor/procattr.c
|
||||
@@ -15,7 +15,7 @@
|
||||
#include "apparmor.h"
|
||||
#include "inline.h"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/main.c
|
||||
Index: b/security/apparmor/main.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/main.c
|
||||
+++ linux-2.6/security/apparmor/main.c
|
||||
--- a/security/apparmor/main.c
|
||||
+++ b/security/apparmor/main.c
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <linux/security.h>
|
||||
#include <linux/namei.h>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/match/Kbuild
|
||||
Index: b/security/apparmor/match/Kbuild
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/match/Kbuild
|
||||
+++ linux-2.6/security/apparmor/match/Kbuild
|
||||
--- a/security/apparmor/match/Kbuild
|
||||
+++ b/security/apparmor/match/Kbuild
|
||||
@@ -1,6 +1,6 @@
|
||||
# Makefile for AppArmor aamatch submodule
|
||||
#
|
||||
@@ -11,10 +11,10 @@ Index: linux-2.6/security/apparmor/match/Kbuild
|
||||
|
||||
-aamatch_pcre-y := match_pcre.o pcre_exec.o
|
||||
+aamatch_dfa-y := match_dfa.o
|
||||
Index: linux-2.6/security/apparmor/match/match_dfa.c
|
||||
Index: b/security/apparmor/match/match_dfa.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ linux-2.6/security/apparmor/match/match_dfa.c
|
||||
+++ b/security/apparmor/match/match_dfa.c
|
||||
@@ -0,0 +1,398 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2002-2005 Novell/SUSE
|
||||
@@ -414,10 +414,10 @@ Index: linux-2.6/security/apparmor/match/match_dfa.c
|
||||
+MODULE_DESCRIPTION("AppArmor aa_match module [dfa]");
|
||||
+MODULE_AUTHOR("John Johansen <jjohansen@suse.de>");
|
||||
+MODULE_LICENSE("GPL");
|
||||
Index: linux-2.6/security/apparmor/module_interface.c
|
||||
Index: b/security/apparmor/module_interface.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/module_interface.c
|
||||
+++ linux-2.6/security/apparmor/module_interface.c
|
||||
--- a/security/apparmor/module_interface.c
|
||||
+++ b/security/apparmor/module_interface.c
|
||||
@@ -206,6 +206,7 @@ static void aaconvert(enum aa_code code,
|
||||
*(u16 *)dest = le16_to_cpu(get_unaligned((u16 *)src));
|
||||
break;
|
||||
@@ -465,10 +465,10 @@ Index: linux-2.6/security/apparmor/module_interface.c
|
||||
free_aa_entry(entry);
|
||||
return NULL;
|
||||
}
|
||||
Index: linux-2.6/security/apparmor/module_interface.h
|
||||
Index: b/security/apparmor/module_interface.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/module_interface.h
|
||||
+++ linux-2.6/security/apparmor/module_interface.h
|
||||
--- a/security/apparmor/module_interface.h
|
||||
+++ b/security/apparmor/module_interface.h
|
||||
@@ -20,6 +20,7 @@ enum aa_code {
|
||||
AA_LIST,
|
||||
AA_LISTEND,
|
||||
@@ -477,10 +477,10 @@ Index: linux-2.6/security/apparmor/module_interface.h
|
||||
AA_BAD
|
||||
};
|
||||
|
||||
Index: linux-2.6/security/apparmor/shared.h
|
||||
Index: b/security/apparmor/shared.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/shared.h
|
||||
+++ linux-2.6/security/apparmor/shared.h
|
||||
--- a/security/apparmor/shared.h
|
||||
+++ b/security/apparmor/shared.h
|
||||
@@ -28,6 +28,9 @@
|
||||
#define POS_AA_EXEC_UNSAFE (POS_AA_EXEC_MMAP + 1)
|
||||
#define POS_AA_FILE_MAX POS_AA_EXEC_UNSAFE
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6-apparmor/security/Kconfig
|
||||
Index: b/security/Kconfig
|
||||
===================================================================
|
||||
--- linux-2.6-apparmor.orig/security/Kconfig
|
||||
+++ linux-2.6-apparmor/security/Kconfig
|
||||
--- a/security/Kconfig
|
||||
+++ b/security/Kconfig
|
||||
@@ -94,6 +94,7 @@ config SECURITY_ROOTPLUG
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
@@ -10,10 +10,10 @@ Index: linux-2.6-apparmor/security/Kconfig
|
||||
|
||||
endmenu
|
||||
|
||||
Index: linux-2.6-apparmor/security/Makefile
|
||||
Index: b/security/Makefile
|
||||
===================================================================
|
||||
--- linux-2.6-apparmor.orig/security/Makefile
|
||||
+++ linux-2.6-apparmor/security/Makefile
|
||||
--- a/security/Makefile
|
||||
+++ b/security/Makefile
|
||||
@@ -4,6 +4,7 @@
|
||||
|
||||
obj-$(CONFIG_KEYS) += keys/
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/main.c
|
||||
Index: b/security/apparmor/main.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/main.c
|
||||
+++ linux-2.6/security/apparmor/main.c
|
||||
--- a/security/apparmor/main.c
|
||||
+++ b/security/apparmor/main.c
|
||||
@@ -61,7 +61,7 @@ static inline int aa_taskattr_access(con
|
||||
static inline int aa_file_mode(struct aaprofile *profile, const char *name)
|
||||
{
|
||||
@@ -171,10 +171,10 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
done:
|
||||
return error;
|
||||
Index: linux-2.6/security/apparmor/match/match.h
|
||||
Index: b/security/apparmor/match/match.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/match/match.h
|
||||
+++ linux-2.6/security/apparmor/match/match.h
|
||||
--- a/security/apparmor/match/match.h
|
||||
+++ b/security/apparmor/match/match.h
|
||||
@@ -69,16 +69,11 @@ extern int aamatch_serialize(void *entry
|
||||
|
||||
/**
|
||||
@@ -231,10 +231,10 @@ Index: linux-2.6/security/apparmor/match/match.h
|
||||
}
|
||||
|
||||
#endif /* __MATCH_H */
|
||||
Index: linux-2.6/security/apparmor/match/match_default.c
|
||||
Index: b/security/apparmor/match/match_default.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/match/match_default.c
|
||||
+++ linux-2.6/security/apparmor/match/match_default.c
|
||||
--- a/security/apparmor/match/match_default.c
|
||||
+++ b/security/apparmor/match/match_default.c
|
||||
@@ -36,12 +36,11 @@ int aamatch_serialize(void *entry_extrad
|
||||
return 0;
|
||||
}
|
||||
@@ -250,10 +250,10 @@ Index: linux-2.6/security/apparmor/match/match_default.c
|
||||
|
||||
return ret;
|
||||
}
|
||||
Index: linux-2.6/security/apparmor/match/match_pcre.c
|
||||
Index: b/security/apparmor/match/match_pcre.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/match/match_pcre.c
|
||||
+++ linux-2.6/security/apparmor/match/match_pcre.c
|
||||
--- a/security/apparmor/match/match_pcre.c
|
||||
+++ b/security/apparmor/match/match_pcre.c
|
||||
@@ -132,27 +132,26 @@ done:
|
||||
return error;
|
||||
}
|
||||
@@ -271,19 +271,19 @@ Index: linux-2.6/security/apparmor/match/match_pcre.c
|
||||
- (struct aamatch_entry *) entry_extradata;
|
||||
+ (struct aamatch_entry *) entry->extradata;
|
||||
|
||||
pcreret = pcre_exec(ed->compiled, NULL,
|
||||
pcreret = pcre_exec(ed->compiled, NULL,
|
||||
pathname, strlen(pathname),
|
||||
0, 0, NULL, 0);
|
||||
|
||||
- ret = (pcreret >= 0);
|
||||
+ ret = (pcreret >= 0) ? entry->mode : 0;
|
||||
- ret = (pcreret >= 0);
|
||||
+ ret = (pcreret >= 0) ? entry->mode : 0;
|
||||
|
||||
// XXX - this needs access to subdomain_debug, hmmm
|
||||
//AA_DEBUG("%s(%d): %s %s %d\n", __FUNCTION__,
|
||||
//AA_DEBUG("%s(%d): %s %s %d\n", __FUNCTION__,
|
||||
// ret, pathname, ed->pattern, pcreret);
|
||||
} else {
|
||||
- ret = aamatch_match_common(pathname, entry_name, entry_type);
|
||||
+ ret = aamatch_match_common(entry, pathname);
|
||||
}
|
||||
|
||||
return ret;
|
||||
return ret;
|
||||
|
||||
@@ -4,10 +4,10 @@ Defining and initializing a variable at the same time is okay.
|
||||
|
||||
Rename struct task *p to <task>.
|
||||
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -66,12 +66,8 @@ MODULE_PARM_DESC(apparmor_logsyscall, "T
|
||||
static int apparmor_ptrace(struct task_struct *parent,
|
||||
struct task_struct *child)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/apparmor.h
|
||||
Index: b/security/apparmor/apparmor.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/apparmor.h
|
||||
+++ linux-2.6/security/apparmor/apparmor.h
|
||||
--- a/security/apparmor/apparmor.h
|
||||
+++ b/security/apparmor/apparmor.h
|
||||
@@ -25,17 +25,6 @@ extern int apparmor_debug;
|
||||
extern int apparmor_audit;
|
||||
extern int apparmor_logsyscall;
|
||||
@@ -14,8 +14,8 @@ Index: linux-2.6/security/apparmor/apparmor.h
|
||||
-#define INOTIFYFS_MAGIC 0xBAD1DEA
|
||||
-
|
||||
-#define VALID_FSTYPE(inode) ((inode)->i_sb->s_magic != PIPEFS_MAGIC && \
|
||||
- (inode)->i_sb->s_magic != SOCKFS_MAGIC && \
|
||||
- (inode)->i_sb->s_magic != INOTIFYFS_MAGIC)
|
||||
- (inode)->i_sb->s_magic != SOCKFS_MAGIC && \
|
||||
- (inode)->i_sb->s_magic != INOTIFYFS_MAGIC)
|
||||
-
|
||||
#define PROFILE_COMPLAIN(_profile) \
|
||||
(apparmor_complain == 1 || ((_profile) && (_profile)->flags.complain))
|
||||
@@ -52,10 +52,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
|
||||
/**
|
||||
* struct subdomain - primary label for confined tasks
|
||||
* @active: the current active profile
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -203,6 +203,9 @@ static int apparmor_sb_mount(char *dev_n
|
||||
if (active) {
|
||||
error = aa_audit_syscallreject(active, GFP_KERNEL, "mount");
|
||||
|
||||
@@ -5,10 +5,10 @@ I'm not sure we need all the syslogging going on here.
|
||||
|
||||
There are some self-explanatory comments (not only here).
|
||||
|
||||
Index: linux-2.6-apparmor/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6-apparmor.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6-apparmor/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -594,19 +594,15 @@ static int apparmor_setprocattr(struct t
|
||||
const char *cmd_changehat = "changehat ",
|
||||
*cmd_setprofile = "setprofile ";
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,7 +1,7 @@
|
||||
Index: linux-2.6/security/apparmor/apparmor.h
|
||||
Index: b/security/apparmor/apparmor.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/apparmor.h
|
||||
+++ linux-2.6/security/apparmor/apparmor.h
|
||||
--- a/security/apparmor/apparmor.h
|
||||
+++ b/security/apparmor/apparmor.h
|
||||
@@ -188,16 +188,6 @@ struct subdomain {
|
||||
|
||||
typedef int (*aa_iter) (struct subdomain *, void *);
|
||||
@@ -45,10 +45,10 @@ Index: linux-2.6/security/apparmor/apparmor.h
|
||||
extern int aa_fork(struct task_struct *p);
|
||||
extern int aa_register(struct linux_binprm *bprm);
|
||||
extern void aa_release(struct task_struct *p);
|
||||
Index: linux-2.6/security/apparmor/inline.h
|
||||
Index: b/security/apparmor/inline.h
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/inline.h
|
||||
+++ linux-2.6/security/apparmor/inline.h
|
||||
--- a/security/apparmor/inline.h
|
||||
+++ b/security/apparmor/inline.h
|
||||
@@ -10,7 +10,7 @@
|
||||
#ifndef __INLINE_H
|
||||
#define __INLINE_H
|
||||
@@ -143,10 +143,10 @@ Index: linux-2.6/security/apparmor/inline.h
|
||||
-}
|
||||
-
|
||||
#endif /* __INLINE_H__ */
|
||||
Index: linux-2.6/security/apparmor/lsm.c
|
||||
Index: b/security/apparmor/lsm.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/lsm.c
|
||||
+++ linux-2.6/security/apparmor/lsm.c
|
||||
--- a/security/apparmor/lsm.c
|
||||
+++ b/security/apparmor/lsm.c
|
||||
@@ -15,6 +15,8 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/mm.h>
|
||||
@@ -477,10 +477,10 @@ Index: linux-2.6/security/apparmor/lsm.c
|
||||
return error;
|
||||
}
|
||||
|
||||
Index: linux-2.6/security/apparmor/main.c
|
||||
Index: b/security/apparmor/main.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/security/apparmor/main.c
|
||||
+++ linux-2.6/security/apparmor/main.c
|
||||
--- a/security/apparmor/main.c
|
||||
+++ b/security/apparmor/main.c
|
||||
@@ -35,34 +35,6 @@ struct aaprofile *null_complain_profile;
|
||||
**************************/
|
||||
|
||||
@@ -595,8 +595,6 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
- }
|
||||
- } while (name);
|
||||
+ int permerror, error;
|
||||
+
|
||||
+ sa->name = aa_get_name(dentry, mnt);
|
||||
|
||||
- if ((path_error = aa_path_end(&data)) != 0) {
|
||||
- dentry_xlate_error(dentry, path_error, "dentry");
|
||||
@@ -606,6 +604,8 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
- } else if (name) {
|
||||
- if (failed_name)
|
||||
- aa_put_name(failed_name);
|
||||
+ sa->name = aa_get_name(dentry, mnt);
|
||||
+
|
||||
+ if (IS_ERR(sa->name)) {
|
||||
+ permerror = PTR_ERR(sa->name);
|
||||
+ sa->name = NULL;
|
||||
@@ -675,12 +675,12 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
|
||||
- permerror = _aa_perm_dentry(active, dentry, mask, &sa.name);
|
||||
- aa_permerror2result(permerror, &sa);
|
||||
-
|
||||
+ error = _aa_perm_vfsmount(active, dentry, mnt, &sa, mask);
|
||||
|
||||
- error = aa_audit(active, &sa);
|
||||
-
|
||||
- aa_put_name(sa.name);
|
||||
+ error = _aa_perm_vfsmount(active, dentry, mnt, &sa, mask);
|
||||
|
||||
-
|
||||
-out:
|
||||
return error;
|
||||
}
|
||||
@@ -806,10 +806,10 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
- aa_permerror2result(permerror, &sa);
|
||||
-
|
||||
- error = aa_audit(active, &sa);
|
||||
-
|
||||
- aa_put_name(sa.name);
|
||||
+ error = _aa_perm_vfsmount(active, dentry, mnt, &sa, MAY_WRITE);
|
||||
|
||||
- aa_put_name(sa.name);
|
||||
-
|
||||
-out:
|
||||
return error;
|
||||
}
|
||||
@@ -822,7 +822,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
struct aa_audit sa;
|
||||
|
||||
sa.type = AA_AUDITTYPE_CAP;
|
||||
@@ -1030,124 +867,42 @@ int aa_capability(struct aaprofile *acti
|
||||
@@ -1030,122 +867,40 @@ int aa_capability(struct aaprofile *acti
|
||||
* @active: profile to check against
|
||||
* @link: dentry for link being created
|
||||
* @target: dentry for link target
|
||||
@@ -894,7 +894,9 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
- if ((path_error = aa_path_end(&idata)) != 0) {
|
||||
- dentry_xlate_error(target, path_error,
|
||||
- "inner dentry [link]");
|
||||
-
|
||||
+ sa.name = aa_get_name(link, link_mnt);
|
||||
+ sa.pval = aa_get_name(target, target_mnt);
|
||||
|
||||
- /* name should not be set if error */
|
||||
- WARN_ON(iname);
|
||||
-
|
||||
@@ -906,9 +908,7 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
- aa_put_name(oname);
|
||||
- }
|
||||
- } while (oname && !match);
|
||||
+ sa.name = aa_get_name(link, link_mnt);
|
||||
+ sa.pval = aa_get_name(target, target_mnt);
|
||||
|
||||
-
|
||||
- if (error_code != 0) {
|
||||
- /* inner error */
|
||||
- (void)aa_path_end(&odata);
|
||||
@@ -963,8 +963,5 @@ Index: linux-2.6/security/apparmor/main.c
|
||||
+ aa_put_name(sa.name);
|
||||
+ aa_put_name(sa.pval);
|
||||
|
||||
- return error;
|
||||
+ return error;
|
||||
return error;
|
||||
}
|
||||
|
||||
/*******************************
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user