Proposed revert / cleanup for logging permission masks

2025-08-31 06:16:03 +00:00 · 2007-06-11 11:48:05 +00:00
parent 1f3cc4e008
commit 807c9147d2
2 changed files with 73 additions and 0 deletions
--- a/kernel-patches/for-mainline/audit-pairs-4.diff
+++ b/kernel-patches/for-mainline/audit-pairs-4.diff
@@ -0,0 +1,71 @@
+---
+ security/apparmor/main.c |   51 +++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 36 insertions(+), 15 deletions(-)
+
+--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
+@@ -277,17 +277,38 @@ void free_null_complain_profile(void)
+ static void aa_audit_file_mask(struct audit_buffer *ab, const char *name,
+ 			       int mask)
+ {
+-	audit_log_format(ab, " %s=\"%s%s%s%s%s%s%s%s%s\"",
+-			 name,
+-			 mask & AA_EXEC_UNSAFE ? "unsafe " : "",
+-			 mask & AA_EXEC_MMAP ? "m" : "",
+-			 mask & MAY_READ  ? "r" : "",
+-			 mask & MAY_WRITE ? "w" : "",
+-			 mask & AA_EXEC_INHERIT ? "i" : "",
+-			 mask & AA_EXEC_UNCONFINED ? "u" : "",
+-			 mask & AA_EXEC_PROFILE ? "p" : "",
+-			 mask & MAY_EXEC  ? "x" : "",
+-			 mask & AA_MAY_LINK  ? "l" : "");
+	char mask_str[10], *m = mask_str;
+
+	if (mask & AA_EXEC_MMAP)
+		*m++ = 'm';
+	if (mask & MAY_READ)
+		*m++ = 'r';
+	if (mask & MAY_WRITE)
+		*m++ = 'w';
+	if (mask & (MAY_EXEC | AA_EXEC_MODIFIERS)) {
+		if (mask & AA_EXEC_UNSAFE) {
+			if (mask & AA_EXEC_INHERIT)
+				*m++ = 'i';
+			if (mask & AA_EXEC_UNCONFINED)
+				*m++ = 'u';
+			if (mask & AA_EXEC_PROFILE)
+				*m++ = 'p';
+		} else {
+			if (mask & AA_EXEC_INHERIT)
+				*m++ = 'I';
+			if (mask & AA_EXEC_UNCONFINED)
+				*m++ = 'U';
+			if (mask & AA_EXEC_PROFILE)
+				*m++ = 'P';
+		}
+		if (mask & MAY_EXEC)
+			*m++ = 'x';
+	}
+	if (mask & AA_MAY_LINK)
+		*m++ = 'l';
+	*m++ = '\0';
+
+	audit_log_format(ab, " %s=\"%s\"", name, mask_str);
+ }
+ 
+ /**
+@@ -332,10 +353,10 @@ static int aa_audit_base(struct aa_profi
+ 			iattr->ia_valid & ATTR_UID ? "uid," : "",
+ 			iattr->ia_valid & ATTR_GID ? "gid," : "",
+ 			iattr->ia_valid & ATTR_SIZE ? "size," : "",
+-			((iattr->ia_valid & ATTR_ATIME_SET) ||
+-			 (iattr->ia_valid & ATTR_ATIME)) ? "atime," : "",
+-			((iattr->ia_valid & ATTR_MTIME_SET) ||
+-			 (iattr->ia_valid & ATTR_MTIME)) ? "mtime," : "",
+			iattr->ia_valid & (ATTR_ATIME | ATTR_ATIME_SET) ?
+				"atime," : "",
+			iattr->ia_valid & (ATTR_MTIME | ATTR_MTIME_SET) ?
+				"mtime," : "",
+ 			iattr->ia_valid & ATTR_CTIME ? "ctime," : "");
+ 	}
+ 
--- a/kernel-patches/for-mainline/series
+++ b/kernel-patches/for-mainline/series
@@ -56,6 +56,7 @@ audit-remove-mangle.diff
 audit-pairs.diff
 audit-pairs-2.diff
 audit-pairs-3.diff
+audit-pairs-4.diff
 audit-link-perms.diff
 audit-remove-buffer.diff
 #multi-profile-load.diff
@@ -65,6 +66,7 @@ audit-remove-buffer.diff
 do_path_lookup-nameidata.diff
 sys_fchdir-nameidata.diff
 file_permission-nameidata.diff
+foobar.diff
 # # NOT YET
 # ecryptfs-d_revalidate.diff
 # nfs-nameidata-check.diff