convert change_profile to use the interface lock - this is untested and likely broken

kernel-patches/for-mainline/change_profile.diff

@@ -11,11 +11,11 @@ change_hat-to-change_profile - convert change_hat to use change_profile
 
 
 ---
- security/apparmor/apparmor.h |   23 ++--
+ security/apparmor/apparmor.h |   23 ++-
  security/apparmor/lsm.c      |    4 
- security/apparmor/main.c     |  247 ++++++++++++++++++++++++++++++++++++++-----
+ security/apparmor/main.c     |  249 ++++++++++++++++++++++++++++++++++++++-----
  security/apparmor/procattr.c |   49 ++++++--
- 4 files changed, 275 insertions(+), 48 deletions(-)
+ 4 files changed, 277 insertions(+), 48 deletions(-)
 
 --- a/security/apparmor/apparmor.h
 +++ b/security/apparmor/apparmor.h
@@ -37,7 +37,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  
  #define AA_SECURE_EXEC_NEEDED		1
  
-@@ -126,7 +128,8 @@ extern struct mutex aa_interface_lock;
+@@ -124,7 +126,8 @@ extern struct mutex aa_interface_lock;
  /**
   * struct aa_task_context - primary label for confined tasks
   * @profile: the current profile
@@ -47,7 +47,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
   * @list: list this aa_task_context is on
   * @task: task that the aa_task_context confines
   * @rcu: rcu head used when freeing the aa_task_context
-@@ -137,7 +140,8 @@ extern struct mutex aa_interface_lock;
+@@ -135,7 +138,8 @@ extern struct mutex aa_interface_lock;
   */
  struct aa_task_context {
  	struct aa_profile *profile;	/* The current profile */
@@ -57,7 +57,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  	struct list_head list;
  	struct task_struct *task;
  	struct rcu_head rcu;
-@@ -160,7 +164,7 @@ struct aa_audit {
+@@ -158,7 +162,7 @@ struct aa_audit {
  	int requested_mask, denied_mask;
  	struct iattr *iattr;
  	pid_t task, parent;
@@ -66,7 +66,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  	int error_code;
  };
  
-@@ -219,16 +223,20 @@ extern int aa_clone(struct task_struct *
+@@ -217,16 +221,20 @@ extern int aa_clone(struct task_struct *
  extern int aa_register(struct linux_binprm *bprm);
  extern void aa_release(struct task_struct *task);
  extern int aa_change_hat(const char *id, u64 hat_magic);
@@ -90,7 +90,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  extern int aa_may_ptrace(struct aa_task_context *cxt,
  			 struct aa_profile *tracee);
  
-@@ -248,6 +256,7 @@ extern void aa_unconfine_tasks(struct aa
+@@ -246,6 +254,7 @@ extern void aa_unconfine_tasks(struct aa
  extern int aa_getprocattr(struct aa_profile *profile, char **string,
  			  unsigned *len);
  extern int aa_setprocattr_changehat(char *args);
@@ -122,7 +122,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  		unlock_profile(profile);
  
  		if (APPARMOR_COMPLAIN(child_cxt) &&
-@@ -946,12 +946,194 @@ repeat:
+@@ -946,12 +946,196 @@ repeat:
  			aa_put_profile(profile);
  			goto repeat;
  		}
@@ -194,6 +194,8 @@ change_hat-to-change_profile - convert change_hat to use change_profile
 +		}
 +	}
 +
++	if (APPARMOR_AUDIT(cxt))
++		aa_audit_message(cxt->profile, sa, AUDIT_APPARMOR_AUDIT);
 +	aa_change_task_context(task, new_cxt, profile, token, token_profile);
 +
 +out:
@@ -318,7 +320,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  /**
   * do_change_hat - actually switch hats
   * @hat_name: name of hat to switch to
-@@ -1091,10 +1273,6 @@ int aa_change_hat(const char *hat_name, 
+@@ -1091,10 +1275,6 @@ int aa_change_hat(const char *hat_name, 
  						      cxt->hat_magic, &sa);
  			}
  		} else if (cxt->hat_magic) {
@@ -329,7 +331,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  		} else {	/* cxt->hat_magic == 0 */
  			sa.info = "killing process confined to current hat";
  			aa_audit_status(profile, &sa);
-@@ -1107,8 +1285,7 @@ int aa_change_hat(const char *hat_name, 
+@@ -1107,8 +1287,7 @@ int aa_change_hat(const char *hat_name, 
  out:
  	if (aa_task_context(current) != new_cxt)
  		aa_free_task_context(new_cxt);
@@ -339,7 +341,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  	return error;
  }
  
-@@ -1116,14 +1293,12 @@ out:
+@@ -1116,14 +1295,12 @@ out:
   * __aa_replace_profile - replace a task's profile
   * @task: task to switch the profile of
   * @profile: profile to switch to
@@ -355,7 +357,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  {
  	struct aa_task_context *cxt, *new_cxt = NULL;
  	struct aa_profile *old_profile = NULL;
-@@ -1136,34 +1311,29 @@ struct aa_profile *__aa_replace_profile(
+@@ -1136,34 +1313,29 @@ struct aa_profile *__aa_replace_profile(
  
  	cxt = lock_task_and_profiles(task, profile);
  	if (unlikely(profile && profile->isstale)) {
@@ -398,7 +400,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
   *
   * Handle the spinning on locking to make sure the task context and
   * profile are consistent once all locks are aquired.
-@@ -1176,12 +1346,16 @@ lock_task_and_profiles(struct task_struc
+@@ -1176,12 +1348,16 @@ lock_task_and_profiles(struct task_struc
  {
  	struct aa_task_context *cxt;
  	struct aa_profile *old_profile = NULL;
@@ -416,7 +418,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  	lock_both_profiles(profile, old_profile);
  	task_lock(task);
  
-@@ -1189,12 +1363,26 @@ repeat:
+@@ -1189,12 +1365,26 @@ repeat:
  	if (unlikely(cxt != aa_task_context(task))) {
  		task_unlock(task);
  		unlock_both_profiles(profile, old_profile);
@@ -443,7 +445,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  static void free_aa_task_context_rcu_callback(struct rcu_head *head)
  {
  	struct aa_task_context *cxt;
-@@ -1208,11 +1396,13 @@ static void free_aa_task_context_rcu_cal
+@@ -1208,11 +1398,13 @@ static void free_aa_task_context_rcu_cal
   * @task: task that is having its task context changed
   * @new_cxt: new task context to use after the switch
   * @profile: new profile to use after the switch
@@ -459,7 +461,7 @@ change_hat-to-change_profile - convert change_hat to use change_profile
  {
  	struct aa_task_context *old_cxt = aa_task_context(task);
  
-@@ -1224,9 +1414,10 @@ void aa_change_task_context(struct task_
+@@ -1224,9 +1416,10 @@ void aa_change_task_context(struct task_
  		/* clear the caps_logged cache, so that new profile/hat has
  		 * chance to emit its own set of cap messages */
  		new_cxt->caps_logged = CAP_EMPTY_SET;

kernel-patches/for-mainline/flatten-hats.diff

@@ -3,9 +3,9 @@
  security/apparmor/inline.h           |   38 ++---
  security/apparmor/list.c             |   25 +++
  security/apparmor/main.c             |  240 +++++++----------------------------
- security/apparmor/module_interface.c |   84 ------------
+ security/apparmor/module_interface.c |   86 +-----------
  security/apparmor/procattr.c         |   26 +--
- 6 files changed, 110 insertions(+), 312 deletions(-)
+ 6 files changed, 111 insertions(+), 313 deletions(-)
 
 --- a/security/apparmor/apparmor.h
 +++ b/security/apparmor/apparmor.h
@@ -21,9 +21,9 @@
   * @flags: flags controlling profile behavior
 - * @null_profile: if needed per profile learning and null confinement profile
   * @isstale: flag indicating if profile is stale
-  * @replacement: profile replacing this profile
   * @capabilities: capabilities granted by the process
-@@ -101,16 +98,13 @@ extern unsigned int apparmor_path_max;
+  * @count: reference count of the profile
+@@ -100,16 +97,13 @@ extern unsigned int apparmor_path_max;
   * way.
   */
  struct aa_profile {
@@ -38,9 +38,9 @@
  	} flags;
 -	struct aa_profile *null_profile;
  	int isstale;
- 	struct aa_profile *replacement;
  
-@@ -226,6 +220,9 @@ extern int aa_change_hat(const char *id,
+ 	kernel_cap_t capabilities;
+@@ -224,6 +218,9 @@ extern int aa_change_hat(const char *id,
  extern int aa_change_profile(const char *name, u64 token);
  extern struct aa_profile *__aa_find_profile(const char *name,
  					    struct list_head *list);
@@ -324,7 +324,7 @@
  		unlock_task_and_profiles(task, cxt, profile);
  		aa_put_profile(profile);
  		goto repeat;
-@@ -1020,6 +1000,7 @@ out:
+@@ -1022,6 +1002,7 @@ out:
  		aa_free_task_context(new_cxt);
  	unlock_task_and_profiles(task, cxt, profile);
  	aa_put_profile(profile);
@@ -332,7 +332,7 @@
  	return error;
  }
  
-@@ -1124,7 +1105,7 @@ int aa_change_profile(const char *name, 
+@@ -1126,7 +1107,7 @@ int aa_change_profile(const char *name, 
  			return -EACCES;
  		}
  
@@ -341,7 +341,7 @@
  	} else {
  		error = do_restore_profile(current, token, &sa);
  	}
-@@ -1133,159 +1114,36 @@ int aa_change_profile(const char *name, 
+@@ -1135,159 +1116,36 @@ int aa_change_profile(const char *name, 
  	return error;
  }
  
@@ -513,7 +513,7 @@
  	return error;
  }
  
-@@ -1418,7 +1276,7 @@ void aa_change_task_context(struct task_
+@@ -1420,7 +1278,7 @@ void aa_change_task_context(struct task_
  		new_cxt->task = task;
  		new_cxt->profile = aa_dup_profile(profile);
  		new_cxt->token_profile = aa_dup_profile(token_profile);
@@ -588,17 +588,17 @@
 -/**
   * aa_verify_head - unpack serialized stream header
   * @e: serialized data read head
-  * @log: log a message on failure
+  * @operation: operation header is being verified for
-@@ -403,7 +363,7 @@ static int aa_unpack_profile_set(struct 
+@@ -393,7 +353,7 @@ ssize_t aa_add_profile(void *data, size_
+ 	if (error)
  		return error;
  
- 	while (aa_inbounds(e, 1)) {
+-	profile = aa_unpack_profile_wrapper(&e, "profile_load");
--		profile = aa_unpack_profile_wrapper(e, op);
++	profile = aa_unpack_profile(&e, "profile_load");
-+		profile = aa_unpack_profile(e, op);
+ 	if (IS_ERR(profile))
- 		if (IS_ERR(profile)) {
+ 		return PTR_ERR(profile);
- 			free_list_of_profiles(lh);
+ 
- 			return PTR_ERR(profile);
+@@ -426,29 +386,13 @@ static inline void task_replace(struct t
-@@ -472,29 +432,13 @@ static inline void task_replace(struct t
  	struct aa_task_context *cxt = aa_task_context(task);
  
  	AA_DEBUG("%s: replacing profile for task %d "
@@ -630,8 +630,17 @@
 +			       cxt->token_profile);
  }
  
- static void replace_profiles_context_list(struct aa_profile *old_profile,
+ /**
-@@ -645,9 +589,7 @@ struct aa_profile *alloc_aa_profile(void
+@@ -473,7 +417,7 @@ ssize_t aa_replace_profile(void *udata, 
+ 	if (error)
+ 		return error;
+ 
+-	new_profile = aa_unpack_profile_wrapper(&e, "profile_replace");
++	new_profile = aa_unpack_profile(&e, "profile_replace");
+ 	if (IS_ERR(new_profile))
+ 		return PTR_ERR(new_profile);
+ 
+@@ -582,9 +526,7 @@ struct aa_profile *alloc_aa_profile(void
  	profile = kzalloc(sizeof(*profile), GFP_KERNEL);
  	AA_DEBUG("%s(%p)\n", __FUNCTION__, profile);
  	if (profile) {
@@ -641,7 +650,7 @@
  		kref_init(&profile->count);
  		INIT_LIST_HEAD(&profile->task_contexts);
  		spin_lock_init(&profile->lock);
-@@ -667,8 +609,6 @@ struct aa_profile *alloc_aa_profile(void
+@@ -604,8 +546,6 @@ struct aa_profile *alloc_aa_profile(void
   */
  void free_aa_profile(struct aa_profile *profile)
  {
@@ -650,7 +659,7 @@
  	AA_DEBUG("%s(%p)\n", __FUNCTION__, profile);
  
  	if (!profile)
-@@ -685,18 +625,6 @@ void free_aa_profile(struct aa_profile *
+@@ -622,18 +562,6 @@ void free_aa_profile(struct aa_profile *
  
  	aa_match_free(profile->file_rules);
  
@@ -669,7 +678,7 @@
  	if (profile->name) {
  		AA_DEBUG("%s: %s\n", __FUNCTION__, profile->name);
  		kfree(profile->name);
-@@ -718,7 +646,7 @@ void aa_unconfine_tasks(struct aa_profil
+@@ -655,7 +583,7 @@ void aa_unconfine_tasks(struct aa_profil
  			list_entry(profile->task_contexts.next,
  				   struct aa_task_context, list)->task;
  		task_lock(task);

kernel-patches/for-mainline/series

@@ -59,10 +59,12 @@ audit-pairs-3.diff
 audit-pairs-4.diff
 audit-link-perms.diff
 audit-remove-buffer.diff
-multi-profile-load.diff
+#multi-profile-load.diff
 change_profile.diff
 flatten-hats.diff
+flatten-hats-2.diff
 #change_hat-to-change_profile.diff
+use-interface_lock.diff
 do_path_lookup-nameidata.diff
 sys_fchdir-nameidata.diff
 file_permission-nameidata.diff