From e4c35f7cbf2daa4611cad1950dab9247abc24c58 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher Date: Mon, 12 Feb 2007 04:50:00 +0000 Subject: [PATCH] More cleanups. --- kernel-patches/for-mainline/aa_switch.diff | 50 +-- .../for-mainline/fix-change_hat.diff | 48 +++ ...iff => rename-aa_task_context-active.diff} | 46 +- .../for-mainline/rename-ctx-to-cxt.diff | 32 ++ .../for-mainline/rename-put_aa_profile.diff | 327 ++++++++++++++ .../for-mainline/rename-task_struct-vars.diff | 404 ++++++++++++++++++ kernel-patches/for-mainline/series | 6 +- 7 files changed, 867 insertions(+), 46 deletions(-) create mode 100644 kernel-patches/for-mainline/fix-change_hat.diff rename kernel-patches/for-mainline/{active-really-is-a-profile.diff => rename-aa_task_context-active.diff} (97%) create mode 100644 kernel-patches/for-mainline/rename-ctx-to-cxt.diff create mode 100644 kernel-patches/for-mainline/rename-put_aa_profile.diff create mode 100644 kernel-patches/for-mainline/rename-task_struct-vars.diff diff --git a/kernel-patches/for-mainline/aa_switch.diff b/kernel-patches/for-mainline/aa_switch.diff index fe7f5416a..039320ef8 100644 --- a/kernel-patches/for-mainline/aa_switch.diff +++ b/kernel-patches/for-mainline/aa_switch.diff @@ -1,6 +1,7 @@ -Rename aa_switch() to aa_switch_profile(), and replace -aa_switch_unconfined(task) with aa_switch_profile(task, NULL, 0): -this is easier to understand; we want to make it more explicit +Rename aa_switch() to aa_switch_to_profile(), and replace +aa_switch_unconfined(task) with aa_switch_to_profile(task, NULL, 0): +this is easier to understand. Pass the hat magic to switch to to +aa_switch_to_profile as well: we want to make it more explicit which profile switches go together with which hat changes! The entire change hat logic looks very questionable to me; it is @@ -20,7 +21,7 @@ Index: b/security/apparmor/inline.h /** - * aa_switch - change aa_task_context to use a new profile -+ * aa_switch_profile - change aa_task_context to use a new profile ++ * aa_switch_to_profile - change aa_task_context to use a new profile * @cxt: aa_task_context to switch the active profile on - * @newactive: new active profile + * @newactive: new active profile (NULL for unconfined) @@ -35,16 +36,16 @@ Index: b/security/apparmor/inline.h - */ -static inline void aa_switch(struct aa_task_context *cxt, - struct aa_profile *newactive) -+ * aa_switch_profile handles the changing of a aa_task_context's active ++ * aa_switch_to_profile handles the changing of a aa_task_context's active + * profile. The cxt_lock must be held to ensure consistency against + * other writers. Some write paths (ex. aa_register) require + * cxt->active not to change over several operations, so the calling + * function is responsible for grabing the cxt_lock to meet its -+ * consistency constraints before calling aa_switch_profile ++ * consistency constraints before calling aa_switch_to_profile + */ -+static inline void aa_switch_profile(struct aa_task_context *cxt, -+ struct aa_profile *newactive, -+ u32 hat_magic) ++static inline void aa_switch_to_profile(struct aa_task_context *cxt, ++ struct aa_profile *newactive, ++ u32 hat_magic) { - struct aa_profile *oldactive = cxt->active; + struct aa_profile *old = cxt->active; @@ -104,7 +105,7 @@ Index: b/security/apparmor/main.c spin_lock_irqsave(&cxt_lock, flags); - aa_switch(newcxt, cxt->active); - newcxt->hat_magic = cxt->hat_magic; -+ aa_switch_profile(newcxt, cxt->active, cxt->hat_magic); ++ aa_switch_to_profile(newcxt, cxt->active, cxt->hat_magic); spin_unlock_irqrestore(&cxt_lock, flags); if (APPARMOR_COMPLAIN(cxt) && @@ -113,7 +114,7 @@ Index: b/security/apparmor/main.c } - aa_switch(cxt, newprofile); -+ aa_switch_profile(cxt, newprofile, 0); ++ aa_switch_to_profile(cxt, newprofile, 0); put_aa_profile(newprofile); if (complain && newprofile == null_complain_profile) @@ -124,7 +125,7 @@ Index: b/security/apparmor/main.c - * writers. There may still be other readers so we must still use aa_switch - * to put the aa_task_context's reference safely. + * writers. There may still be other readers so we must still use -+ * aa_switch_profile to put the aa_task_context's reference safely. ++ * aa_switch_to_profile to put the aa_task_context's reference safely. */ void aa_release(struct task_struct *p) { @@ -133,7 +134,7 @@ Index: b/security/apparmor/main.c aa_task_context_list_remove(cxt); - aa_switch_unconfined(cxt); -+ aa_switch_profile(cxt, NULL, 0); ++ aa_switch_to_profile(cxt, NULL, 0); kfree(cxt); } @@ -153,7 +154,7 @@ Index: b/security/apparmor/main.c if (sub) { /* change hat */ - aa_switch(cxt, sub); -+ aa_switch_profile(cxt, sub, hat_magic); ++ aa_switch_to_profile(cxt, sub, hat_magic); put_aa_profile(sub); } else { /* There is no such subprofile change to a NULL profile. @@ -171,7 +172,7 @@ Index: b/security/apparmor/main.c error = -EACCES; } - aa_switch(cxt, cxt->active->null_profile); -+ aa_switch_profile(cxt, cxt->active->null_profile, hat_magic); ++ aa_switch_to_profile(cxt, cxt->active->null_profile, hat_magic); } return error; @@ -185,7 +186,7 @@ Index: b/security/apparmor/main.c } else { /* Got here via changehat(NULL, magic) * -@@ -1212,21 +1221,20 @@ int aa_change_hat(const char *hat_name, +@@ -1212,21 +1221,21 @@ int aa_change_hat(const char *hat_name, * Handle special casing of NULL magic which confines task * to subprofile and prohibits further changehats */ @@ -202,7 +203,8 @@ Index: b/security/apparmor/main.c - * New value will be passed on next changehat - */ - cxt->hat_magic = 0; -+ aa_switch_profile(cxt, cxt->active->parent, 0); ++ aa_switch_to_profile(cxt, cxt->active->parent, ++ 0); } else { - /* change to another (sibling) profile */ - error = do_change_hat(hat_name, cxt); @@ -215,7 +217,7 @@ Index: b/security/apparmor/main.c } } else if (cxt->hat_magic) { AA_ERROR("KILLING process %s(%d) " -@@ -1240,7 +1248,7 @@ int aa_change_hat(const char *hat_name, +@@ -1240,7 +1249,7 @@ int aa_change_hat(const char *hat_name, /* terminate current process */ (void)send_sig_info(SIGKILL, NULL, current); @@ -233,7 +235,7 @@ Index: b/security/apparmor/lsm.c BASE_PROFILE(cxt->active), cxt->active->name, cxt->active); - aa_switch_unconfined(cxt); -+ aa_switch_profile(cxt, NULL, 0); ++ aa_switch_to_profile(cxt, NULL, 0); } return 0; @@ -246,7 +248,7 @@ Index: b/security/apparmor/procattr.c cxt->active->name); - aa_switch_unconfined(cxt); -+ aa_switch_profile(cxt, NULL, 0); ++ aa_switch_to_profile(cxt, NULL, 0); } else { AA_WARN("%s: task %s(%d) " "is already unconstrained\n", @@ -265,7 +267,7 @@ Index: b/security/apparmor/procattr.c - * calling aa_switch - */ - cxt->hat_magic = 0; -+ aa_switch_profile(cxt, profile, 0); ++ aa_switch_to_profile(cxt, profile, 0); + put_aa_profile(profile); } @@ -279,7 +281,7 @@ Index: b/security/apparmor/module_interface.c cxt->active->name); - aa_switch_unconfined(cxt); -+ aa_switch_profile(cxt, NULL, 0); ++ aa_switch_to_profile(cxt, NULL, 0); } /** taskremove_iter - Iterator to unconfine aa_task_contexts which match cookie @@ -297,7 +299,7 @@ Index: b/security/apparmor/module_interface.c nactive = aa_dup_profile(new->null_profile); - aa_switch(cxt, nactive); -+ aa_switch_profile(cxt, nactive, cxt->hat_magic); ++ aa_switch_to_profile(cxt, nactive, cxt->hat_magic); put_aa_profile(nactive); - } else { - aa_switch(cxt, new); @@ -306,7 +308,7 @@ Index: b/security/apparmor/module_interface.c - out: - return; + } else -+ aa_switch_profile(cxt, new, cxt->hat_magic); ++ aa_switch_to_profile(cxt, new, cxt->hat_magic); } /** taskreplace_iter - Iterator to replace a aa_task_context's profile diff --git a/kernel-patches/for-mainline/fix-change_hat.diff b/kernel-patches/for-mainline/fix-change_hat.diff new file mode 100644 index 000000000..061f00612 --- /dev/null +++ b/kernel-patches/for-mainline/fix-change_hat.diff @@ -0,0 +1,48 @@ +Do not switch to the NULL profile in enforce mode: this only screws +the calling process; it wouldn't have a reasonable way of finding +out when a hat doesn't exist. + +Index: b/security/apparmor/main.c +=================================================================== +--- a/security/apparmor/main.c ++++ b/security/apparmor/main.c +@@ -1113,14 +1113,6 @@ static inline int do_change_hat(const ch + aa_switch_to_profile(cxt, sub, hat_magic); + aa_put_profile(sub); + } else { +- /* There is no such subprofile change to a NULL profile. +- * The NULL profile grants no file access. +- * +- * This feature is used by changehat_apache. +- * +- * N.B from the null-profile the task can still changehat back +- * out to the parent profile (assuming magic != 0) +- */ + if (APPARMOR_COMPLAIN(cxt)) { + LOG_HINT(cxt->profile, GFP_ATOMIC, HINT_UNKNOWN_HAT, + "%s pid=%d " +@@ -1129,6 +1121,16 @@ static inline int do_change_hat(const ch + current->pid, + BASE_PROFILE(cxt->profile)->name, + cxt->profile->name); ++ /* ++ * Switch to the NULL profile: it grants no accesses, ++ * so all accesses will be logged. This allows us to ++ * learn about new hats. ++ * ++ * N.B from the null-profile the task can still change ++ * back to the parent profile if hat_magic != 0. ++ */ ++ aa_switch_to_profile(cxt, cxt->profile->null_profile, ++ hat_magic); + } else { + AA_DEBUG("%s: Unknown hatname '%s'. " + "Changing to NULL profile " +@@ -1140,7 +1142,6 @@ static inline int do_change_hat(const ch + cxt->profile->name); + error = -EACCES; + } +- aa_switch_to_profile(cxt, cxt->profile->null_profile, hat_magic); + } + + return error; diff --git a/kernel-patches/for-mainline/active-really-is-a-profile.diff b/kernel-patches/for-mainline/rename-aa_task_context-active.diff similarity index 97% rename from kernel-patches/for-mainline/active-really-is-a-profile.diff rename to kernel-patches/for-mainline/rename-aa_task_context-active.diff index 9a11c150c..8a7563846 100644 --- a/kernel-patches/for-mainline/active-really-is-a-profile.diff +++ b/kernel-patches/for-mainline/rename-aa_task_context-active.diff @@ -1,3 +1,7 @@ +Rename the pointer in struct aa_task_context: there are +no other (inactive?) profiles. (And hats really are just profiles +as well.) + Index: b/security/apparmor/apparmor.h =================================================================== --- a/security/apparmor/apparmor.h @@ -150,25 +154,25 @@ Index: b/security/apparmor/inline.h } /** - * aa_switch_profile - change aa_task_context to use a new profile + * aa_switch_to_profile - change aa_task_context to use a new profile - * @cxt: aa_task_context to switch the active profile on - * @newactive: new active profile (NULL for unconfined) + * @cxt: aa_task_context to switch the profile on + * @newactive: new profile (NULL for unconfined) * @hat_magic: hat value to switch to (0 for no hat) * -- * aa_switch_profile handles the changing of a aa_task_context's active -+ * aa_switch_profile handles the changing of a aa_task_context's profile +- * aa_switch_to_profile handles the changing of a aa_task_context's active ++ * aa_switch_to_profile handles the changing of a aa_task_context's profile * profile. The cxt_lock must be held to ensure consistency against * other writers. Some write paths (ex. aa_register) require - * cxt->active not to change over several operations, so the calling + * cxt->profile not to change over several operations, so the calling * function is responsible for grabing the cxt_lock to meet its - * consistency constraints before calling aa_switch_profile + * consistency constraints before calling aa_switch_to_profile */ -@@ -67,11 +67,11 @@ static inline void aa_switch_profile(str - struct aa_profile *newactive, - u32 hat_magic) +@@ -67,11 +67,11 @@ static inline void aa_switch_to_profile( + struct aa_profile *newactive, + u32 hat_magic) { - struct aa_profile *old = cxt->active; + struct aa_profile *old = cxt->profile; @@ -449,7 +453,7 @@ Index: b/security/apparmor/lsm.c + if (cxt->profile) { AA_DEBUG("%s: Dropping profiles %s(%d) " - "profile %s(%p) active %s(%p)\n", -+ "profile %s(%p) profile %s(%p)\n", ++ "profile %s(%p) hat %s(%p)\n", __FUNCTION__, cxt->task->comm, cxt->task->pid, - BASE_PROFILE(cxt->active)->name, @@ -458,7 +462,7 @@ Index: b/security/apparmor/lsm.c + BASE_PROFILE(cxt->profile)->name, + BASE_PROFILE(cxt->profile), + cxt->profile->name, cxt->profile); - aa_switch_profile(cxt, NULL, 0); + aa_switch_to_profile(cxt, NULL, 0); } @@ -748,7 +748,7 @@ static void __exit apparmor_exit(void) @@ -851,8 +855,8 @@ Index: b/security/apparmor/main.c * he new task would end up with an obsolete profile. */ spin_lock_irqsave(&cxt_lock, flags); -- aa_switch_profile(newcxt, cxt->active, cxt->hat_magic); -+ aa_switch_profile(newcxt, cxt->profile, cxt->hat_magic); +- aa_switch_to_profile(newcxt, cxt->active, cxt->hat_magic); ++ aa_switch_to_profile(newcxt, cxt->profile, cxt->hat_magic); spin_unlock_irqrestore(&cxt_lock, flags); if (APPARMOR_COMPLAIN(cxt) && @@ -1053,8 +1057,8 @@ Index: b/security/apparmor/main.c + cxt->profile->name); error = -EACCES; } -- aa_switch_profile(cxt, cxt->active->null_profile, hat_magic); -+ aa_switch_profile(cxt, cxt->profile->null_profile, hat_magic); +- aa_switch_to_profile(cxt, cxt->active->null_profile, hat_magic); ++ aa_switch_to_profile(cxt, cxt->profile->null_profile, hat_magic); } return error; @@ -1089,12 +1093,12 @@ Index: b/security/apparmor/main.c * Got here via changehat(NULL, magic) * Return from subprofile, back to parent */ -- aa_switch_profile(cxt, cxt->active->parent, 0); -+ aa_switch_profile(cxt, cxt->profile->parent, 0); +- aa_switch_to_profile(cxt, cxt->active->parent, ++ aa_switch_to_profile(cxt, cxt->profile->parent, + 0); } else { /* - * Change to another (sibling) profile, and -@@ -1239,22 +1239,22 @@ int aa_change_hat(const char *hat_name, +@@ -1240,22 +1240,22 @@ int aa_change_hat(const char *hat_name, } else if (cxt->hat_magic) { AA_ERROR("KILLING process %s(%d) " "Invalid change_hat() magic# 0x%x " @@ -1148,7 +1152,7 @@ Index: b/security/apparmor/module_interface.c + BASE_PROFILE(cxt->profile)->name, + cxt->profile->name); - aa_switch_profile(cxt, NULL, 0); + aa_switch_to_profile(cxt, NULL, 0); } @@ -61,7 +61,7 @@ static inline void task_remove(struct aa * @cxt: aa_task_context to consider for profile removal @@ -1182,7 +1186,7 @@ Index: b/security/apparmor/module_interface.c { AA_DEBUG("%s: replacing profile for task %s(%d) " - "profile=%s (%p) active=%s (%p)\n", -+ "profile=%s (%p) profile=%s (%p)\n", ++ "profile=%s (%p) hat=%s (%p)\n", __FUNCTION__, cxt->task->comm, cxt->task->pid, - BASE_PROFILE(cxt->active)->name, BASE_PROFILE(cxt->active), @@ -1293,7 +1297,7 @@ Index: b/security/apparmor/procattr.c + BASE_PROFILE(cxt->profile)->name, + cxt->profile->name); - aa_switch_profile(cxt, NULL, 0); + aa_switch_to_profile(cxt, NULL, 0); } else { @@ -300,12 +300,12 @@ int aa_setprocattr_setprofile(struct tas */ @@ -1310,4 +1314,4 @@ Index: b/security/apparmor/procattr.c + cxt->profile ? cxt->profile->name : "unconstrained", name); - aa_switch_profile(cxt, profile, 0); + aa_switch_to_profile(cxt, profile, 0); diff --git a/kernel-patches/for-mainline/rename-ctx-to-cxt.diff b/kernel-patches/for-mainline/rename-ctx-to-cxt.diff new file mode 100644 index 000000000..abfb96869 --- /dev/null +++ b/kernel-patches/for-mainline/rename-ctx-to-cxt.diff @@ -0,0 +1,32 @@ +Context is only abbreviated as ctx here, but as cxt everywhere else. + +Index: b/security/apparmor/main.c +=================================================================== +--- a/security/apparmor/main.c ++++ b/security/apparmor/main.c +@@ -319,7 +319,7 @@ int aa_audit_syscallreject(struct aa_pro + int aa_audit(struct aa_profile *profile, const struct aa_audit *sa) + { + struct audit_buffer *ab = NULL; +- struct audit_context *ctx; ++ struct audit_context *cxt; + + const char *logcls; + unsigned int flags; +@@ -378,13 +378,13 @@ int aa_audit(struct aa_profile *profile, + * we are rejecting a syscall + */ + if (sa->type == AA_AUDITTYPE_SYSCALL) { +- ctx = current->audit_context; ++ cxt = current->audit_context; + } else { +- ctx = (flags & AA_AUDITFLAG_AUDITSS_SYSCALL) ? ++ cxt = (flags & AA_AUDITFLAG_AUDITSS_SYSCALL) ? + current->audit_context : NULL; + } + +- ab = audit_log_start(ctx, gfp_mask, AUDIT_APPARMOR); ++ ab = audit_log_start(cxt, gfp_mask, AUDIT_APPARMOR); + + if (!ab) { + AA_ERROR("Unable to log event (%d) to audit subsys\n", diff --git a/kernel-patches/for-mainline/rename-put_aa_profile.diff b/kernel-patches/for-mainline/rename-put_aa_profile.diff new file mode 100644 index 000000000..06630a738 --- /dev/null +++ b/kernel-patches/for-mainline/rename-put_aa_profile.diff @@ -0,0 +1,327 @@ +Rename put_aa_profile to aa_put_profile for consistency. + +Index: b/security/apparmor/apparmorfs.c +=================================================================== +--- a/security/apparmor/apparmorfs.c ++++ b/security/apparmor/apparmorfs.c +@@ -170,7 +170,7 @@ static char *aa_simple_write_to_buffer(c + "profile %s hat %s)\n", + msg, current->comm, current->pid, + BASE_PROFILE(profile)->name, profile->name); +- put_aa_profile(profile); ++ aa_put_profile(profile); + + data = ERR_PTR(-EPERM); + goto out; +Index: b/security/apparmor/inline.h +=================================================================== +--- a/security/apparmor/inline.h ++++ b/security/apparmor/inline.h +@@ -25,10 +25,10 @@ static inline struct aa_profile *aa_dup_ + } + + /** +- * put_aa_profile - decrement refcount on profile @p ++ * aa_put_profile - decrement refcount on profile @p + * @p: profile + */ +-static inline void put_aa_profile(struct aa_profile *p) ++static inline void aa_put_profile(struct aa_profile *p) + { + if (p) + kref_put(&BASE_PROFILE(p)->count, free_aa_profile_kref); +@@ -72,7 +72,7 @@ static inline void aa_switch_to_profile(str + cxt->caps_logged = CAP_EMPTY_SET; + cxt->hat_magic = hat_magic; + rcu_assign_pointer(cxt->profile, aa_dup_profile(newactive)); +- put_aa_profile(old); ++ aa_put_profile(old); + } + + /** +Index: b/security/apparmor/list.c +=================================================================== +--- a/security/apparmor/list.c ++++ b/security/apparmor/list.c +@@ -60,7 +60,7 @@ int aa_profilelist_add(struct aa_profile + write_lock(&profile_lock); + old_profile = __aa_find_profile(profile->name, &profile_list); + if (old_profile) { +- put_aa_profile(old_profile); ++ aa_put_profile(old_profile); + goto out; + } + +@@ -126,7 +126,7 @@ struct aa_profile *aa_profilelist_replac + oldprofile->isstale = 1; + + /* __aa_find_profile incremented count, so adjust down */ +- put_aa_profile(oldprofile); ++ aa_put_profile(oldprofile); + } + + list_add(&profile->list, &profile_list); +@@ -145,7 +145,7 @@ void aa_profilelist_release(void) + write_lock(&profile_lock); + list_for_each_entry_safe(p, tmp, &profile_list, list) { + list_del_init(&p->list); +- put_aa_profile(p); ++ aa_put_profile(p); + } + write_unlock(&profile_lock); + } +Index: b/security/apparmor/lsm.c +=================================================================== +--- a/security/apparmor/lsm.c ++++ b/security/apparmor/lsm.c +@@ -92,7 +92,7 @@ static int aa_reject_syscall(struct task + + if (profile) { + error = aa_audit_syscallreject(profile, flags, name); +- put_aa_profile(profile); ++ aa_put_profile(profile); + } + + return error; +@@ -148,7 +148,7 @@ static int apparmor_capable(struct task_ + if (profile) + error = aa_capability(profile, cap); + +- put_aa_profile(profile); ++ aa_put_profile(profile); + } + + return error; +@@ -233,7 +233,7 @@ static int apparmor_inode_mkdir(struct i + if (profile) + error = aa_perm_dir(profile, dentry, mnt, "mkdir", MAY_WRITE); + +- put_aa_profile(profile); ++ aa_put_profile(profile); + + out: + return error; +@@ -253,7 +253,7 @@ static int apparmor_inode_rmdir(struct i + if (profile) + error = aa_perm_dir(profile, dentry, mnt, "rmdir", MAY_WRITE); + +- put_aa_profile(profile); ++ aa_put_profile(profile); + + out: + return error; +@@ -269,7 +269,7 @@ static int aa_permission(struct inode *i + + if (profile) + error = aa_perm(profile, dentry, mnt, mask, leaf); +- put_aa_profile(profile); ++ aa_put_profile(profile); + } + return error; + } +@@ -297,7 +297,7 @@ static int apparmor_inode_link(struct de + error = aa_link(profile, new_dentry, new_mnt, + old_dentry, old_mnt); + +- put_aa_profile(profile); ++ aa_put_profile(profile); + + out: + return error; +@@ -347,7 +347,7 @@ static int apparmor_inode_rename(struct + MAY_WRITE, 1); + } + +- put_aa_profile(profile); ++ aa_put_profile(profile); + + out: + return error; +@@ -395,7 +395,7 @@ static int apparmor_inode_setattr(struct + if (profile) + error = aa_attr(profile, dentry, mnt, iattr); + +- put_aa_profile(profile); ++ aa_put_profile(profile); + } + + out: +@@ -414,7 +414,7 @@ static int aa_xattr_permission(struct de + if (profile) + error = aa_perm_xattr(profile, dentry, mnt, name, + operation, mask); +- put_aa_profile(profile); ++ aa_put_profile(profile); + } + + return error; +@@ -522,7 +522,7 @@ static int apparmor_getprocattr(struct t + + profile = aa_get_profile(p); + error = aa_getprocattr(profile, str, size); +- put_aa_profile(profile); ++ aa_put_profile(profile); + + out: + return error; +@@ -614,7 +614,7 @@ static int apparmor_setprocattr(struct t + + error = -EACCES; + } +- put_aa_profile(profile); ++ aa_put_profile(profile); + } else { + /* unknown operation */ + AA_WARN("%s: Unknown setprocattr command '%.*s' by task %s(%d) " +Index: b/security/apparmor/main.c +=================================================================== +--- a/security/apparmor/main.c ++++ b/security/apparmor/main.c +@@ -258,7 +258,7 @@ fail: + */ + void free_null_complain_profile(void) + { +- put_aa_profile(null_complain_profile); ++ aa_put_profile(null_complain_profile); + null_complain_profile = NULL; + } + +@@ -1011,7 +1011,7 @@ apply_profile: + WARN_ON(newprofile == null_complain_profile); + + /* drop refcnt obtained from earlier aa_dup_profile */ +- put_aa_profile(newprofile); ++ aa_put_profile(newprofile); + + newprofile = aa_profilelist_find(filename); + +@@ -1042,7 +1042,7 @@ apply_profile: + } + + aa_switch_to_profile(cxt, newprofile, 0); +- put_aa_profile(newprofile); ++ aa_put_profile(newprofile); + + if (complain && newprofile == null_complain_profile) + LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF, +@@ -1055,7 +1055,7 @@ apply_profile: + cleanup: + aa_put_name(filename); + +- put_aa_profile(profile); ++ aa_put_profile(profile); + + out: + return error; +@@ -1110,7 +1110,7 @@ static inline int do_change_hat(const ch + if (sub) { + /* change hat */ + aa_switch_to_profile(cxt, sub, hat_magic); +- put_aa_profile(sub); ++ aa_put_profile(sub); + } else { + /* There is no such subprofile change to a NULL profile. + * The NULL profile grants no file access. +Index: b/security/apparmor/module_interface.c +=================================================================== +--- a/security/apparmor/module_interface.c ++++ b/security/apparmor/module_interface.c +@@ -113,7 +113,7 @@ static inline void task_replace(struct a + nactive = aa_dup_profile(new->null_profile); + + aa_switch_to_profile(cxt, nactive, cxt->hat_magic); +- put_aa_profile(nactive); ++ aa_put_profile(nactive); + } else + aa_switch_to_profile(cxt, new, cxt->hat_magic); + } +@@ -508,7 +508,7 @@ ssize_t aa_file_prof_add(void *data, siz + } else { + AA_WARN("trying to add profile (%s) that already exists.\n", + profile->name); +- put_aa_profile(profile); ++ aa_put_profile(profile); + error = -EEXIST; + } + +@@ -572,11 +572,11 @@ ssize_t aa_file_prof_repl(void *udata, s + aa_task_context_list_iterate(taskreplace_iter, (void *)&data); + + /* it's off global list, and we are done replacing */ +- put_aa_profile(data.old_profile); ++ aa_put_profile(data.old_profile); + } + + /* release extra reference obtained above (race) */ +- put_aa_profile(data.new_profile); ++ aa_put_profile(data.new_profile); + + error = size; + +@@ -607,7 +607,7 @@ ssize_t aa_file_prof_remove(const char * + (void *)old_profile); + + /* drop reference obtained by aa_profilelist_remove */ +- put_aa_profile(old_profile); ++ aa_put_profile(old_profile); + } else { + AA_WARN("%s: trying to remove profile (%s) that " + "doesn't exist - skipping.\n", __FUNCTION__, name); +@@ -618,7 +618,7 @@ ssize_t aa_file_prof_remove(const char * + } + + /** +- * free_aa_profile_kref - free aa_profile by kref (called by put_aa_profile) ++ * free_aa_profile_kref - free aa_profile by kref (called by aa_put_profile) + * @kr: kref callback for freeing of a profile + */ + void free_aa_profile_kref(struct kref *kr) +@@ -657,7 +657,7 @@ void free_aa_profile(struct aa_profile * + + aa_match_free(profile->file_rules); + +- /* use free_aa_profile instead of put_aa_profile to destroy the ++ /* use free_aa_profile instead of aa_put_profile to destroy the + * null_profile, because the null_profile use the same reference + * counting as hats, ie. the count goes to the base profile. + */ +@@ -665,7 +665,7 @@ void free_aa_profile(struct aa_profile * + list_for_each_entry_safe(p, ptmp, &profile->sub, list) { + list_del_init(&p->list); + p->parent = NULL; +- put_aa_profile(p); ++ aa_put_profile(p); + } + + if (profile->name) { +Index: b/security/apparmor/procattr.c +=================================================================== +--- a/security/apparmor/procattr.c ++++ b/security/apparmor/procattr.c +@@ -262,7 +262,7 @@ int aa_setprocattr_setprofile(struct tas + name); + + error = -ENOMEM; +- put_aa_profile(profile); ++ aa_put_profile(profile); + + goto out; + } +@@ -282,7 +282,7 @@ int aa_setprocattr_setprofile(struct tas + WARN_ON(profile == null_complain_profile); + + /* drop refcnt obtained from earlier aa_dup_profile */ +- put_aa_profile(profile); ++ aa_put_profile(profile); + profile = aa_profilelist_find(name); + + if (!profile) { +@@ -309,7 +309,7 @@ int aa_setprocattr_setprofile(struct tas + name); + + aa_switch_to_profile(cxt, profile, 0); +- put_aa_profile(profile); ++ aa_put_profile(profile); + } + + spin_unlock_irqrestore(&cxt_lock, flags); diff --git a/kernel-patches/for-mainline/rename-task_struct-vars.diff b/kernel-patches/for-mainline/rename-task_struct-vars.diff new file mode 100644 index 000000000..1556cf333 --- /dev/null +++ b/kernel-patches/for-mainline/rename-task_struct-vars.diff @@ -0,0 +1,404 @@ +Don't call task structs differnt all over the code (p, tsk, target). + +Index: b/security/apparmor/apparmor.h +=================================================================== +--- a/security/apparmor/apparmor.h ++++ b/security/apparmor/apparmor.h +@@ -237,9 +237,9 @@ extern int aa_perm_dir(struct aa_profile + extern int aa_link(struct aa_profile *profile, + struct dentry *link, struct vfsmount *link_mnt, + struct dentry *target, struct vfsmount *target_mnt); +-extern int aa_fork(struct task_struct *p); ++extern int aa_fork(struct task_struct *task); + extern int aa_register(struct linux_binprm *bprm); +-extern void aa_release(struct task_struct *p); ++extern void aa_release(struct task_struct *task); + extern int aa_change_hat(const char *id, u32 hat_magic); + extern int aa_associate_filp(struct file *filp); + +@@ -267,7 +267,8 @@ extern void free_aa_profile_kref(struct + /* procattr.c */ + extern size_t aa_getprocattr(struct aa_profile *profile, char *str, size_t size); + extern int aa_setprocattr_changehat(char *hatinfo, size_t infosize); +-extern int aa_setprocattr_setprofile(struct task_struct *p, char *profilename, ++extern int aa_setprocattr_setprofile(struct task_struct *task, ++ char *profilename, + size_t profilesize); + + /* apparmorfs.c */ +Index: b/security/apparmor/inline.h +=================================================================== +--- a/security/apparmor/inline.h ++++ b/security/apparmor/inline.h +@@ -77,12 +77,12 @@ static inline void aa_switch_to_profile( + + /** + * alloc_aa_task_context - allocate a new aa_task_context +- * @tsk: task struct ++ * @task: task struct + * + * Allocate a new aa_task_context including a backpointer to it's referring + * task. + */ +-static inline struct aa_task_context *alloc_aa_task_context(struct task_struct *tsk) ++static inline struct aa_task_context *alloc_aa_task_context(struct task_struct *task) + { + struct aa_task_context *cxt; + +@@ -91,7 +91,7 @@ static inline struct aa_task_context *al + goto out; + + /* back pointer to task */ +- cxt->task = tsk; ++ cxt->task = task; + + /* any readers of the list must make sure that they can handle + * case where cxt->profile is not yet set (null) +Index: b/security/apparmor/lsm.c +=================================================================== +--- a/security/apparmor/lsm.c ++++ b/security/apparmor/lsm.c +@@ -109,41 +109,41 @@ static int apparmor_ptrace(struct task_s + return error; + } + +-static int apparmor_capget(struct task_struct *target, ++static int apparmor_capget(struct task_struct *task, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) + { +- return cap_capget(target, effective, inheritable, permitted); ++ return cap_capget(task, effective, inheritable, permitted); + } + +-static int apparmor_capset_check(struct task_struct *target, ++static int apparmor_capset_check(struct task_struct *task, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) + { +- return cap_capset_check(target, effective, inheritable, permitted); ++ return cap_capset_check(task, effective, inheritable, permitted); + } + +-static void apparmor_capset_set(struct task_struct *target, ++static void apparmor_capset_set(struct task_struct *task, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) + { +- cap_capset_set(target, effective, inheritable, permitted); ++ cap_capset_set(task, effective, inheritable, permitted); + } + +-static int apparmor_capable(struct task_struct *tsk, int cap) ++static int apparmor_capable(struct task_struct *task, int cap) + { + int error; + + /* cap_capable returns 0 on success, else -EPERM */ +- error = cap_capable(tsk, cap); ++ error = cap_capable(task, cap); + + if (!error) { + struct aa_profile *profile; + +- profile = aa_get_profile(tsk); ++ profile = aa_get_profile(task); + + if (profile) + error = aa_capability(profile, cap); +@@ -480,14 +480,14 @@ static int apparmor_file_mprotect(struct + !(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0); + } + +-static int apparmor_task_alloc_security(struct task_struct *p) ++static int apparmor_task_alloc_security(struct task_struct *task) + { +- return aa_fork(p); ++ return aa_fork(task); + } + +-static void apparmor_task_free_security(struct task_struct *p) ++static void apparmor_task_free_security(struct task_struct *task) + { +- aa_release(p); ++ aa_release(task); + } + + static int apparmor_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, +@@ -496,13 +496,13 @@ static int apparmor_task_post_setuid(uid + return cap_task_post_setuid(id0, id1, id2, flags); + } + +-static void apparmor_task_reparent_to_init(struct task_struct *p) ++static void apparmor_task_reparent_to_init(struct task_struct *task) + { +- cap_task_reparent_to_init(p); ++ cap_task_reparent_to_init(task); + } + +-static int apparmor_getprocattr(struct task_struct *p, char *name, void *value, +- size_t size) ++static int apparmor_getprocattr(struct task_struct *task, char *name, ++ void *value, size_t size) + { + int error; + struct aa_profile *profile; +@@ -515,12 +515,12 @@ static int apparmor_getprocattr(struct t + } + + /* must be task querying itself or admin */ +- if (current != p && !capable(CAP_SYS_ADMIN)) { ++ if (current != task && !capable(CAP_SYS_ADMIN)) { + error = -EPERM; + goto out; + } + +- profile = aa_get_profile(p); ++ profile = aa_get_profile(task); + error = aa_getprocattr(profile, str, size); + aa_put_profile(profile); + +@@ -528,8 +528,8 @@ out: + return error; + } + +-static int apparmor_setprocattr(struct task_struct *p, char *name, void *value, +- size_t size) ++static int apparmor_setprocattr(struct task_struct *task, char *name, ++ void *value, size_t size) + { + const char *cmd_changehat = "changehat ", + *cmd_setprofile = "setprofile "; +@@ -551,15 +551,15 @@ static int apparmor_setprocattr(struct t + size_t infosize = size - strlen(cmd_changehat); + + /* Only the current process may change it's hat */ +- if (current != p) { ++ if (current != task) { + AA_WARN("%s: Attempt by foreign task %s(%d) " + "[user %d] to changehat of task %s(%d)\n", + __FUNCTION__, + current->comm, + current->pid, + current->uid, +- p->comm, +- p->pid); ++ task->comm, ++ task->pid); + + error = -EACCES; + goto out; +@@ -585,8 +585,8 @@ static int apparmor_setprocattr(struct t + current->comm, + current->pid, + current->uid, +- p->comm, +- p->pid); ++ task->comm, ++ task->pid); + error = -EACCES; + goto out; + } +@@ -596,7 +596,7 @@ static int apparmor_setprocattr(struct t + char *profile = cmd + strlen(cmd_setprofile); + size_t profilesize = size - strlen(cmd_setprofile); + +- error = aa_setprocattr_setprofile(p, profile, profilesize); ++ error = aa_setprocattr_setprofile(task, profile, profilesize); + if (!error) + /* success, + * set return to #bytes in orig request +@@ -609,8 +609,8 @@ static int apparmor_setprocattr(struct t + current->comm, + current->pid, + current->uid, +- p->comm, +- p->pid); ++ task->comm, ++ task->pid); + + error = -EACCES; + } +@@ -625,8 +625,8 @@ static int apparmor_setprocattr(struct t + current->comm, + current->pid, + current->uid, +- p->comm, +- p->pid); ++ task->comm, ++ task->pid); + + error = -EINVAL; + } +Index: b/security/apparmor/main.c +=================================================================== +--- a/security/apparmor/main.c ++++ b/security/apparmor/main.c +@@ -725,9 +725,9 @@ int aa_link(struct aa_profile *profile, + + /** + * aa_fork - create a new aa_task_context +- * @p: new process ++ * @task: new process + * +- * Create a new aa_task_context for newly created process @p if it's parent ++ * Create a new aa_task_context for newly created process @task if it's parent + * is already confined. Otherwise a aa_task_context will be lazily allocated + * will get one with NULL values. Return 0 on sucess. + * for the child if it subsequently execs (in aa_register). +@@ -737,7 +737,7 @@ int aa_link(struct aa_profile *profile, + * replacement/removal. + */ + +-int aa_fork(struct task_struct *p) ++int aa_fork(struct task_struct *task) + { + struct aa_task_context *cxt = aa_task_context(current); + struct aa_task_context *newcxt = NULL; +@@ -747,7 +747,7 @@ int aa_fork(struct task_struct *p) + if (cxt && cxt->profile) { + unsigned long flags; + +- newcxt = alloc_aa_task_context(p); ++ newcxt = alloc_aa_task_context(task); + + /* FIXME: The alloc above is a blocking operation, so + * cxt->profile may have vanished by now. +@@ -773,9 +773,9 @@ int aa_fork(struct task_struct *p) + cxt->profile == null_complain_profile) + LOG_HINT(cxt->profile, GFP_KERNEL, HINT_FORK, + "pid=%d child=%d\n", +- current->pid, p->pid); ++ current->pid, task->pid); + } +- p->security = newcxt; ++ task->security = newcxt; + return 0; + } + +@@ -1063,10 +1063,10 @@ out: + + /** + * aa_release - release the task's aa_task_context +- * @p: task being released ++ * @task: task being released + * + * This is called after a task has exited and the parent has reaped it. +- * @p->security blob is freed. ++ * @task->security blob is freed. + * + * This is the one case where we don't need to hold the cxt_lock before + * removing a profile from a aa_task_context. Once the aa_task_context has +@@ -1074,11 +1074,11 @@ out: + * writers. There may still be other readers so we must still use + * aa_switch_to_profile to put the aa_task_context's reference safely. + */ +-void aa_release(struct task_struct *p) ++void aa_release(struct task_struct *task) + { +- struct aa_task_context *cxt = aa_task_context(p); ++ struct aa_task_context *cxt = aa_task_context(task); + if (cxt) { +- p->security = NULL; ++ task->security = NULL; + + aa_task_context_list_remove(cxt); + aa_switch_to_profile(cxt, NULL, 0); +Index: b/security/apparmor/procattr.c +=================================================================== +--- a/security/apparmor/procattr.c ++++ b/security/apparmor/procattr.c +@@ -171,7 +171,7 @@ out: + return error; + } + +-int aa_setprocattr_setprofile(struct task_struct *p, char *profilename, ++int aa_setprocattr_setprofile(struct task_struct *task, char *profilename, + size_t profilesize) + { + int error = -EINVAL; +@@ -213,7 +213,7 @@ int aa_setprocattr_setprofile(struct tas + AA_WARN("%s: Unable to switch task %s(%d) to profile" + "'%s'. No such profile.\n", + __FUNCTION__, +- p->comm, p->pid, ++ task->comm, task->pid, + name); + + error = -EINVAL; +@@ -223,7 +223,7 @@ int aa_setprocattr_setprofile(struct tas + + spin_lock_irqsave(&cxt_lock, flags); + +- cxt = aa_task_context(p); ++ cxt = aa_task_context(task); + + /* switch to unconstrained */ + if (!profile) { +@@ -231,7 +231,7 @@ int aa_setprocattr_setprofile(struct tas + AA_WARN("%s: Unconstraining task %s(%d) " + "profile %s hat %s\n", + __FUNCTION__, +- p->comm, p->pid, ++ task->comm, task->pid, + BASE_PROFILE(cxt->profile)->name, + cxt->profile->name); + +@@ -239,7 +239,7 @@ int aa_setprocattr_setprofile(struct tas + } else { + AA_WARN("%s: task %s(%d) " + "is already unconstrained\n", +- __FUNCTION__, p->comm, p->pid); ++ __FUNCTION__, task->comm, task->pid); + } + } else { + if (!cxt) { +@@ -247,18 +247,18 @@ int aa_setprocattr_setprofile(struct tas + * loaded, allocate a aa_task_context + */ + AA_WARN("%s: task %s(%d) has no aa_task_context\n", +- __FUNCTION__, p->comm, p->pid); ++ __FUNCTION__, task->comm, task->pid); + + /* unlock so we can safely GFP_KERNEL */ + spin_unlock_irqrestore(&cxt_lock, flags); + +- cxt = alloc_aa_task_context(p); ++ cxt = alloc_aa_task_context(task); + if (!cxt) { + AA_WARN("%s: Unable to allocate " + "aa_task_context for task %s(%d). " + "Cannot confine task to profile %s\n", + __FUNCTION__, +- p->comm, p->pid, ++ task->comm, task->pid, + name); + + error = -ENOMEM; +@@ -268,11 +268,11 @@ int aa_setprocattr_setprofile(struct tas + } + + spin_lock_irqsave(&cxt_lock, flags); +- if (!aa_task_context(p)) { +- p->security = cxt; ++ if (!aa_task_context(task)) { ++ task->security = cxt; + } else { /* race */ + free_aa_task_context(cxt); +- cxt = aa_task_context(p); ++ cxt = aa_task_context(task); + } + } + +@@ -302,7 +302,7 @@ int aa_setprocattr_setprofile(struct tas + AA_WARN("%s: Switching task %s(%d) " + "profile %s hat %s to new profile %s\n", + __FUNCTION__, +- p->comm, p->pid, ++ task->comm, task->pid, + cxt->profile ? BASE_PROFILE(cxt->profile)->name : + "unconstrained", + cxt->profile ? cxt->profile->name : "unconstrained", diff --git a/kernel-patches/for-mainline/series b/kernel-patches/for-mainline/series index 257599506..b25051e5a 100644 --- a/kernel-patches/for-mainline/series +++ b/kernel-patches/for-mainline/series @@ -50,8 +50,12 @@ replace-activeptr.diff fix-capabilities.diff comment-wrong.diff aa_switch.diff -active-really-is-a-profile.diff +rename-aa_task_context-active.diff +rename-put_aa_profile.diff +rename-task_struct-vars.diff +rename-ctx-to-cxt.diff d_namespace_path.diff apparmor-d_namespace.diff +# fix-change_hat.diff # apparmor-percpu_path_cache.diff # apparmor-path_resize.diff