mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 14:55:10 +00:00
Code Issues Releases Wiki Activity

More cleanups.

Browse Source
This commit is contained in:
Andreas Gruenbacher
2007-02-12 04:50:00 +00:00
parent e4541f7879
commit e4c35f7cbf
7 changed files with 867 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
kernel-patches/for-mainline/aa_switch.diff
View File

@@ -1,6 +1,7 @@
Rename aa_switch() to aa_switch_profile(), and replace Rename aa_switch() to aa_switch_to_profile(), and replace
aa_switch_unconfined(task) with aa_switch_profile(task, NULL, 0): aa_switch_unconfined(task) with aa_switch_to_profile(task, NULL, 0):
this is easier to understand; we want to make it more explicit this is easier to understand. Pass the hat magic to switch to to
aa_switch_to_profile as well: we want to make it more explicit
which profile switches go together with which hat changes! which profile switches go together with which hat changes!
The entire change hat logic looks very questionable to me; it is The entire change hat logic looks very questionable to me; it is
@@ -20,7 +21,7 @@ Index: b/security/apparmor/inline.h
/** /**
- * aa_switch - change aa_task_context to use a new profile - * aa_switch - change aa_task_context to use a new profile
+ * aa_switch_profile - change aa_task_context to use a new profile + * aa_switch_to_profile - change aa_task_context to use a new profile
* @cxt: aa_task_context to switch the active profile on * @cxt: aa_task_context to switch the active profile on
- * @newactive: new active profile - * @newactive: new active profile
+ * @newactive: new active profile (NULL for unconfined) + * @newactive: new active profile (NULL for unconfined)
@@ -35,14 +36,14 @@ Index: b/security/apparmor/inline.h
- */ - */
-static inline void aa_switch(struct aa_task_context *cxt, -static inline void aa_switch(struct aa_task_context *cxt,
- struct aa_profile *newactive) - struct aa_profile *newactive)
+ * aa_switch_profile handles the changing of a aa_task_context's active + * aa_switch_to_profile handles the changing of a aa_task_context's active
+ * profile. The cxt_lock must be held to ensure consistency against + * profile. The cxt_lock must be held to ensure consistency against
+ * other writers. Some write paths (ex. aa_register) require + * other writers. Some write paths (ex. aa_register) require
+ * cxt->active not to change over several operations, so the calling + * cxt->active not to change over several operations, so the calling
+ * function is responsible for grabing the cxt_lock to meet its + * function is responsible for grabing the cxt_lock to meet its
+ * consistency constraints before calling aa_switch_profile + * consistency constraints before calling aa_switch_to_profile
+ */ + */
+static inline void aa_switch_profile(struct aa_task_context *cxt, +static inline void aa_switch_to_profile(struct aa_task_context *cxt,
+ struct aa_profile *newactive, + struct aa_profile *newactive,
+ u32 hat_magic) + u32 hat_magic)
{ {
@@ -104,7 +105,7 @@ Index: b/security/apparmor/main.c
spin_lock_irqsave(&cxt_lock, flags); spin_lock_irqsave(&cxt_lock, flags);
- aa_switch(newcxt, cxt->active); - aa_switch(newcxt, cxt->active);
- newcxt->hat_magic = cxt->hat_magic; - newcxt->hat_magic = cxt->hat_magic;
+ aa_switch_profile(newcxt, cxt->active, cxt->hat_magic); + aa_switch_to_profile(newcxt, cxt->active, cxt->hat_magic);
spin_unlock_irqrestore(&cxt_lock, flags); spin_unlock_irqrestore(&cxt_lock, flags);
if (APPARMOR_COMPLAIN(cxt) && if (APPARMOR_COMPLAIN(cxt) &&
@@ -113,7 +114,7 @@ Index: b/security/apparmor/main.c
} }
- aa_switch(cxt, newprofile); - aa_switch(cxt, newprofile);
+ aa_switch_profile(cxt, newprofile, 0); + aa_switch_to_profile(cxt, newprofile, 0);
put_aa_profile(newprofile); put_aa_profile(newprofile);
if (complain && newprofile == null_complain_profile) if (complain && newprofile == null_complain_profile)
@@ -124,7 +125,7 @@ Index: b/security/apparmor/main.c
- * writers. There may still be other readers so we must still use aa_switch - * writers. There may still be other readers so we must still use aa_switch
- * to put the aa_task_context's reference safely. - * to put the aa_task_context's reference safely.
+ * writers. There may still be other readers so we must still use + * writers. There may still be other readers so we must still use
+ * aa_switch_profile to put the aa_task_context's reference safely. + * aa_switch_to_profile to put the aa_task_context's reference safely.
*/ */
void aa_release(struct task_struct *p) void aa_release(struct task_struct *p)
{ {
@@ -133,7 +134,7 @@ Index: b/security/apparmor/main.c
aa_task_context_list_remove(cxt); aa_task_context_list_remove(cxt);
- aa_switch_unconfined(cxt); - aa_switch_unconfined(cxt);
+ aa_switch_profile(cxt, NULL, 0); + aa_switch_to_profile(cxt, NULL, 0);
kfree(cxt); kfree(cxt);
} }
@@ -153,7 +154,7 @@ Index: b/security/apparmor/main.c
if (sub) { if (sub) {
/* change hat */ /* change hat */
- aa_switch(cxt, sub); - aa_switch(cxt, sub);
+ aa_switch_profile(cxt, sub, hat_magic); + aa_switch_to_profile(cxt, sub, hat_magic);
put_aa_profile(sub); put_aa_profile(sub);
} else { } else {
/* There is no such subprofile change to a NULL profile. /* There is no such subprofile change to a NULL profile.
@@ -171,7 +172,7 @@ Index: b/security/apparmor/main.c
error = -EACCES; error = -EACCES;
} }
- aa_switch(cxt, cxt->active->null_profile); - aa_switch(cxt, cxt->active->null_profile);
+ aa_switch_profile(cxt, cxt->active->null_profile, hat_magic); + aa_switch_to_profile(cxt, cxt->active->null_profile, hat_magic);
} }
return error; return error;
@@ -185,7 +186,7 @@ Index: b/security/apparmor/main.c
} else { } else {
/* Got here via changehat(NULL, magic) /* Got here via changehat(NULL, magic)
* *
@@ -1212,21 +1221,20 @@ int aa_change_hat(const char *hat_name, @@ -1212,21 +1221,21 @@ int aa_change_hat(const char *hat_name,
* Handle special casing of NULL magic which confines task * Handle special casing of NULL magic which confines task
* to subprofile and prohibits further changehats * to subprofile and prohibits further changehats
*/ */
@@ -202,7 +203,8 @@ Index: b/security/apparmor/main.c
- * New value will be passed on next changehat - * New value will be passed on next changehat
- */ - */
- cxt->hat_magic = 0; - cxt->hat_magic = 0;
+ aa_switch_profile(cxt, cxt->active->parent, 0); + aa_switch_to_profile(cxt, cxt->active->parent,
+ 0);
} else { } else {
- /* change to another (sibling) profile */ - /* change to another (sibling) profile */
- error = do_change_hat(hat_name, cxt); - error = do_change_hat(hat_name, cxt);
@@ -215,7 +217,7 @@ Index: b/security/apparmor/main.c
} }
} else if (cxt->hat_magic) { } else if (cxt->hat_magic) {
AA_ERROR("KILLING process %s(%d) " AA_ERROR("KILLING process %s(%d) "
@@ -1240,7 +1248,7 @@ int aa_change_hat(const char *hat_name, @@ -1240,7 +1249,7 @@ int aa_change_hat(const char *hat_name,
/* terminate current process */ /* terminate current process */
(void)send_sig_info(SIGKILL, NULL, current); (void)send_sig_info(SIGKILL, NULL, current);
@@ -233,7 +235,7 @@ Index: b/security/apparmor/lsm.c
BASE_PROFILE(cxt->active), BASE_PROFILE(cxt->active),
cxt->active->name, cxt->active); cxt->active->name, cxt->active);
- aa_switch_unconfined(cxt); - aa_switch_unconfined(cxt);
+ aa_switch_profile(cxt, NULL, 0); + aa_switch_to_profile(cxt, NULL, 0);
} }
return 0; return 0;
@@ -246,7 +248,7 @@ Index: b/security/apparmor/procattr.c
cxt->active->name); cxt->active->name);
- aa_switch_unconfined(cxt); - aa_switch_unconfined(cxt);
+ aa_switch_profile(cxt, NULL, 0); + aa_switch_to_profile(cxt, NULL, 0);
} else { } else {
AA_WARN("%s: task %s(%d) " AA_WARN("%s: task %s(%d) "
"is already unconstrained\n", "is already unconstrained\n",
@@ -265,7 +267,7 @@ Index: b/security/apparmor/procattr.c
- * calling aa_switch - * calling aa_switch
- */ - */
- cxt->hat_magic = 0; - cxt->hat_magic = 0;
+ aa_switch_profile(cxt, profile, 0); + aa_switch_to_profile(cxt, profile, 0);
+ put_aa_profile(profile); + put_aa_profile(profile);
} }
@@ -279,7 +281,7 @@ Index: b/security/apparmor/module_interface.c
cxt->active->name); cxt->active->name);
- aa_switch_unconfined(cxt); - aa_switch_unconfined(cxt);
+ aa_switch_profile(cxt, NULL, 0); + aa_switch_to_profile(cxt, NULL, 0);
} }
/** taskremove_iter - Iterator to unconfine aa_task_contexts which match cookie /** taskremove_iter - Iterator to unconfine aa_task_contexts which match cookie
@@ -297,7 +299,7 @@ Index: b/security/apparmor/module_interface.c
nactive = aa_dup_profile(new->null_profile); nactive = aa_dup_profile(new->null_profile);
- aa_switch(cxt, nactive); - aa_switch(cxt, nactive);
+ aa_switch_profile(cxt, nactive, cxt->hat_magic); + aa_switch_to_profile(cxt, nactive, cxt->hat_magic);
put_aa_profile(nactive); put_aa_profile(nactive);
- } else { - } else {
- aa_switch(cxt, new); - aa_switch(cxt, new);
@@ -306,7 +308,7 @@ Index: b/security/apparmor/module_interface.c
- out: - out:
- return; - return;
+ } else + } else
+ aa_switch_profile(cxt, new, cxt->hat_magic); + aa_switch_to_profile(cxt, new, cxt->hat_magic);
} }
/** taskreplace_iter - Iterator to replace a aa_task_context's profile /** taskreplace_iter - Iterator to replace a aa_task_context's profile

48
kernel-patches/for-mainline/fix-change_hat.diff Normal file
View File

@@ -0,0 +1,48 @@
Do not switch to the NULL profile in enforce mode: this only screws
the calling process; it wouldn't have a reasonable way of finding
out when a hat doesn't exist.
Index: b/security/apparmor/main.c
===================================================================
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -1113,14 +1113,6 @@ static inline int do_change_hat(const ch
aa_switch_to_profile(cxt, sub, hat_magic);
aa_put_profile(sub);
} else {
- /* There is no such subprofile change to a NULL profile.
- * The NULL profile grants no file access.
- *
- * This feature is used by changehat_apache.
- *
- * N.B from the null-profile the task can still changehat back
- * out to the parent profile (assuming magic != 0)
- */
if (APPARMOR_COMPLAIN(cxt)) {
LOG_HINT(cxt->profile, GFP_ATOMIC, HINT_UNKNOWN_HAT,
"%s pid=%d "
@@ -1129,6 +1121,16 @@ static inline int do_change_hat(const ch
current->pid,
BASE_PROFILE(cxt->profile)->name,
cxt->profile->name);
+ /*
+ * Switch to the NULL profile: it grants no accesses,
+ * so all accesses will be logged. This allows us to
+ * learn about new hats.
+ *
+ * N.B from the null-profile the task can still change
+ * back to the parent profile if hat_magic != 0.
+ */
+ aa_switch_to_profile(cxt, cxt->profile->null_profile,
+ hat_magic);
} else {
AA_DEBUG("%s: Unknown hatname '%s'. "
"Changing to NULL profile "
@@ -1140,7 +1142,6 @@ static inline int do_change_hat(const ch
cxt->profile->name);
error = -EACCES;
}
- aa_switch_to_profile(cxt, cxt->profile->null_profile, hat_magic);
}
return error;

42
kernel-patches/for-mainline/active-really-is-a-profile.diff → kernel-patches/for-mainline/rename-aa_task_context-active.diff
View File

@@ -1,3 +1,7 @@
Rename the <active> pointer in struct aa_task_context: there are
no other (inactive?) profiles. (And hats really are just profiles
as well.)
Index: b/security/apparmor/apparmor.h Index: b/security/apparmor/apparmor.h
=================================================================== ===================================================================
--- a/security/apparmor/apparmor.h --- a/security/apparmor/apparmor.h
@@ -150,23 +154,23 @@ Index: b/security/apparmor/inline.h
} }
/** /**
* aa_switch_profile - change aa_task_context to use a new profile * aa_switch_to_profile - change aa_task_context to use a new profile
- * @cxt: aa_task_context to switch the active profile on - * @cxt: aa_task_context to switch the active profile on
- * @newactive: new active profile (NULL for unconfined) - * @newactive: new active profile (NULL for unconfined)
+ * @cxt: aa_task_context to switch the profile on + * @cxt: aa_task_context to switch the profile on
+ * @newactive: new profile (NULL for unconfined) + * @newactive: new profile (NULL for unconfined)
* @hat_magic: hat value to switch to (0 for no hat) * @hat_magic: hat value to switch to (0 for no hat)
* *
- * aa_switch_profile handles the changing of a aa_task_context's active - * aa_switch_to_profile handles the changing of a aa_task_context's active
+ * aa_switch_profile handles the changing of a aa_task_context's profile + * aa_switch_to_profile handles the changing of a aa_task_context's profile
* profile. The cxt_lock must be held to ensure consistency against * profile. The cxt_lock must be held to ensure consistency against
* other writers. Some write paths (ex. aa_register) require * other writers. Some write paths (ex. aa_register) require
- * cxt->active not to change over several operations, so the calling - * cxt->active not to change over several operations, so the calling
+ * cxt->profile not to change over several operations, so the calling + * cxt->profile not to change over several operations, so the calling
* function is responsible for grabing the cxt_lock to meet its * function is responsible for grabing the cxt_lock to meet its
* consistency constraints before calling aa_switch_profile * consistency constraints before calling aa_switch_to_profile
*/ */
@@ -67,11 +67,11 @@ static inline void aa_switch_profile(str @@ -67,11 +67,11 @@ static inline void aa_switch_to_profile(
struct aa_profile *newactive, struct aa_profile *newactive,
u32 hat_magic) u32 hat_magic)
{ {
@@ -449,7 +453,7 @@ Index: b/security/apparmor/lsm.c
+ if (cxt->profile) { + if (cxt->profile) {
AA_DEBUG("%s: Dropping profiles %s(%d) " AA_DEBUG("%s: Dropping profiles %s(%d) "
- "profile %s(%p) active %s(%p)\n", - "profile %s(%p) active %s(%p)\n",
+ "profile %s(%p) profile %s(%p)\n", + "profile %s(%p) hat %s(%p)\n",
__FUNCTION__, __FUNCTION__,
cxt->task->comm, cxt->task->pid, cxt->task->comm, cxt->task->pid,
- BASE_PROFILE(cxt->active)->name, - BASE_PROFILE(cxt->active)->name,
@@ -458,7 +462,7 @@ Index: b/security/apparmor/lsm.c
+ BASE_PROFILE(cxt->profile)->name, + BASE_PROFILE(cxt->profile)->name,
+ BASE_PROFILE(cxt->profile), + BASE_PROFILE(cxt->profile),
+ cxt->profile->name, cxt->profile); + cxt->profile->name, cxt->profile);
aa_switch_profile(cxt, NULL, 0); aa_switch_to_profile(cxt, NULL, 0);
} }
@@ -748,7 +748,7 @@ static void __exit apparmor_exit(void) @@ -748,7 +748,7 @@ static void __exit apparmor_exit(void)
@@ -851,8 +855,8 @@ Index: b/security/apparmor/main.c
* he new task would end up with an obsolete profile. * he new task would end up with an obsolete profile.
*/ */
spin_lock_irqsave(&cxt_lock, flags); spin_lock_irqsave(&cxt_lock, flags);
- aa_switch_profile(newcxt, cxt->active, cxt->hat_magic); - aa_switch_to_profile(newcxt, cxt->active, cxt->hat_magic);
+ aa_switch_profile(newcxt, cxt->profile, cxt->hat_magic); + aa_switch_to_profile(newcxt, cxt->profile, cxt->hat_magic);
spin_unlock_irqrestore(&cxt_lock, flags); spin_unlock_irqrestore(&cxt_lock, flags);
if (APPARMOR_COMPLAIN(cxt) && if (APPARMOR_COMPLAIN(cxt) &&
@@ -1053,8 +1057,8 @@ Index: b/security/apparmor/main.c
+ cxt->profile->name); + cxt->profile->name);
error = -EACCES; error = -EACCES;
} }
- aa_switch_profile(cxt, cxt->active->null_profile, hat_magic); - aa_switch_to_profile(cxt, cxt->active->null_profile, hat_magic);
+ aa_switch_profile(cxt, cxt->profile->null_profile, hat_magic); + aa_switch_to_profile(cxt, cxt->profile->null_profile, hat_magic);
} }
return error; return error;
@@ -1089,12 +1093,12 @@ Index: b/security/apparmor/main.c
* Got here via changehat(NULL, magic) * Got here via changehat(NULL, magic)
* Return from subprofile, back to parent * Return from subprofile, back to parent
*/ */
- aa_switch_profile(cxt, cxt->active->parent, 0); - aa_switch_to_profile(cxt, cxt->active->parent,
+ aa_switch_profile(cxt, cxt->profile->parent, 0); + aa_switch_to_profile(cxt, cxt->profile->parent,
0);
} else { } else {
/* /*
* Change to another (sibling) profile, and @@ -1240,22 +1240,22 @@ int aa_change_hat(const char *hat_name,
@@ -1239,22 +1239,22 @@ int aa_change_hat(const char *hat_name,
} else if (cxt->hat_magic) { } else if (cxt->hat_magic) {
AA_ERROR("KILLING process %s(%d) " AA_ERROR("KILLING process %s(%d) "
"Invalid change_hat() magic# 0x%x " "Invalid change_hat() magic# 0x%x "
@@ -1148,7 +1152,7 @@ Index: b/security/apparmor/module_interface.c
+ BASE_PROFILE(cxt->profile)->name, + BASE_PROFILE(cxt->profile)->name,
+ cxt->profile->name); + cxt->profile->name);
aa_switch_profile(cxt, NULL, 0); aa_switch_to_profile(cxt, NULL, 0);
} }
@@ -61,7 +61,7 @@ static inline void task_remove(struct aa @@ -61,7 +61,7 @@ static inline void task_remove(struct aa
* @cxt: aa_task_context to consider for profile removal * @cxt: aa_task_context to consider for profile removal
@@ -1182,7 +1186,7 @@ Index: b/security/apparmor/module_interface.c
{ {
AA_DEBUG("%s: replacing profile for task %s(%d) " AA_DEBUG("%s: replacing profile for task %s(%d) "
- "profile=%s (%p) active=%s (%p)\n", - "profile=%s (%p) active=%s (%p)\n",
+ "profile=%s (%p) profile=%s (%p)\n", + "profile=%s (%p) hat=%s (%p)\n",
__FUNCTION__, __FUNCTION__,
cxt->task->comm, cxt->task->pid, cxt->task->comm, cxt->task->pid,
- BASE_PROFILE(cxt->active)->name, BASE_PROFILE(cxt->active), - BASE_PROFILE(cxt->active)->name, BASE_PROFILE(cxt->active),
@@ -1293,7 +1297,7 @@ Index: b/security/apparmor/procattr.c
+ BASE_PROFILE(cxt->profile)->name, + BASE_PROFILE(cxt->profile)->name,
+ cxt->profile->name); + cxt->profile->name);
aa_switch_profile(cxt, NULL, 0); aa_switch_to_profile(cxt, NULL, 0);
} else { } else {
@@ -300,12 +300,12 @@ int aa_setprocattr_setprofile(struct tas @@ -300,12 +300,12 @@ int aa_setprocattr_setprofile(struct tas
*/ */
@@ -1310,4 +1314,4 @@ Index: b/security/apparmor/procattr.c
+ cxt->profile ? cxt->profile->name : "unconstrained", + cxt->profile ? cxt->profile->name : "unconstrained",
name); name);
aa_switch_profile(cxt, profile, 0); aa_switch_to_profile(cxt, profile, 0);

32
kernel-patches/for-mainline/rename-ctx-to-cxt.diff Normal file
View File

@@ -0,0 +1,32 @@
Context is only abbreviated as ctx here, but as cxt everywhere else.
Index: b/security/apparmor/main.c
===================================================================
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -319,7 +319,7 @@ int aa_audit_syscallreject(struct aa_pro
int aa_audit(struct aa_profile *profile, const struct aa_audit *sa)
{
struct audit_buffer *ab = NULL;
- struct audit_context *ctx;
+ struct audit_context *cxt;
const char *logcls;
unsigned int flags;
@@ -378,13 +378,13 @@ int aa_audit(struct aa_profile *profile,
* we are rejecting a syscall
*/
if (sa->type == AA_AUDITTYPE_SYSCALL) {
- ctx = current->audit_context;
+ cxt = current->audit_context;
} else {
- ctx = (flags & AA_AUDITFLAG_AUDITSS_SYSCALL) ?
+ cxt = (flags & AA_AUDITFLAG_AUDITSS_SYSCALL) ?
current->audit_context : NULL;
}
- ab = audit_log_start(ctx, gfp_mask, AUDIT_APPARMOR);
+ ab = audit_log_start(cxt, gfp_mask, AUDIT_APPARMOR);
if (!ab) {
AA_ERROR("Unable to log event (%d) to audit subsys\n",

327
kernel-patches/for-mainline/rename-put_aa_profile.diff Normal file
View File

@@ -0,0 +1,327 @@
Rename put_aa_profile to aa_put_profile for consistency.
Index: b/security/apparmor/apparmorfs.c
===================================================================
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -170,7 +170,7 @@ static char *aa_simple_write_to_buffer(c
"profile %s hat %s)\n",
msg, current->comm, current->pid,
BASE_PROFILE(profile)->name, profile->name);
- put_aa_profile(profile);
+ aa_put_profile(profile);
data = ERR_PTR(-EPERM);
goto out;
Index: b/security/apparmor/inline.h
===================================================================
--- a/security/apparmor/inline.h
+++ b/security/apparmor/inline.h
@@ -25,10 +25,10 @@ static inline struct aa_profile *aa_dup_
}
/**
- * put_aa_profile - decrement refcount on profile @p
+ * aa_put_profile - decrement refcount on profile @p
* @p: profile
*/
-static inline void put_aa_profile(struct aa_profile *p)
+static inline void aa_put_profile(struct aa_profile *p)
{
if (p)
kref_put(&BASE_PROFILE(p)->count, free_aa_profile_kref);
@@ -72,7 +72,7 @@ static inline void aa_switch_to_profile(str
cxt->caps_logged = CAP_EMPTY_SET;
cxt->hat_magic = hat_magic;
rcu_assign_pointer(cxt->profile, aa_dup_profile(newactive));
- put_aa_profile(old);
+ aa_put_profile(old);
}
/**
Index: b/security/apparmor/list.c
===================================================================
--- a/security/apparmor/list.c
+++ b/security/apparmor/list.c
@@ -60,7 +60,7 @@ int aa_profilelist_add(struct aa_profile
write_lock(&profile_lock);
old_profile = __aa_find_profile(profile->name, &profile_list);
if (old_profile) {
- put_aa_profile(old_profile);
+ aa_put_profile(old_profile);
goto out;
}
@@ -126,7 +126,7 @@ struct aa_profile *aa_profilelist_replac
oldprofile->isstale = 1;
/* __aa_find_profile incremented count, so adjust down */
- put_aa_profile(oldprofile);
+ aa_put_profile(oldprofile);
}
list_add(&profile->list, &profile_list);
@@ -145,7 +145,7 @@ void aa_profilelist_release(void)
write_lock(&profile_lock);
list_for_each_entry_safe(p, tmp, &profile_list, list) {
list_del_init(&p->list);
- put_aa_profile(p);
+ aa_put_profile(p);
}
write_unlock(&profile_lock);
}
Index: b/security/apparmor/lsm.c
===================================================================
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -92,7 +92,7 @@ static int aa_reject_syscall(struct task
if (profile) {
error = aa_audit_syscallreject(profile, flags, name);
- put_aa_profile(profile);
+ aa_put_profile(profile);
}
return error;
@@ -148,7 +148,7 @@ static int apparmor_capable(struct task_
if (profile)
error = aa_capability(profile, cap);
- put_aa_profile(profile);
+ aa_put_profile(profile);
}
return error;
@@ -233,7 +233,7 @@ static int apparmor_inode_mkdir(struct i
if (profile)
error = aa_perm_dir(profile, dentry, mnt, "mkdir", MAY_WRITE);
- put_aa_profile(profile);
+ aa_put_profile(profile);
out:
return error;
@@ -253,7 +253,7 @@ static int apparmor_inode_rmdir(struct i
if (profile)
error = aa_perm_dir(profile, dentry, mnt, "rmdir", MAY_WRITE);
- put_aa_profile(profile);
+ aa_put_profile(profile);
out:
return error;
@@ -269,7 +269,7 @@ static int aa_permission(struct inode *i
if (profile)
error = aa_perm(profile, dentry, mnt, mask, leaf);
- put_aa_profile(profile);
+ aa_put_profile(profile);
}
return error;
}
@@ -297,7 +297,7 @@ static int apparmor_inode_link(struct de
error = aa_link(profile, new_dentry, new_mnt,
old_dentry, old_mnt);
- put_aa_profile(profile);
+ aa_put_profile(profile);
out:
return error;
@@ -347,7 +347,7 @@ static int apparmor_inode_rename(struct
MAY_WRITE, 1);
}
- put_aa_profile(profile);
+ aa_put_profile(profile);
out:
return error;
@@ -395,7 +395,7 @@ static int apparmor_inode_setattr(struct
if (profile)
error = aa_attr(profile, dentry, mnt, iattr);
- put_aa_profile(profile);
+ aa_put_profile(profile);
}
out:
@@ -414,7 +414,7 @@ static int aa_xattr_permission(struct de
if (profile)
error = aa_perm_xattr(profile, dentry, mnt, name,
operation, mask);
- put_aa_profile(profile);
+ aa_put_profile(profile);
}
return error;
@@ -522,7 +522,7 @@ static int apparmor_getprocattr(struct t
profile = aa_get_profile(p);
error = aa_getprocattr(profile, str, size);
- put_aa_profile(profile);
+ aa_put_profile(profile);
out:
return error;
@@ -614,7 +614,7 @@ static int apparmor_setprocattr(struct t
error = -EACCES;
}
- put_aa_profile(profile);
+ aa_put_profile(profile);
} else {
/* unknown operation */
AA_WARN("%s: Unknown setprocattr command '%.*s' by task %s(%d) "
Index: b/security/apparmor/main.c
===================================================================
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -258,7 +258,7 @@ fail:
*/
void free_null_complain_profile(void)
{
- put_aa_profile(null_complain_profile);
+ aa_put_profile(null_complain_profile);
null_complain_profile = NULL;
}
@@ -1011,7 +1011,7 @@ apply_profile:
WARN_ON(newprofile == null_complain_profile);
/* drop refcnt obtained from earlier aa_dup_profile */
- put_aa_profile(newprofile);
+ aa_put_profile(newprofile);
newprofile = aa_profilelist_find(filename);
@@ -1042,7 +1042,7 @@ apply_profile:
}
aa_switch_to_profile(cxt, newprofile, 0);
- put_aa_profile(newprofile);
+ aa_put_profile(newprofile);
if (complain && newprofile == null_complain_profile)
LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF,
@@ -1055,7 +1055,7 @@ apply_profile:
cleanup:
aa_put_name(filename);
- put_aa_profile(profile);
+ aa_put_profile(profile);
out:
return error;
@@ -1110,7 +1110,7 @@ static inline int do_change_hat(const ch
if (sub) {
/* change hat */
aa_switch_to_profile(cxt, sub, hat_magic);
- put_aa_profile(sub);
+ aa_put_profile(sub);
} else {
/* There is no such subprofile change to a NULL profile.
* The NULL profile grants no file access.
Index: b/security/apparmor/module_interface.c
===================================================================
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -113,7 +113,7 @@ static inline void task_replace(struct a
nactive = aa_dup_profile(new->null_profile);
aa_switch_to_profile(cxt, nactive, cxt->hat_magic);
- put_aa_profile(nactive);
+ aa_put_profile(nactive);
} else
aa_switch_to_profile(cxt, new, cxt->hat_magic);
}
@@ -508,7 +508,7 @@ ssize_t aa_file_prof_add(void *data, siz
} else {
AA_WARN("trying to add profile (%s) that already exists.\n",
profile->name);
- put_aa_profile(profile);
+ aa_put_profile(profile);
error = -EEXIST;
}
@@ -572,11 +572,11 @@ ssize_t aa_file_prof_repl(void *udata, s
aa_task_context_list_iterate(taskreplace_iter, (void *)&data);
/* it's off global list, and we are done replacing */
- put_aa_profile(data.old_profile);
+ aa_put_profile(data.old_profile);
}
/* release extra reference obtained above (race) */
- put_aa_profile(data.new_profile);
+ aa_put_profile(data.new_profile);
error = size;
@@ -607,7 +607,7 @@ ssize_t aa_file_prof_remove(const char *
(void *)old_profile);
/* drop reference obtained by aa_profilelist_remove */
- put_aa_profile(old_profile);
+ aa_put_profile(old_profile);
} else {
AA_WARN("%s: trying to remove profile (%s) that "
"doesn't exist - skipping.\n", __FUNCTION__, name);
@@ -618,7 +618,7 @@ ssize_t aa_file_prof_remove(const char *
}
/**
- * free_aa_profile_kref - free aa_profile by kref (called by put_aa_profile)
+ * free_aa_profile_kref - free aa_profile by kref (called by aa_put_profile)
* @kr: kref callback for freeing of a profile
*/
void free_aa_profile_kref(struct kref *kr)
@@ -657,7 +657,7 @@ void free_aa_profile(struct aa_profile *
aa_match_free(profile->file_rules);
- /* use free_aa_profile instead of put_aa_profile to destroy the
+ /* use free_aa_profile instead of aa_put_profile to destroy the
* null_profile, because the null_profile use the same reference
* counting as hats, ie. the count goes to the base profile.
*/
@@ -665,7 +665,7 @@ void free_aa_profile(struct aa_profile *
list_for_each_entry_safe(p, ptmp, &profile->sub, list) {
list_del_init(&p->list);
p->parent = NULL;
- put_aa_profile(p);
+ aa_put_profile(p);
}
if (profile->name) {
Index: b/security/apparmor/procattr.c
===================================================================
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -262,7 +262,7 @@ int aa_setprocattr_setprofile(struct tas
name);
error = -ENOMEM;
- put_aa_profile(profile);
+ aa_put_profile(profile);
goto out;
}
@@ -282,7 +282,7 @@ int aa_setprocattr_setprofile(struct tas
WARN_ON(profile == null_complain_profile);
/* drop refcnt obtained from earlier aa_dup_profile */
- put_aa_profile(profile);
+ aa_put_profile(profile);
profile = aa_profilelist_find(name);
if (!profile) {
@@ -309,7 +309,7 @@ int aa_setprocattr_setprofile(struct tas
name);
aa_switch_to_profile(cxt, profile, 0);
- put_aa_profile(profile);
+ aa_put_profile(profile);
}
spin_unlock_irqrestore(&cxt_lock, flags);

404
kernel-patches/for-mainline/rename-task_struct-vars.diff Normal file
View File

@@ -0,0 +1,404 @@
Don't call task structs differnt all over the code (p, tsk, target).
Index: b/security/apparmor/apparmor.h
===================================================================
--- a/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -237,9 +237,9 @@ extern int aa_perm_dir(struct aa_profile
extern int aa_link(struct aa_profile *profile,
struct dentry *link, struct vfsmount *link_mnt,
struct dentry *target, struct vfsmount *target_mnt);
-extern int aa_fork(struct task_struct *p);
+extern int aa_fork(struct task_struct *task);
extern int aa_register(struct linux_binprm *bprm);
-extern void aa_release(struct task_struct *p);
+extern void aa_release(struct task_struct *task);
extern int aa_change_hat(const char *id, u32 hat_magic);
extern int aa_associate_filp(struct file *filp);
@@ -267,7 +267,8 @@ extern void free_aa_profile_kref(struct
/* procattr.c */
extern size_t aa_getprocattr(struct aa_profile *profile, char *str, size_t size);
extern int aa_setprocattr_changehat(char *hatinfo, size_t infosize);
-extern int aa_setprocattr_setprofile(struct task_struct *p, char *profilename,
+extern int aa_setprocattr_setprofile(struct task_struct *task,
+ char *profilename,
size_t profilesize);
/* apparmorfs.c */
Index: b/security/apparmor/inline.h
===================================================================
--- a/security/apparmor/inline.h
+++ b/security/apparmor/inline.h
@@ -77,12 +77,12 @@ static inline void aa_switch_to_profile(
/**
* alloc_aa_task_context - allocate a new aa_task_context
- * @tsk: task struct
+ * @task: task struct
*
* Allocate a new aa_task_context including a backpointer to it's referring
* task.
*/
-static inline struct aa_task_context *alloc_aa_task_context(struct task_struct *tsk)
+static inline struct aa_task_context *alloc_aa_task_context(struct task_struct *task)
{
struct aa_task_context *cxt;
@@ -91,7 +91,7 @@ static inline struct aa_task_context *al
goto out;
/* back pointer to task */
- cxt->task = tsk;
+ cxt->task = task;
/* any readers of the list must make sure that they can handle
* case where cxt->profile is not yet set (null)
Index: b/security/apparmor/lsm.c
===================================================================
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -109,41 +109,41 @@ static int apparmor_ptrace(struct task_s
return error;
}
-static int apparmor_capget(struct task_struct *target,
+static int apparmor_capget(struct task_struct *task,
kernel_cap_t *effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
- return cap_capget(target, effective, inheritable, permitted);
+ return cap_capget(task, effective, inheritable, permitted);
}
-static int apparmor_capset_check(struct task_struct *target,
+static int apparmor_capset_check(struct task_struct *task,
kernel_cap_t *effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
- return cap_capset_check(target, effective, inheritable, permitted);
+ return cap_capset_check(task, effective, inheritable, permitted);
}
-static void apparmor_capset_set(struct task_struct *target,
+static void apparmor_capset_set(struct task_struct *task,
kernel_cap_t *effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
- cap_capset_set(target, effective, inheritable, permitted);
+ cap_capset_set(task, effective, inheritable, permitted);
}
-static int apparmor_capable(struct task_struct *tsk, int cap)
+static int apparmor_capable(struct task_struct *task, int cap)
{
int error;
/* cap_capable returns 0 on success, else -EPERM */
- error = cap_capable(tsk, cap);
+ error = cap_capable(task, cap);
if (!error) {
struct aa_profile *profile;
- profile = aa_get_profile(tsk);
+ profile = aa_get_profile(task);
if (profile)
error = aa_capability(profile, cap);
@@ -480,14 +480,14 @@ static int apparmor_file_mprotect(struct
!(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0);
}
-static int apparmor_task_alloc_security(struct task_struct *p)
+static int apparmor_task_alloc_security(struct task_struct *task)
{
- return aa_fork(p);
+ return aa_fork(task);
}
-static void apparmor_task_free_security(struct task_struct *p)
+static void apparmor_task_free_security(struct task_struct *task)
{
- aa_release(p);
+ aa_release(task);
}
static int apparmor_task_post_setuid(uid_t id0, uid_t id1, uid_t id2,
@@ -496,13 +496,13 @@ static int apparmor_task_post_setuid(uid
return cap_task_post_setuid(id0, id1, id2, flags);
}
-static void apparmor_task_reparent_to_init(struct task_struct *p)
+static void apparmor_task_reparent_to_init(struct task_struct *task)
{
- cap_task_reparent_to_init(p);
+ cap_task_reparent_to_init(task);
}
-static int apparmor_getprocattr(struct task_struct *p, char *name, void *value,
- size_t size)
+static int apparmor_getprocattr(struct task_struct *task, char *name,
+ void *value, size_t size)
{
int error;
struct aa_profile *profile;
@@ -515,12 +515,12 @@ static int apparmor_getprocattr(struct t
}
/* must be task querying itself or admin */
- if (current != p && !capable(CAP_SYS_ADMIN)) {
+ if (current != task && !capable(CAP_SYS_ADMIN)) {
error = -EPERM;
goto out;
}
- profile = aa_get_profile(p);
+ profile = aa_get_profile(task);
error = aa_getprocattr(profile, str, size);
aa_put_profile(profile);
@@ -528,8 +528,8 @@ out:
return error;
}
-static int apparmor_setprocattr(struct task_struct *p, char *name, void *value,
- size_t size)
+static int apparmor_setprocattr(struct task_struct *task, char *name,
+ void *value, size_t size)
{
const char *cmd_changehat = "changehat ",
*cmd_setprofile = "setprofile ";
@@ -551,15 +551,15 @@ static int apparmor_setprocattr(struct t
size_t infosize = size - strlen(cmd_changehat);
/* Only the current process may change it's hat */
- if (current != p) {
+ if (current != task) {
AA_WARN("%s: Attempt by foreign task %s(%d) "
"[user %d] to changehat of task %s(%d)\n",
__FUNCTION__,
current->comm,
current->pid,
current->uid,
- p->comm,
- p->pid);
+ task->comm,
+ task->pid);
error = -EACCES;
goto out;
@@ -585,8 +585,8 @@ static int apparmor_setprocattr(struct t
current->comm,
current->pid,
current->uid,
- p->comm,
- p->pid);
+ task->comm,
+ task->pid);
error = -EACCES;
goto out;
}
@@ -596,7 +596,7 @@ static int apparmor_setprocattr(struct t
char *profile = cmd + strlen(cmd_setprofile);
size_t profilesize = size - strlen(cmd_setprofile);
- error = aa_setprocattr_setprofile(p, profile, profilesize);
+ error = aa_setprocattr_setprofile(task, profile, profilesize);
if (!error)
/* success,
* set return to #bytes in orig request
@@ -609,8 +609,8 @@ static int apparmor_setprocattr(struct t
current->comm,
current->pid,
current->uid,
- p->comm,
- p->pid);
+ task->comm,
+ task->pid);
error = -EACCES;
}
@@ -625,8 +625,8 @@ static int apparmor_setprocattr(struct t
current->comm,
current->pid,
current->uid,
- p->comm,
- p->pid);
+ task->comm,
+ task->pid);
error = -EINVAL;
}
Index: b/security/apparmor/main.c
===================================================================
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -725,9 +725,9 @@ int aa_link(struct aa_profile *profile,
/**
* aa_fork - create a new aa_task_context
- * @p: new process
+ * @task: new process
*
- * Create a new aa_task_context for newly created process @p if it's parent
+ * Create a new aa_task_context for newly created process @task if it's parent
* is already confined. Otherwise a aa_task_context will be lazily allocated
* will get one with NULL values. Return 0 on sucess.
* for the child if it subsequently execs (in aa_register).
@@ -737,7 +737,7 @@ int aa_link(struct aa_profile *profile,
* replacement/removal.
*/
-int aa_fork(struct task_struct *p)
+int aa_fork(struct task_struct *task)
{
struct aa_task_context *cxt = aa_task_context(current);
struct aa_task_context *newcxt = NULL;
@@ -747,7 +747,7 @@ int aa_fork(struct task_struct *p)
if (cxt && cxt->profile) {
unsigned long flags;
- newcxt = alloc_aa_task_context(p);
+ newcxt = alloc_aa_task_context(task);
/* FIXME: The alloc above is a blocking operation, so
* cxt->profile may have vanished by now.
@@ -773,9 +773,9 @@ int aa_fork(struct task_struct *p)
cxt->profile == null_complain_profile)
LOG_HINT(cxt->profile, GFP_KERNEL, HINT_FORK,
"pid=%d child=%d\n",
- current->pid, p->pid);
+ current->pid, task->pid);
}
- p->security = newcxt;
+ task->security = newcxt;
return 0;
}
@@ -1063,10 +1063,10 @@ out:
/**
* aa_release - release the task's aa_task_context
- * @p: task being released
+ * @task: task being released
*
* This is called after a task has exited and the parent has reaped it.
- * @p->security blob is freed.
+ * @task->security blob is freed.
*
* This is the one case where we don't need to hold the cxt_lock before
* removing a profile from a aa_task_context. Once the aa_task_context has
@@ -1074,11 +1074,11 @@ out:
* writers. There may still be other readers so we must still use
* aa_switch_to_profile to put the aa_task_context's reference safely.
*/
-void aa_release(struct task_struct *p)
+void aa_release(struct task_struct *task)
{
- struct aa_task_context *cxt = aa_task_context(p);
+ struct aa_task_context *cxt = aa_task_context(task);
if (cxt) {
- p->security = NULL;
+ task->security = NULL;
aa_task_context_list_remove(cxt);
aa_switch_to_profile(cxt, NULL, 0);
Index: b/security/apparmor/procattr.c
===================================================================
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -171,7 +171,7 @@ out:
return error;
}
-int aa_setprocattr_setprofile(struct task_struct *p, char *profilename,
+int aa_setprocattr_setprofile(struct task_struct *task, char *profilename,
size_t profilesize)
{
int error = -EINVAL;
@@ -213,7 +213,7 @@ int aa_setprocattr_setprofile(struct tas
AA_WARN("%s: Unable to switch task %s(%d) to profile"
"'%s'. No such profile.\n",
__FUNCTION__,
- p->comm, p->pid,
+ task->comm, task->pid,
name);
error = -EINVAL;
@@ -223,7 +223,7 @@ int aa_setprocattr_setprofile(struct tas
spin_lock_irqsave(&cxt_lock, flags);
- cxt = aa_task_context(p);
+ cxt = aa_task_context(task);
/* switch to unconstrained */
if (!profile) {
@@ -231,7 +231,7 @@ int aa_setprocattr_setprofile(struct tas
AA_WARN("%s: Unconstraining task %s(%d) "
"profile %s hat %s\n",
__FUNCTION__,
- p->comm, p->pid,
+ task->comm, task->pid,
BASE_PROFILE(cxt->profile)->name,
cxt->profile->name);
@@ -239,7 +239,7 @@ int aa_setprocattr_setprofile(struct tas
} else {
AA_WARN("%s: task %s(%d) "
"is already unconstrained\n",
- __FUNCTION__, p->comm, p->pid);
+ __FUNCTION__, task->comm, task->pid);
}
} else {
if (!cxt) {
@@ -247,18 +247,18 @@ int aa_setprocattr_setprofile(struct tas
* loaded, allocate a aa_task_context
*/
AA_WARN("%s: task %s(%d) has no aa_task_context\n",
- __FUNCTION__, p->comm, p->pid);
+ __FUNCTION__, task->comm, task->pid);
/* unlock so we can safely GFP_KERNEL */
spin_unlock_irqrestore(&cxt_lock, flags);
- cxt = alloc_aa_task_context(p);
+ cxt = alloc_aa_task_context(task);
if (!cxt) {
AA_WARN("%s: Unable to allocate "
"aa_task_context for task %s(%d). "
"Cannot confine task to profile %s\n",
__FUNCTION__,
- p->comm, p->pid,
+ task->comm, task->pid,
name);
error = -ENOMEM;
@@ -268,11 +268,11 @@ int aa_setprocattr_setprofile(struct tas
}
spin_lock_irqsave(&cxt_lock, flags);
- if (!aa_task_context(p)) {
- p->security = cxt;
+ if (!aa_task_context(task)) {
+ task->security = cxt;
} else { /* race */
free_aa_task_context(cxt);
- cxt = aa_task_context(p);
+ cxt = aa_task_context(task);
}
}
@@ -302,7 +302,7 @@ int aa_setprocattr_setprofile(struct tas
AA_WARN("%s: Switching task %s(%d) "
"profile %s hat %s to new profile %s\n",
__FUNCTION__,
- p->comm, p->pid,
+ task->comm, task->pid,
cxt->profile ? BASE_PROFILE(cxt->profile)->name :
"unconstrained",
cxt->profile ? cxt->profile->name : "unconstrained",

6
kernel-patches/for-mainline/series
View File

@@ -50,8 +50,12 @@ replace-activeptr.diff
fix-capabilities.diff fix-capabilities.diff
comment-wrong.diff comment-wrong.diff
aa_switch.diff aa_switch.diff
active-really-is-a-profile.diff rename-aa_task_context-active.diff
rename-put_aa_profile.diff
rename-task_struct-vars.diff
rename-ctx-to-cxt.diff
d_namespace_path.diff d_namespace_path.diff
apparmor-d_namespace.diff apparmor-d_namespace.diff
# fix-change_hat.diff
# apparmor-percpu_path_cache.diff # apparmor-percpu_path_cache.diff
# apparmor-path_resize.diff # apparmor-path_resize.diff