Release: Bump revision for 2.10.6 release

Signed-off-by: John Johansen <john.johansen@canonical.com>

.gitignore

@@ -95,6 +95,8 @@ libraries/libapparmor/src/.deps
 libraries/libapparmor/src/.libs
 libraries/libapparmor/src/Makefile
 libraries/libapparmor/src/Makefile.in
+libraries/libapparmor/src/PMurHash.lo
+libraries/libapparmor/src/PMurHash.o
 libraries/libapparmor/src/af_protos.h
 libraries/libapparmor/src/change_hat.lo
 libraries/libapparmor/src/features.lo
@@ -161,8 +163,14 @@ libraries/libapparmor/swig/python/test/test-suite.log
 libraries/libapparmor/swig/python/test/test_python.py
 libraries/libapparmor/swig/python/test/test_python.py.log
 libraries/libapparmor/swig/python/test/test_python.py.trs
+libraries/libapparmor/swig/ruby/LibAppArmor.so
+libraries/libapparmor/swig/ruby/LibAppArmor_wrap.c
+libraries/libapparmor/swig/ruby/LibAppArmor_wrap.o
 libraries/libapparmor/swig/ruby/Makefile
 libraries/libapparmor/swig/ruby/Makefile.in
+libraries/libapparmor/swig/ruby/Makefile.new
+libraries/libapparmor/swig/ruby/Makefile.ruby
+libraries/libapparmor/swig/ruby/mkmf.log
 libraries/libapparmor/testsuite/.deps
 libraries/libapparmor/testsuite/.libs
 libraries/libapparmor/testsuite/Makefile
@@ -188,6 +196,7 @@ utils/*.tmp
 utils/po/*.mo
 utils/apparmor/*.pyc
 utils/apparmor/rule/*.pyc
+utils/test/common_test.pyc
 utils/test/.coverage
 utils/test/htmlcov/
 utils/vim/apparmor.vim

Makefile

@@ -8,20 +8,18 @@ all:
 COMMONDIR=common
 include ${COMMONDIR}/Make.rules
 
-DIRS=libraries/libapparmor \
-     binutils \
-     parser \
+DIRS=parser \
+     profiles \
      utils \
+     libraries/libapparmor \
      changehat/mod_apparmor \
      changehat/pam_apparmor \
-     profiles \
      tests
 
 # with conversion to git, we don't export from the remote
 REPO_URL?=git@gitlab.com:apparmor/apparmor.git
-REPO_BRANCH?=apparmor-2.13
+REPO_BRANCH?=apparmor-2.10
 
-COVERITY_DIR=cov-int
 RELEASE_DIR=apparmor-${VERSION}
 __SETUP_DIR?=.
 
@@ -38,9 +36,9 @@ TAR_EXCLUSIONS=
 
 .PHONY: tarball
 tarball: clean
-	REPO_VERSION=`$(value REPO_VERSION_CMD)` && \
-	$(MAKE) export_dir __EXPORT_DIR=${RELEASE_DIR} __REPO_VERSION=$${REPO_VERSION} && \
-	$(MAKE) setup __SETUP_DIR=${RELEASE_DIR} && \
+	REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
+	make export_dir __EXPORT_DIR=${RELEASE_DIR} __REPO_VERSION=$${REPO_VERSION} ; \
+	make setup __SETUP_DIR=${RELEASE_DIR} ; \
 	tar ${TAR_EXCLUSIONS} -cvzf ${RELEASE_DIR}.tar.gz ${RELEASE_DIR}
 
 .PHONY: snapshot
@@ -51,16 +49,6 @@ snapshot: clean
 	$(MAKE) setup __SETUP_DIR=${SNAPSHOT_NAME} && \
 	tar ${TAR_EXCLUSIONS} -cvzf ${SNAPSHOT_NAME}.tar.gz ${SNAPSHOT_NAME}
 
-.PHONY: coverity
-coverity: snapshot
-	cd $(SNAPSHOT_NAME)/libraries/libapparmor && ./configure --with-python
-	$(foreach dir, $(filter-out utils profiles tests, $(DIRS)), \
-		cov-build --dir $(COVERITY_DIR) -- $(MAKE) -C $(SNAPSHOT_NAME)/$(dir); \
-		mv $(COVERITY_DIR)/build-log.txt $(COVERITY_DIR)/build-log-$(subst /,.,$(dir)).txt ;)
-	$(foreach dir, libraries/libapparmor utils, \
-		cov-build --dir $(COVERITY_DIR) --no-command --fs-capture-search $(SNAPSHOT_NAME)/$(dir); \
-		mv $(COVERITY_DIR)/build-log.txt $(COVERITY_DIR)/build-log-python-$(subst /,.,$(dir)).txt ;)
-	tar -cvzf $(SNAPSHOT_NAME)-$(COVERITY_DIR).tar.gz $(COVERITY_DIR)
 
 .PHONY: export_dir
 export_dir:
@@ -70,20 +58,14 @@ export_dir:
 
 .PHONY: clean
 clean:
-	-rm -rf ${RELEASE_DIR} ./apparmor-${VERSION}~* ${COVERITY_DIR}
+	-rm -rf ${RELEASE_DIR} ./apparmor-${VERSION}~*
 	for dir in $(DIRS); do \
-		$(MAKE) -C $$dir clean; \
+		make -C $$dir clean; \
 	done
 
 .PHONY: setup
 setup:
 	cd $(__SETUP_DIR)/libraries/libapparmor && ./autogen.sh
-	# parser has an extra doc to build
-	$(MAKE) -C $(__SETUP_DIR)/parser extra_docs
-	# libraries/libapparmor needs configure to have run before
-	# building docs
-	$(foreach dir, $(filter-out libraries/libapparmor tests, $(DIRS)), \
-		$(MAKE) -C $(__SETUP_DIR)/$(dir) docs;)
 
 .PHONY: tag
 tag:

README.md

@@ -51,8 +51,6 @@ Source Layout
 
 AppArmor consists of several different parts:
 
-```
-binutils/	source for basic utilities written in compiled languages
 changehat/	source for using changehat with Apache, PAM and Tomcat
 common/		common makefile rules
 desktop/	empty
@@ -109,10 +107,8 @@ $ make install
 generate Ruby bindings to libapparmor.]
 
 
-Binary Utilities:
-
-```
-$ cd binutils
+Utilities:
+$ cd utils
 $ make
 $ make check
 $ make install
@@ -128,15 +124,6 @@ $ make install
 ```
 
 
-Utilities:
-
-```
-$ cd utils
-$ make
-$ make check
-$ make install
-```
-
 Apache mod_apparmor:
 
 ```
@@ -164,7 +151,7 @@ $ make check	# depends on the parser having been built first
 $ make install
 ```
 
-[Note that for the parser, binutils, and utils, if you only wish to build/use
+[Note that for the parser and the utils, if you only with to build/use
  some of the locale languages, you can override the default by passing
  the LANGS arguments to make; e.g. make all install "LANGS=en_US fr".]
 
@@ -275,30 +262,6 @@ $ ./stress.sh
 
 (see stress.sh -h for options)
 
-Coverity Support
-----------------
-Coverity scans are available to AppArmor developers at
-https://scan.coverity.com/projects/apparmor.
-
-In order to submit a Coverity build for analysis, the cov-build binary
-must be discoverable from your PATH. See the "To Setup" section of
-https://scan.coverity.com/download?tab=cxx to obtain a pre-built copy of
-cov-build.
-
-To generate a compressed tarball of an intermediate Coverity directory:
-
-```
-$ make coverity
-```
-
-The compressed tarball is written to
-apparmor-<SNAPSHOT_VERSION>-cov-int.tar.gz, where <SNAPSHOT_VERSION>
-is something like 2.10.90~3328, and must be uploaded to
-https://scan.coverity.com/projects/apparmor/builds/new for analysis. You must
-include the snapshot version in Coverity's project build submission form, in
-the "Project Version" field, so that it is quickly obvious to all AppArmor
-developers what snapshot of the AppArmor repository was used for the analysis.
-
 -----------------------------------------------
 Building and Installing AppArmor Kernel Patches
 -----------------------------------------------
@@ -314,8 +277,7 @@ The AppArmor userspace utilities are written with some assumptions about
 installed and available versions of other tools. This is a (possibly
 incomplete) list of known version dependencies:
 
-The Python utilities require a minimum of Python 2.7 (deprecated) or Python 3.3.
-Python 3.x is recommended. Python 2.x support is deprecated since AppArmor 2.11.
+The Python utilities require a minimum of Python 2.7 or Python 3.3.
 
 Some utilities (aa-exec, aa-notify and aa-decode) require Perl 5.10.1 or newer.
 

binutils/Makefile

@@ -1,157 +0,0 @@
-# ----------------------------------------------------------------------
-#    Copyright (c) 2015
-#    Canonical Ltd. (All rights reserved)
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-# ----------------------------------------------------------------------
-NAME=aa-binutils
-all:
-COMMONDIR=../common/
-
-include $(COMMONDIR)/Make.rules
-
-DESTDIR=/
-BINDIR=${DESTDIR}/usr/bin
-LOCALEDIR=/usr/share/locale
-MANPAGES=aa-enabled.1 aa-exec.1
-
-WARNINGS = -Wall
-EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers -Wformat-security -Wunused-parameter
-CPP_WARNINGS =
-ifndef CFLAGS
-CFLAGS	= -g -O2 -pipe
-
-ifdef DEBUG
-CFLAGS += -pg -D DEBUG
-endif
-ifdef COVERAGE
-CFLAGS = -g -pg -fprofile-arcs -ftest-coverage
-endif
-endif #CFLAGS
-
-EXTRA_CFLAGS = ${CFLAGS} ${CPPFLAGS} ${EXTRA_CXXFLAGS} ${CPP_WARNINGS}
-
-#INCLUDEDIR = /usr/src/linux/include
-INCLUDEDIR =
-
-ifdef INCLUDEDIR
-	CFLAGS += -I$(INCLUDEDIR)
-endif
-
-# Internationalization support. Define a package and a LOCALEDIR
-EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
-
-SRCS = aa_enabled.c
-HDRS =
-TOOLS = aa-enabled aa-exec
-
-AALIB = -Wl,-Bstatic -lapparmor  -Wl,-Bdynamic -lpthread
-
-ifdef USE_SYSTEM
-  # Using the system libapparmor so Makefile dependencies can't be used
-  LIBAPPARMOR_A =
-  INCLUDE_APPARMOR =
-  APPARMOR_H =
-  LIBAPPARMOR_LDFLAGS =
-else
-  LIBAPPARMOR_SRC = ../libraries/libapparmor/
-  LOCAL_LIBAPPARMOR_INCLUDE = $(LIBAPPARMOR_SRC)/include
-  LOCAL_LIBAPPARMOR_LDPATH = $(LIBAPPARMOR_SRC)/src/.libs
-
-  LIBAPPARMOR_A = $(LOCAL_LIBAPPARMOR_LDPATH)/libapparmor.a
-  INCLUDE_APPARMOR = -I$(LOCAL_LIBAPPARMOR_INCLUDE)
-  APPARMOR_H = $(LOCAL_LIBAPPARMOR_INCLUDE)/sys/apparmor.h
-  LIBAPPARMOR_LDFLAGS = -L$(LOCAL_LIBAPPARMOR_LDPATH)
-endif
-EXTRA_CFLAGS += $(INCLUDE_APPARMOR)
-LDFLAGS += $(LIBAPPARMOR_LDFLAGS)
-
-ifdef V
-  VERBOSE = 1
-endif
-ifndef VERBOSE
-  VERBOSE = 0
-endif
-ifeq ($(VERBOSE),1)
-  BUILD_OUTPUT =
-  Q =
-else
-  BUILD_OUTPUT = > /dev/null 2>&1
-  Q = @
-endif
-export Q VERBOSE BUILD_OUTPUT
-
-po/%.pot: %.c
-	$(MAKE) -C po $(@F) NAME=$* SOURCES=$*.c
-
-# targets arranged this way so that people who don't want full docs can
-# pick specific targets they want.
-arch: 	$(TOOLS)
-
-manpages:	$(MANPAGES)
-
-docs:	manpages
-
-indep: docs
-	$(Q)$(MAKE) -C po all
-
-all:	arch indep
-
-.PHONY: coverage
-coverage:
-	$(MAKE) clean $(TOOLS) COVERAGE=1
-
-ifndef USE_SYSTEM
-$(LIBAPPARMOR_A):
-	@if [ ! -f $@ ]; then \
-		echo "error: $@ is missing. Pick one of these possible solutions:" 1>&2; \
-		echo "  1) Build against the in-tree libapparmor by building it first and then trying again. See the top-level README for help." 1>&2; \
-		echo "  2) Build against the system libapparmor by adding USE_SYSTEM=1 to your make command." 1>&2;\
-		exit 1; \
-	fi
-endif
-
-aa-enabled: aa_enabled.c $(LIBAPPARMOR_A)
-	$(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB) 
-
-aa-exec: aa_exec.c $(LIBAPPARMOR_A)
-	$(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
-
-.SILENT: check
-.PHONY: check
-check: check_pod_files tests
-
-.SILENT: tests
-tests: $(TOOLS) $(TESTS)
-	echo "no tests atm"
-
-.PHONY: install
-install: install-indep install-arch
-
-.PHONY: install-arch
-install-arch: arch
-	install -m 755 -d ${BINDIR}
-	install -m 755 ${TOOLS} ${BINDIR}
-
-.PHONY: install-indep
-install-indep: indep
-	$(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
-	$(MAKE) install_manpages DESTDIR=${DESTDIR}
-
-ifndef VERBOSE
-.SILENT: clean
-endif
-.PHONY: clean
-clean: pod_clean
-	rm -f core core.* *.o *.s *.a *~ *.gcda *.gcno
-	rm -f gmon.out
-	rm -f $(TOOLS) $(TESTS)
-	$(MAKE) -s -C po clean
-

binutils/aa-enabled.pod

@@ -56,27 +56,27 @@ Upon exiting, B<aa-enabled> will set its exit status to the following values:
 
 =over 4
 
-=item B<0>
+=item 0:
 
 if AppArmor is enabled.
 
-=item B<1>
+=item 1:
 
 if AppArmor is not enabled/loaded.
 
-=item B<2>
+=item 2:
 
 intentionally not used as an B<aa-enabled> exit status.
 
-=item B<3>
+=item 3:
 
 if the AppArmor control files aren't available under /sys/kernel/security/.
 
-=item B<4>
+=item 4:
 
 if B<aa-enabled> doesn't have enough privileges to read the apparmor control files.
 
-=item B<64>
+=item 64:
 
 if any unexpected error or condition is encountered.
 

binutils/aa_enabled.c

@@ -1,92 +0,0 @@
-/*
- *   Copyright (C) 2015 Canonical Ltd.
- *
- *   This program is free software; you can redistribute it and/or
- *    modify it under the terms of version 2 of the GNU General Public
- *   License published by the Free Software Foundation.
- */
-
-#include <errno.h>
-#include <locale.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <libintl.h>
-#define _(s) gettext(s)
-
-#include <sys/apparmor.h>
-
-void print_help(const char *command)
-{
-	printf(_("%s: [options]\n"
-		 "  options:\n"
-		 "  -q | --quiet        Don't print out any messages\n"
-		 "  -h | --help         Print help\n"),
-	       command);
-	exit(1);
-}
-
-
-/* Exit statuses and meanings are documented in the aa-enabled.pod file */
-static void exit_with_error(int saved_errno, int quiet)
-{
-	int err;
-
-	switch(saved_errno) {
-	case ENOSYS:
-		if (!quiet)
-			printf(_("No - not available on this system.\n"));
-		exit(1);
-	case ECANCELED:
-		if (!quiet)
-			printf(_("No - disabled at boot.\n"));
-		exit(1);
-	case ENOENT:
-		if (!quiet)
-			printf(_("Maybe - policy interface not available.\n"));
-		exit(3);
-	case EPERM:
-	case EACCES:
-		if (!quiet)
-			printf(_("Maybe - insufficient permissions to determine availability.\n"));
-		exit(4);
-	}
-
-	if (!quiet)
-		printf(_("Error - %s\n"), strerror(saved_errno));
-	exit(64);
-}
-
-int main(int argc, char **argv)
-{
-	int enabled;
-	int quiet = 0;
-
-	setlocale(LC_MESSAGES, "");
-	bindtextdomain(PACKAGE, LOCALEDIR);
-	textdomain(PACKAGE);
-
-	if (argc > 2) {
-		printf(_("unknown or incompatible options\n"));
-		print_help(argv[0]);
-	} else if (argc == 2) {
-		if (strcmp(argv[1], "--quiet") == 0 ||
-		    strcmp(argv[1], "-q") == 0) {
-			quiet = 1;
-		} else if (strcmp(argv[1], "--help") == 0 ||
-			   strcmp(argv[1], "-h") == 0) {
-			print_help(argv[0]);
-		} else {
-			printf(_("unknown option '%s'\n"), argv[1]);
-			print_help(argv[0]);
-		}
-	}
-
-	enabled = aa_is_enabled();
-	if (!enabled)
-		exit_with_error(errno, quiet);
-
-	if (!quiet)
-		printf(_("Yes\n"));
-	exit(0);
-}

binutils/aa_exec.c

@@ -1,218 +0,0 @@
-/*
- *   Copyright (c) 2015
- *   Canonical, Ltd. (All rights reserved)
- *
- *   This program is free software; you can redistribute it and/or
- *   modify it under the terms of version 2 of the GNU General Public
- *   License published by the Free Software Foundation.
- *
- *   This program is distributed in the hope that it will be useful,
- *   but WITHOUT ANY WARRANTY; without even the implied warranty of
- *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *   GNU General Public License for more details.
- *
- *   You should have received a copy of the GNU General Public License
- *   along with this program; if not, contact Novell, Inc. or Canonical
- *   Ltd.
- */
-
-#include <errno.h>
-#include <getopt.h>
-#include <libintl.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/apparmor.h>
-#include <unistd.h>
-#define _(s) gettext(s)
-
-static const char *opt_profile = NULL;
-static const char *opt_namespace = NULL;
-static bool opt_debug = false;
-static bool opt_immediate = false;
-static bool opt_verbose = false;
-
-static void usage(const char *name, bool error)
-{
-	FILE *stream = stdout;
-	int status = EXIT_SUCCESS;
-
-	if (error) {
-		stream = stderr;
-		status = EXIT_FAILURE;
-	}
-
-	fprintf(stream,
-		_("USAGE: %s [OPTIONS] <prog> <args>\n"
-		"\n"
-		"Confine <prog> with the specified PROFILE.\n"
-		"\n"
-		"OPTIONS:\n"
-		"  -p PROFILE, --profile=PROFILE		PROFILE to confine <prog> with\n"
-		"  -n NAMESPACE, --namespace=NAMESPACE	NAMESPACE to confine <prog> in\n"
-		"  -d, --debug				show messages with debugging information\n"
-		"  -i, --immediate			change profile immediately instead of at exec\n"
-		"  -v, --verbose				show messages with stats\n"
-		"  -h, --help				display this help\n"
-		"\n"), name);
-	exit(status);
-}
-
-#define error(fmt, args...) _error(_("aa-exec: ERROR: " fmt "\n"), ## args)
-static void _error(const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	vfprintf(stderr, fmt, args);
-	va_end(args);
-	exit(EXIT_FAILURE);
-}
-
-#define debug(fmt, args...) _debug(_("aa-exec: DEBUG: " fmt "\n"), ## args)
-static void _debug(const char *fmt, ...)
-{
-	va_list args;
-
-	if (!opt_debug)
-		return;
-
-	va_start(args, fmt);
-	vfprintf(stderr, fmt, args);
-	va_end(args);
-}
-
-#define verbose(fmt, args...) _verbose(_(fmt "\n"), ## args)
-static void _verbose(const char *fmt, ...)
-{
-	va_list args;
-
-	if (!opt_verbose)
-		return;
-
-	va_start(args, fmt);
-	vfprintf(stderr, fmt, args);
-	va_end(args);
-}
-
-static void verbose_print_argv(char **argv)
-{
-	if (!opt_verbose)
-		return;
-
-	fprintf(stderr, _("exec"));
-	for (; *argv; argv++)
-		fprintf(stderr, " %s", *argv);
-	fprintf(stderr, "\n");
-}
-
-static char **parse_args(int argc, char **argv)
-{
-	int opt;
-	struct option long_opts[] = {
-		{"debug", no_argument, 0, 'd'},
-		{"help", no_argument, 0, 'h'},
-		{"profile", required_argument, 0, 'p'},
-		{"namespace", required_argument, 0, 'n'},
-		{"immediate", no_argument, 0, 'i'},
-		{"verbose", no_argument, 0, 'v'},
-	};
-
-	while ((opt = getopt_long(argc, argv, "+dhp:n:iv", long_opts, NULL)) != -1) {
-		switch (opt) {
-		case 'd':
-			opt_debug = true;
-			break;
-		case 'h':
-			usage(argv[0], false);
-			break;
-		case 'p':
-			opt_profile = optarg;
-			break;
-		case 'n':
-			opt_namespace = optarg;
-			break;
-		case 'i':
-			opt_immediate = true;
-			break;
-		case 'v':
-			opt_verbose = true;
-			break;
-		default:
-			usage(argv[0], true);
-			break;
-		}
-	}
-
-	if (optind >= argc)
-		usage(argv[0], true);
-
-	return argv + optind;
-}
-
-static void build_name(char *name, size_t name_len,
-		       const char *namespace, const char *profile)
-{
-	size_t required_len = 1; /* reserve 1 byte for NUL-terminator */
-
-	if (namespace)
-		required_len += 1 + strlen(namespace) + 3; /* :<NAMESPACE>:// */
-
-	if (profile)
-		required_len += strlen(profile);
-
-	if (required_len > name_len)
-		error("name too long (%zu > %zu)", required_len, name_len);
-
-	name[0] = '\0';
-
-	if (namespace) {
-		strcat(name, ":");
-		strcat(name, namespace);
-		strcat(name, "://");
-	}
-
-	if (profile)
-		strcat(name, profile);
-}
-
-int main(int argc, char **argv)
-{
-	char name[PATH_MAX];
-	int rc = 0;
-
-	argv = parse_args(argc, argv);
-
-	if (opt_namespace || opt_profile)
-		build_name(name, sizeof(name), opt_namespace, opt_profile);
-	else
-		goto exec;
-
-	if (opt_immediate) {
-		verbose("aa_change_profile(\"%s\")", name);
-		rc = aa_change_profile(name);
-		debug("%d = aa_change_profile(\"%s\")", rc, name);
-	} else {
-		verbose("aa_change_onexec(\"%s\")", name);
-		rc = aa_change_onexec(name);
-		debug("%d = aa_change_onexec(\"%s\")", rc, name);
-	}
-
-	if (rc) {
-		if (errno == ENOENT || errno == EACCES) {
-			error("%s '%s' does not exist\n",
-			      opt_profile ? "profile" : "namespace", name);
-		} else if (errno == EINVAL) {
-			error("AppArmor interface not available");
-		} else {
-			error("%m");
-		}
-	}
-
-exec:
-	verbose_print_argv(argv);
-	execvp(argv[0], argv);
-	error("Failed to execute \"%s\": %m", argv[0]);
-}

binutils/po/Makefile

@@ -1,19 +0,0 @@
-# ----------------------------------------------------------------------
-#    Copyright (C) 2015 Canonical Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-# ----------------------------------------------------------------------
-all:
-
-# As translations get added, they will automatically be included, unless
-# the lang is explicitly added to DISABLED_LANGS; e.g. DISABLED_LANGS=en es
-
-DISABLED_LANGS=
-
-COMMONDIR=../../common
-include $(COMMONDIR)/Make-po.rules
-
-XGETTEXT_ARGS+=--language=C --keyword=_ $(shell if [ -f ${NAME}.pot ] ; then echo -n -j ; fi)
-

binutils/po/aa-enabled.pot

@@ -1,66 +0,0 @@
-# Copyright (C) 2015 Canonical Ltd
-# This file is distributed under the same license as the AppArmor package.
-# John Johansen <john.johansen@canonical.com>, 2015.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
-"POT-Creation-Date: 2015-11-28 10:23-0800\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CHARSET\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#: ../aa_enabled.c:26
-#, c-format
-msgid ""
-"%s: [options]\n"
-"  options:\n"
-"  -q | --quiet        Don't print out any messages\n"
-"  -h | --help         Print help\n"
-msgstr ""
-
-#: ../aa_enabled.c:45
-#, c-format
-msgid "unknown or incompatible options\n"
-msgstr ""
-
-#: ../aa_enabled.c:55
-#, c-format
-msgid "unknown option '%s'\n"
-msgstr ""
-
-#: ../aa_enabled.c:64
-#, c-format
-msgid "Yes\n"
-msgstr ""
-
-#: ../aa_enabled.c:71
-#, c-format
-msgid "No - not available on this system.\n"
-msgstr ""
-
-#: ../aa_enabled.c:74
-#, c-format
-msgid "No - disabled at boot.\n"
-msgstr ""
-
-#: ../aa_enabled.c:77
-#, c-format
-msgid "Maybe - policy interface not available.\n"
-msgstr ""
-
-#: ../aa_enabled.c:81
-#, c-format
-msgid "Maybe - insufficient permissions to determine availability.\n"
-msgstr ""
-
-#: ../aa_enabled.c:84
-#, c-format
-msgid "Error - '%s'\n"
-msgstr ""

binutils/po/de.po

@@ -1,73 +0,0 @@
-# German translation for apparmor
-# Copyright (c) 2016 Rosetta Contributors and Canonical Ltd 2016
-# This file is distributed under the same license as the apparmor package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2016.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: apparmor\n"
-"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
-"POT-Creation-Date: 2015-11-28 10:23-0800\n"
-"PO-Revision-Date: 2018-02-09 23:55+0000\n"
-"Last-Translator: Tobias Bannert <tobannert@gmail.com>\n"
-"Language-Team: German <de@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2018-02-11 05:14+0000\n"
-"X-Generator: Launchpad (build 18544)\n"
-"Language: de\n"
-
-#: ../aa_enabled.c:26
-#, c-format
-msgid ""
-"%s: [options]\n"
-"  options:\n"
-"  -q | --quiet        Don't print out any messages\n"
-"  -h | --help         Print help\n"
-msgstr ""
-"%s: [Optionen]\n"
-"  Optionen:\n"
-"  -q | --quiet        Keine Nachrichten anzeigen\n"
-"  -h | --help         Hilfetext anzeigen\n"
-
-#: ../aa_enabled.c:45
-#, c-format
-msgid "unknown or incompatible options\n"
-msgstr "unbekannte oder nicht kompatible Optionen\n"
-
-#: ../aa_enabled.c:55
-#, c-format
-msgid "unknown option '%s'\n"
-msgstr "unbekannte Option »%s«\n"
-
-#: ../aa_enabled.c:64
-#, c-format
-msgid "Yes\n"
-msgstr "Ja\n"
-
-#: ../aa_enabled.c:71
-#, c-format
-msgid "No - not available on this system.\n"
-msgstr "Nein – auf diesem System nicht verfügbar.\n"
-
-#: ../aa_enabled.c:74
-#, c-format
-msgid "No - disabled at boot.\n"
-msgstr "Nein – beim Start deaktiviert.\n"
-
-#: ../aa_enabled.c:77
-#, c-format
-msgid "Maybe - policy interface not available.\n"
-msgstr "Vielleicht – Richtlinienschnittstelle nicht verfügbar.\n"
-
-#: ../aa_enabled.c:81
-#, c-format
-msgid "Maybe - insufficient permissions to determine availability.\n"
-msgstr ""
-"Vielleicht – ungenügende Berechtigungen, um die Verfügbarkeit zu prüfen\n"
-
-#: ../aa_enabled.c:84
-#, c-format
-msgid "Error - '%s'\n"
-msgstr "Fehler – »%s«\n"

binutils/po/en_GB.po

@@ -1,72 +0,0 @@
-# English (United Kingdom) translation for apparmor
-# Copyright (c) 2016 Rosetta Contributors and Canonical Ltd 2016
-# This file is distributed under the same license as the apparmor package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2016.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: apparmor\n"
-"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
-"POT-Creation-Date: 2015-11-28 10:23-0800\n"
-"PO-Revision-Date: 2016-02-18 06:22+0000\n"
-"Last-Translator: Andi Chandler <Unknown>\n"
-"Language-Team: English (United Kingdom) <en_GB@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2016-06-01 05:15+0000\n"
-"X-Generator: Launchpad (build 18053)\n"
-"Language: en_GB\n"
-
-#: ../aa_enabled.c:26
-#, c-format
-msgid ""
-"%s: [options]\n"
-"  options:\n"
-"  -q | --quiet        Don't print out any messages\n"
-"  -h | --help         Print help\n"
-msgstr ""
-"%s: [options]\n"
-"  options:\n"
-"  -q | --quiet        Don't print out any messages\n"
-"  -h | --help         Print help\n"
-
-#: ../aa_enabled.c:45
-#, c-format
-msgid "unknown or incompatible options\n"
-msgstr "unknown or incompatible options\n"
-
-#: ../aa_enabled.c:55
-#, c-format
-msgid "unknown option '%s'\n"
-msgstr "unknown option '%s'\n"
-
-#: ../aa_enabled.c:64
-#, c-format
-msgid "Yes\n"
-msgstr "Yes\n"
-
-#: ../aa_enabled.c:71
-#, c-format
-msgid "No - not available on this system.\n"
-msgstr "No - not available on this system.\n"
-
-#: ../aa_enabled.c:74
-#, c-format
-msgid "No - disabled at boot.\n"
-msgstr "No - disabled at boot.\n"
-
-#: ../aa_enabled.c:77
-#, c-format
-msgid "Maybe - policy interface not available.\n"
-msgstr "Maybe - policy interface not available.\n"
-
-#: ../aa_enabled.c:81
-#, c-format
-msgid "Maybe - insufficient permissions to determine availability.\n"
-msgstr "Maybe - insufficient permissions to determine availability.\n"
-
-#: ../aa_enabled.c:84
-#, c-format
-msgid "Error - '%s'\n"
-msgstr "Error - '%s'\n"

binutils/po/id.po

@@ -1,72 +0,0 @@
-# Indonesian translation for apparmor
-# Copyright (c) 2016 Rosetta Contributors and Canonical Ltd 2016
-# This file is distributed under the same license as the apparmor package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2016.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: apparmor\n"
-"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
-"POT-Creation-Date: 2015-11-28 10:23-0800\n"
-"PO-Revision-Date: 2016-01-20 08:59+0000\n"
-"Last-Translator: Ari Setyo Wibowo <mr.a.contact@gmail.com>\n"
-"Language-Team: Indonesian <id@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2016-06-01 05:15+0000\n"
-"X-Generator: Launchpad (build 18053)\n"
-"Language: id\n"
-
-#: ../aa_enabled.c:26
-#, c-format
-msgid ""
-"%s: [options]\n"
-"  options:\n"
-"  -q | --quiet        Don't print out any messages\n"
-"  -h | --help         Print help\n"
-msgstr ""
-"%s: [options]\n"
-"  pilihan:\n"
-"  -q | --quiet       Jangan tampilkan pesan apapun\n"
-"  -h | --help         Tampilkan bantuan\n"
-
-#: ../aa_enabled.c:45
-#, c-format
-msgid "unknown or incompatible options\n"
-msgstr "pilihan yang tidak dikenali atau tidak kompatibel\n"
-
-#: ../aa_enabled.c:55
-#, c-format
-msgid "unknown option '%s'\n"
-msgstr "pilihan tidak dikenali '%s'\n"
-
-#: ../aa_enabled.c:64
-#, c-format
-msgid "Yes\n"
-msgstr "Ya\n"
-
-#: ../aa_enabled.c:71
-#, c-format
-msgid "No - not available on this system.\n"
-msgstr "Tidak - tidak tersedia di sistem ini.\n"
-
-#: ../aa_enabled.c:74
-#, c-format
-msgid "No - disabled at boot.\n"
-msgstr "Tidak - nonaktifkan saat boot.\n"
-
-#: ../aa_enabled.c:77
-#, c-format
-msgid "Maybe - policy interface not available.\n"
-msgstr "Mungkin - kebijakan antarmuka tidak tersedia.\n"
-
-#: ../aa_enabled.c:81
-#, c-format
-msgid "Maybe - insufficient permissions to determine availability.\n"
-msgstr "Mungkin - izin tidak memadai untuk menentukan ketersediaan.\n"
-
-#: ../aa_enabled.c:84
-#, c-format
-msgid "Error - '%s'\n"
-msgstr "Kesalahan - '%s'\n"

binutils/po/pt.po

@@ -1,72 +0,0 @@
-# Portuguese translation for apparmor
-# Copyright (c) 2016 Rosetta Contributors and Canonical Ltd 2016
-# This file is distributed under the same license as the apparmor package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2016.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: apparmor\n"
-"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
-"POT-Creation-Date: 2015-11-28 10:23-0800\n"
-"PO-Revision-Date: 2016-03-03 08:34+0000\n"
-"Last-Translator: Ivo Xavier <ivoxavier.8@gmail.com>\n"
-"Language-Team: Portuguese <pt@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2016-06-01 05:15+0000\n"
-"X-Generator: Launchpad (build 18053)\n"
-"Language: pt\n"
-
-#: ../aa_enabled.c:26
-#, c-format
-msgid ""
-"%s: [options]\n"
-"  options:\n"
-"  -q | --quiet        Don't print out any messages\n"
-"  -h | --help         Print help\n"
-msgstr ""
-"%s: [opções]\n"
-"  opções:\n"
-"  -q | --silencioso        Não mostrar mensagens\n"
-"  -h | --ajuda         Mostar ajuda\n"
-
-#: ../aa_enabled.c:45
-#, c-format
-msgid "unknown or incompatible options\n"
-msgstr "opções desconhecidas ou incompatíveis\n"
-
-#: ../aa_enabled.c:55
-#, c-format
-msgid "unknown option '%s'\n"
-msgstr "opção desconhecida '%s'\n"
-
-#: ../aa_enabled.c:64
-#, c-format
-msgid "Yes\n"
-msgstr "Sim\n"
-
-#: ../aa_enabled.c:71
-#, c-format
-msgid "No - not available on this system.\n"
-msgstr "Não - não disponível neste sistema.\n"
-
-#: ../aa_enabled.c:74
-#, c-format
-msgid "No - disabled at boot.\n"
-msgstr "Não - desligado ao iniciar.\n"
-
-#: ../aa_enabled.c:77
-#, c-format
-msgid "Maybe - policy interface not available.\n"
-msgstr "Talvez - política de interface não disponível.\n"
-
-#: ../aa_enabled.c:81
-#, c-format
-msgid "Maybe - insufficient permissions to determine availability.\n"
-msgstr "Talvez - permissões insuficientes para determinar disponibilidade.\n"
-
-#: ../aa_enabled.c:84
-#, c-format
-msgid "Error - '%s'\n"
-msgstr "Erro - '%s'\n"

binutils/po/ru.po

@@ -1,72 +0,0 @@
-# Russian translation for apparmor
-# Copyright (c) 2016 Rosetta Contributors and Canonical Ltd 2016
-# This file is distributed under the same license as the apparmor package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2016.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: apparmor\n"
-"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
-"POT-Creation-Date: 2015-11-28 10:23-0800\n"
-"PO-Revision-Date: 2016-03-29 14:46+0000\n"
-"Last-Translator: Eugene Marshal <Unknown>\n"
-"Language-Team: Russian <ru@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2016-06-01 05:15+0000\n"
-"X-Generator: Launchpad (build 18053)\n"
-"Language: ru\n"
-
-#: ../aa_enabled.c:26
-#, c-format
-msgid ""
-"%s: [options]\n"
-"  options:\n"
-"  -q | --quiet        Don't print out any messages\n"
-"  -h | --help         Print help\n"
-msgstr ""
-"%s: [параметры]\n"
-"  параметры:\n"
-"  -q | --quiet        не выводить никакие сообщения\n"
-"  -h | --help          вывести справку\n"
-
-#: ../aa_enabled.c:45
-#, c-format
-msgid "unknown or incompatible options\n"
-msgstr "неизвестные или несовместимые параметры\n"
-
-#: ../aa_enabled.c:55
-#, c-format
-msgid "unknown option '%s'\n"
-msgstr "неизвестный параметр '%s'\n"
-
-#: ../aa_enabled.c:64
-#, c-format
-msgid "Yes\n"
-msgstr "Да\n"
-
-#: ../aa_enabled.c:71
-#, c-format
-msgid "No - not available on this system.\n"
-msgstr "Нет - недоступно на этой системе.\n"
-
-#: ../aa_enabled.c:74
-#, c-format
-msgid "No - disabled at boot.\n"
-msgstr "Нет - выключено при загрузке.\n"
-
-#: ../aa_enabled.c:77
-#, c-format
-msgid "Maybe - policy interface not available.\n"
-msgstr "Возможно - интерфейс политики недоступен.\n"
-
-#: ../aa_enabled.c:81
-#, c-format
-msgid "Maybe - insufficient permissions to determine availability.\n"
-msgstr "Возможно - недостаточно разрешений для определения доступности.\n"
-
-#: ../aa_enabled.c:84
-#, c-format
-msgid "Error - '%s'\n"
-msgstr "Ошибка - '%s'\n"

changehat/mod_apparmor/Makefile

@@ -1,6 +1,5 @@
 # ----------------------------------------------------------------------
 #    Copyright (c) 2004, 2005 NOVELL (All rights reserved)
-#    Copyright (c) 2016 Canonical, Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -74,10 +73,7 @@ endif
 .SILENT: libapparmor_check
 libapparmor_check: ; $(ERROR_MESSAGE)
 
-all: libapparmor_check $(TARGET) docs
-
-.PHONY: docs
-docs: ${MANPAGES} ${HTMLMANPAGES}
+all: libapparmor_check $(TARGET) ${MANPAGES} ${HTMLMANPAGES}
 
 %.so: %.c
 	${APXS} ${LIBAPPARMOR_FLAGS} -c $< ${LDLIBS}
@@ -87,7 +83,7 @@ docs: ${MANPAGES} ${HTMLMANPAGES}
 install: ${TARGET} ${MANPAGES}
 	mkdir -p ${DESTDIR}/${APXS_INSTALL_DIR}
 	install -m 755 $< ${DESTDIR}/${APXS_INSTALL_DIR}
-	$(MAKE) install_manpages DESTDIR=${DESTDIR}
+	make install_manpages DESTDIR=${DESTDIR}
 
 .PHONY: clean
 clean: pod_clean

changehat/pam_apparmor/Makefile

@@ -1,6 +1,5 @@
 # ----------------------------------------------------------------------
 #    Copyright (c) 1999, 2004, 2005 NOVELL (All rights reserved)
-#    Copyright (c) 2016 Canonical, Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -55,7 +54,7 @@ libapparmor by adding USE_SYSTEM=1 to your make command.${nl}\
   AA_LDLIBS = -lapparmor
 endif
 EXTRA_CFLAGS=$(CFLAGS) $(CPPFLAGS) -fPIC -shared -Wall $(LIBAPPARMOR_INCLUDE)
-LINK_FLAGS=-Xlinker -x $(AA_LINK_FLAGS) $(LDFLAGS)
+LINK_FLAGS=-Xlinker -x $(AA_LINK_FLAGS)
 LIBS=-lpam $(AA_LDLIBS)
 OBJECTS=${NAME}.o get_options.o
 
@@ -63,11 +62,7 @@ OBJECTS=${NAME}.o get_options.o
 .SILENT: libapparmor_check
 libapparmor_check: ; $(ERROR_MESSAGE)
 
-all: libapparmor_check $(NAME).so docs
-
-.PHONY: docs
-# docs: we should have some
-docs:
+all: libapparmor_check $(NAME).so
 
 $(NAME).so: ${OBJECTS}
 	$(CC) $(EXTRA_CFLAGS) $(LINK_FLAGS) -o $@ ${OBJECTS} $(LIBS)
@@ -82,7 +77,7 @@ SECDIR ?= ${DESTDIR}/lib/security
 .PHONY: install
 install: $(NAME).so
 	install -m 755 -d $(SECDIR)
-	install -m 755 $(NAME).so $(SECDIR)/
+	install -m 555 $(NAME).so $(SECDIR)/
 	
 .PHONY: clean
 clean:

common/Make-po.rules

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------
 #
 # Copyright (c) 1999-2008 NOVELL (All rights reserved)
-# Copyright 2009-2015 Canonical Ltd.
+# Copyright 2009-2010 Canonical Ltd.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of version 2 of the GNU General Public 
@@ -21,7 +21,7 @@
 # exist
 LOCALEDIR=/usr/share/locale
 
-XGETTEXT_ARGS=--copyright-holder="Canonical Ltd" --msgid-bugs-address=apparmor@lists.ubuntu.com -d ${NAME}
+XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor@lists.ubuntu.com -d ${NAME}
 
 # When making the .pot file, it's expected that the parent Makefile will
 # pass in the list of sources in the SOURCES variable

common/Make.rules

@@ -65,7 +65,7 @@ version:
 .PHONY: repo_version
 .SILENT: repo_version
 repo_version:
-	echo $(shell $(value REPO_VERSION_CMD))
+	 $(value REPO_VERSION_CMD)
 
 .PHONY: pod_clean
 ifndef VERBOSE

common/Version

@@ -1 +1 @@
-2.13.1
+2.10.6

documentation/Makefile

@@ -1,36 +0,0 @@
-# ----------------------------------------------------------------------
-#    Copyright (c) 2016 Canonical Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-# ----------------------------------------------------------------------
-NAME 		= documentation
-all:
-COMMONDIR=../common/
-
-include $(COMMONDIR)/Make.rules
-
-all: docs
-
-SOURCES:= $(wildcard *.odt)
-DOCS:=$(SOURCES:.odt=.pdf)
-
-.PHONY: docs
-docs: $(DOCS)
-
-%.pdf: %.odt
-	unoconv -v -f pdf --output "$@" "$<"
-
-.PHONY: clean
-ifndef VERBOSE
-.SILENT: clean
-endif
-clean:
-	rm -f *.pdf
-

kernel-patches/4.4/0001-apparmor-fix-oops-validate-buffer-size-in-apparmor_s.patch

@@ -1,118 +0,0 @@
-From 24b6ac149a57c2d3d5a9920e64d914e8ff00d346 Mon Sep 17 00:00:00 2001
-From: Vegard Nossum <vegard.nossum@oracle.com>
-Date: Thu, 7 Jul 2016 13:41:11 -0700
-Subject: [PATCH 01/27] apparmor: fix oops, validate buffer size in
- apparmor_setprocattr()
-
-When proc_pid_attr_write() was changed to use memdup_user apparmor's
-(interface violating) assumption that the setprocattr buffer was always
-a single page was violated.
-
-The size test is not strictly speaking needed as proc_pid_attr_write()
-will reject anything larger, but for the sake of robustness we can keep
-it in.
-
-SMACK and SELinux look safe to me, but somebody else should probably
-have a look just in case.
-
-Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
-modified for the case that apparmor provides null termination.
-
-Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
-Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
-Cc: Al Viro <viro@zeniv.linux.org.uk>
-Cc: John Johansen <john.johansen@canonical.com>
-Cc: Paul Moore <paul@paul-moore.com>
-Cc: Stephen Smalley <sds@tycho.nsa.gov>
-Cc: Eric Paris <eparis@parisplace.org>
-Cc: Casey Schaufler <casey@schaufler-ca.com>
-Cc: stable@kernel.org
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Signed-off-by: James Morris <james.l.morris@oracle.com>
----
- security/apparmor/lsm.c | 36 +++++++++++++++++++-----------------
- 1 file changed, 19 insertions(+), 17 deletions(-)
-
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index dec607c..5ee8201 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -523,34 +523,34 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- {
- 	struct common_audit_data sa;
- 	struct apparmor_audit_data aad = {0,};
--	char *command, *args = value;
-+	char *command, *largs = NULL, *args = value;
- 	size_t arg_size;
- 	int error;
- 
- 	if (size == 0)
- 		return -EINVAL;
--	/* args points to a PAGE_SIZE buffer, AppArmor requires that
--	 * the buffer must be null terminated or have size <= PAGE_SIZE -1
--	 * so that AppArmor can null terminate them
--	 */
--	if (args[size - 1] != '\0') {
--		if (size == PAGE_SIZE)
--			return -EINVAL;
--		args[size] = '\0';
--	}
--
- 	/* task can only write its own attributes */
- 	if (current != task)
- 		return -EACCES;
- 
--	args = value;
-+	/* AppArmor requires that the buffer must be null terminated atm */
-+	if (args[size - 1] != '\0') {
-+		/* null terminate */
-+		largs = args = kmalloc(size + 1, GFP_KERNEL);
-+		if (!args)
-+			return -ENOMEM;
-+		memcpy(args, value, size);
-+		args[size] = '\0';
-+	}
-+
-+	error = -EINVAL;
- 	args = strim(args);
- 	command = strsep(&args, " ");
- 	if (!args)
--		return -EINVAL;
-+		goto out;
- 	args = skip_spaces(args);
- 	if (!*args)
--		return -EINVAL;
-+		goto out;
- 
- 	arg_size = size - (args - (char *) value);
- 	if (strcmp(name, "current") == 0) {
-@@ -576,10 +576,12 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- 			goto fail;
- 	} else
- 		/* only support the "current" and "exec" process attributes */
--		return -EINVAL;
-+		goto fail;
- 
- 	if (!error)
- 		error = size;
-+out:
-+	kfree(largs);
- 	return error;
- 
- fail:
-@@ -588,9 +590,9 @@ fail:
- 	aad.profile = aa_current_profile();
- 	aad.op = OP_SETPROCATTR;
- 	aad.info = name;
--	aad.error = -EINVAL;
-+	aad.error = error = -EINVAL;
- 	aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
--	return -EINVAL;
-+	goto out;
- }
- 
- static int apparmor_task_setrlimit(struct task_struct *task,
--- 
-2.7.4
-

kernel-patches/4.4/0002-apparmor-fix-refcount-bug-in-profile-replacement.patch

@@ -1,33 +0,0 @@
-From 444bc4f95ec283cd0fb9777f4890bd9bc307809d Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 11 Apr 2016 16:55:10 -0700
-Subject: [PATCH 02/27] apparmor: fix refcount bug in profile replacement
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 705c287..222052f 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1189,12 +1189,12 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 				aa_get_profile(newest);
- 				aa_put_profile(parent);
- 				rcu_assign_pointer(ent->new->parent, newest);
--			} else
--				aa_put_profile(newest);
-+			}
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
- 					   aa_get_profile(ent->new));
- 			__list_add_profile(&parent->base.profiles, ent->new);
-+			aa_put_profile(newest);
- 		} else {
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
--- 
-2.7.4
-

kernel-patches/4.4/0003-apparmor-fix-replacement-bug-that-adds-new-child-to-.patch

@@ -1,38 +0,0 @@
-From 1224a06778b89dcbf0ca85bd961c2fcdd8765a69 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 11 Apr 2016 16:57:19 -0700
-Subject: [PATCH 03/27] apparmor: fix replacement bug that adds new child to
- old parent
-
-When set atomic replacement is used and the parent is updated before the
-child, and the child did not exist in the old parent so there is no
-direct replacement then the new child is incorrectly added to the old
-parent. This results in the new parent not having the child(ren) that
-it should and the old parent when being destroyed asserting the
-following error.
-
-AppArmor: policy_destroy: internal error, policy '<profile/name>' still
-contains profiles
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 222052f..c92a9f6 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
- 					   aa_get_profile(ent->new));
--			__list_add_profile(&parent->base.profiles, ent->new);
-+			__list_add_profile(&newest->base.profiles, ent->new);
- 			aa_put_profile(newest);
- 		} else {
- 			/* aafs interface uses replacedby */
--- 
-2.7.4
-

kernel-patches/4.4/0004-apparmor-fix-uninitialized-lsm_audit-member.patch

@@ -1,87 +0,0 @@
-From 15d921647676fdc2c3ee1cf9aa8f578b1012ecff Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sun, 8 Jun 2014 11:20:54 -0700
-Subject: [PATCH 04/27] apparmor: fix uninitialized lsm_audit member
-
-BugLink: http://bugs.launchpad.net/bugs/1268727
-
-The task field in the lsm_audit struct needs to be initialized if
-a change_hat fails, otherwise the following oops will occur
-
-BUG: unable to handle kernel paging request at 0000002fbead7d08
-IP: [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
-PGD 1e3f35067 PUD 0
-Oops: 0002 [#1] SMP
-Modules linked in: pppox crc_ccitt p8023 p8022 psnap llc ax25 btrfs raid6_pq xor xfs libcrc32c dm_multipath scsi_dh kvm_amd dcdbas kvm microcode amd64_edac_mod joydev edac_core psmouse edac_mce_amd serio_raw k10temp sp5100_tco i2c_piix4 ipmi_si ipmi_msghandler acpi_power_meter mac_hid lp parport hid_generic usbhid hid pata_acpi mpt2sas ahci raid_class pata_atiixp bnx2 libahci scsi_transport_sas [last unloaded: tipc]
-CPU: 2 PID: 699 Comm: changehat_twice Tainted: GF          O 3.13.0-7-generic #25-Ubuntu
-Hardware name: Dell Inc. PowerEdge R415/08WNM9, BIOS 1.8.6 12/06/2011
-task: ffff8802135c6000 ti: ffff880212986000 task.ti: ffff880212986000
-RIP: 0010:[<ffffffff8171153e>]  [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
-RSP: 0018:ffff880212987b68  EFLAGS: 00010006
-RAX: 0000000000020000 RBX: 0000002fbead7500 RCX: 0000000000000000
-RDX: 0000000000000292 RSI: ffff880212987ba8 RDI: 0000002fbead7d08
-RBP: ffff880212987b68 R08: 0000000000000246 R09: ffff880216e572a0
-R10: ffffffff815fd677 R11: ffffea0008469580 R12: ffffffff8130966f
-R13: ffff880212987ba8 R14: 0000002fbead7d08 R15: ffff8800d8c6b830
-FS:  00002b5e6c84e7c0(0000) GS:ffff880216e40000(0000) knlGS:0000000055731700
-CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-CR2: 0000002fbead7d08 CR3: 000000021270f000 CR4: 00000000000006e0
-Stack:
- ffff880212987b98 ffffffff81075f17 ffffffff8130966f 0000000000000009
- 0000000000000000 0000000000000000 ffff880212987bd0 ffffffff81075f7c
- 0000000000000292 ffff880212987c08 ffff8800d8c6b800 0000000000000026
-Call Trace:
- [<ffffffff81075f17>] __lock_task_sighand+0x47/0x80
- [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
- [<ffffffff81075f7c>] do_send_sig_info+0x2c/0x80
- [<ffffffff81075fee>] send_sig_info+0x1e/0x30
- [<ffffffff8130242d>] aa_audit+0x13d/0x190
- [<ffffffff8130c1dc>] aa_audit_file+0xbc/0x130
- [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
- [<ffffffff81304cc2>] aa_change_hat+0x202/0x530
- [<ffffffff81308fc6>] aa_setprocattr_changehat+0x116/0x1d0
- [<ffffffff8130a11d>] apparmor_setprocattr+0x25d/0x300
- [<ffffffff812cee56>] security_setprocattr+0x16/0x20
- [<ffffffff8121fc87>] proc_pid_attr_write+0x107/0x130
- [<ffffffff811b7604>] vfs_write+0xb4/0x1f0
- [<ffffffff811b8039>] SyS_write+0x49/0xa0
- [<ffffffff8171a1bf>] tracesys+0xe1/0xe6
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/audit.c | 3 ++-
- security/apparmor/file.c  | 3 ++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
-index 89c7865..3a7f1da 100644
---- a/security/apparmor/audit.c
-+++ b/security/apparmor/audit.c
-@@ -200,7 +200,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
- 
- 	if (sa->aad->type == AUDIT_APPARMOR_KILL)
- 		(void)send_sig_info(SIGKILL, NULL,
--				    sa->u.tsk ?  sa->u.tsk : current);
-+			sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
-+				    sa->u.tsk : current);
- 
- 	if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
- 		return complain_error(sa->aad->error);
-diff --git a/security/apparmor/file.c b/security/apparmor/file.c
-index 913f377..43d6ae7 100644
---- a/security/apparmor/file.c
-+++ b/security/apparmor/file.c
-@@ -110,7 +110,8 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
- 	int type = AUDIT_APPARMOR_AUTO;
- 	struct common_audit_data sa;
- 	struct apparmor_audit_data aad = {0,};
--	sa.type = LSM_AUDIT_DATA_NONE;
-+	sa.type = LSM_AUDIT_DATA_TASK;
-+	sa.u.tsk = NULL;
- 	sa.aad = &aad;
- 	aad.op = op,
- 	aad.fs.request = request;
--- 
-2.7.4
-

kernel-patches/4.4/0005-apparmor-exec-should-not-be-returning-ENOENT-when-it.patch

@@ -1,32 +0,0 @@
-From c1216728b7d644443eef31e4bd9d01b4a0a51d61 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:03 -0700
-Subject: [PATCH 05/27] apparmor: exec should not be returning ENOENT when it
- denies
-
-The current behavior is confusing as it causes exec failures to report
-the executable is missing instead of identifying that apparmor
-caused the failure.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/domain.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index dc0027b..67a7418 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -433,7 +433,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 				new_profile = aa_get_newest_profile(ns->unconfined);
- 				info = "ux fallback";
- 			} else {
--				error = -ENOENT;
-+				error = -EACCES;
- 				info = "profile not found";
- 				/* remove MAY_EXEC to audit as failure */
- 				perms.allow &= ~MAY_EXEC;
--- 
-2.7.4
-

kernel-patches/4.4/0006-apparmor-fix-update-the-mtime-of-the-profile-file-on.patch

@@ -1,28 +0,0 @@
-From 2d3389de6c8ab6b3ad2cef4ea460c8fce2a226b9 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:01:56 -0700
-Subject: [PATCH 06/27] apparmor: fix update the mtime of the profile file on
- replacement
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/apparmorfs.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index ad4fa49..45a6199 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -379,6 +379,8 @@ void __aa_fs_profile_migrate_dents(struct aa_profile *old,
- 
- 	for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
- 		new->dents[i] = old->dents[i];
-+		if (new->dents[i])
-+			new->dents[i]->d_inode->i_mtime = CURRENT_TIME;
- 		old->dents[i] = NULL;
- 	}
- }
--- 
-2.7.4
-

kernel-patches/4.4/0007-apparmor-fix-disconnected-bind-mnts-reconnection.patch

@@ -1,36 +0,0 @@
-From 9caa96e30a1b2bb191a29af872285c8d0b078c10 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:08 -0700
-Subject: [PATCH 07/27] apparmor: fix disconnected bind mnts reconnection
-
-Bind mounts can fail to be properly reconnected when PATH_CONNECT is
-specified. Ensure that when PATH_CONNECT is specified the path has
-a root.
-
-BugLink: http://bugs.launchpad.net/bugs/1319984
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/path.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/path.c b/security/apparmor/path.c
-index 71e0e3a..bb2f2c6 100644
---- a/security/apparmor/path.c
-+++ b/security/apparmor/path.c
-@@ -141,7 +141,10 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			error = -EACCES;
- 			if (*res == '/')
- 				*name = res + 1;
--		}
-+		} else if (*res != '/')
-+			/* CONNECT_PATH with missing root */
-+			error = prepend(name, *name - buf, "/", 1);
-+
- 	}
- 
- out:
--- 
-2.7.4
-

kernel-patches/4.4/0008-apparmor-internal-paths-should-be-treated-as-disconn.patch

@@ -1,114 +0,0 @@
-From 11702a732e149380e05e2ab8ae1b743ac89f892f Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:10 -0700
-Subject: [PATCH 08/27] apparmor: internal paths should be treated as
- disconnected
-
-Internal mounts are not mounted anywhere and as such should be treated
-as disconnected paths.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/path.c | 64 +++++++++++++++++++++++++++---------------------
- 1 file changed, 36 insertions(+), 28 deletions(-)
-
-diff --git a/security/apparmor/path.c b/security/apparmor/path.c
-index bb2f2c6..596f799 100644
---- a/security/apparmor/path.c
-+++ b/security/apparmor/path.c
-@@ -25,7 +25,6 @@
- #include "include/path.h"
- #include "include/policy.h"
- 
--
- /* modified from dcache.c */
- static int prepend(char **buffer, int buflen, const char *str, int namelen)
- {
-@@ -39,6 +38,38 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
- 
- #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
- 
-+/* If the path is not connected to the expected root,
-+ * check if it is a sysctl and handle specially else remove any
-+ * leading / that __d_path may have returned.
-+ * Unless
-+ *     specifically directed to connect the path,
-+ * OR
-+ *     if in a chroot and doing chroot relative paths and the path
-+ *     resolves to the namespace root (would be connected outside
-+ *     of chroot) and specifically directed to connect paths to
-+ *     namespace root.
-+ */
-+static int disconnect(const struct path *path, char *buf, char **name,
-+		      int flags)
-+{
-+	int error = 0;
-+
-+	if (!(flags & PATH_CONNECT_PATH) &&
-+	    !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
-+	      our_mnt(path->mnt))) {
-+		/* disconnected path, don't return pathname starting
-+		 * with '/'
-+		 */
-+		error = -EACCES;
-+		if (**name == '/')
-+			*name = *name + 1;
-+	} else if (**name != '/')
-+		/* CONNECT_PATH with missing root */
-+		error = prepend(name, *name - buf, "/", 1);
-+
-+	return error;
-+}
-+
- /**
-  * d_namespace_path - lookup a name associated with a given path
-  * @path: path to lookup  (NOT NULL)
-@@ -74,7 +105,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			 * control instead of hard coded /proc
- 			 */
- 			return prepend(name, *name - buf, "/proc", 5);
--		}
-+		} else
-+			return disconnect(path, buf, name, flags);
- 		return 0;
- 	}
- 
-@@ -120,32 +152,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			goto out;
- 	}
- 
--	/* If the path is not connected to the expected root,
--	 * check if it is a sysctl and handle specially else remove any
--	 * leading / that __d_path may have returned.
--	 * Unless
--	 *     specifically directed to connect the path,
--	 * OR
--	 *     if in a chroot and doing chroot relative paths and the path
--	 *     resolves to the namespace root (would be connected outside
--	 *     of chroot) and specifically directed to connect paths to
--	 *     namespace root.
--	 */
--	if (!connected) {
--		if (!(flags & PATH_CONNECT_PATH) &&
--			   !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
--			     our_mnt(path->mnt))) {
--			/* disconnected path, don't return pathname starting
--			 * with '/'
--			 */
--			error = -EACCES;
--			if (*res == '/')
--				*name = res + 1;
--		} else if (*res != '/')
--			/* CONNECT_PATH with missing root */
--			error = prepend(name, *name - buf, "/", 1);
--
--	}
-+	if (!connected)
-+		error = disconnect(path, buf, name, flags);
- 
- out:
- 	return error;
--- 
-2.7.4
-

kernel-patches/4.4/0009-apparmor-fix-put-parent-ref-after-updating-the-activ.patch

@@ -1,29 +0,0 @@
-From c70811d9e6234c96d0ef405cd8ad78b70efb8637 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 13:59:02 -0700
-Subject: [PATCH 09/27] apparmor: fix put() parent ref after updating the
- active ref
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index c92a9f6..455c9f8 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1187,8 +1187,8 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			/* parent replaced in this atomic set? */
- 			if (newest != parent) {
- 				aa_get_profile(newest);
--				aa_put_profile(parent);
- 				rcu_assign_pointer(ent->new->parent, newest);
-+				aa_put_profile(parent);
- 			}
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
--- 
-2.7.4
-

kernel-patches/4.4/0010-apparmor-fix-log-failures-for-all-profiles-in-a-set.patch

@@ -1,87 +0,0 @@
-From f671b902943f83f0fbc8c8b7bf8bbfb817d124f1 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 14:16:50 -0700
-Subject: [PATCH 10/27] apparmor: fix log failures for all profiles in a set
-
-currently only the profile that is causing the failure is logged. This
-makes it more confusing than necessary about which profiles loaded
-and which didn't. So make sure to log success and failure messages for
-all profiles in the set being loaded.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 29 +++++++++++++++++++----------
- 1 file changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 455c9f8..db31bc5 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1067,7 +1067,7 @@ static int __lookup_replace(struct aa_namespace *ns, const char *hname,
-  */
- ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- {
--	const char *ns_name, *name = NULL, *info = NULL;
-+	const char *ns_name, *info = NULL;
- 	struct aa_namespace *ns = NULL;
- 	struct aa_load_ent *ent, *tmp;
- 	int op = OP_PROF_REPL;
-@@ -1082,18 +1082,15 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 	/* released below */
- 	ns = aa_prepare_namespace(ns_name);
- 	if (!ns) {
--		info = "failed to prepare namespace";
--		error = -ENOMEM;
--		name = ns_name;
--		goto fail;
-+		error = audit_policy(op, GFP_KERNEL, ns_name,
-+				     "failed to prepare namespace", -ENOMEM);
-+		goto free;
- 	}
- 
- 	mutex_lock(&ns->lock);
- 	/* setup parent and ns info */
- 	list_for_each_entry(ent, &lh, list) {
- 		struct aa_policy *policy;
--
--		name = ent->new->base.hname;
- 		error = __lookup_replace(ns, ent->new->base.hname, noreplace,
- 					 &ent->old, &info);
- 		if (error)
-@@ -1121,7 +1118,6 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			if (!p) {
- 				error = -ENOENT;
- 				info = "parent does not exist";
--				name = ent->new->base.hname;
- 				goto fail_lock;
- 			}
- 			rcu_assign_pointer(ent->new->parent, aa_get_profile(p));
-@@ -1214,9 +1210,22 @@ out:
- 
- fail_lock:
- 	mutex_unlock(&ns->lock);
--fail:
--	error = audit_policy(op, GFP_KERNEL, name, info, error);
- 
-+	/* audit cause of failure */
-+	op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
-+	audit_policy(op, GFP_KERNEL, ent->new->base.hname, info, error);
-+	/* audit status that rest of profiles in the atomic set failed too */
-+	info = "valid profile in failed atomic policy load";
-+	list_for_each_entry(tmp, &lh, list) {
-+		if (tmp == ent) {
-+			info = "unchecked profile in failed atomic policy load";
-+			/* skip entry that caused failure */
-+			continue;
-+		}
-+		op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
-+		audit_policy(op, GFP_KERNEL, tmp->new->base.hname, info, error);
-+	}
-+free:
- 	list_for_each_entry_safe(ent, tmp, &lh, list) {
- 		list_del_init(&ent->list);
- 		aa_load_ent_free(ent);
--- 
-2.7.4
-

kernel-patches/4.4/0011-apparmor-fix-audit-full-profile-hname-on-successful-.patch

@@ -1,33 +0,0 @@
-From bc3c7d342bf53afdfdf46bc92dac5c624c89fb91 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 14:19:38 -0700
-Subject: [PATCH 11/27] apparmor: fix audit full profile hname on successful
- load
-
-Currently logging of a successful profile load only logs the basename
-of the profile. This can result in confusion when a child profile has
-the same name as the another profile in the set. Logging the hname
-will ensure there is no confusion.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index db31bc5..ca402d0 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1159,7 +1159,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 		list_del_init(&ent->list);
- 		op = (!ent->old && !ent->rename) ? OP_PROF_LOAD : OP_PROF_REPL;
- 
--		audit_policy(op, GFP_ATOMIC, ent->new->base.name, NULL, error);
-+		audit_policy(op, GFP_ATOMIC, ent->new->base.hname, NULL, error);
- 
- 		if (ent->old) {
- 			__replace_profile(ent->old, ent->new, 1);
--- 
-2.7.4
-

kernel-patches/4.4/0012-apparmor-ensure-the-target-profile-name-is-always-au.patch

@@ -1,112 +0,0 @@
-From 848da0479e5b9da3dc2ae4c64e0cca77a0abf02a Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 20 Apr 2016 14:18:18 -0700
-Subject: [PATCH 12/27] apparmor: ensure the target profile name is always
- audited
-
-The target profile name was not being correctly audited in a few
-cases because the target variable was not being set and gotos
-passed the code to set it at apply:
-
-Since it is always based on new_profile just drop the target var
-and conditionally report based on new_profile.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/domain.c | 20 +++++++++-----------
- 1 file changed, 9 insertions(+), 11 deletions(-)
-
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index 67a7418..fc3036b 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -346,7 +346,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		file_inode(bprm->file)->i_uid,
- 		file_inode(bprm->file)->i_mode
- 	};
--	const char *name = NULL, *target = NULL, *info = NULL;
-+	const char *name = NULL, *info = NULL;
- 	int error = 0;
- 
- 	if (bprm->cred_prepared)
-@@ -399,6 +399,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 	if (cxt->onexec) {
- 		struct file_perms cp;
- 		info = "change_profile onexec";
-+		new_profile = aa_get_newest_profile(cxt->onexec);
- 		if (!(perms.allow & AA_MAY_ONEXEC))
- 			goto audit;
- 
-@@ -413,7 +414,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 
- 		if (!(cp.allow & AA_MAY_ONEXEC))
- 			goto audit;
--		new_profile = aa_get_newest_profile(cxt->onexec);
- 		goto apply;
- 	}
- 
-@@ -445,10 +445,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		if (!new_profile) {
- 			error = -ENOMEM;
- 			info = "could not create null profile";
--		} else {
-+		} else
- 			error = -EACCES;
--			target = new_profile->base.hname;
--		}
- 		perms.xindex |= AA_X_UNSAFE;
- 	} else
- 		/* fail exec */
-@@ -459,7 +457,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 	 * fail the exec.
- 	 */
- 	if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) {
--		aa_put_profile(new_profile);
- 		error = -EPERM;
- 		goto cleanup;
- 	}
-@@ -474,10 +471,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 
- 	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
- 		error = may_change_ptraced_domain(new_profile);
--		if (error) {
--			aa_put_profile(new_profile);
-+		if (error)
- 			goto audit;
--		}
- 	}
- 
- 	/* Determine if secure exec is needed.
-@@ -498,7 +493,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		bprm->unsafe |= AA_SECURE_X_NEEDED;
- 	}
- apply:
--	target = new_profile->base.hname;
- 	/* when transitioning profiles clear unsafe personality bits */
- 	bprm->per_clear |= PER_CLEAR_ON_SETID;
- 
-@@ -506,15 +500,19 @@ x_clear:
- 	aa_put_profile(cxt->profile);
- 	/* transfer new profile reference will be released when cxt is freed */
- 	cxt->profile = new_profile;
-+	new_profile = NULL;
- 
- 	/* clear out all temporary/transitional state from the context */
- 	aa_clear_task_cxt_trans(cxt);
- 
- audit:
- 	error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,
--			      name, target, cond.uid, info, error);
-+			      name,
-+			      new_profile ? new_profile->base.hname : NULL,
-+			      cond.uid, info, error);
- 
- cleanup:
-+	aa_put_profile(new_profile);
- 	aa_put_profile(profile);
- 	kfree(buffer);
- 
--- 
-2.7.4
-

kernel-patches/4.4/0013-apparmor-check-that-xindex-is-in-trans_table-bounds.patch

@@ -1,27 +0,0 @@
-From 706473f3ead5cdffe5ad159adfbc090e0fda81d6 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Thu, 17 Mar 2016 12:02:54 -0700
-Subject: [PATCH 13/27] apparmor: check that xindex is in trans_table bounds
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy_unpack.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index a689f10..c841b12 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -676,7 +676,7 @@ static bool verify_xindex(int xindex, int table_size)
- 	int index, xtype;
- 	xtype = xindex & AA_X_TYPE_MASK;
- 	index = xindex & AA_X_INDEX_MASK;
--	if (xtype == AA_X_TABLE && index > table_size)
-+	if (xtype == AA_X_TABLE && index >= table_size)
- 		return 0;
- 	return 1;
- }
--- 
-2.7.4
-

kernel-patches/4.4/0014-apparmor-fix-ref-count-leak-when-profile-sha1-hash-i.patch

@@ -1,27 +0,0 @@
-From 05a64c434466029b298ee1e78a988cd6a7f80c0e Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 18 Nov 2015 11:41:05 -0800
-Subject: [PATCH 14/27] apparmor: fix ref count leak when profile sha1 hash is
- read
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/apparmorfs.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 45a6199..0d8dd71 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -331,6 +331,7 @@ static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
- 			seq_printf(seq, "%.2x", profile->hash[i]);
- 		seq_puts(seq, "\n");
- 	}
-+	aa_put_profile(profile);
- 
- 	return 0;
- }
--- 
-2.7.4
-

kernel-patches/4.4/0015-apparmor-fix-refcount-race-when-finding-a-child-prof.patch

@@ -1,37 +0,0 @@
-From 6b0b8b91f454bd021e27abe0e611a6764e4806c1 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 16 Dec 2015 18:09:10 -0800
-Subject: [PATCH 15/27] apparmor: fix refcount race when finding a child
- profile
-
-When finding a child profile via an rcu critical section, the profile
-may be put and scheduled for deletion after the child is found but
-before its refcount is incremented.
-
-Protect against this by repeating the lookup if the profiles refcount
-is 0 and is one its way to deletion.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index ca402d0..7807125 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
- 	struct aa_profile *profile;
- 
- 	rcu_read_lock();
--	profile = aa_get_profile(__find_child(&parent->base.profiles, name));
-+	do {
-+		profile = __find_child(&parent->base.profiles, name);
-+	} while (profile && !aa_get_profile_not0(profile));
- 	rcu_read_unlock();
- 
- 	/* refcount released by caller */
--- 
-2.7.4
-

kernel-patches/4.4/0016-apparmor-use-list_next_entry-instead-of-list_entry_n.patch

@@ -1,59 +0,0 @@
-From 84acc6aa6976e62756e14d3a00c5634724cbaa59 Mon Sep 17 00:00:00 2001
-From: Geliang Tang <geliangtang@163.com>
-Date: Mon, 16 Nov 2015 21:46:33 +0800
-Subject: [PATCH 16/27] apparmor: use list_next_entry instead of
- list_entry_next
-
-list_next_entry has been defined in list.h, so I replace list_entry_next
-with it.
-
-Signed-off-by: Geliang Tang <geliangtang@163.com>
-Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/apparmorfs.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 0d8dd71..729e595 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -553,8 +553,6 @@ fail2:
- }
- 
- 
--#define list_entry_next(pos, member) \
--	list_entry(pos->member.next, typeof(*pos), member)
- #define list_entry_is_head(pos, head, member) (&pos->member == (head))
- 
- /**
-@@ -585,7 +583,7 @@ static struct aa_namespace *__next_namespace(struct aa_namespace *root,
- 	parent = ns->parent;
- 	while (ns != root) {
- 		mutex_unlock(&ns->lock);
--		next = list_entry_next(ns, base.list);
-+		next = list_next_entry(ns, base.list);
- 		if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
- 			mutex_lock(&next->lock);
- 			return next;
-@@ -639,7 +637,7 @@ static struct aa_profile *__next_profile(struct aa_profile *p)
- 	parent = rcu_dereference_protected(p->parent,
- 					   mutex_is_locked(&p->ns->lock));
- 	while (parent) {
--		p = list_entry_next(p, base.list);
-+		p = list_next_entry(p, base.list);
- 		if (!list_entry_is_head(p, &parent->base.profiles, base.list))
- 			return p;
- 		p = parent;
-@@ -648,7 +646,7 @@ static struct aa_profile *__next_profile(struct aa_profile *p)
- 	}
- 
- 	/* is next another profile in the namespace */
--	p = list_entry_next(p, base.list);
-+	p = list_next_entry(p, base.list);
- 	if (!list_entry_is_head(p, &ns->base.profiles, base.list))
- 		return p;
- 
--- 
-2.7.4
-

kernel-patches/4.4/0017-apparmor-allow-SYS_CAP_RESOURCE-to-be-sufficient-to-.patch

@@ -1,50 +0,0 @@
-From a3896605318b86d8cf288c122e03604e349d5dd7 Mon Sep 17 00:00:00 2001
-From: Jeff Mahoney <jeffm@suse.com>
-Date: Fri, 6 Nov 2015 15:17:30 -0500
-Subject: [PATCH 17/27] apparmor: allow SYS_CAP_RESOURCE to be sufficient to
- prlimit another task
-
-While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit
-on another task. The only other example of a AppArmor mediating access to
-another, already running, task (ignoring fork+exec) is ptrace.
-
-The AppArmor model for ptrace is that one of the following must be true:
-1) The tracer is unconfined
-2) The tracer is in complain mode
-3) The tracer and tracee are confined by the same profile
-4) The tracer is confined but has SYS_CAP_PTRACE
-
-1), 2, and 3) are already true for setrlimit.
-
-We can match the ptrace model just by allowing CAP_SYS_RESOURCE.
-
-We still test the values of the rlimit since it can always be overridden
-using a value that means unlimited for a particular resource.
-
-Signed-off-by: Jeff Mahoney <jeffm@suse.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/resource.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
-index 748bf0c..67a6072 100644
---- a/security/apparmor/resource.c
-+++ b/security/apparmor/resource.c
-@@ -101,9 +101,11 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
- 	/* TODO: extend resource control to handle other (non current)
- 	 * profiles.  AppArmor rules currently have the implicit assumption
- 	 * that the task is setting the resource of a task confined with
--	 * the same profile.
-+	 * the same profile or that the task setting the resource of another
-+	 * task has CAP_SYS_RESOURCE.
- 	 */
--	if (profile != task_profile ||
-+	if ((profile != task_profile &&
-+	     aa_capable(profile, CAP_SYS_RESOURCE, 1)) ||
- 	    (profile->rlimits.mask & (1 << resource) &&
- 	     new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
- 		error = -EACCES;
--- 
-2.7.4
-

kernel-patches/4.4/0018-apparmor-add-missing-id-bounds-check-on-dfa-verifica.patch

@@ -1,40 +0,0 @@
-From 6fdcc3cfecd4d89457036627d59ebe5154d094c5 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Thu, 2 Jun 2016 02:37:02 -0700
-Subject: [PATCH 18/27] apparmor: add missing id bounds check on dfa
- verification
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/include/match.h | 1 +
- security/apparmor/match.c         | 2 ++
- 2 files changed, 3 insertions(+)
-
-diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h
-index 001c43a..a1c04fe 100644
---- a/security/apparmor/include/match.h
-+++ b/security/apparmor/include/match.h
-@@ -62,6 +62,7 @@ struct table_set_header {
- #define YYTD_ID_ACCEPT2 6
- #define YYTD_ID_NXT	7
- #define YYTD_ID_TSIZE	8
-+#define YYTD_ID_MAX	8
- 
- #define YYTD_DATA8	1
- #define YYTD_DATA16	2
-diff --git a/security/apparmor/match.c b/security/apparmor/match.c
-index 727eb42..f9f57c6 100644
---- a/security/apparmor/match.c
-+++ b/security/apparmor/match.c
-@@ -47,6 +47,8 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
- 	 * it every time we use td_id as an index
- 	 */
- 	th.td_id = be16_to_cpu(*(u16 *) (blob)) - 1;
-+	if (th.td_id > YYTD_ID_MAX)
-+		goto out;
- 	th.td_flags = be16_to_cpu(*(u16 *) (blob + 2));
- 	th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8));
- 	blob += sizeof(struct table_header);
--- 
-2.7.4
-

kernel-patches/4.4/0019-apparmor-don-t-check-for-vmalloc_addr-if-kvzalloc-fa.patch

@@ -1,38 +0,0 @@
-From 95d203cfb59627a86483a279ba82f1aa75297e07 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 15 Jun 2016 09:57:55 +0300
-Subject: [PATCH 19/27] apparmor: don't check for vmalloc_addr if kvzalloc()
- failed
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/match.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/security/apparmor/match.c b/security/apparmor/match.c
-index f9f57c6..32b72eb 100644
---- a/security/apparmor/match.c
-+++ b/security/apparmor/match.c
-@@ -75,14 +75,14 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
- 				     u32, be32_to_cpu);
- 		else
- 			goto fail;
-+		/* if table was vmalloced make sure the page tables are synced
-+		 * before it is used, as it goes live to all cpus.
-+		 */
-+		if (is_vmalloc_addr(table))
-+			vm_unmap_aliases();
- 	}
- 
- out:
--	/* if table was vmalloced make sure the page tables are synced
--	 * before it is used, as it goes live to all cpus.
--	 */
--	if (is_vmalloc_addr(table))
--		vm_unmap_aliases();
- 	return table;
- fail:
- 	kvfree(table);
--- 
-2.7.4
-

kernel-patches/4.4/0020-apparmor-fix-oops-in-profile_unpack-when-policy_db-i.patch

@@ -1,33 +0,0 @@
-From e925f976c7a9c85455f67c360671254bac2d9a91 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 15 Jun 2016 10:00:55 +0300
-Subject: [PATCH 20/27] apparmor: fix oops in profile_unpack() when policy_db
- is not present
-
-BugLink: http://bugs.launchpad.net/bugs/1592547
-
-If unpack_dfa() returns NULL due to the dfa not being present,
-profile_unpack() is not checking if the dfa is not present (NULL).
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/policy_unpack.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index c841b12..dac2121 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -583,6 +583,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
- 			error = PTR_ERR(profile->policy.dfa);
- 			profile->policy.dfa = NULL;
- 			goto fail;
-+		} else if (!profile->policy.dfa) {
-+			error = -EPROTO;
-+			goto fail;
- 		}
- 		if (!unpack_u32(e, &profile->policy.start[0], "start"))
- 			/* default start state */
--- 
-2.7.4
-

kernel-patches/4.4/0021-apparmor-fix-module-parameters-can-be-changed-after-.patch

@@ -1,162 +0,0 @@
-From 45774028820fe2ffbbc94667165f04749821d529 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 22 Jun 2016 18:01:08 -0700
-Subject: [PATCH 21/27] apparmor: fix module parameters can be changed after
- policy is locked
-
-the policy_lock parameter is a one way switch that prevents policy
-from being further modified. Unfortunately some of the module parameters
-can effectively modify policy by turning off enforcement.
-
-split policy_admin_capable into a view check and a full admin check,
-and update the admin check to test the policy_lock parameter.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/include/policy.h |  2 ++
- security/apparmor/lsm.c            | 22 ++++++++++------------
- security/apparmor/policy.c         | 18 +++++++++++++++++-
- 3 files changed, 29 insertions(+), 13 deletions(-)
-
-diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
-index c28b0f2..52275f0 100644
---- a/security/apparmor/include/policy.h
-+++ b/security/apparmor/include/policy.h
-@@ -403,6 +403,8 @@ static inline int AUDIT_MODE(struct aa_profile *profile)
- 	return profile->audit;
- }
- 
-+bool policy_view_capable(void);
-+bool policy_admin_capable(void);
- bool aa_may_manage_policy(int op);
- 
- #endif /* __AA_POLICY_H */
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 5ee8201..bd40b12 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -751,51 +751,49 @@ __setup("apparmor=", apparmor_enabled_setup);
- /* set global flag turning off the ability to load policy */
- static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
--	if (aa_g_lock_policy)
--		return -EACCES;
- 	return param_set_bool(val, kp);
- }
- 
- static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 	return param_get_bool(buffer, kp);
- }
- 
- static int param_set_aabool(const char *val, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 	return param_set_bool(val, kp);
- }
- 
- static int param_get_aabool(char *buffer, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 	return param_get_bool(buffer, kp);
- }
- 
- static int param_set_aauint(const char *val, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 	return param_set_uint(val, kp);
- }
- 
- static int param_get_aauint(char *buffer, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 	return param_get_uint(buffer, kp);
- }
- 
- static int param_get_audit(char *buffer, struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-@@ -807,7 +805,7 @@ static int param_get_audit(char *buffer, struct kernel_param *kp)
- static int param_set_audit(const char *val, struct kernel_param *kp)
- {
- 	int i;
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-@@ -828,7 +826,7 @@ static int param_set_audit(const char *val, struct kernel_param *kp)
- 
- static int param_get_mode(char *buffer, struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-@@ -840,7 +838,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp)
- static int param_set_mode(const char *val, struct kernel_param *kp)
- {
- 	int i;
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 7807125..179e68d 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -918,6 +918,22 @@ static int audit_policy(int op, gfp_t gfp, const char *name, const char *info,
- 			&sa, NULL);
- }
- 
-+bool policy_view_capable(void)
-+{
-+	struct user_namespace *user_ns = current_user_ns();
-+	bool response = false;
-+
-+	if (ns_capable(user_ns, CAP_MAC_ADMIN))
-+		response = true;
-+
-+	return response;
-+}
-+
-+bool policy_admin_capable(void)
-+{
-+	return policy_view_capable() && !aa_g_lock_policy;
-+}
-+
- /**
-  * aa_may_manage_policy - can the current task manage policy
-  * @op: the policy manipulation operation being done
-@@ -932,7 +948,7 @@ bool aa_may_manage_policy(int op)
- 		return 0;
- 	}
- 
--	if (!capable(CAP_MAC_ADMIN)) {
-+	if (!policy_admin_capable()) {
- 		audit_policy(op, GFP_KERNEL, NULL, "not policy admin", -EACCES);
- 		return 0;
- 	}
--- 
-2.7.4
-

kernel-patches/4.4/0022-apparmor-do-not-expose-kernel-stack.patch

@@ -1,31 +0,0 @@
-From 7fcfc22cd04261ac35a579c99bcc804db7eb3e83 Mon Sep 17 00:00:00 2001
-From: Heinrich Schuchardt <xypron.glpk@gmx.de>
-Date: Fri, 10 Jun 2016 23:34:26 +0200
-Subject: [PATCH 22/27] apparmor: do not expose kernel stack
-
-Do not copy uninitalized fields th.td_hilen, th.td_data.
-
-Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/match.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/match.c b/security/apparmor/match.c
-index 32b72eb..3f900fc 100644
---- a/security/apparmor/match.c
-+++ b/security/apparmor/match.c
-@@ -63,7 +63,9 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
- 
- 	table = kvzalloc(tsize);
- 	if (table) {
--		*table = th;
-+		table->td_id = th.td_id;
-+		table->td_flags = th.td_flags;
-+		table->td_lolen = th.td_lolen;
- 		if (th.td_flags == YYTD_DATA8)
- 			UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
- 				     u8, byte_to_byte);
--- 
-2.7.4
-

kernel-patches/4.4/0023-apparmor-fix-arg_size-computation-for-when-setprocat.patch

@@ -1,27 +0,0 @@
-From 1b98560066c26fecb0a61aeb9249e141af2e63f9 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 9 Jul 2016 23:46:33 -0700
-Subject: [PATCH 23/27] apparmor: fix arg_size computation for when setprocattr
- is null terminated
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/lsm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index bd40b12..1bf6c53 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -552,7 +552,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- 	if (!*args)
- 		goto out;
- 
--	arg_size = size - (args - (char *) value);
-+	arg_size = size - (args - (largs ? largs : (char *) value));
- 	if (strcmp(name, "current") == 0) {
- 		if (strcmp(command, "changehat") == 0) {
- 			error = aa_setprocattr_changehat(args, arg_size,
--- 
-2.7.4
-

kernel-patches/4.4/0024-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch

@@ -1,603 +0,0 @@
-From 8d7c032e7798fa1c46449728874b64fff882368b Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 4 Oct 2010 15:03:36 -0700
-Subject: [PATCH 24/27] UBUNTU: SAUCE: AppArmor: basic networking rules
-
-Base support for network mediation.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/.gitignore       |   1 +
- security/apparmor/Makefile         |  42 +++++++++-
- security/apparmor/apparmorfs.c     |   1 +
- security/apparmor/include/audit.h  |   4 +
- security/apparmor/include/net.h    |  44 ++++++++++
- security/apparmor/include/policy.h |   3 +
- security/apparmor/lsm.c            | 112 +++++++++++++++++++++++++
- security/apparmor/net.c            | 162 +++++++++++++++++++++++++++++++++++++
- security/apparmor/policy.c         |   1 +
- security/apparmor/policy_unpack.c  |  46 +++++++++++
- 10 files changed, 414 insertions(+), 2 deletions(-)
- create mode 100644 security/apparmor/include/net.h
- create mode 100644 security/apparmor/net.c
-
-diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore
-index 9cdec70..d5b291e 100644
---- a/security/apparmor/.gitignore
-+++ b/security/apparmor/.gitignore
-@@ -1,5 +1,6 @@
- #
- # Generated include files
- #
-+net_names.h
- capability_names.h
- rlim_names.h
-diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
-index d693df8..5dbb72f 100644
---- a/security/apparmor/Makefile
-+++ b/security/apparmor/Makefile
-@@ -4,10 +4,10 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
- 
- apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
-               path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
--              resource.o sid.o file.o
-+              resource.o sid.o file.o net.o
- apparmor-$(CONFIG_SECURITY_APPARMOR_HASH) += crypto.o
- 
--clean-files := capability_names.h rlim_names.h
-+clean-files := capability_names.h rlim_names.h net_names.h
- 
- 
- # Build a lower case string table of capability names
-@@ -25,6 +25,38 @@ cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
- 	    -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
- 	     tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
- 
-+# Build a lower case string table of address family names
-+# Transform lines from
-+#    define AF_LOCAL	1	/* POSIX name for AF_UNIX	*/
-+#    #define AF_INET		2	/* Internet IP Protocol 	*/
-+# to
-+#    [1] = "local",
-+#    [2] = "inet",
-+#
-+# and build the securityfs entries for the mapping.
-+# Transforms lines from
-+#    #define AF_INET		2	/* Internet IP Protocol 	*/
-+# to
-+#    #define AA_FS_AF_MASK "local inet"
-+quiet_cmd_make-af = GEN     $@
-+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\
-+	sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \
-+	 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
-+	echo "};" >> $@ ;\
-+	echo -n '\#define AA_FS_AF_MASK "' >> $@ ;\
-+	sed -r -n 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\
-+	 $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
-+
-+# Build a lower case string table of sock type names
-+# Transform lines from
-+#    SOCK_STREAM	= 1,
-+# to
-+#    [1] = "stream",
-+quiet_cmd_make-sock = GEN     $@
-+cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\
-+	sed $^ >>$@ -r -n \
-+	-e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
-+	echo "};" >> $@
- 
- # Build a lower case string table of rlimit names.
- # Transforms lines from
-@@ -61,6 +93,7 @@ cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \
- 	    tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
- 
- $(obj)/capability.o : $(obj)/capability_names.h
-+$(obj)/net.o : $(obj)/net_names.h
- $(obj)/resource.o : $(obj)/rlim_names.h
- $(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \
- 			    $(src)/Makefile
-@@ -68,3 +101,8 @@ $(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \
- $(obj)/rlim_names.h : $(srctree)/include/uapi/asm-generic/resource.h \
- 		      $(src)/Makefile
- 	$(call cmd,make-rlim)
-+$(obj)/net_names.h : $(srctree)/include/linux/socket.h \
-+		     $(srctree)/include/linux/net.h \
-+		     $(src)/Makefile
-+	$(call cmd,make-af)
-+	$(call cmd,make-sock)
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 729e595..181d961 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -807,6 +807,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
- 	AA_FS_DIR("policy",			aa_fs_entry_policy),
- 	AA_FS_DIR("domain",			aa_fs_entry_domain),
- 	AA_FS_DIR("file",			aa_fs_entry_file),
-+	AA_FS_DIR("network",                    aa_fs_entry_network),
- 	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
- 	AA_FS_DIR("rlimit",			aa_fs_entry_rlimit),
- 	AA_FS_DIR("caps",			aa_fs_entry_caps),
-diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
-index ba3dfd1..5d3c419 100644
---- a/security/apparmor/include/audit.h
-+++ b/security/apparmor/include/audit.h
-@@ -125,6 +125,10 @@ struct apparmor_audit_data {
- 			u32 denied;
- 			kuid_t ouid;
- 		} fs;
-+		struct {
-+			int type, protocol;
-+			struct sock *sk;
-+		} net;
- 	};
- };
- 
-diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
-new file mode 100644
-index 0000000..cb8a121
---- /dev/null
-+++ b/security/apparmor/include/net.h
-@@ -0,0 +1,44 @@
-+/*
-+ * AppArmor security module
-+ *
-+ * This file contains AppArmor network mediation definitions.
-+ *
-+ * Copyright (C) 1998-2008 Novell/SUSE
-+ * Copyright 2009-2012 Canonical Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation, version 2 of the
-+ * License.
-+ */
-+
-+#ifndef __AA_NET_H
-+#define __AA_NET_H
-+
-+#include <net/sock.h>
-+
-+#include "apparmorfs.h"
-+
-+/* struct aa_net - network confinement data
-+ * @allowed: basic network families permissions
-+ * @audit_network: which network permissions to force audit
-+ * @quiet_network: which network permissions to quiet rejects
-+ */
-+struct aa_net {
-+	u16 allow[AF_MAX];
-+	u16 audit[AF_MAX];
-+	u16 quiet[AF_MAX];
-+};
-+
-+extern struct aa_fs_entry aa_fs_entry_network[];
-+
-+extern int aa_net_perm(int op, struct aa_profile *profile, u16 family,
-+		       int type, int protocol, struct sock *sk);
-+extern int aa_revalidate_sk(int op, struct sock *sk);
-+
-+static inline void aa_free_net_rules(struct aa_net *new)
-+{
-+	/* NOP */
-+}
-+
-+#endif /* __AA_NET_H */
-diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
-index 52275f0..4fc4dac 100644
---- a/security/apparmor/include/policy.h
-+++ b/security/apparmor/include/policy.h
-@@ -27,6 +27,7 @@
- #include "capability.h"
- #include "domain.h"
- #include "file.h"
-+#include "net.h"
- #include "resource.h"
- 
- extern const char *const aa_profile_mode_names[];
-@@ -176,6 +177,7 @@ struct aa_replacedby {
-  * @policy: general match rules governing policy
-  * @file: The set of rules governing basic file access and domain transitions
-  * @caps: capabilities for the profile
-+ * @net: network controls for the profile
-  * @rlimits: rlimits for the profile
-  *
-  * @dents: dentries for the profiles file entries in apparmorfs
-@@ -217,6 +219,7 @@ struct aa_profile {
- 	struct aa_policydb policy;
- 	struct aa_file_rules file;
- 	struct aa_caps caps;
-+	struct aa_net net;
- 	struct aa_rlimit rlimits;
- 
- 	unsigned char *hash;
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 1bf6c53..284ddda 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -32,6 +32,7 @@
- #include "include/context.h"
- #include "include/file.h"
- #include "include/ipc.h"
-+#include "include/net.h"
- #include "include/path.h"
- #include "include/policy.h"
- #include "include/procattr.h"
-@@ -607,6 +608,104 @@ static int apparmor_task_setrlimit(struct task_struct *task,
- 	return error;
- }
- 
-+static int apparmor_socket_create(int family, int type, int protocol, int kern)
-+{
-+	struct aa_profile *profile;
-+	int error = 0;
-+
-+	if (kern)
-+		return 0;
-+
-+	profile = __aa_current_profile();
-+	if (!unconfined(profile))
-+		error = aa_net_perm(OP_CREATE, profile, family, type, protocol,
-+				    NULL);
-+	return error;
-+}
-+
-+static int apparmor_socket_bind(struct socket *sock,
-+				struct sockaddr *address, int addrlen)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_BIND, sk);
-+}
-+
-+static int apparmor_socket_connect(struct socket *sock,
-+				   struct sockaddr *address, int addrlen)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_CONNECT, sk);
-+}
-+
-+static int apparmor_socket_listen(struct socket *sock, int backlog)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_LISTEN, sk);
-+}
-+
-+static int apparmor_socket_accept(struct socket *sock, struct socket *newsock)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_ACCEPT, sk);
-+}
-+
-+static int apparmor_socket_sendmsg(struct socket *sock,
-+				   struct msghdr *msg, int size)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_SENDMSG, sk);
-+}
-+
-+static int apparmor_socket_recvmsg(struct socket *sock,
-+				   struct msghdr *msg, int size, int flags)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_RECVMSG, sk);
-+}
-+
-+static int apparmor_socket_getsockname(struct socket *sock)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_GETSOCKNAME, sk);
-+}
-+
-+static int apparmor_socket_getpeername(struct socket *sock)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_GETPEERNAME, sk);
-+}
-+
-+static int apparmor_socket_getsockopt(struct socket *sock, int level,
-+				      int optname)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_GETSOCKOPT, sk);
-+}
-+
-+static int apparmor_socket_setsockopt(struct socket *sock, int level,
-+				      int optname)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_SETSOCKOPT, sk);
-+}
-+
-+static int apparmor_socket_shutdown(struct socket *sock, int how)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
-+}
-+
- static struct security_hook_list apparmor_hooks[] = {
- 	LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
- 	LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
-@@ -636,6 +735,19 @@ static struct security_hook_list apparmor_hooks[] = {
- 	LSM_HOOK_INIT(getprocattr, apparmor_getprocattr),
- 	LSM_HOOK_INIT(setprocattr, apparmor_setprocattr),
- 
-+	LSM_HOOK_INIT(socket_create, apparmor_socket_create),
-+	LSM_HOOK_INIT(socket_bind, apparmor_socket_bind),
-+	LSM_HOOK_INIT(socket_connect, apparmor_socket_connect),
-+	LSM_HOOK_INIT(socket_listen, apparmor_socket_listen),
-+	LSM_HOOK_INIT(socket_accept, apparmor_socket_accept),
-+	LSM_HOOK_INIT(socket_sendmsg, apparmor_socket_sendmsg),
-+	LSM_HOOK_INIT(socket_recvmsg, apparmor_socket_recvmsg),
-+	LSM_HOOK_INIT(socket_getsockname, apparmor_socket_getsockname),
-+	LSM_HOOK_INIT(socket_getpeername, apparmor_socket_getpeername),
-+	LSM_HOOK_INIT(socket_getsockopt, apparmor_socket_getsockopt),
-+	LSM_HOOK_INIT(socket_setsockopt, apparmor_socket_setsockopt),
-+	LSM_HOOK_INIT(socket_shutdown, apparmor_socket_shutdown),
-+
- 	LSM_HOOK_INIT(cred_alloc_blank, apparmor_cred_alloc_blank),
- 	LSM_HOOK_INIT(cred_free, apparmor_cred_free),
- 	LSM_HOOK_INIT(cred_prepare, apparmor_cred_prepare),
-diff --git a/security/apparmor/net.c b/security/apparmor/net.c
-new file mode 100644
-index 0000000..003dd18
---- /dev/null
-+++ b/security/apparmor/net.c
-@@ -0,0 +1,162 @@
-+/*
-+ * AppArmor security module
-+ *
-+ * This file contains AppArmor network mediation
-+ *
-+ * Copyright (C) 1998-2008 Novell/SUSE
-+ * Copyright 2009-2012 Canonical Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation, version 2 of the
-+ * License.
-+ */
-+
-+#include "include/apparmor.h"
-+#include "include/audit.h"
-+#include "include/context.h"
-+#include "include/net.h"
-+#include "include/policy.h"
-+
-+#include "net_names.h"
-+
-+struct aa_fs_entry aa_fs_entry_network[] = {
-+	AA_FS_FILE_STRING("af_mask", AA_FS_AF_MASK),
-+	{ }
-+};
-+
-+/* audit callback for net specific fields */
-+static void audit_cb(struct audit_buffer *ab, void *va)
-+{
-+	struct common_audit_data *sa = va;
-+
-+	audit_log_format(ab, " family=");
-+	if (address_family_names[sa->u.net->family]) {
-+		audit_log_string(ab, address_family_names[sa->u.net->family]);
-+	} else {
-+		audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family);
-+	}
-+	audit_log_format(ab, " sock_type=");
-+	if (sock_type_names[sa->aad->net.type]) {
-+		audit_log_string(ab, sock_type_names[sa->aad->net.type]);
-+	} else {
-+		audit_log_format(ab, "\"unknown(%d)\"", sa->aad->net.type);
-+	}
-+	audit_log_format(ab, " protocol=%d", sa->aad->net.protocol);
-+}
-+
-+/**
-+ * audit_net - audit network access
-+ * @profile: profile being enforced  (NOT NULL)
-+ * @op: operation being checked
-+ * @family: network family
-+ * @type:   network type
-+ * @protocol: network protocol
-+ * @sk: socket auditing is being applied to
-+ * @error: error code for failure else 0
-+ *
-+ * Returns: %0 or sa->error else other errorcode on failure
-+ */
-+static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
-+		     int protocol, struct sock *sk, int error)
-+{
-+	int audit_type = AUDIT_APPARMOR_AUTO;
-+	struct common_audit_data sa;
-+	struct apparmor_audit_data aad = { };
-+	struct lsm_network_audit net = { };
-+	if (sk) {
-+		sa.type = LSM_AUDIT_DATA_NET;
-+	} else {
-+		sa.type = LSM_AUDIT_DATA_NONE;
-+	}
-+	/* todo fill in socket addr info */
-+	sa.aad = &aad;
-+	sa.u.net = &net;
-+	sa.aad->op = op,
-+	sa.u.net->family = family;
-+	sa.u.net->sk = sk;
-+	sa.aad->net.type = type;
-+	sa.aad->net.protocol = protocol;
-+	sa.aad->error = error;
-+
-+	if (likely(!sa.aad->error)) {
-+		u16 audit_mask = profile->net.audit[sa.u.net->family];
-+		if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
-+			   !(1 << sa.aad->net.type & audit_mask)))
-+			return 0;
-+		audit_type = AUDIT_APPARMOR_AUDIT;
-+	} else {
-+		u16 quiet_mask = profile->net.quiet[sa.u.net->family];
-+		u16 kill_mask = 0;
-+		u16 denied = (1 << sa.aad->net.type) & ~quiet_mask;
-+
-+		if (denied & kill_mask)
-+			audit_type = AUDIT_APPARMOR_KILL;
-+
-+		if ((denied & quiet_mask) &&
-+		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&
-+		    AUDIT_MODE(profile) != AUDIT_ALL)
-+			return COMPLAIN_MODE(profile) ? 0 : sa.aad->error;
-+	}
-+
-+	return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb);
-+}
-+
-+/**
-+ * aa_net_perm - very course network access check
-+ * @op: operation being checked
-+ * @profile: profile being enforced  (NOT NULL)
-+ * @family: network family
-+ * @type:   network type
-+ * @protocol: network protocol
-+ *
-+ * Returns: %0 else error if permission denied
-+ */
-+int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type,
-+		int protocol, struct sock *sk)
-+{
-+	u16 family_mask;
-+	int error;
-+
-+	if ((family < 0) || (family >= AF_MAX))
-+		return -EINVAL;
-+
-+	if ((type < 0) || (type >= SOCK_MAX))
-+		return -EINVAL;
-+
-+	/* unix domain and netlink sockets are handled by ipc */
-+	if (family == AF_UNIX || family == AF_NETLINK)
-+		return 0;
-+
-+	family_mask = profile->net.allow[family];
-+
-+	error = (family_mask & (1 << type)) ? 0 : -EACCES;
-+
-+	return audit_net(profile, op, family, type, protocol, sk, error);
-+}
-+
-+/**
-+ * aa_revalidate_sk - Revalidate access to a sock
-+ * @op: operation being checked
-+ * @sk: sock being revalidated  (NOT NULL)
-+ *
-+ * Returns: %0 else error if permission denied
-+ */
-+int aa_revalidate_sk(int op, struct sock *sk)
-+{
-+	struct aa_profile *profile;
-+	int error = 0;
-+
-+	/* aa_revalidate_sk should not be called from interrupt context
-+	 * don't mediate these calls as they are not task related
-+	 */
-+	if (in_interrupt())
-+		return 0;
-+
-+	profile = __aa_current_profile();
-+	if (!unconfined(profile))
-+		error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type,
-+				    sk->sk_protocol, sk);
-+
-+	return error;
-+}
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 179e68d..f1a8541 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -603,6 +603,7 @@ void aa_free_profile(struct aa_profile *profile)
- 
- 	aa_free_file_rules(&profile->file);
- 	aa_free_cap_rules(&profile->caps);
-+	aa_free_net_rules(&profile->net);
- 	aa_free_rlimit_rules(&profile->rlimits);
- 
- 	kzfree(profile->dirname);
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index dac2121..0107bc4 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -193,6 +193,19 @@ fail:
- 	return 0;
- }
- 
-+static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
-+{
-+	if (unpack_nameX(e, AA_U16, name)) {
-+		if (!inbounds(e, sizeof(u16)))
-+			return 0;
-+		if (data)
-+			*data = le16_to_cpu(get_unaligned((u16 *) e->pos));
-+		e->pos += sizeof(u16);
-+		return 1;
-+	}
-+	return 0;
-+}
-+
- static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U32, name)) {
-@@ -476,6 +489,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
- {
- 	struct aa_profile *profile = NULL;
- 	const char *name = NULL;
-+	size_t size = 0;
- 	int i, error = -EPROTO;
- 	kernel_cap_t tmpcap;
- 	u32 tmp;
-@@ -576,6 +590,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
- 	if (!unpack_rlimits(e, profile))
- 		goto fail;
- 
-+	size = unpack_array(e, "net_allowed_af");
-+	if (size) {
-+
-+		for (i = 0; i < size; i++) {
-+			/* discard extraneous rules that this kernel will
-+			 * never request
-+			 */
-+			if (i >= AF_MAX) {
-+				u16 tmp;
-+				if (!unpack_u16(e, &tmp, NULL) ||
-+				    !unpack_u16(e, &tmp, NULL) ||
-+				    !unpack_u16(e, &tmp, NULL))
-+					goto fail;
-+				continue;
-+			}
-+			if (!unpack_u16(e, &profile->net.allow[i], NULL))
-+				goto fail;
-+			if (!unpack_u16(e, &profile->net.audit[i], NULL))
-+				goto fail;
-+			if (!unpack_u16(e, &profile->net.quiet[i], NULL))
-+				goto fail;
-+		}
-+		if (!unpack_nameX(e, AA_ARRAYEND, NULL))
-+			goto fail;
-+	}
-+	/*
-+	 * allow unix domain and netlink sockets they are handled
-+	 * by IPC
-+	 */
-+	profile->net.allow[AF_UNIX] = 0xffff;
-+	profile->net.allow[AF_NETLINK] = 0xffff;
-+
- 	if (unpack_nameX(e, AA_STRUCT, "policydb")) {
- 		/* generic policy dfa - optional and may be NULL */
- 		profile->policy.dfa = unpack_dfa(e);
--- 
-2.7.4
-

kernel-patches/4.4/0025-apparmor-Fix-quieting-of-audit-messages-for-network-.patch

@@ -1,38 +0,0 @@
-From aa45ba104003404efb59e6f7178045ade756035d Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 29 Jun 2012 17:34:00 -0700
-Subject: [PATCH 25/27] apparmor: Fix quieting of audit messages for network
- mediation
-
-If a profile specified a quieting of network denials for a given rule by
-either the quiet or deny rule qualifiers, the resultant quiet mask for
-denied requests was applied incorrectly, resulting in two potential bugs.
-1. The misapplied quiet mask would prevent denials from being correctly
-   tested against the kill mask/mode. Thus network access requests that
-   should have resulted in the application being killed did not.
-
-2. The actual quieting of the denied network request was not being applied.
-   This would result in network rejections always being logged even when
-   they had been specifically marked as quieted.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/net.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/net.c b/security/apparmor/net.c
-index 003dd18..6e6e5c9 100644
---- a/security/apparmor/net.c
-+++ b/security/apparmor/net.c
-@@ -88,7 +88,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
- 	} else {
- 		u16 quiet_mask = profile->net.quiet[sa.u.net->family];
- 		u16 kill_mask = 0;
--		u16 denied = (1 << sa.aad->net.type) & ~quiet_mask;
-+		u16 denied = (1 << sa.aad->net.type);
- 
- 		if (denied & kill_mask)
- 			audit_type = AUDIT_APPARMOR_KILL;
--- 
-2.7.4
-

kernel-patches/4.4/0027-UBUNTU-SAUCE-AppArmor-fix-boolreturn.cocci-warnings.patch

@@ -1,180 +0,0 @@
-From 1eff686074a6af0cf47fc24c45ebb001c570a98b Mon Sep 17 00:00:00 2001
-From: kbuild test robot <fengguang.wu@intel.com>
-Date: Fri, 29 Jul 2016 12:44:43 +0800
-Subject: [PATCH 27/27] UBUNTU: SAUCE: AppArmor: fix boolreturn.cocci warnings
-
-security/apparmor/policy_unpack.c:143:9-10: WARNING: return of 0/1 in function 'unpack_X' with return type bool
-security/apparmor/policy_unpack.c:189:9-10: WARNING: return of 0/1 in function 'unpack_nameX' with return type bool
-security/apparmor/policy_unpack.c:475:8-9: WARNING: return of 0/1 in function 'unpack_rlimits' with return type bool
-security/apparmor/policy_unpack.c:440:8-9: WARNING: return of 0/1 in function 'unpack_trans_table' with return type bool
-security/apparmor/policy_unpack.c:200:10-11: WARNING: return of 0/1 in function 'unpack_u16' with return type bool
-security/apparmor/policy_unpack.c:213:10-11: WARNING: return of 0/1 in function 'unpack_u32' with return type bool
-security/apparmor/policy_unpack.c:226:10-11: WARNING: return of 0/1 in function 'unpack_u64' with return type bool
-security/apparmor/policy_unpack.c:325:10-11: WARNING: return of 0/1 in function 'verify_accept' with return type bool
-security/apparmor/policy_unpack.c:739:10-11: WARNING: return of 0/1 in function 'verify_dfa_xindex' with return type bool
-security/apparmor/policy_unpack.c:729:9-10: WARNING: return of 0/1 in function 'verify_xindex' with return type bool
-
- Return statements in functions returning bool should use
- true/false instead of 1/0.
-Generated by: scripts/coccinelle/misc/boolreturn.cocci
-Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/policy_unpack.c | 52 +++++++++++++++++++--------------------
- 1 file changed, 26 insertions(+), 26 deletions(-)
-
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index 0107bc4..af14626 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -140,11 +140,11 @@ static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk)
- static bool unpack_X(struct aa_ext *e, enum aa_code code)
- {
- 	if (!inbounds(e, 1))
--		return 0;
-+		return false;
- 	if (*(u8 *) e->pos != code)
--		return 0;
-+		return false;
- 	e->pos++;
--	return 1;
-+	return true;
- }
- 
- /**
-@@ -186,50 +186,50 @@ static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
- 
- 	/* now check if type code matches */
- 	if (unpack_X(e, code))
--		return 1;
-+		return true;
- 
- fail:
- 	e->pos = pos;
--	return 0;
-+	return false;
- }
- 
- static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U16, name)) {
- 		if (!inbounds(e, sizeof(u16)))
--			return 0;
-+			return false;
- 		if (data)
- 			*data = le16_to_cpu(get_unaligned((u16 *) e->pos));
- 		e->pos += sizeof(u16);
--		return 1;
-+		return true;
- 	}
--	return 0;
-+	return false;
- }
- 
- static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U32, name)) {
- 		if (!inbounds(e, sizeof(u32)))
--			return 0;
-+			return false;
- 		if (data)
- 			*data = le32_to_cpu(get_unaligned((u32 *) e->pos));
- 		e->pos += sizeof(u32);
--		return 1;
-+		return true;
- 	}
--	return 0;
-+	return false;
- }
- 
- static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U64, name)) {
- 		if (!inbounds(e, sizeof(u64)))
--			return 0;
-+			return false;
- 		if (data)
- 			*data = le64_to_cpu(get_unaligned((u64 *) e->pos));
- 		e->pos += sizeof(u64);
--		return 1;
-+		return true;
- 	}
--	return 0;
-+	return false;
- }
- 
- static size_t unpack_array(struct aa_ext *e, const char *name)
-@@ -322,12 +322,12 @@ static bool verify_accept(struct aa_dfa *dfa, int flags)
- 		int mode = ACCEPT_TABLE(dfa)[i];
- 
- 		if (mode & ~DFA_VALID_PERM_MASK)
--			return 0;
-+			return false;
- 
- 		if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK)
--			return 0;
-+			return false;
- 	}
--	return 1;
-+	return true;
- }
- 
- /**
-@@ -437,12 +437,12 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
- 		if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- 			goto fail;
- 	}
--	return 1;
-+	return true;
- 
- fail:
- 	aa_free_domain_entries(&profile->file.trans);
- 	e->pos = pos;
--	return 0;
-+	return false;
- }
- 
- static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
-@@ -472,11 +472,11 @@ static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
- 		if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- 			goto fail;
- 	}
--	return 1;
-+	return true;
- 
- fail:
- 	e->pos = pos;
--	return 0;
-+	return false;
- }
- 
- /**
-@@ -726,8 +726,8 @@ static bool verify_xindex(int xindex, int table_size)
- 	xtype = xindex & AA_X_TYPE_MASK;
- 	index = xindex & AA_X_INDEX_MASK;
- 	if (xtype == AA_X_TABLE && index >= table_size)
--		return 0;
--	return 1;
-+		return false;
-+	return true;
- }
- 
- /* verify dfa xindexes are in range of transition tables */
-@@ -736,11 +736,11 @@ static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size)
- 	int i;
- 	for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
- 		if (!verify_xindex(dfa_user_xindex(dfa, i), table_size))
--			return 0;
-+			return false;
- 		if (!verify_xindex(dfa_other_xindex(dfa, i), table_size))
--			return 0;
-+			return false;
- 	}
--	return 1;
-+	return true;
- }
- 
- /**
--- 
-2.7.4
-

kernel-patches/4.5/0001-apparmor-fix-oops-validate-buffer-size-in-apparmor_s.patch

@@ -1,118 +0,0 @@
-From 24b6ac149a57c2d3d5a9920e64d914e8ff00d346 Mon Sep 17 00:00:00 2001
-From: Vegard Nossum <vegard.nossum@oracle.com>
-Date: Thu, 7 Jul 2016 13:41:11 -0700
-Subject: [PATCH 01/27] apparmor: fix oops, validate buffer size in
- apparmor_setprocattr()
-
-When proc_pid_attr_write() was changed to use memdup_user apparmor's
-(interface violating) assumption that the setprocattr buffer was always
-a single page was violated.
-
-The size test is not strictly speaking needed as proc_pid_attr_write()
-will reject anything larger, but for the sake of robustness we can keep
-it in.
-
-SMACK and SELinux look safe to me, but somebody else should probably
-have a look just in case.
-
-Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
-modified for the case that apparmor provides null termination.
-
-Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
-Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
-Cc: Al Viro <viro@zeniv.linux.org.uk>
-Cc: John Johansen <john.johansen@canonical.com>
-Cc: Paul Moore <paul@paul-moore.com>
-Cc: Stephen Smalley <sds@tycho.nsa.gov>
-Cc: Eric Paris <eparis@parisplace.org>
-Cc: Casey Schaufler <casey@schaufler-ca.com>
-Cc: stable@kernel.org
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Signed-off-by: James Morris <james.l.morris@oracle.com>
----
- security/apparmor/lsm.c | 36 +++++++++++++++++++-----------------
- 1 file changed, 19 insertions(+), 17 deletions(-)
-
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index dec607c..5ee8201 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -523,34 +523,34 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- {
- 	struct common_audit_data sa;
- 	struct apparmor_audit_data aad = {0,};
--	char *command, *args = value;
-+	char *command, *largs = NULL, *args = value;
- 	size_t arg_size;
- 	int error;
- 
- 	if (size == 0)
- 		return -EINVAL;
--	/* args points to a PAGE_SIZE buffer, AppArmor requires that
--	 * the buffer must be null terminated or have size <= PAGE_SIZE -1
--	 * so that AppArmor can null terminate them
--	 */
--	if (args[size - 1] != '\0') {
--		if (size == PAGE_SIZE)
--			return -EINVAL;
--		args[size] = '\0';
--	}
--
- 	/* task can only write its own attributes */
- 	if (current != task)
- 		return -EACCES;
- 
--	args = value;
-+	/* AppArmor requires that the buffer must be null terminated atm */
-+	if (args[size - 1] != '\0') {
-+		/* null terminate */
-+		largs = args = kmalloc(size + 1, GFP_KERNEL);
-+		if (!args)
-+			return -ENOMEM;
-+		memcpy(args, value, size);
-+		args[size] = '\0';
-+	}
-+
-+	error = -EINVAL;
- 	args = strim(args);
- 	command = strsep(&args, " ");
- 	if (!args)
--		return -EINVAL;
-+		goto out;
- 	args = skip_spaces(args);
- 	if (!*args)
--		return -EINVAL;
-+		goto out;
- 
- 	arg_size = size - (args - (char *) value);
- 	if (strcmp(name, "current") == 0) {
-@@ -576,10 +576,12 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- 			goto fail;
- 	} else
- 		/* only support the "current" and "exec" process attributes */
--		return -EINVAL;
-+		goto fail;
- 
- 	if (!error)
- 		error = size;
-+out:
-+	kfree(largs);
- 	return error;
- 
- fail:
-@@ -588,9 +590,9 @@ fail:
- 	aad.profile = aa_current_profile();
- 	aad.op = OP_SETPROCATTR;
- 	aad.info = name;
--	aad.error = -EINVAL;
-+	aad.error = error = -EINVAL;
- 	aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
--	return -EINVAL;
-+	goto out;
- }
- 
- static int apparmor_task_setrlimit(struct task_struct *task,
--- 
-2.7.4
-

kernel-patches/4.5/0002-apparmor-fix-refcount-bug-in-profile-replacement.patch

@@ -1,33 +0,0 @@
-From 444bc4f95ec283cd0fb9777f4890bd9bc307809d Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 11 Apr 2016 16:55:10 -0700
-Subject: [PATCH 02/27] apparmor: fix refcount bug in profile replacement
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 705c287..222052f 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1189,12 +1189,12 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 				aa_get_profile(newest);
- 				aa_put_profile(parent);
- 				rcu_assign_pointer(ent->new->parent, newest);
--			} else
--				aa_put_profile(newest);
-+			}
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
- 					   aa_get_profile(ent->new));
- 			__list_add_profile(&parent->base.profiles, ent->new);
-+			aa_put_profile(newest);
- 		} else {
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
--- 
-2.7.4
-

kernel-patches/4.5/0003-apparmor-fix-replacement-bug-that-adds-new-child-to-.patch

@@ -1,38 +0,0 @@
-From 1224a06778b89dcbf0ca85bd961c2fcdd8765a69 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 11 Apr 2016 16:57:19 -0700
-Subject: [PATCH 03/27] apparmor: fix replacement bug that adds new child to
- old parent
-
-When set atomic replacement is used and the parent is updated before the
-child, and the child did not exist in the old parent so there is no
-direct replacement then the new child is incorrectly added to the old
-parent. This results in the new parent not having the child(ren) that
-it should and the old parent when being destroyed asserting the
-following error.
-
-AppArmor: policy_destroy: internal error, policy '<profile/name>' still
-contains profiles
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 222052f..c92a9f6 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
- 					   aa_get_profile(ent->new));
--			__list_add_profile(&parent->base.profiles, ent->new);
-+			__list_add_profile(&newest->base.profiles, ent->new);
- 			aa_put_profile(newest);
- 		} else {
- 			/* aafs interface uses replacedby */
--- 
-2.7.4
-

kernel-patches/4.5/0004-apparmor-fix-uninitialized-lsm_audit-member.patch

@@ -1,87 +0,0 @@
-From 15d921647676fdc2c3ee1cf9aa8f578b1012ecff Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sun, 8 Jun 2014 11:20:54 -0700
-Subject: [PATCH 04/27] apparmor: fix uninitialized lsm_audit member
-
-BugLink: http://bugs.launchpad.net/bugs/1268727
-
-The task field in the lsm_audit struct needs to be initialized if
-a change_hat fails, otherwise the following oops will occur
-
-BUG: unable to handle kernel paging request at 0000002fbead7d08
-IP: [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
-PGD 1e3f35067 PUD 0
-Oops: 0002 [#1] SMP
-Modules linked in: pppox crc_ccitt p8023 p8022 psnap llc ax25 btrfs raid6_pq xor xfs libcrc32c dm_multipath scsi_dh kvm_amd dcdbas kvm microcode amd64_edac_mod joydev edac_core psmouse edac_mce_amd serio_raw k10temp sp5100_tco i2c_piix4 ipmi_si ipmi_msghandler acpi_power_meter mac_hid lp parport hid_generic usbhid hid pata_acpi mpt2sas ahci raid_class pata_atiixp bnx2 libahci scsi_transport_sas [last unloaded: tipc]
-CPU: 2 PID: 699 Comm: changehat_twice Tainted: GF          O 3.13.0-7-generic #25-Ubuntu
-Hardware name: Dell Inc. PowerEdge R415/08WNM9, BIOS 1.8.6 12/06/2011
-task: ffff8802135c6000 ti: ffff880212986000 task.ti: ffff880212986000
-RIP: 0010:[<ffffffff8171153e>]  [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
-RSP: 0018:ffff880212987b68  EFLAGS: 00010006
-RAX: 0000000000020000 RBX: 0000002fbead7500 RCX: 0000000000000000
-RDX: 0000000000000292 RSI: ffff880212987ba8 RDI: 0000002fbead7d08
-RBP: ffff880212987b68 R08: 0000000000000246 R09: ffff880216e572a0
-R10: ffffffff815fd677 R11: ffffea0008469580 R12: ffffffff8130966f
-R13: ffff880212987ba8 R14: 0000002fbead7d08 R15: ffff8800d8c6b830
-FS:  00002b5e6c84e7c0(0000) GS:ffff880216e40000(0000) knlGS:0000000055731700
-CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-CR2: 0000002fbead7d08 CR3: 000000021270f000 CR4: 00000000000006e0
-Stack:
- ffff880212987b98 ffffffff81075f17 ffffffff8130966f 0000000000000009
- 0000000000000000 0000000000000000 ffff880212987bd0 ffffffff81075f7c
- 0000000000000292 ffff880212987c08 ffff8800d8c6b800 0000000000000026
-Call Trace:
- [<ffffffff81075f17>] __lock_task_sighand+0x47/0x80
- [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
- [<ffffffff81075f7c>] do_send_sig_info+0x2c/0x80
- [<ffffffff81075fee>] send_sig_info+0x1e/0x30
- [<ffffffff8130242d>] aa_audit+0x13d/0x190
- [<ffffffff8130c1dc>] aa_audit_file+0xbc/0x130
- [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
- [<ffffffff81304cc2>] aa_change_hat+0x202/0x530
- [<ffffffff81308fc6>] aa_setprocattr_changehat+0x116/0x1d0
- [<ffffffff8130a11d>] apparmor_setprocattr+0x25d/0x300
- [<ffffffff812cee56>] security_setprocattr+0x16/0x20
- [<ffffffff8121fc87>] proc_pid_attr_write+0x107/0x130
- [<ffffffff811b7604>] vfs_write+0xb4/0x1f0
- [<ffffffff811b8039>] SyS_write+0x49/0xa0
- [<ffffffff8171a1bf>] tracesys+0xe1/0xe6
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/audit.c | 3 ++-
- security/apparmor/file.c  | 3 ++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
-index 89c7865..3a7f1da 100644
---- a/security/apparmor/audit.c
-+++ b/security/apparmor/audit.c
-@@ -200,7 +200,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
- 
- 	if (sa->aad->type == AUDIT_APPARMOR_KILL)
- 		(void)send_sig_info(SIGKILL, NULL,
--				    sa->u.tsk ?  sa->u.tsk : current);
-+			sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
-+				    sa->u.tsk : current);
- 
- 	if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
- 		return complain_error(sa->aad->error);
-diff --git a/security/apparmor/file.c b/security/apparmor/file.c
-index 913f377..43d6ae7 100644
---- a/security/apparmor/file.c
-+++ b/security/apparmor/file.c
-@@ -110,7 +110,8 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
- 	int type = AUDIT_APPARMOR_AUTO;
- 	struct common_audit_data sa;
- 	struct apparmor_audit_data aad = {0,};
--	sa.type = LSM_AUDIT_DATA_NONE;
-+	sa.type = LSM_AUDIT_DATA_TASK;
-+	sa.u.tsk = NULL;
- 	sa.aad = &aad;
- 	aad.op = op,
- 	aad.fs.request = request;
--- 
-2.7.4
-

kernel-patches/4.5/0005-apparmor-exec-should-not-be-returning-ENOENT-when-it.patch

@@ -1,32 +0,0 @@
-From c1216728b7d644443eef31e4bd9d01b4a0a51d61 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:03 -0700
-Subject: [PATCH 05/27] apparmor: exec should not be returning ENOENT when it
- denies
-
-The current behavior is confusing as it causes exec failures to report
-the executable is missing instead of identifying that apparmor
-caused the failure.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/domain.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index dc0027b..67a7418 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -433,7 +433,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 				new_profile = aa_get_newest_profile(ns->unconfined);
- 				info = "ux fallback";
- 			} else {
--				error = -ENOENT;
-+				error = -EACCES;
- 				info = "profile not found";
- 				/* remove MAY_EXEC to audit as failure */
- 				perms.allow &= ~MAY_EXEC;
--- 
-2.7.4
-

kernel-patches/4.5/0006-apparmor-fix-update-the-mtime-of-the-profile-file-on.patch

@@ -1,28 +0,0 @@
-From 2d3389de6c8ab6b3ad2cef4ea460c8fce2a226b9 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:01:56 -0700
-Subject: [PATCH 06/27] apparmor: fix update the mtime of the profile file on
- replacement
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/apparmorfs.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index ad4fa49..45a6199 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -379,6 +379,8 @@ void __aa_fs_profile_migrate_dents(struct aa_profile *old,
- 
- 	for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
- 		new->dents[i] = old->dents[i];
-+		if (new->dents[i])
-+			new->dents[i]->d_inode->i_mtime = CURRENT_TIME;
- 		old->dents[i] = NULL;
- 	}
- }
--- 
-2.7.4
-

kernel-patches/4.5/0007-apparmor-fix-disconnected-bind-mnts-reconnection.patch

@@ -1,36 +0,0 @@
-From 9caa96e30a1b2bb191a29af872285c8d0b078c10 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:08 -0700
-Subject: [PATCH 07/27] apparmor: fix disconnected bind mnts reconnection
-
-Bind mounts can fail to be properly reconnected when PATH_CONNECT is
-specified. Ensure that when PATH_CONNECT is specified the path has
-a root.
-
-BugLink: http://bugs.launchpad.net/bugs/1319984
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/path.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/path.c b/security/apparmor/path.c
-index 71e0e3a..bb2f2c6 100644
---- a/security/apparmor/path.c
-+++ b/security/apparmor/path.c
-@@ -141,7 +141,10 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			error = -EACCES;
- 			if (*res == '/')
- 				*name = res + 1;
--		}
-+		} else if (*res != '/')
-+			/* CONNECT_PATH with missing root */
-+			error = prepend(name, *name - buf, "/", 1);
-+
- 	}
- 
- out:
--- 
-2.7.4
-

kernel-patches/4.5/0008-apparmor-internal-paths-should-be-treated-as-disconn.patch

@@ -1,114 +0,0 @@
-From 11702a732e149380e05e2ab8ae1b743ac89f892f Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:10 -0700
-Subject: [PATCH 08/27] apparmor: internal paths should be treated as
- disconnected
-
-Internal mounts are not mounted anywhere and as such should be treated
-as disconnected paths.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/path.c | 64 +++++++++++++++++++++++++++---------------------
- 1 file changed, 36 insertions(+), 28 deletions(-)
-
-diff --git a/security/apparmor/path.c b/security/apparmor/path.c
-index bb2f2c6..596f799 100644
---- a/security/apparmor/path.c
-+++ b/security/apparmor/path.c
-@@ -25,7 +25,6 @@
- #include "include/path.h"
- #include "include/policy.h"
- 
--
- /* modified from dcache.c */
- static int prepend(char **buffer, int buflen, const char *str, int namelen)
- {
-@@ -39,6 +38,38 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
- 
- #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
- 
-+/* If the path is not connected to the expected root,
-+ * check if it is a sysctl and handle specially else remove any
-+ * leading / that __d_path may have returned.
-+ * Unless
-+ *     specifically directed to connect the path,
-+ * OR
-+ *     if in a chroot and doing chroot relative paths and the path
-+ *     resolves to the namespace root (would be connected outside
-+ *     of chroot) and specifically directed to connect paths to
-+ *     namespace root.
-+ */
-+static int disconnect(const struct path *path, char *buf, char **name,
-+		      int flags)
-+{
-+	int error = 0;
-+
-+	if (!(flags & PATH_CONNECT_PATH) &&
-+	    !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
-+	      our_mnt(path->mnt))) {
-+		/* disconnected path, don't return pathname starting
-+		 * with '/'
-+		 */
-+		error = -EACCES;
-+		if (**name == '/')
-+			*name = *name + 1;
-+	} else if (**name != '/')
-+		/* CONNECT_PATH with missing root */
-+		error = prepend(name, *name - buf, "/", 1);
-+
-+	return error;
-+}
-+
- /**
-  * d_namespace_path - lookup a name associated with a given path
-  * @path: path to lookup  (NOT NULL)
-@@ -74,7 +105,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			 * control instead of hard coded /proc
- 			 */
- 			return prepend(name, *name - buf, "/proc", 5);
--		}
-+		} else
-+			return disconnect(path, buf, name, flags);
- 		return 0;
- 	}
- 
-@@ -120,32 +152,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			goto out;
- 	}
- 
--	/* If the path is not connected to the expected root,
--	 * check if it is a sysctl and handle specially else remove any
--	 * leading / that __d_path may have returned.
--	 * Unless
--	 *     specifically directed to connect the path,
--	 * OR
--	 *     if in a chroot and doing chroot relative paths and the path
--	 *     resolves to the namespace root (would be connected outside
--	 *     of chroot) and specifically directed to connect paths to
--	 *     namespace root.
--	 */
--	if (!connected) {
--		if (!(flags & PATH_CONNECT_PATH) &&
--			   !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
--			     our_mnt(path->mnt))) {
--			/* disconnected path, don't return pathname starting
--			 * with '/'
--			 */
--			error = -EACCES;
--			if (*res == '/')
--				*name = res + 1;
--		} else if (*res != '/')
--			/* CONNECT_PATH with missing root */
--			error = prepend(name, *name - buf, "/", 1);
--
--	}
-+	if (!connected)
-+		error = disconnect(path, buf, name, flags);
- 
- out:
- 	return error;
--- 
-2.7.4
-

kernel-patches/4.5/0009-apparmor-fix-put-parent-ref-after-updating-the-activ.patch

@@ -1,29 +0,0 @@
-From c70811d9e6234c96d0ef405cd8ad78b70efb8637 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 13:59:02 -0700
-Subject: [PATCH 09/27] apparmor: fix put() parent ref after updating the
- active ref
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index c92a9f6..455c9f8 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1187,8 +1187,8 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			/* parent replaced in this atomic set? */
- 			if (newest != parent) {
- 				aa_get_profile(newest);
--				aa_put_profile(parent);
- 				rcu_assign_pointer(ent->new->parent, newest);
-+				aa_put_profile(parent);
- 			}
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
--- 
-2.7.4
-

kernel-patches/4.5/0010-apparmor-fix-log-failures-for-all-profiles-in-a-set.patch

@@ -1,87 +0,0 @@
-From f671b902943f83f0fbc8c8b7bf8bbfb817d124f1 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 14:16:50 -0700
-Subject: [PATCH 10/27] apparmor: fix log failures for all profiles in a set
-
-currently only the profile that is causing the failure is logged. This
-makes it more confusing than necessary about which profiles loaded
-and which didn't. So make sure to log success and failure messages for
-all profiles in the set being loaded.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 29 +++++++++++++++++++----------
- 1 file changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 455c9f8..db31bc5 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1067,7 +1067,7 @@ static int __lookup_replace(struct aa_namespace *ns, const char *hname,
-  */
- ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- {
--	const char *ns_name, *name = NULL, *info = NULL;
-+	const char *ns_name, *info = NULL;
- 	struct aa_namespace *ns = NULL;
- 	struct aa_load_ent *ent, *tmp;
- 	int op = OP_PROF_REPL;
-@@ -1082,18 +1082,15 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 	/* released below */
- 	ns = aa_prepare_namespace(ns_name);
- 	if (!ns) {
--		info = "failed to prepare namespace";
--		error = -ENOMEM;
--		name = ns_name;
--		goto fail;
-+		error = audit_policy(op, GFP_KERNEL, ns_name,
-+				     "failed to prepare namespace", -ENOMEM);
-+		goto free;
- 	}
- 
- 	mutex_lock(&ns->lock);
- 	/* setup parent and ns info */
- 	list_for_each_entry(ent, &lh, list) {
- 		struct aa_policy *policy;
--
--		name = ent->new->base.hname;
- 		error = __lookup_replace(ns, ent->new->base.hname, noreplace,
- 					 &ent->old, &info);
- 		if (error)
-@@ -1121,7 +1118,6 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			if (!p) {
- 				error = -ENOENT;
- 				info = "parent does not exist";
--				name = ent->new->base.hname;
- 				goto fail_lock;
- 			}
- 			rcu_assign_pointer(ent->new->parent, aa_get_profile(p));
-@@ -1214,9 +1210,22 @@ out:
- 
- fail_lock:
- 	mutex_unlock(&ns->lock);
--fail:
--	error = audit_policy(op, GFP_KERNEL, name, info, error);
- 
-+	/* audit cause of failure */
-+	op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
-+	audit_policy(op, GFP_KERNEL, ent->new->base.hname, info, error);
-+	/* audit status that rest of profiles in the atomic set failed too */
-+	info = "valid profile in failed atomic policy load";
-+	list_for_each_entry(tmp, &lh, list) {
-+		if (tmp == ent) {
-+			info = "unchecked profile in failed atomic policy load";
-+			/* skip entry that caused failure */
-+			continue;
-+		}
-+		op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
-+		audit_policy(op, GFP_KERNEL, tmp->new->base.hname, info, error);
-+	}
-+free:
- 	list_for_each_entry_safe(ent, tmp, &lh, list) {
- 		list_del_init(&ent->list);
- 		aa_load_ent_free(ent);
--- 
-2.7.4
-

kernel-patches/4.5/0011-apparmor-fix-audit-full-profile-hname-on-successful-.patch

@@ -1,33 +0,0 @@
-From bc3c7d342bf53afdfdf46bc92dac5c624c89fb91 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 14:19:38 -0700
-Subject: [PATCH 11/27] apparmor: fix audit full profile hname on successful
- load
-
-Currently logging of a successful profile load only logs the basename
-of the profile. This can result in confusion when a child profile has
-the same name as the another profile in the set. Logging the hname
-will ensure there is no confusion.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index db31bc5..ca402d0 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1159,7 +1159,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 		list_del_init(&ent->list);
- 		op = (!ent->old && !ent->rename) ? OP_PROF_LOAD : OP_PROF_REPL;
- 
--		audit_policy(op, GFP_ATOMIC, ent->new->base.name, NULL, error);
-+		audit_policy(op, GFP_ATOMIC, ent->new->base.hname, NULL, error);
- 
- 		if (ent->old) {
- 			__replace_profile(ent->old, ent->new, 1);
--- 
-2.7.4
-

kernel-patches/4.5/0012-apparmor-ensure-the-target-profile-name-is-always-au.patch

@@ -1,112 +0,0 @@
-From 848da0479e5b9da3dc2ae4c64e0cca77a0abf02a Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 20 Apr 2016 14:18:18 -0700
-Subject: [PATCH 12/27] apparmor: ensure the target profile name is always
- audited
-
-The target profile name was not being correctly audited in a few
-cases because the target variable was not being set and gotos
-passed the code to set it at apply:
-
-Since it is always based on new_profile just drop the target var
-and conditionally report based on new_profile.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/domain.c | 20 +++++++++-----------
- 1 file changed, 9 insertions(+), 11 deletions(-)
-
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index 67a7418..fc3036b 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -346,7 +346,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		file_inode(bprm->file)->i_uid,
- 		file_inode(bprm->file)->i_mode
- 	};
--	const char *name = NULL, *target = NULL, *info = NULL;
-+	const char *name = NULL, *info = NULL;
- 	int error = 0;
- 
- 	if (bprm->cred_prepared)
-@@ -399,6 +399,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 	if (cxt->onexec) {
- 		struct file_perms cp;
- 		info = "change_profile onexec";
-+		new_profile = aa_get_newest_profile(cxt->onexec);
- 		if (!(perms.allow & AA_MAY_ONEXEC))
- 			goto audit;
- 
-@@ -413,7 +414,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 
- 		if (!(cp.allow & AA_MAY_ONEXEC))
- 			goto audit;
--		new_profile = aa_get_newest_profile(cxt->onexec);
- 		goto apply;
- 	}
- 
-@@ -445,10 +445,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		if (!new_profile) {
- 			error = -ENOMEM;
- 			info = "could not create null profile";
--		} else {
-+		} else
- 			error = -EACCES;
--			target = new_profile->base.hname;
--		}
- 		perms.xindex |= AA_X_UNSAFE;
- 	} else
- 		/* fail exec */
-@@ -459,7 +457,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 	 * fail the exec.
- 	 */
- 	if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) {
--		aa_put_profile(new_profile);
- 		error = -EPERM;
- 		goto cleanup;
- 	}
-@@ -474,10 +471,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 
- 	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
- 		error = may_change_ptraced_domain(new_profile);
--		if (error) {
--			aa_put_profile(new_profile);
-+		if (error)
- 			goto audit;
--		}
- 	}
- 
- 	/* Determine if secure exec is needed.
-@@ -498,7 +493,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		bprm->unsafe |= AA_SECURE_X_NEEDED;
- 	}
- apply:
--	target = new_profile->base.hname;
- 	/* when transitioning profiles clear unsafe personality bits */
- 	bprm->per_clear |= PER_CLEAR_ON_SETID;
- 
-@@ -506,15 +500,19 @@ x_clear:
- 	aa_put_profile(cxt->profile);
- 	/* transfer new profile reference will be released when cxt is freed */
- 	cxt->profile = new_profile;
-+	new_profile = NULL;
- 
- 	/* clear out all temporary/transitional state from the context */
- 	aa_clear_task_cxt_trans(cxt);
- 
- audit:
- 	error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,
--			      name, target, cond.uid, info, error);
-+			      name,
-+			      new_profile ? new_profile->base.hname : NULL,
-+			      cond.uid, info, error);
- 
- cleanup:
-+	aa_put_profile(new_profile);
- 	aa_put_profile(profile);
- 	kfree(buffer);
- 
--- 
-2.7.4
-

kernel-patches/4.5/0013-apparmor-check-that-xindex-is-in-trans_table-bounds.patch

@@ -1,27 +0,0 @@
-From 706473f3ead5cdffe5ad159adfbc090e0fda81d6 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Thu, 17 Mar 2016 12:02:54 -0700
-Subject: [PATCH 13/27] apparmor: check that xindex is in trans_table bounds
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy_unpack.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index a689f10..c841b12 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -676,7 +676,7 @@ static bool verify_xindex(int xindex, int table_size)
- 	int index, xtype;
- 	xtype = xindex & AA_X_TYPE_MASK;
- 	index = xindex & AA_X_INDEX_MASK;
--	if (xtype == AA_X_TABLE && index > table_size)
-+	if (xtype == AA_X_TABLE && index >= table_size)
- 		return 0;
- 	return 1;
- }
--- 
-2.7.4
-

kernel-patches/4.5/0014-apparmor-fix-ref-count-leak-when-profile-sha1-hash-i.patch

@@ -1,27 +0,0 @@
-From 05a64c434466029b298ee1e78a988cd6a7f80c0e Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 18 Nov 2015 11:41:05 -0800
-Subject: [PATCH 14/27] apparmor: fix ref count leak when profile sha1 hash is
- read
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/apparmorfs.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 45a6199..0d8dd71 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -331,6 +331,7 @@ static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
- 			seq_printf(seq, "%.2x", profile->hash[i]);
- 		seq_puts(seq, "\n");
- 	}
-+	aa_put_profile(profile);
- 
- 	return 0;
- }
--- 
-2.7.4
-

kernel-patches/4.5/0015-apparmor-fix-refcount-race-when-finding-a-child-prof.patch

@@ -1,37 +0,0 @@
-From 6b0b8b91f454bd021e27abe0e611a6764e4806c1 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 16 Dec 2015 18:09:10 -0800
-Subject: [PATCH 15/27] apparmor: fix refcount race when finding a child
- profile
-
-When finding a child profile via an rcu critical section, the profile
-may be put and scheduled for deletion after the child is found but
-before its refcount is incremented.
-
-Protect against this by repeating the lookup if the profiles refcount
-is 0 and is one its way to deletion.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index ca402d0..7807125 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
- 	struct aa_profile *profile;
- 
- 	rcu_read_lock();
--	profile = aa_get_profile(__find_child(&parent->base.profiles, name));
-+	do {
-+		profile = __find_child(&parent->base.profiles, name);
-+	} while (profile && !aa_get_profile_not0(profile));
- 	rcu_read_unlock();
- 
- 	/* refcount released by caller */
--- 
-2.7.4
-

kernel-patches/4.5/0016-apparmor-use-list_next_entry-instead-of-list_entry_n.patch

@@ -1,59 +0,0 @@
-From 84acc6aa6976e62756e14d3a00c5634724cbaa59 Mon Sep 17 00:00:00 2001
-From: Geliang Tang <geliangtang@163.com>
-Date: Mon, 16 Nov 2015 21:46:33 +0800
-Subject: [PATCH 16/27] apparmor: use list_next_entry instead of
- list_entry_next
-
-list_next_entry has been defined in list.h, so I replace list_entry_next
-with it.
-
-Signed-off-by: Geliang Tang <geliangtang@163.com>
-Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/apparmorfs.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 0d8dd71..729e595 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -553,8 +553,6 @@ fail2:
- }
- 
- 
--#define list_entry_next(pos, member) \
--	list_entry(pos->member.next, typeof(*pos), member)
- #define list_entry_is_head(pos, head, member) (&pos->member == (head))
- 
- /**
-@@ -585,7 +583,7 @@ static struct aa_namespace *__next_namespace(struct aa_namespace *root,
- 	parent = ns->parent;
- 	while (ns != root) {
- 		mutex_unlock(&ns->lock);
--		next = list_entry_next(ns, base.list);
-+		next = list_next_entry(ns, base.list);
- 		if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
- 			mutex_lock(&next->lock);
- 			return next;
-@@ -639,7 +637,7 @@ static struct aa_profile *__next_profile(struct aa_profile *p)
- 	parent = rcu_dereference_protected(p->parent,
- 					   mutex_is_locked(&p->ns->lock));
- 	while (parent) {
--		p = list_entry_next(p, base.list);
-+		p = list_next_entry(p, base.list);
- 		if (!list_entry_is_head(p, &parent->base.profiles, base.list))
- 			return p;
- 		p = parent;
-@@ -648,7 +646,7 @@ static struct aa_profile *__next_profile(struct aa_profile *p)
- 	}
- 
- 	/* is next another profile in the namespace */
--	p = list_entry_next(p, base.list);
-+	p = list_next_entry(p, base.list);
- 	if (!list_entry_is_head(p, &ns->base.profiles, base.list))
- 		return p;
- 
--- 
-2.7.4
-

kernel-patches/4.5/0017-apparmor-allow-SYS_CAP_RESOURCE-to-be-sufficient-to-.patch

@@ -1,50 +0,0 @@
-From a3896605318b86d8cf288c122e03604e349d5dd7 Mon Sep 17 00:00:00 2001
-From: Jeff Mahoney <jeffm@suse.com>
-Date: Fri, 6 Nov 2015 15:17:30 -0500
-Subject: [PATCH 17/27] apparmor: allow SYS_CAP_RESOURCE to be sufficient to
- prlimit another task
-
-While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit
-on another task. The only other example of a AppArmor mediating access to
-another, already running, task (ignoring fork+exec) is ptrace.
-
-The AppArmor model for ptrace is that one of the following must be true:
-1) The tracer is unconfined
-2) The tracer is in complain mode
-3) The tracer and tracee are confined by the same profile
-4) The tracer is confined but has SYS_CAP_PTRACE
-
-1), 2, and 3) are already true for setrlimit.
-
-We can match the ptrace model just by allowing CAP_SYS_RESOURCE.
-
-We still test the values of the rlimit since it can always be overridden
-using a value that means unlimited for a particular resource.
-
-Signed-off-by: Jeff Mahoney <jeffm@suse.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/resource.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
-index 748bf0c..67a6072 100644
---- a/security/apparmor/resource.c
-+++ b/security/apparmor/resource.c
-@@ -101,9 +101,11 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
- 	/* TODO: extend resource control to handle other (non current)
- 	 * profiles.  AppArmor rules currently have the implicit assumption
- 	 * that the task is setting the resource of a task confined with
--	 * the same profile.
-+	 * the same profile or that the task setting the resource of another
-+	 * task has CAP_SYS_RESOURCE.
- 	 */
--	if (profile != task_profile ||
-+	if ((profile != task_profile &&
-+	     aa_capable(profile, CAP_SYS_RESOURCE, 1)) ||
- 	    (profile->rlimits.mask & (1 << resource) &&
- 	     new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
- 		error = -EACCES;
--- 
-2.7.4
-

kernel-patches/4.5/0018-apparmor-add-missing-id-bounds-check-on-dfa-verifica.patch

@@ -1,40 +0,0 @@
-From 6fdcc3cfecd4d89457036627d59ebe5154d094c5 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Thu, 2 Jun 2016 02:37:02 -0700
-Subject: [PATCH 18/27] apparmor: add missing id bounds check on dfa
- verification
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/include/match.h | 1 +
- security/apparmor/match.c         | 2 ++
- 2 files changed, 3 insertions(+)
-
-diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h
-index 001c43a..a1c04fe 100644
---- a/security/apparmor/include/match.h
-+++ b/security/apparmor/include/match.h
-@@ -62,6 +62,7 @@ struct table_set_header {
- #define YYTD_ID_ACCEPT2 6
- #define YYTD_ID_NXT	7
- #define YYTD_ID_TSIZE	8
-+#define YYTD_ID_MAX	8
- 
- #define YYTD_DATA8	1
- #define YYTD_DATA16	2
-diff --git a/security/apparmor/match.c b/security/apparmor/match.c
-index 727eb42..f9f57c6 100644
---- a/security/apparmor/match.c
-+++ b/security/apparmor/match.c
-@@ -47,6 +47,8 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
- 	 * it every time we use td_id as an index
- 	 */
- 	th.td_id = be16_to_cpu(*(u16 *) (blob)) - 1;
-+	if (th.td_id > YYTD_ID_MAX)
-+		goto out;
- 	th.td_flags = be16_to_cpu(*(u16 *) (blob + 2));
- 	th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8));
- 	blob += sizeof(struct table_header);
--- 
-2.7.4
-

kernel-patches/4.5/0019-apparmor-don-t-check-for-vmalloc_addr-if-kvzalloc-fa.patch

@@ -1,38 +0,0 @@
-From 95d203cfb59627a86483a279ba82f1aa75297e07 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 15 Jun 2016 09:57:55 +0300
-Subject: [PATCH 19/27] apparmor: don't check for vmalloc_addr if kvzalloc()
- failed
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/match.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/security/apparmor/match.c b/security/apparmor/match.c
-index f9f57c6..32b72eb 100644
---- a/security/apparmor/match.c
-+++ b/security/apparmor/match.c
-@@ -75,14 +75,14 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
- 				     u32, be32_to_cpu);
- 		else
- 			goto fail;
-+		/* if table was vmalloced make sure the page tables are synced
-+		 * before it is used, as it goes live to all cpus.
-+		 */
-+		if (is_vmalloc_addr(table))
-+			vm_unmap_aliases();
- 	}
- 
- out:
--	/* if table was vmalloced make sure the page tables are synced
--	 * before it is used, as it goes live to all cpus.
--	 */
--	if (is_vmalloc_addr(table))
--		vm_unmap_aliases();
- 	return table;
- fail:
- 	kvfree(table);
--- 
-2.7.4
-

kernel-patches/4.5/0020-apparmor-fix-oops-in-profile_unpack-when-policy_db-i.patch

@@ -1,33 +0,0 @@
-From e925f976c7a9c85455f67c360671254bac2d9a91 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 15 Jun 2016 10:00:55 +0300
-Subject: [PATCH 20/27] apparmor: fix oops in profile_unpack() when policy_db
- is not present
-
-BugLink: http://bugs.launchpad.net/bugs/1592547
-
-If unpack_dfa() returns NULL due to the dfa not being present,
-profile_unpack() is not checking if the dfa is not present (NULL).
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/policy_unpack.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index c841b12..dac2121 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -583,6 +583,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
- 			error = PTR_ERR(profile->policy.dfa);
- 			profile->policy.dfa = NULL;
- 			goto fail;
-+		} else if (!profile->policy.dfa) {
-+			error = -EPROTO;
-+			goto fail;
- 		}
- 		if (!unpack_u32(e, &profile->policy.start[0], "start"))
- 			/* default start state */
--- 
-2.7.4
-

kernel-patches/4.5/0021-apparmor-fix-module-parameters-can-be-changed-after-.patch

@@ -1,162 +0,0 @@
-From 45774028820fe2ffbbc94667165f04749821d529 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 22 Jun 2016 18:01:08 -0700
-Subject: [PATCH 21/27] apparmor: fix module parameters can be changed after
- policy is locked
-
-the policy_lock parameter is a one way switch that prevents policy
-from being further modified. Unfortunately some of the module parameters
-can effectively modify policy by turning off enforcement.
-
-split policy_admin_capable into a view check and a full admin check,
-and update the admin check to test the policy_lock parameter.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/include/policy.h |  2 ++
- security/apparmor/lsm.c            | 22 ++++++++++------------
- security/apparmor/policy.c         | 18 +++++++++++++++++-
- 3 files changed, 29 insertions(+), 13 deletions(-)
-
-diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
-index c28b0f2..52275f0 100644
---- a/security/apparmor/include/policy.h
-+++ b/security/apparmor/include/policy.h
-@@ -403,6 +403,8 @@ static inline int AUDIT_MODE(struct aa_profile *profile)
- 	return profile->audit;
- }
- 
-+bool policy_view_capable(void);
-+bool policy_admin_capable(void);
- bool aa_may_manage_policy(int op);
- 
- #endif /* __AA_POLICY_H */
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 5ee8201..bd40b12 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -751,51 +751,49 @@ __setup("apparmor=", apparmor_enabled_setup);
- /* set global flag turning off the ability to load policy */
- static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
--	if (aa_g_lock_policy)
--		return -EACCES;
- 	return param_set_bool(val, kp);
- }
- 
- static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 	return param_get_bool(buffer, kp);
- }
- 
- static int param_set_aabool(const char *val, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 	return param_set_bool(val, kp);
- }
- 
- static int param_get_aabool(char *buffer, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 	return param_get_bool(buffer, kp);
- }
- 
- static int param_set_aauint(const char *val, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 	return param_set_uint(val, kp);
- }
- 
- static int param_get_aauint(char *buffer, const struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 	return param_get_uint(buffer, kp);
- }
- 
- static int param_get_audit(char *buffer, struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_view_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-@@ -807,7 +805,7 @@ static int param_get_audit(char *buffer, struct kernel_param *kp)
- static int param_set_audit(const char *val, struct kernel_param *kp)
- {
- 	int i;
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-@@ -828,7 +826,7 @@ static int param_set_audit(const char *val, struct kernel_param *kp)
- 
- static int param_get_mode(char *buffer, struct kernel_param *kp)
- {
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-@@ -840,7 +838,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp)
- static int param_set_mode(const char *val, struct kernel_param *kp)
- {
- 	int i;
--	if (!capable(CAP_MAC_ADMIN))
-+	if (!policy_admin_capable())
- 		return -EPERM;
- 
- 	if (!apparmor_enabled)
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 7807125..179e68d 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -918,6 +918,22 @@ static int audit_policy(int op, gfp_t gfp, const char *name, const char *info,
- 			&sa, NULL);
- }
- 
-+bool policy_view_capable(void)
-+{
-+	struct user_namespace *user_ns = current_user_ns();
-+	bool response = false;
-+
-+	if (ns_capable(user_ns, CAP_MAC_ADMIN))
-+		response = true;
-+
-+	return response;
-+}
-+
-+bool policy_admin_capable(void)
-+{
-+	return policy_view_capable() && !aa_g_lock_policy;
-+}
-+
- /**
-  * aa_may_manage_policy - can the current task manage policy
-  * @op: the policy manipulation operation being done
-@@ -932,7 +948,7 @@ bool aa_may_manage_policy(int op)
- 		return 0;
- 	}
- 
--	if (!capable(CAP_MAC_ADMIN)) {
-+	if (!policy_admin_capable()) {
- 		audit_policy(op, GFP_KERNEL, NULL, "not policy admin", -EACCES);
- 		return 0;
- 	}
--- 
-2.7.4
-

kernel-patches/4.5/0022-apparmor-do-not-expose-kernel-stack.patch

@@ -1,31 +0,0 @@
-From 7fcfc22cd04261ac35a579c99bcc804db7eb3e83 Mon Sep 17 00:00:00 2001
-From: Heinrich Schuchardt <xypron.glpk@gmx.de>
-Date: Fri, 10 Jun 2016 23:34:26 +0200
-Subject: [PATCH 22/27] apparmor: do not expose kernel stack
-
-Do not copy uninitalized fields th.td_hilen, th.td_data.
-
-Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/match.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/match.c b/security/apparmor/match.c
-index 32b72eb..3f900fc 100644
---- a/security/apparmor/match.c
-+++ b/security/apparmor/match.c
-@@ -63,7 +63,9 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
- 
- 	table = kvzalloc(tsize);
- 	if (table) {
--		*table = th;
-+		table->td_id = th.td_id;
-+		table->td_flags = th.td_flags;
-+		table->td_lolen = th.td_lolen;
- 		if (th.td_flags == YYTD_DATA8)
- 			UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
- 				     u8, byte_to_byte);
--- 
-2.7.4
-

kernel-patches/4.5/0023-apparmor-fix-arg_size-computation-for-when-setprocat.patch

@@ -1,27 +0,0 @@
-From 1b98560066c26fecb0a61aeb9249e141af2e63f9 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 9 Jul 2016 23:46:33 -0700
-Subject: [PATCH 23/27] apparmor: fix arg_size computation for when setprocattr
- is null terminated
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/lsm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index bd40b12..1bf6c53 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -552,7 +552,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- 	if (!*args)
- 		goto out;
- 
--	arg_size = size - (args - (char *) value);
-+	arg_size = size - (args - (largs ? largs : (char *) value));
- 	if (strcmp(name, "current") == 0) {
- 		if (strcmp(command, "changehat") == 0) {
- 			error = aa_setprocattr_changehat(args, arg_size,
--- 
-2.7.4
-

kernel-patches/4.5/0024-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch

@@ -1,603 +0,0 @@
-From 8d7c032e7798fa1c46449728874b64fff882368b Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 4 Oct 2010 15:03:36 -0700
-Subject: [PATCH 24/27] UBUNTU: SAUCE: AppArmor: basic networking rules
-
-Base support for network mediation.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/.gitignore       |   1 +
- security/apparmor/Makefile         |  42 +++++++++-
- security/apparmor/apparmorfs.c     |   1 +
- security/apparmor/include/audit.h  |   4 +
- security/apparmor/include/net.h    |  44 ++++++++++
- security/apparmor/include/policy.h |   3 +
- security/apparmor/lsm.c            | 112 +++++++++++++++++++++++++
- security/apparmor/net.c            | 162 +++++++++++++++++++++++++++++++++++++
- security/apparmor/policy.c         |   1 +
- security/apparmor/policy_unpack.c  |  46 +++++++++++
- 10 files changed, 414 insertions(+), 2 deletions(-)
- create mode 100644 security/apparmor/include/net.h
- create mode 100644 security/apparmor/net.c
-
-diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore
-index 9cdec70..d5b291e 100644
---- a/security/apparmor/.gitignore
-+++ b/security/apparmor/.gitignore
-@@ -1,5 +1,6 @@
- #
- # Generated include files
- #
-+net_names.h
- capability_names.h
- rlim_names.h
-diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
-index d693df8..5dbb72f 100644
---- a/security/apparmor/Makefile
-+++ b/security/apparmor/Makefile
-@@ -4,10 +4,10 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
- 
- apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
-               path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
--              resource.o sid.o file.o
-+              resource.o sid.o file.o net.o
- apparmor-$(CONFIG_SECURITY_APPARMOR_HASH) += crypto.o
- 
--clean-files := capability_names.h rlim_names.h
-+clean-files := capability_names.h rlim_names.h net_names.h
- 
- 
- # Build a lower case string table of capability names
-@@ -25,6 +25,38 @@ cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
- 	    -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
- 	     tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
- 
-+# Build a lower case string table of address family names
-+# Transform lines from
-+#    define AF_LOCAL	1	/* POSIX name for AF_UNIX	*/
-+#    #define AF_INET		2	/* Internet IP Protocol 	*/
-+# to
-+#    [1] = "local",
-+#    [2] = "inet",
-+#
-+# and build the securityfs entries for the mapping.
-+# Transforms lines from
-+#    #define AF_INET		2	/* Internet IP Protocol 	*/
-+# to
-+#    #define AA_FS_AF_MASK "local inet"
-+quiet_cmd_make-af = GEN     $@
-+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\
-+	sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \
-+	 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
-+	echo "};" >> $@ ;\
-+	echo -n '\#define AA_FS_AF_MASK "' >> $@ ;\
-+	sed -r -n 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\
-+	 $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
-+
-+# Build a lower case string table of sock type names
-+# Transform lines from
-+#    SOCK_STREAM	= 1,
-+# to
-+#    [1] = "stream",
-+quiet_cmd_make-sock = GEN     $@
-+cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\
-+	sed $^ >>$@ -r -n \
-+	-e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
-+	echo "};" >> $@
- 
- # Build a lower case string table of rlimit names.
- # Transforms lines from
-@@ -61,6 +93,7 @@ cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \
- 	    tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
- 
- $(obj)/capability.o : $(obj)/capability_names.h
-+$(obj)/net.o : $(obj)/net_names.h
- $(obj)/resource.o : $(obj)/rlim_names.h
- $(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \
- 			    $(src)/Makefile
-@@ -68,3 +101,8 @@ $(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \
- $(obj)/rlim_names.h : $(srctree)/include/uapi/asm-generic/resource.h \
- 		      $(src)/Makefile
- 	$(call cmd,make-rlim)
-+$(obj)/net_names.h : $(srctree)/include/linux/socket.h \
-+		     $(srctree)/include/linux/net.h \
-+		     $(src)/Makefile
-+	$(call cmd,make-af)
-+	$(call cmd,make-sock)
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 729e595..181d961 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -807,6 +807,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
- 	AA_FS_DIR("policy",			aa_fs_entry_policy),
- 	AA_FS_DIR("domain",			aa_fs_entry_domain),
- 	AA_FS_DIR("file",			aa_fs_entry_file),
-+	AA_FS_DIR("network",                    aa_fs_entry_network),
- 	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
- 	AA_FS_DIR("rlimit",			aa_fs_entry_rlimit),
- 	AA_FS_DIR("caps",			aa_fs_entry_caps),
-diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
-index ba3dfd1..5d3c419 100644
---- a/security/apparmor/include/audit.h
-+++ b/security/apparmor/include/audit.h
-@@ -125,6 +125,10 @@ struct apparmor_audit_data {
- 			u32 denied;
- 			kuid_t ouid;
- 		} fs;
-+		struct {
-+			int type, protocol;
-+			struct sock *sk;
-+		} net;
- 	};
- };
- 
-diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
-new file mode 100644
-index 0000000..cb8a121
---- /dev/null
-+++ b/security/apparmor/include/net.h
-@@ -0,0 +1,44 @@
-+/*
-+ * AppArmor security module
-+ *
-+ * This file contains AppArmor network mediation definitions.
-+ *
-+ * Copyright (C) 1998-2008 Novell/SUSE
-+ * Copyright 2009-2012 Canonical Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation, version 2 of the
-+ * License.
-+ */
-+
-+#ifndef __AA_NET_H
-+#define __AA_NET_H
-+
-+#include <net/sock.h>
-+
-+#include "apparmorfs.h"
-+
-+/* struct aa_net - network confinement data
-+ * @allowed: basic network families permissions
-+ * @audit_network: which network permissions to force audit
-+ * @quiet_network: which network permissions to quiet rejects
-+ */
-+struct aa_net {
-+	u16 allow[AF_MAX];
-+	u16 audit[AF_MAX];
-+	u16 quiet[AF_MAX];
-+};
-+
-+extern struct aa_fs_entry aa_fs_entry_network[];
-+
-+extern int aa_net_perm(int op, struct aa_profile *profile, u16 family,
-+		       int type, int protocol, struct sock *sk);
-+extern int aa_revalidate_sk(int op, struct sock *sk);
-+
-+static inline void aa_free_net_rules(struct aa_net *new)
-+{
-+	/* NOP */
-+}
-+
-+#endif /* __AA_NET_H */
-diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
-index 52275f0..4fc4dac 100644
---- a/security/apparmor/include/policy.h
-+++ b/security/apparmor/include/policy.h
-@@ -27,6 +27,7 @@
- #include "capability.h"
- #include "domain.h"
- #include "file.h"
-+#include "net.h"
- #include "resource.h"
- 
- extern const char *const aa_profile_mode_names[];
-@@ -176,6 +177,7 @@ struct aa_replacedby {
-  * @policy: general match rules governing policy
-  * @file: The set of rules governing basic file access and domain transitions
-  * @caps: capabilities for the profile
-+ * @net: network controls for the profile
-  * @rlimits: rlimits for the profile
-  *
-  * @dents: dentries for the profiles file entries in apparmorfs
-@@ -217,6 +219,7 @@ struct aa_profile {
- 	struct aa_policydb policy;
- 	struct aa_file_rules file;
- 	struct aa_caps caps;
-+	struct aa_net net;
- 	struct aa_rlimit rlimits;
- 
- 	unsigned char *hash;
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 1bf6c53..284ddda 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -32,6 +32,7 @@
- #include "include/context.h"
- #include "include/file.h"
- #include "include/ipc.h"
-+#include "include/net.h"
- #include "include/path.h"
- #include "include/policy.h"
- #include "include/procattr.h"
-@@ -607,6 +608,104 @@ static int apparmor_task_setrlimit(struct task_struct *task,
- 	return error;
- }
- 
-+static int apparmor_socket_create(int family, int type, int protocol, int kern)
-+{
-+	struct aa_profile *profile;
-+	int error = 0;
-+
-+	if (kern)
-+		return 0;
-+
-+	profile = __aa_current_profile();
-+	if (!unconfined(profile))
-+		error = aa_net_perm(OP_CREATE, profile, family, type, protocol,
-+				    NULL);
-+	return error;
-+}
-+
-+static int apparmor_socket_bind(struct socket *sock,
-+				struct sockaddr *address, int addrlen)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_BIND, sk);
-+}
-+
-+static int apparmor_socket_connect(struct socket *sock,
-+				   struct sockaddr *address, int addrlen)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_CONNECT, sk);
-+}
-+
-+static int apparmor_socket_listen(struct socket *sock, int backlog)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_LISTEN, sk);
-+}
-+
-+static int apparmor_socket_accept(struct socket *sock, struct socket *newsock)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_ACCEPT, sk);
-+}
-+
-+static int apparmor_socket_sendmsg(struct socket *sock,
-+				   struct msghdr *msg, int size)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_SENDMSG, sk);
-+}
-+
-+static int apparmor_socket_recvmsg(struct socket *sock,
-+				   struct msghdr *msg, int size, int flags)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_RECVMSG, sk);
-+}
-+
-+static int apparmor_socket_getsockname(struct socket *sock)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_GETSOCKNAME, sk);
-+}
-+
-+static int apparmor_socket_getpeername(struct socket *sock)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_GETPEERNAME, sk);
-+}
-+
-+static int apparmor_socket_getsockopt(struct socket *sock, int level,
-+				      int optname)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_GETSOCKOPT, sk);
-+}
-+
-+static int apparmor_socket_setsockopt(struct socket *sock, int level,
-+				      int optname)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_SETSOCKOPT, sk);
-+}
-+
-+static int apparmor_socket_shutdown(struct socket *sock, int how)
-+{
-+	struct sock *sk = sock->sk;
-+
-+	return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
-+}
-+
- static struct security_hook_list apparmor_hooks[] = {
- 	LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
- 	LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
-@@ -636,6 +735,19 @@ static struct security_hook_list apparmor_hooks[] = {
- 	LSM_HOOK_INIT(getprocattr, apparmor_getprocattr),
- 	LSM_HOOK_INIT(setprocattr, apparmor_setprocattr),
- 
-+	LSM_HOOK_INIT(socket_create, apparmor_socket_create),
-+	LSM_HOOK_INIT(socket_bind, apparmor_socket_bind),
-+	LSM_HOOK_INIT(socket_connect, apparmor_socket_connect),
-+	LSM_HOOK_INIT(socket_listen, apparmor_socket_listen),
-+	LSM_HOOK_INIT(socket_accept, apparmor_socket_accept),
-+	LSM_HOOK_INIT(socket_sendmsg, apparmor_socket_sendmsg),
-+	LSM_HOOK_INIT(socket_recvmsg, apparmor_socket_recvmsg),
-+	LSM_HOOK_INIT(socket_getsockname, apparmor_socket_getsockname),
-+	LSM_HOOK_INIT(socket_getpeername, apparmor_socket_getpeername),
-+	LSM_HOOK_INIT(socket_getsockopt, apparmor_socket_getsockopt),
-+	LSM_HOOK_INIT(socket_setsockopt, apparmor_socket_setsockopt),
-+	LSM_HOOK_INIT(socket_shutdown, apparmor_socket_shutdown),
-+
- 	LSM_HOOK_INIT(cred_alloc_blank, apparmor_cred_alloc_blank),
- 	LSM_HOOK_INIT(cred_free, apparmor_cred_free),
- 	LSM_HOOK_INIT(cred_prepare, apparmor_cred_prepare),
-diff --git a/security/apparmor/net.c b/security/apparmor/net.c
-new file mode 100644
-index 0000000..003dd18
---- /dev/null
-+++ b/security/apparmor/net.c
-@@ -0,0 +1,162 @@
-+/*
-+ * AppArmor security module
-+ *
-+ * This file contains AppArmor network mediation
-+ *
-+ * Copyright (C) 1998-2008 Novell/SUSE
-+ * Copyright 2009-2012 Canonical Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation, version 2 of the
-+ * License.
-+ */
-+
-+#include "include/apparmor.h"
-+#include "include/audit.h"
-+#include "include/context.h"
-+#include "include/net.h"
-+#include "include/policy.h"
-+
-+#include "net_names.h"
-+
-+struct aa_fs_entry aa_fs_entry_network[] = {
-+	AA_FS_FILE_STRING("af_mask", AA_FS_AF_MASK),
-+	{ }
-+};
-+
-+/* audit callback for net specific fields */
-+static void audit_cb(struct audit_buffer *ab, void *va)
-+{
-+	struct common_audit_data *sa = va;
-+
-+	audit_log_format(ab, " family=");
-+	if (address_family_names[sa->u.net->family]) {
-+		audit_log_string(ab, address_family_names[sa->u.net->family]);
-+	} else {
-+		audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family);
-+	}
-+	audit_log_format(ab, " sock_type=");
-+	if (sock_type_names[sa->aad->net.type]) {
-+		audit_log_string(ab, sock_type_names[sa->aad->net.type]);
-+	} else {
-+		audit_log_format(ab, "\"unknown(%d)\"", sa->aad->net.type);
-+	}
-+	audit_log_format(ab, " protocol=%d", sa->aad->net.protocol);
-+}
-+
-+/**
-+ * audit_net - audit network access
-+ * @profile: profile being enforced  (NOT NULL)
-+ * @op: operation being checked
-+ * @family: network family
-+ * @type:   network type
-+ * @protocol: network protocol
-+ * @sk: socket auditing is being applied to
-+ * @error: error code for failure else 0
-+ *
-+ * Returns: %0 or sa->error else other errorcode on failure
-+ */
-+static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
-+		     int protocol, struct sock *sk, int error)
-+{
-+	int audit_type = AUDIT_APPARMOR_AUTO;
-+	struct common_audit_data sa;
-+	struct apparmor_audit_data aad = { };
-+	struct lsm_network_audit net = { };
-+	if (sk) {
-+		sa.type = LSM_AUDIT_DATA_NET;
-+	} else {
-+		sa.type = LSM_AUDIT_DATA_NONE;
-+	}
-+	/* todo fill in socket addr info */
-+	sa.aad = &aad;
-+	sa.u.net = &net;
-+	sa.aad->op = op,
-+	sa.u.net->family = family;
-+	sa.u.net->sk = sk;
-+	sa.aad->net.type = type;
-+	sa.aad->net.protocol = protocol;
-+	sa.aad->error = error;
-+
-+	if (likely(!sa.aad->error)) {
-+		u16 audit_mask = profile->net.audit[sa.u.net->family];
-+		if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
-+			   !(1 << sa.aad->net.type & audit_mask)))
-+			return 0;
-+		audit_type = AUDIT_APPARMOR_AUDIT;
-+	} else {
-+		u16 quiet_mask = profile->net.quiet[sa.u.net->family];
-+		u16 kill_mask = 0;
-+		u16 denied = (1 << sa.aad->net.type) & ~quiet_mask;
-+
-+		if (denied & kill_mask)
-+			audit_type = AUDIT_APPARMOR_KILL;
-+
-+		if ((denied & quiet_mask) &&
-+		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&
-+		    AUDIT_MODE(profile) != AUDIT_ALL)
-+			return COMPLAIN_MODE(profile) ? 0 : sa.aad->error;
-+	}
-+
-+	return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb);
-+}
-+
-+/**
-+ * aa_net_perm - very course network access check
-+ * @op: operation being checked
-+ * @profile: profile being enforced  (NOT NULL)
-+ * @family: network family
-+ * @type:   network type
-+ * @protocol: network protocol
-+ *
-+ * Returns: %0 else error if permission denied
-+ */
-+int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type,
-+		int protocol, struct sock *sk)
-+{
-+	u16 family_mask;
-+	int error;
-+
-+	if ((family < 0) || (family >= AF_MAX))
-+		return -EINVAL;
-+
-+	if ((type < 0) || (type >= SOCK_MAX))
-+		return -EINVAL;
-+
-+	/* unix domain and netlink sockets are handled by ipc */
-+	if (family == AF_UNIX || family == AF_NETLINK)
-+		return 0;
-+
-+	family_mask = profile->net.allow[family];
-+
-+	error = (family_mask & (1 << type)) ? 0 : -EACCES;
-+
-+	return audit_net(profile, op, family, type, protocol, sk, error);
-+}
-+
-+/**
-+ * aa_revalidate_sk - Revalidate access to a sock
-+ * @op: operation being checked
-+ * @sk: sock being revalidated  (NOT NULL)
-+ *
-+ * Returns: %0 else error if permission denied
-+ */
-+int aa_revalidate_sk(int op, struct sock *sk)
-+{
-+	struct aa_profile *profile;
-+	int error = 0;
-+
-+	/* aa_revalidate_sk should not be called from interrupt context
-+	 * don't mediate these calls as they are not task related
-+	 */
-+	if (in_interrupt())
-+		return 0;
-+
-+	profile = __aa_current_profile();
-+	if (!unconfined(profile))
-+		error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type,
-+				    sk->sk_protocol, sk);
-+
-+	return error;
-+}
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 179e68d..f1a8541 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -603,6 +603,7 @@ void aa_free_profile(struct aa_profile *profile)
- 
- 	aa_free_file_rules(&profile->file);
- 	aa_free_cap_rules(&profile->caps);
-+	aa_free_net_rules(&profile->net);
- 	aa_free_rlimit_rules(&profile->rlimits);
- 
- 	kzfree(profile->dirname);
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index dac2121..0107bc4 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -193,6 +193,19 @@ fail:
- 	return 0;
- }
- 
-+static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
-+{
-+	if (unpack_nameX(e, AA_U16, name)) {
-+		if (!inbounds(e, sizeof(u16)))
-+			return 0;
-+		if (data)
-+			*data = le16_to_cpu(get_unaligned((u16 *) e->pos));
-+		e->pos += sizeof(u16);
-+		return 1;
-+	}
-+	return 0;
-+}
-+
- static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U32, name)) {
-@@ -476,6 +489,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
- {
- 	struct aa_profile *profile = NULL;
- 	const char *name = NULL;
-+	size_t size = 0;
- 	int i, error = -EPROTO;
- 	kernel_cap_t tmpcap;
- 	u32 tmp;
-@@ -576,6 +590,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
- 	if (!unpack_rlimits(e, profile))
- 		goto fail;
- 
-+	size = unpack_array(e, "net_allowed_af");
-+	if (size) {
-+
-+		for (i = 0; i < size; i++) {
-+			/* discard extraneous rules that this kernel will
-+			 * never request
-+			 */
-+			if (i >= AF_MAX) {
-+				u16 tmp;
-+				if (!unpack_u16(e, &tmp, NULL) ||
-+				    !unpack_u16(e, &tmp, NULL) ||
-+				    !unpack_u16(e, &tmp, NULL))
-+					goto fail;
-+				continue;
-+			}
-+			if (!unpack_u16(e, &profile->net.allow[i], NULL))
-+				goto fail;
-+			if (!unpack_u16(e, &profile->net.audit[i], NULL))
-+				goto fail;
-+			if (!unpack_u16(e, &profile->net.quiet[i], NULL))
-+				goto fail;
-+		}
-+		if (!unpack_nameX(e, AA_ARRAYEND, NULL))
-+			goto fail;
-+	}
-+	/*
-+	 * allow unix domain and netlink sockets they are handled
-+	 * by IPC
-+	 */
-+	profile->net.allow[AF_UNIX] = 0xffff;
-+	profile->net.allow[AF_NETLINK] = 0xffff;
-+
- 	if (unpack_nameX(e, AA_STRUCT, "policydb")) {
- 		/* generic policy dfa - optional and may be NULL */
- 		profile->policy.dfa = unpack_dfa(e);
--- 
-2.7.4
-

kernel-patches/4.5/0025-apparmor-Fix-quieting-of-audit-messages-for-network-.patch

@@ -1,38 +0,0 @@
-From aa45ba104003404efb59e6f7178045ade756035d Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 29 Jun 2012 17:34:00 -0700
-Subject: [PATCH 25/27] apparmor: Fix quieting of audit messages for network
- mediation
-
-If a profile specified a quieting of network denials for a given rule by
-either the quiet or deny rule qualifiers, the resultant quiet mask for
-denied requests was applied incorrectly, resulting in two potential bugs.
-1. The misapplied quiet mask would prevent denials from being correctly
-   tested against the kill mask/mode. Thus network access requests that
-   should have resulted in the application being killed did not.
-
-2. The actual quieting of the denied network request was not being applied.
-   This would result in network rejections always being logged even when
-   they had been specifically marked as quieted.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/net.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/net.c b/security/apparmor/net.c
-index 003dd18..6e6e5c9 100644
---- a/security/apparmor/net.c
-+++ b/security/apparmor/net.c
-@@ -88,7 +88,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
- 	} else {
- 		u16 quiet_mask = profile->net.quiet[sa.u.net->family];
- 		u16 kill_mask = 0;
--		u16 denied = (1 << sa.aad->net.type) & ~quiet_mask;
-+		u16 denied = (1 << sa.aad->net.type);
- 
- 		if (denied & kill_mask)
- 			audit_type = AUDIT_APPARMOR_KILL;
--- 
-2.7.4
-

kernel-patches/4.5/0027-UBUNTU-SAUCE-AppArmor-fix-boolreturn.cocci-warnings.patch

@@ -1,180 +0,0 @@
-From 1eff686074a6af0cf47fc24c45ebb001c570a98b Mon Sep 17 00:00:00 2001
-From: kbuild test robot <fengguang.wu@intel.com>
-Date: Fri, 29 Jul 2016 12:44:43 +0800
-Subject: [PATCH 27/27] UBUNTU: SAUCE: AppArmor: fix boolreturn.cocci warnings
-
-security/apparmor/policy_unpack.c:143:9-10: WARNING: return of 0/1 in function 'unpack_X' with return type bool
-security/apparmor/policy_unpack.c:189:9-10: WARNING: return of 0/1 in function 'unpack_nameX' with return type bool
-security/apparmor/policy_unpack.c:475:8-9: WARNING: return of 0/1 in function 'unpack_rlimits' with return type bool
-security/apparmor/policy_unpack.c:440:8-9: WARNING: return of 0/1 in function 'unpack_trans_table' with return type bool
-security/apparmor/policy_unpack.c:200:10-11: WARNING: return of 0/1 in function 'unpack_u16' with return type bool
-security/apparmor/policy_unpack.c:213:10-11: WARNING: return of 0/1 in function 'unpack_u32' with return type bool
-security/apparmor/policy_unpack.c:226:10-11: WARNING: return of 0/1 in function 'unpack_u64' with return type bool
-security/apparmor/policy_unpack.c:325:10-11: WARNING: return of 0/1 in function 'verify_accept' with return type bool
-security/apparmor/policy_unpack.c:739:10-11: WARNING: return of 0/1 in function 'verify_dfa_xindex' with return type bool
-security/apparmor/policy_unpack.c:729:9-10: WARNING: return of 0/1 in function 'verify_xindex' with return type bool
-
- Return statements in functions returning bool should use
- true/false instead of 1/0.
-Generated by: scripts/coccinelle/misc/boolreturn.cocci
-Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/policy_unpack.c | 52 +++++++++++++++++++--------------------
- 1 file changed, 26 insertions(+), 26 deletions(-)
-
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index 0107bc4..af14626 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -140,11 +140,11 @@ static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk)
- static bool unpack_X(struct aa_ext *e, enum aa_code code)
- {
- 	if (!inbounds(e, 1))
--		return 0;
-+		return false;
- 	if (*(u8 *) e->pos != code)
--		return 0;
-+		return false;
- 	e->pos++;
--	return 1;
-+	return true;
- }
- 
- /**
-@@ -186,50 +186,50 @@ static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
- 
- 	/* now check if type code matches */
- 	if (unpack_X(e, code))
--		return 1;
-+		return true;
- 
- fail:
- 	e->pos = pos;
--	return 0;
-+	return false;
- }
- 
- static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U16, name)) {
- 		if (!inbounds(e, sizeof(u16)))
--			return 0;
-+			return false;
- 		if (data)
- 			*data = le16_to_cpu(get_unaligned((u16 *) e->pos));
- 		e->pos += sizeof(u16);
--		return 1;
-+		return true;
- 	}
--	return 0;
-+	return false;
- }
- 
- static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U32, name)) {
- 		if (!inbounds(e, sizeof(u32)))
--			return 0;
-+			return false;
- 		if (data)
- 			*data = le32_to_cpu(get_unaligned((u32 *) e->pos));
- 		e->pos += sizeof(u32);
--		return 1;
-+		return true;
- 	}
--	return 0;
-+	return false;
- }
- 
- static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name)
- {
- 	if (unpack_nameX(e, AA_U64, name)) {
- 		if (!inbounds(e, sizeof(u64)))
--			return 0;
-+			return false;
- 		if (data)
- 			*data = le64_to_cpu(get_unaligned((u64 *) e->pos));
- 		e->pos += sizeof(u64);
--		return 1;
-+		return true;
- 	}
--	return 0;
-+	return false;
- }
- 
- static size_t unpack_array(struct aa_ext *e, const char *name)
-@@ -322,12 +322,12 @@ static bool verify_accept(struct aa_dfa *dfa, int flags)
- 		int mode = ACCEPT_TABLE(dfa)[i];
- 
- 		if (mode & ~DFA_VALID_PERM_MASK)
--			return 0;
-+			return false;
- 
- 		if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK)
--			return 0;
-+			return false;
- 	}
--	return 1;
-+	return true;
- }
- 
- /**
-@@ -437,12 +437,12 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
- 		if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- 			goto fail;
- 	}
--	return 1;
-+	return true;
- 
- fail:
- 	aa_free_domain_entries(&profile->file.trans);
- 	e->pos = pos;
--	return 0;
-+	return false;
- }
- 
- static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
-@@ -472,11 +472,11 @@ static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
- 		if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- 			goto fail;
- 	}
--	return 1;
-+	return true;
- 
- fail:
- 	e->pos = pos;
--	return 0;
-+	return false;
- }
- 
- /**
-@@ -726,8 +726,8 @@ static bool verify_xindex(int xindex, int table_size)
- 	xtype = xindex & AA_X_TYPE_MASK;
- 	index = xindex & AA_X_INDEX_MASK;
- 	if (xtype == AA_X_TABLE && index >= table_size)
--		return 0;
--	return 1;
-+		return false;
-+	return true;
- }
- 
- /* verify dfa xindexes are in range of transition tables */
-@@ -736,11 +736,11 @@ static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size)
- 	int i;
- 	for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
- 		if (!verify_xindex(dfa_user_xindex(dfa, i), table_size))
--			return 0;
-+			return false;
- 		if (!verify_xindex(dfa_other_xindex(dfa, i), table_size))
--			return 0;
-+			return false;
- 	}
--	return 1;
-+	return true;
- }
- 
- /**
--- 
-2.7.4
-

kernel-patches/4.6/0001-apparmor-fix-oops-validate-buffer-size-in-apparmor_s.patch

@@ -1,118 +0,0 @@
-From 24b6ac149a57c2d3d5a9920e64d914e8ff00d346 Mon Sep 17 00:00:00 2001
-From: Vegard Nossum <vegard.nossum@oracle.com>
-Date: Thu, 7 Jul 2016 13:41:11 -0700
-Subject: [PATCH 01/27] apparmor: fix oops, validate buffer size in
- apparmor_setprocattr()
-
-When proc_pid_attr_write() was changed to use memdup_user apparmor's
-(interface violating) assumption that the setprocattr buffer was always
-a single page was violated.
-
-The size test is not strictly speaking needed as proc_pid_attr_write()
-will reject anything larger, but for the sake of robustness we can keep
-it in.
-
-SMACK and SELinux look safe to me, but somebody else should probably
-have a look just in case.
-
-Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
-modified for the case that apparmor provides null termination.
-
-Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
-Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
-Cc: Al Viro <viro@zeniv.linux.org.uk>
-Cc: John Johansen <john.johansen@canonical.com>
-Cc: Paul Moore <paul@paul-moore.com>
-Cc: Stephen Smalley <sds@tycho.nsa.gov>
-Cc: Eric Paris <eparis@parisplace.org>
-Cc: Casey Schaufler <casey@schaufler-ca.com>
-Cc: stable@kernel.org
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
-Signed-off-by: James Morris <james.l.morris@oracle.com>
----
- security/apparmor/lsm.c | 36 +++++++++++++++++++-----------------
- 1 file changed, 19 insertions(+), 17 deletions(-)
-
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index dec607c..5ee8201 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -523,34 +523,34 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- {
- 	struct common_audit_data sa;
- 	struct apparmor_audit_data aad = {0,};
--	char *command, *args = value;
-+	char *command, *largs = NULL, *args = value;
- 	size_t arg_size;
- 	int error;
- 
- 	if (size == 0)
- 		return -EINVAL;
--	/* args points to a PAGE_SIZE buffer, AppArmor requires that
--	 * the buffer must be null terminated or have size <= PAGE_SIZE -1
--	 * so that AppArmor can null terminate them
--	 */
--	if (args[size - 1] != '\0') {
--		if (size == PAGE_SIZE)
--			return -EINVAL;
--		args[size] = '\0';
--	}
--
- 	/* task can only write its own attributes */
- 	if (current != task)
- 		return -EACCES;
- 
--	args = value;
-+	/* AppArmor requires that the buffer must be null terminated atm */
-+	if (args[size - 1] != '\0') {
-+		/* null terminate */
-+		largs = args = kmalloc(size + 1, GFP_KERNEL);
-+		if (!args)
-+			return -ENOMEM;
-+		memcpy(args, value, size);
-+		args[size] = '\0';
-+	}
-+
-+	error = -EINVAL;
- 	args = strim(args);
- 	command = strsep(&args, " ");
- 	if (!args)
--		return -EINVAL;
-+		goto out;
- 	args = skip_spaces(args);
- 	if (!*args)
--		return -EINVAL;
-+		goto out;
- 
- 	arg_size = size - (args - (char *) value);
- 	if (strcmp(name, "current") == 0) {
-@@ -576,10 +576,12 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
- 			goto fail;
- 	} else
- 		/* only support the "current" and "exec" process attributes */
--		return -EINVAL;
-+		goto fail;
- 
- 	if (!error)
- 		error = size;
-+out:
-+	kfree(largs);
- 	return error;
- 
- fail:
-@@ -588,9 +590,9 @@ fail:
- 	aad.profile = aa_current_profile();
- 	aad.op = OP_SETPROCATTR;
- 	aad.info = name;
--	aad.error = -EINVAL;
-+	aad.error = error = -EINVAL;
- 	aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
--	return -EINVAL;
-+	goto out;
- }
- 
- static int apparmor_task_setrlimit(struct task_struct *task,
--- 
-2.7.4
-

kernel-patches/4.6/0002-apparmor-fix-refcount-bug-in-profile-replacement.patch

@@ -1,33 +0,0 @@
-From 444bc4f95ec283cd0fb9777f4890bd9bc307809d Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 11 Apr 2016 16:55:10 -0700
-Subject: [PATCH 02/27] apparmor: fix refcount bug in profile replacement
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 705c287..222052f 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1189,12 +1189,12 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 				aa_get_profile(newest);
- 				aa_put_profile(parent);
- 				rcu_assign_pointer(ent->new->parent, newest);
--			} else
--				aa_put_profile(newest);
-+			}
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
- 					   aa_get_profile(ent->new));
- 			__list_add_profile(&parent->base.profiles, ent->new);
-+			aa_put_profile(newest);
- 		} else {
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
--- 
-2.7.4
-

kernel-patches/4.6/0003-apparmor-fix-replacement-bug-that-adds-new-child-to-.patch

@@ -1,38 +0,0 @@
-From 1224a06778b89dcbf0ca85bd961c2fcdd8765a69 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 11 Apr 2016 16:57:19 -0700
-Subject: [PATCH 03/27] apparmor: fix replacement bug that adds new child to
- old parent
-
-When set atomic replacement is used and the parent is updated before the
-child, and the child did not exist in the old parent so there is no
-direct replacement then the new child is incorrectly added to the old
-parent. This results in the new parent not having the child(ren) that
-it should and the old parent when being destroyed asserting the
-following error.
-
-AppArmor: policy_destroy: internal error, policy '<profile/name>' still
-contains profiles
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 222052f..c92a9f6 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
- 					   aa_get_profile(ent->new));
--			__list_add_profile(&parent->base.profiles, ent->new);
-+			__list_add_profile(&newest->base.profiles, ent->new);
- 			aa_put_profile(newest);
- 		} else {
- 			/* aafs interface uses replacedby */
--- 
-2.7.4
-

kernel-patches/4.6/0004-apparmor-fix-uninitialized-lsm_audit-member.patch

@@ -1,87 +0,0 @@
-From 15d921647676fdc2c3ee1cf9aa8f578b1012ecff Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sun, 8 Jun 2014 11:20:54 -0700
-Subject: [PATCH 04/27] apparmor: fix uninitialized lsm_audit member
-
-BugLink: http://bugs.launchpad.net/bugs/1268727
-
-The task field in the lsm_audit struct needs to be initialized if
-a change_hat fails, otherwise the following oops will occur
-
-BUG: unable to handle kernel paging request at 0000002fbead7d08
-IP: [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
-PGD 1e3f35067 PUD 0
-Oops: 0002 [#1] SMP
-Modules linked in: pppox crc_ccitt p8023 p8022 psnap llc ax25 btrfs raid6_pq xor xfs libcrc32c dm_multipath scsi_dh kvm_amd dcdbas kvm microcode amd64_edac_mod joydev edac_core psmouse edac_mce_amd serio_raw k10temp sp5100_tco i2c_piix4 ipmi_si ipmi_msghandler acpi_power_meter mac_hid lp parport hid_generic usbhid hid pata_acpi mpt2sas ahci raid_class pata_atiixp bnx2 libahci scsi_transport_sas [last unloaded: tipc]
-CPU: 2 PID: 699 Comm: changehat_twice Tainted: GF          O 3.13.0-7-generic #25-Ubuntu
-Hardware name: Dell Inc. PowerEdge R415/08WNM9, BIOS 1.8.6 12/06/2011
-task: ffff8802135c6000 ti: ffff880212986000 task.ti: ffff880212986000
-RIP: 0010:[<ffffffff8171153e>]  [<ffffffff8171153e>] _raw_spin_lock+0xe/0x50
-RSP: 0018:ffff880212987b68  EFLAGS: 00010006
-RAX: 0000000000020000 RBX: 0000002fbead7500 RCX: 0000000000000000
-RDX: 0000000000000292 RSI: ffff880212987ba8 RDI: 0000002fbead7d08
-RBP: ffff880212987b68 R08: 0000000000000246 R09: ffff880216e572a0
-R10: ffffffff815fd677 R11: ffffea0008469580 R12: ffffffff8130966f
-R13: ffff880212987ba8 R14: 0000002fbead7d08 R15: ffff8800d8c6b830
-FS:  00002b5e6c84e7c0(0000) GS:ffff880216e40000(0000) knlGS:0000000055731700
-CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-CR2: 0000002fbead7d08 CR3: 000000021270f000 CR4: 00000000000006e0
-Stack:
- ffff880212987b98 ffffffff81075f17 ffffffff8130966f 0000000000000009
- 0000000000000000 0000000000000000 ffff880212987bd0 ffffffff81075f7c
- 0000000000000292 ffff880212987c08 ffff8800d8c6b800 0000000000000026
-Call Trace:
- [<ffffffff81075f17>] __lock_task_sighand+0x47/0x80
- [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
- [<ffffffff81075f7c>] do_send_sig_info+0x2c/0x80
- [<ffffffff81075fee>] send_sig_info+0x1e/0x30
- [<ffffffff8130242d>] aa_audit+0x13d/0x190
- [<ffffffff8130c1dc>] aa_audit_file+0xbc/0x130
- [<ffffffff8130966f>] ? apparmor_cred_prepare+0x2f/0x50
- [<ffffffff81304cc2>] aa_change_hat+0x202/0x530
- [<ffffffff81308fc6>] aa_setprocattr_changehat+0x116/0x1d0
- [<ffffffff8130a11d>] apparmor_setprocattr+0x25d/0x300
- [<ffffffff812cee56>] security_setprocattr+0x16/0x20
- [<ffffffff8121fc87>] proc_pid_attr_write+0x107/0x130
- [<ffffffff811b7604>] vfs_write+0xb4/0x1f0
- [<ffffffff811b8039>] SyS_write+0x49/0xa0
- [<ffffffff8171a1bf>] tracesys+0xe1/0xe6
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/audit.c | 3 ++-
- security/apparmor/file.c  | 3 ++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
-index 89c7865..3a7f1da 100644
---- a/security/apparmor/audit.c
-+++ b/security/apparmor/audit.c
-@@ -200,7 +200,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
- 
- 	if (sa->aad->type == AUDIT_APPARMOR_KILL)
- 		(void)send_sig_info(SIGKILL, NULL,
--				    sa->u.tsk ?  sa->u.tsk : current);
-+			sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
-+				    sa->u.tsk : current);
- 
- 	if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
- 		return complain_error(sa->aad->error);
-diff --git a/security/apparmor/file.c b/security/apparmor/file.c
-index 913f377..43d6ae7 100644
---- a/security/apparmor/file.c
-+++ b/security/apparmor/file.c
-@@ -110,7 +110,8 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
- 	int type = AUDIT_APPARMOR_AUTO;
- 	struct common_audit_data sa;
- 	struct apparmor_audit_data aad = {0,};
--	sa.type = LSM_AUDIT_DATA_NONE;
-+	sa.type = LSM_AUDIT_DATA_TASK;
-+	sa.u.tsk = NULL;
- 	sa.aad = &aad;
- 	aad.op = op,
- 	aad.fs.request = request;
--- 
-2.7.4
-

kernel-patches/4.6/0005-apparmor-exec-should-not-be-returning-ENOENT-when-it.patch

@@ -1,32 +0,0 @@
-From c1216728b7d644443eef31e4bd9d01b4a0a51d61 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:03 -0700
-Subject: [PATCH 05/27] apparmor: exec should not be returning ENOENT when it
- denies
-
-The current behavior is confusing as it causes exec failures to report
-the executable is missing instead of identifying that apparmor
-caused the failure.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/domain.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index dc0027b..67a7418 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -433,7 +433,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 				new_profile = aa_get_newest_profile(ns->unconfined);
- 				info = "ux fallback";
- 			} else {
--				error = -ENOENT;
-+				error = -EACCES;
- 				info = "profile not found";
- 				/* remove MAY_EXEC to audit as failure */
- 				perms.allow &= ~MAY_EXEC;
--- 
-2.7.4
-

kernel-patches/4.6/0006-apparmor-fix-update-the-mtime-of-the-profile-file-on.patch

@@ -1,28 +0,0 @@
-From 2d3389de6c8ab6b3ad2cef4ea460c8fce2a226b9 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:01:56 -0700
-Subject: [PATCH 06/27] apparmor: fix update the mtime of the profile file on
- replacement
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/apparmorfs.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index ad4fa49..45a6199 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -379,6 +379,8 @@ void __aa_fs_profile_migrate_dents(struct aa_profile *old,
- 
- 	for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
- 		new->dents[i] = old->dents[i];
-+		if (new->dents[i])
-+			new->dents[i]->d_inode->i_mtime = CURRENT_TIME;
- 		old->dents[i] = NULL;
- 	}
- }
--- 
-2.7.4
-

kernel-patches/4.6/0007-apparmor-fix-disconnected-bind-mnts-reconnection.patch

@@ -1,36 +0,0 @@
-From 9caa96e30a1b2bb191a29af872285c8d0b078c10 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:08 -0700
-Subject: [PATCH 07/27] apparmor: fix disconnected bind mnts reconnection
-
-Bind mounts can fail to be properly reconnected when PATH_CONNECT is
-specified. Ensure that when PATH_CONNECT is specified the path has
-a root.
-
-BugLink: http://bugs.launchpad.net/bugs/1319984
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/path.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/path.c b/security/apparmor/path.c
-index 71e0e3a..bb2f2c6 100644
---- a/security/apparmor/path.c
-+++ b/security/apparmor/path.c
-@@ -141,7 +141,10 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			error = -EACCES;
- 			if (*res == '/')
- 				*name = res + 1;
--		}
-+		} else if (*res != '/')
-+			/* CONNECT_PATH with missing root */
-+			error = prepend(name, *name - buf, "/", 1);
-+
- 	}
- 
- out:
--- 
-2.7.4
-

kernel-patches/4.6/0008-apparmor-internal-paths-should-be-treated-as-disconn.patch

@@ -1,114 +0,0 @@
-From 11702a732e149380e05e2ab8ae1b743ac89f892f Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 25 Jul 2014 04:02:10 -0700
-Subject: [PATCH 08/27] apparmor: internal paths should be treated as
- disconnected
-
-Internal mounts are not mounted anywhere and as such should be treated
-as disconnected paths.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/path.c | 64 +++++++++++++++++++++++++++---------------------
- 1 file changed, 36 insertions(+), 28 deletions(-)
-
-diff --git a/security/apparmor/path.c b/security/apparmor/path.c
-index bb2f2c6..596f799 100644
---- a/security/apparmor/path.c
-+++ b/security/apparmor/path.c
-@@ -25,7 +25,6 @@
- #include "include/path.h"
- #include "include/policy.h"
- 
--
- /* modified from dcache.c */
- static int prepend(char **buffer, int buflen, const char *str, int namelen)
- {
-@@ -39,6 +38,38 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
- 
- #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
- 
-+/* If the path is not connected to the expected root,
-+ * check if it is a sysctl and handle specially else remove any
-+ * leading / that __d_path may have returned.
-+ * Unless
-+ *     specifically directed to connect the path,
-+ * OR
-+ *     if in a chroot and doing chroot relative paths and the path
-+ *     resolves to the namespace root (would be connected outside
-+ *     of chroot) and specifically directed to connect paths to
-+ *     namespace root.
-+ */
-+static int disconnect(const struct path *path, char *buf, char **name,
-+		      int flags)
-+{
-+	int error = 0;
-+
-+	if (!(flags & PATH_CONNECT_PATH) &&
-+	    !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
-+	      our_mnt(path->mnt))) {
-+		/* disconnected path, don't return pathname starting
-+		 * with '/'
-+		 */
-+		error = -EACCES;
-+		if (**name == '/')
-+			*name = *name + 1;
-+	} else if (**name != '/')
-+		/* CONNECT_PATH with missing root */
-+		error = prepend(name, *name - buf, "/", 1);
-+
-+	return error;
-+}
-+
- /**
-  * d_namespace_path - lookup a name associated with a given path
-  * @path: path to lookup  (NOT NULL)
-@@ -74,7 +105,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			 * control instead of hard coded /proc
- 			 */
- 			return prepend(name, *name - buf, "/proc", 5);
--		}
-+		} else
-+			return disconnect(path, buf, name, flags);
- 		return 0;
- 	}
- 
-@@ -120,32 +152,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
- 			goto out;
- 	}
- 
--	/* If the path is not connected to the expected root,
--	 * check if it is a sysctl and handle specially else remove any
--	 * leading / that __d_path may have returned.
--	 * Unless
--	 *     specifically directed to connect the path,
--	 * OR
--	 *     if in a chroot and doing chroot relative paths and the path
--	 *     resolves to the namespace root (would be connected outside
--	 *     of chroot) and specifically directed to connect paths to
--	 *     namespace root.
--	 */
--	if (!connected) {
--		if (!(flags & PATH_CONNECT_PATH) &&
--			   !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
--			     our_mnt(path->mnt))) {
--			/* disconnected path, don't return pathname starting
--			 * with '/'
--			 */
--			error = -EACCES;
--			if (*res == '/')
--				*name = res + 1;
--		} else if (*res != '/')
--			/* CONNECT_PATH with missing root */
--			error = prepend(name, *name - buf, "/", 1);
--
--	}
-+	if (!connected)
-+		error = disconnect(path, buf, name, flags);
- 
- out:
- 	return error;
--- 
-2.7.4
-

kernel-patches/4.6/0009-apparmor-fix-put-parent-ref-after-updating-the-activ.patch

@@ -1,29 +0,0 @@
-From c70811d9e6234c96d0ef405cd8ad78b70efb8637 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 13:59:02 -0700
-Subject: [PATCH 09/27] apparmor: fix put() parent ref after updating the
- active ref
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index c92a9f6..455c9f8 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1187,8 +1187,8 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			/* parent replaced in this atomic set? */
- 			if (newest != parent) {
- 				aa_get_profile(newest);
--				aa_put_profile(parent);
- 				rcu_assign_pointer(ent->new->parent, newest);
-+				aa_put_profile(parent);
- 			}
- 			/* aafs interface uses replacedby */
- 			rcu_assign_pointer(ent->new->replacedby->profile,
--- 
-2.7.4
-

kernel-patches/4.6/0010-apparmor-fix-log-failures-for-all-profiles-in-a-set.patch

@@ -1,87 +0,0 @@
-From f671b902943f83f0fbc8c8b7bf8bbfb817d124f1 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 14:16:50 -0700
-Subject: [PATCH 10/27] apparmor: fix log failures for all profiles in a set
-
-currently only the profile that is causing the failure is logged. This
-makes it more confusing than necessary about which profiles loaded
-and which didn't. So make sure to log success and failure messages for
-all profiles in the set being loaded.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 29 +++++++++++++++++++----------
- 1 file changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 455c9f8..db31bc5 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1067,7 +1067,7 @@ static int __lookup_replace(struct aa_namespace *ns, const char *hname,
-  */
- ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- {
--	const char *ns_name, *name = NULL, *info = NULL;
-+	const char *ns_name, *info = NULL;
- 	struct aa_namespace *ns = NULL;
- 	struct aa_load_ent *ent, *tmp;
- 	int op = OP_PROF_REPL;
-@@ -1082,18 +1082,15 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 	/* released below */
- 	ns = aa_prepare_namespace(ns_name);
- 	if (!ns) {
--		info = "failed to prepare namespace";
--		error = -ENOMEM;
--		name = ns_name;
--		goto fail;
-+		error = audit_policy(op, GFP_KERNEL, ns_name,
-+				     "failed to prepare namespace", -ENOMEM);
-+		goto free;
- 	}
- 
- 	mutex_lock(&ns->lock);
- 	/* setup parent and ns info */
- 	list_for_each_entry(ent, &lh, list) {
- 		struct aa_policy *policy;
--
--		name = ent->new->base.hname;
- 		error = __lookup_replace(ns, ent->new->base.hname, noreplace,
- 					 &ent->old, &info);
- 		if (error)
-@@ -1121,7 +1118,6 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 			if (!p) {
- 				error = -ENOENT;
- 				info = "parent does not exist";
--				name = ent->new->base.hname;
- 				goto fail_lock;
- 			}
- 			rcu_assign_pointer(ent->new->parent, aa_get_profile(p));
-@@ -1214,9 +1210,22 @@ out:
- 
- fail_lock:
- 	mutex_unlock(&ns->lock);
--fail:
--	error = audit_policy(op, GFP_KERNEL, name, info, error);
- 
-+	/* audit cause of failure */
-+	op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
-+	audit_policy(op, GFP_KERNEL, ent->new->base.hname, info, error);
-+	/* audit status that rest of profiles in the atomic set failed too */
-+	info = "valid profile in failed atomic policy load";
-+	list_for_each_entry(tmp, &lh, list) {
-+		if (tmp == ent) {
-+			info = "unchecked profile in failed atomic policy load";
-+			/* skip entry that caused failure */
-+			continue;
-+		}
-+		op = (!ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
-+		audit_policy(op, GFP_KERNEL, tmp->new->base.hname, info, error);
-+	}
-+free:
- 	list_for_each_entry_safe(ent, tmp, &lh, list) {
- 		list_del_init(&ent->list);
- 		aa_load_ent_free(ent);
--- 
-2.7.4
-

kernel-patches/4.6/0011-apparmor-fix-audit-full-profile-hname-on-successful-.patch

@@ -1,33 +0,0 @@
-From bc3c7d342bf53afdfdf46bc92dac5c624c89fb91 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 16 Apr 2016 14:19:38 -0700
-Subject: [PATCH 11/27] apparmor: fix audit full profile hname on successful
- load
-
-Currently logging of a successful profile load only logs the basename
-of the profile. This can result in confusion when a child profile has
-the same name as the another profile in the set. Logging the hname
-will ensure there is no confusion.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index db31bc5..ca402d0 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -1159,7 +1159,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
- 		list_del_init(&ent->list);
- 		op = (!ent->old && !ent->rename) ? OP_PROF_LOAD : OP_PROF_REPL;
- 
--		audit_policy(op, GFP_ATOMIC, ent->new->base.name, NULL, error);
-+		audit_policy(op, GFP_ATOMIC, ent->new->base.hname, NULL, error);
- 
- 		if (ent->old) {
- 			__replace_profile(ent->old, ent->new, 1);
--- 
-2.7.4
-

kernel-patches/4.6/0012-apparmor-ensure-the-target-profile-name-is-always-au.patch

@@ -1,112 +0,0 @@
-From 848da0479e5b9da3dc2ae4c64e0cca77a0abf02a Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 20 Apr 2016 14:18:18 -0700
-Subject: [PATCH 12/27] apparmor: ensure the target profile name is always
- audited
-
-The target profile name was not being correctly audited in a few
-cases because the target variable was not being set and gotos
-passed the code to set it at apply:
-
-Since it is always based on new_profile just drop the target var
-and conditionally report based on new_profile.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/domain.c | 20 +++++++++-----------
- 1 file changed, 9 insertions(+), 11 deletions(-)
-
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index 67a7418..fc3036b 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -346,7 +346,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		file_inode(bprm->file)->i_uid,
- 		file_inode(bprm->file)->i_mode
- 	};
--	const char *name = NULL, *target = NULL, *info = NULL;
-+	const char *name = NULL, *info = NULL;
- 	int error = 0;
- 
- 	if (bprm->cred_prepared)
-@@ -399,6 +399,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 	if (cxt->onexec) {
- 		struct file_perms cp;
- 		info = "change_profile onexec";
-+		new_profile = aa_get_newest_profile(cxt->onexec);
- 		if (!(perms.allow & AA_MAY_ONEXEC))
- 			goto audit;
- 
-@@ -413,7 +414,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 
- 		if (!(cp.allow & AA_MAY_ONEXEC))
- 			goto audit;
--		new_profile = aa_get_newest_profile(cxt->onexec);
- 		goto apply;
- 	}
- 
-@@ -445,10 +445,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		if (!new_profile) {
- 			error = -ENOMEM;
- 			info = "could not create null profile";
--		} else {
-+		} else
- 			error = -EACCES;
--			target = new_profile->base.hname;
--		}
- 		perms.xindex |= AA_X_UNSAFE;
- 	} else
- 		/* fail exec */
-@@ -459,7 +457,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 	 * fail the exec.
- 	 */
- 	if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) {
--		aa_put_profile(new_profile);
- 		error = -EPERM;
- 		goto cleanup;
- 	}
-@@ -474,10 +471,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 
- 	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
- 		error = may_change_ptraced_domain(new_profile);
--		if (error) {
--			aa_put_profile(new_profile);
-+		if (error)
- 			goto audit;
--		}
- 	}
- 
- 	/* Determine if secure exec is needed.
-@@ -498,7 +493,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
- 		bprm->unsafe |= AA_SECURE_X_NEEDED;
- 	}
- apply:
--	target = new_profile->base.hname;
- 	/* when transitioning profiles clear unsafe personality bits */
- 	bprm->per_clear |= PER_CLEAR_ON_SETID;
- 
-@@ -506,15 +500,19 @@ x_clear:
- 	aa_put_profile(cxt->profile);
- 	/* transfer new profile reference will be released when cxt is freed */
- 	cxt->profile = new_profile;
-+	new_profile = NULL;
- 
- 	/* clear out all temporary/transitional state from the context */
- 	aa_clear_task_cxt_trans(cxt);
- 
- audit:
- 	error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,
--			      name, target, cond.uid, info, error);
-+			      name,
-+			      new_profile ? new_profile->base.hname : NULL,
-+			      cond.uid, info, error);
- 
- cleanup:
-+	aa_put_profile(new_profile);
- 	aa_put_profile(profile);
- 	kfree(buffer);
- 
--- 
-2.7.4
-

kernel-patches/4.6/0013-apparmor-check-that-xindex-is-in-trans_table-bounds.patch

@@ -1,27 +0,0 @@
-From 706473f3ead5cdffe5ad159adfbc090e0fda81d6 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Thu, 17 Mar 2016 12:02:54 -0700
-Subject: [PATCH 13/27] apparmor: check that xindex is in trans_table bounds
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy_unpack.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index a689f10..c841b12 100644
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -676,7 +676,7 @@ static bool verify_xindex(int xindex, int table_size)
- 	int index, xtype;
- 	xtype = xindex & AA_X_TYPE_MASK;
- 	index = xindex & AA_X_INDEX_MASK;
--	if (xtype == AA_X_TABLE && index > table_size)
-+	if (xtype == AA_X_TABLE && index >= table_size)
- 		return 0;
- 	return 1;
- }
--- 
-2.7.4
-

kernel-patches/4.6/0014-apparmor-fix-ref-count-leak-when-profile-sha1-hash-i.patch

@@ -1,27 +0,0 @@
-From 05a64c434466029b298ee1e78a988cd6a7f80c0e Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 18 Nov 2015 11:41:05 -0800
-Subject: [PATCH 14/27] apparmor: fix ref count leak when profile sha1 hash is
- read
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/apparmorfs.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 45a6199..0d8dd71 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -331,6 +331,7 @@ static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
- 			seq_printf(seq, "%.2x", profile->hash[i]);
- 		seq_puts(seq, "\n");
- 	}
-+	aa_put_profile(profile);
- 
- 	return 0;
- }
--- 
-2.7.4
-

kernel-patches/4.6/0015-apparmor-fix-refcount-race-when-finding-a-child-prof.patch

@@ -1,37 +0,0 @@
-From 6b0b8b91f454bd021e27abe0e611a6764e4806c1 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 16 Dec 2015 18:09:10 -0800
-Subject: [PATCH 15/27] apparmor: fix refcount race when finding a child
- profile
-
-When finding a child profile via an rcu critical section, the profile
-may be put and scheduled for deletion after the child is found but
-before its refcount is incremented.
-
-Protect against this by repeating the lookup if the profiles refcount
-is 0 and is one its way to deletion.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Seth Arnold <seth.arnold@canonical.com>
----
- security/apparmor/policy.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index ca402d0..7807125 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
- 	struct aa_profile *profile;
- 
- 	rcu_read_lock();
--	profile = aa_get_profile(__find_child(&parent->base.profiles, name));
-+	do {
-+		profile = __find_child(&parent->base.profiles, name);
-+	} while (profile && !aa_get_profile_not0(profile));
- 	rcu_read_unlock();
- 
- 	/* refcount released by caller */
--- 
-2.7.4
-

kernel-patches/4.6/0016-apparmor-use-list_next_entry-instead-of-list_entry_n.patch

@@ -1,59 +0,0 @@
-From 84acc6aa6976e62756e14d3a00c5634724cbaa59 Mon Sep 17 00:00:00 2001
-From: Geliang Tang <geliangtang@163.com>
-Date: Mon, 16 Nov 2015 21:46:33 +0800
-Subject: [PATCH 16/27] apparmor: use list_next_entry instead of
- list_entry_next
-
-list_next_entry has been defined in list.h, so I replace list_entry_next
-with it.
-
-Signed-off-by: Geliang Tang <geliangtang@163.com>
-Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/apparmorfs.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 0d8dd71..729e595 100644
---- a/security/apparmor/apparmorfs.c
-+++ b/security/apparmor/apparmorfs.c
-@@ -553,8 +553,6 @@ fail2:
- }
- 
- 
--#define list_entry_next(pos, member) \
--	list_entry(pos->member.next, typeof(*pos), member)
- #define list_entry_is_head(pos, head, member) (&pos->member == (head))
- 
- /**
-@@ -585,7 +583,7 @@ static struct aa_namespace *__next_namespace(struct aa_namespace *root,
- 	parent = ns->parent;
- 	while (ns != root) {
- 		mutex_unlock(&ns->lock);
--		next = list_entry_next(ns, base.list);
-+		next = list_next_entry(ns, base.list);
- 		if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
- 			mutex_lock(&next->lock);
- 			return next;
-@@ -639,7 +637,7 @@ static struct aa_profile *__next_profile(struct aa_profile *p)
- 	parent = rcu_dereference_protected(p->parent,
- 					   mutex_is_locked(&p->ns->lock));
- 	while (parent) {
--		p = list_entry_next(p, base.list);
-+		p = list_next_entry(p, base.list);
- 		if (!list_entry_is_head(p, &parent->base.profiles, base.list))
- 			return p;
- 		p = parent;
-@@ -648,7 +646,7 @@ static struct aa_profile *__next_profile(struct aa_profile *p)
- 	}
- 
- 	/* is next another profile in the namespace */
--	p = list_entry_next(p, base.list);
-+	p = list_next_entry(p, base.list);
- 	if (!list_entry_is_head(p, &ns->base.profiles, base.list))
- 		return p;
- 
--- 
-2.7.4
-

kernel-patches/4.6/0017-apparmor-allow-SYS_CAP_RESOURCE-to-be-sufficient-to-.patch

@@ -1,50 +0,0 @@
-From a3896605318b86d8cf288c122e03604e349d5dd7 Mon Sep 17 00:00:00 2001
-From: Jeff Mahoney <jeffm@suse.com>
-Date: Fri, 6 Nov 2015 15:17:30 -0500
-Subject: [PATCH 17/27] apparmor: allow SYS_CAP_RESOURCE to be sufficient to
- prlimit another task
-
-While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit
-on another task. The only other example of a AppArmor mediating access to
-another, already running, task (ignoring fork+exec) is ptrace.
-
-The AppArmor model for ptrace is that one of the following must be true:
-1) The tracer is unconfined
-2) The tracer is in complain mode
-3) The tracer and tracee are confined by the same profile
-4) The tracer is confined but has SYS_CAP_PTRACE
-
-1), 2, and 3) are already true for setrlimit.
-
-We can match the ptrace model just by allowing CAP_SYS_RESOURCE.
-
-We still test the values of the rlimit since it can always be overridden
-using a value that means unlimited for a particular resource.
-
-Signed-off-by: Jeff Mahoney <jeffm@suse.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/resource.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
-index 748bf0c..67a6072 100644
---- a/security/apparmor/resource.c
-+++ b/security/apparmor/resource.c
-@@ -101,9 +101,11 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
- 	/* TODO: extend resource control to handle other (non current)
- 	 * profiles.  AppArmor rules currently have the implicit assumption
- 	 * that the task is setting the resource of a task confined with
--	 * the same profile.
-+	 * the same profile or that the task setting the resource of another
-+	 * task has CAP_SYS_RESOURCE.
- 	 */
--	if (profile != task_profile ||
-+	if ((profile != task_profile &&
-+	     aa_capable(profile, CAP_SYS_RESOURCE, 1)) ||
- 	    (profile->rlimits.mask & (1 << resource) &&
- 	     new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
- 		error = -EACCES;
--- 
-2.7.4
-

kernel-patches/4.6/0018-apparmor-add-missing-id-bounds-check-on-dfa-verifica.patch

@@ -1,40 +0,0 @@
-From 6fdcc3cfecd4d89457036627d59ebe5154d094c5 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Thu, 2 Jun 2016 02:37:02 -0700
-Subject: [PATCH 18/27] apparmor: add missing id bounds check on dfa
- verification
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/include/match.h | 1 +
- security/apparmor/match.c         | 2 ++
- 2 files changed, 3 insertions(+)
-
-diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h
-index 001c43a..a1c04fe 100644
---- a/security/apparmor/include/match.h
-+++ b/security/apparmor/include/match.h
-@@ -62,6 +62,7 @@ struct table_set_header {
- #define YYTD_ID_ACCEPT2 6
- #define YYTD_ID_NXT	7
- #define YYTD_ID_TSIZE	8
-+#define YYTD_ID_MAX	8
- 
- #define YYTD_DATA8	1
- #define YYTD_DATA16	2
-diff --git a/security/apparmor/match.c b/security/apparmor/match.c
-index 727eb42..f9f57c6 100644
---- a/security/apparmor/match.c
-+++ b/security/apparmor/match.c
-@@ -47,6 +47,8 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
- 	 * it every time we use td_id as an index
- 	 */
- 	th.td_id = be16_to_cpu(*(u16 *) (blob)) - 1;
-+	if (th.td_id > YYTD_ID_MAX)
-+		goto out;
- 	th.td_flags = be16_to_cpu(*(u16 *) (blob + 2));
- 	th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8));
- 	blob += sizeof(struct table_header);
--- 
-2.7.4
-