79444df4e7
Pull apparmor updates from John Johansen:
"This is the apparmor pull request, similar to SELinux and seccomp.
It's the same series that I was sent to James' security tree + one
regression fix that was found after the series was sent to James and
would have been sent for v4.14-rc2.
Features:
- in preparation for secid mapping add support for absolute root view
based labels
- add base infastructure for socket mediation
- add mount mediation
- add signal mediation
minor cleanups and changes:
- be defensive, ensure unconfined profiles have dfas initialized
- add more debug asserts to apparmorfs
- enable policy unpacking to audit different reasons for failure
- cleanup conditional check for label in label_print
- Redundant condition: prev_ns. in [label.c:1498]
Bug Fixes:
- fix regression in apparmorfs DAC access permissions
- fix build failure on sparc caused by undeclared signals
- fix sparse report of incorrect type assignment when freeing label proxies
- fix race condition in null profile creation
- Fix an error code in aafs_create()
- Fix logical error in verify_header()
- Fix shadowed local variable in unpack_trans_table()"
* tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: fix apparmorfs DAC access permissions
apparmor: fix build failure on sparc caused by undeclared signals
apparmor: fix incorrect type assignment when freeing proxies
apparmor: ensure unconfined profiles have dfas initialized
apparmor: fix race condition in null profile creation
apparmor: move new_null_profile to after profile lookup fns()
apparmor: add base infastructure for socket mediation
apparmor: add more debug asserts to apparmorfs
apparmor: make policy_unpack able to audit different info messages
apparmor: add support for absolute root view based labels
apparmor: cleanup conditional check for label in label_print
apparmor: add mount mediation
apparmor: add the ability to mediate signals
apparmor: Redundant condition: prev_ns. in [label.c:1498]
apparmor: Fix an error code in aafs_create()
apparmor: Fix logical error in verify_header()
apparmor: Fix shadowed local variable in unpack_trans_table()
44 lines
1.0 KiB
C
44 lines
1.0 KiB
C
/*
|
|
* AppArmor security module
|
|
*
|
|
* This file contains AppArmor security domain transition function definitions.
|
|
*
|
|
* Copyright (C) 1998-2008 Novell/SUSE
|
|
* Copyright 2009-2010 Canonical Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation, version 2 of the
|
|
* License.
|
|
*/
|
|
|
|
#include <linux/binfmts.h>
|
|
#include <linux/types.h>
|
|
|
|
#include "label.h"
|
|
|
|
#ifndef __AA_DOMAIN_H
|
|
#define __AA_DOMAIN_H
|
|
|
|
struct aa_domain {
|
|
int size;
|
|
char **table;
|
|
};
|
|
|
|
#define AA_CHANGE_NOFLAGS 0
|
|
#define AA_CHANGE_TEST 1
|
|
#define AA_CHANGE_CHILD 2
|
|
#define AA_CHANGE_ONEXEC 4
|
|
#define AA_CHANGE_STACK 8
|
|
|
|
struct aa_label *x_table_lookup(struct aa_profile *profile, u32 xindex,
|
|
const char **name);
|
|
|
|
int apparmor_bprm_set_creds(struct linux_binprm *bprm);
|
|
|
|
void aa_free_domain_entries(struct aa_domain *domain);
|
|
int aa_change_hat(const char *hats[], int count, u64 token, int flags);
|
|
int aa_change_profile(const char *fqname, int flags);
|
|
|
|
#endif /* __AA_DOMAIN_H */
|