diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-02-03 16:54:03 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-02-03 16:57:19 +0100 |
commit | ae74c356d94b795eb07dfe9978788b49b70f5959 (patch) | |
tree | c13c6894b75f95d3a4dc4627efef508bb03dfba8 /pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch | |
parent | c9790126312119ce5a2a8ac946d9f086e7ea9f55 (diff) | |
parent | 53e0f8b1cdf36574bfede6e62e2ac2739c3ef804 (diff) |
Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
Diffstat (limited to 'pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch')
-rw-r--r-- | pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch | 264 |
1 files changed, 0 insertions, 264 deletions
diff --git a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch b/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch deleted file mode 100644 index 88a50ca780ae..000000000000 --- a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 8de755e4dfdbc40bfcaca848ae6b5aeaf0ede0e8 Mon Sep 17 00:00:00 2001 -From: John Johansen <john.johansen@canonical.com> -Date: Thu, 22 Jul 2010 02:32:02 -0700 -Subject: [PATCH 1/3] UBUNTU: SAUCE: AppArmor: Add profile introspection file - to interface - -Add the dynamic profiles file to the interace, to allow load policy -introspection. - -Signed-off-by: John Johansen <john.johansen@canonical.com> -Acked-by: Kees Cook <kees@ubuntu.com> -Signed-off-by: Tim Gardner <tim.gardner@canonical.com> ---- - security/apparmor/apparmorfs.c | 227 ++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 227 insertions(+) - -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -index 16c15ec..89bdc62 100644 ---- a/security/apparmor/apparmorfs.c -+++ b/security/apparmor/apparmorfs.c -@@ -182,6 +182,232 @@ const struct file_operations aa_fs_seq_file_ops = { - .release = single_release, - }; - -+/** -+ * __next_namespace - find the next namespace to list -+ * @root: root namespace to stop search at (NOT NULL) -+ * @ns: current ns position (NOT NULL) -+ * -+ * Find the next namespace from @ns under @root and handle all locking needed -+ * while switching current namespace. -+ * -+ * Returns: next namespace or NULL if at last namespace under @root -+ * NOTE: will not unlock root->lock -+ */ -+static struct aa_namespace *__next_namespace(struct aa_namespace *root, -+ struct aa_namespace *ns) -+{ -+ struct aa_namespace *parent; -+ -+ /* is next namespace a child */ -+ if (!list_empty(&ns->sub_ns)) { -+ struct aa_namespace *next; -+ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); -+ read_lock(&next->lock); -+ return next; -+ } -+ -+ /* check if the next ns is a sibling, parent, gp, .. */ -+ parent = ns->parent; -+ while (parent) { -+ read_unlock(&ns->lock); -+ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) { -+ read_lock(&ns->lock); -+ return ns; -+ } -+ if (parent == root) -+ return NULL; -+ ns = parent; -+ parent = parent->parent; -+ } -+ -+ return NULL; -+} -+ -+/** -+ * __first_profile - find the first profile in a namespace -+ * @root: namespace that is root of profiles being displayed (NOT NULL) -+ * @ns: namespace to start in (NOT NULL) -+ * -+ * Returns: unrefcounted profile or NULL if no profile -+ */ -+static struct aa_profile *__first_profile(struct aa_namespace *root, -+ struct aa_namespace *ns) -+{ -+ for ( ; ns; ns = __next_namespace(root, ns)) { -+ if (!list_empty(&ns->base.profiles)) -+ return list_first_entry(&ns->base.profiles, -+ struct aa_profile, base.list); -+ } -+ return NULL; -+} -+ -+/** -+ * __next_profile - step to the next profile in a profile tree -+ * @profile: current profile in tree (NOT NULL) -+ * -+ * Perform a depth first taversal on the profile tree in a namespace -+ * -+ * Returns: next profile or NULL if done -+ * Requires: profile->ns.lock to be held -+ */ -+static struct aa_profile *__next_profile(struct aa_profile *p) -+{ -+ struct aa_profile *parent; -+ struct aa_namespace *ns = p->ns; -+ -+ /* is next profile a child */ -+ if (!list_empty(&p->base.profiles)) -+ return list_first_entry(&p->base.profiles, typeof(*p), -+ base.list); -+ -+ /* is next profile a sibling, parent sibling, gp, subling, .. */ -+ parent = p->parent; -+ while (parent) { -+ list_for_each_entry_continue(p, &parent->base.profiles, -+ base.list) -+ return p; -+ p = parent; -+ parent = parent->parent; -+ } -+ -+ /* is next another profile in the namespace */ -+ list_for_each_entry_continue(p, &ns->base.profiles, base.list) -+ return p; -+ -+ return NULL; -+} -+ -+/** -+ * next_profile - step to the next profile in where ever it may be -+ * @root: root namespace (NOT NULL) -+ * @profile: current profile (NOT NULL) -+ * -+ * Returns: next profile or NULL if there isn't one -+ */ -+static struct aa_profile *next_profile(struct aa_namespace *root, -+ struct aa_profile *profile) -+{ -+ struct aa_profile *next = __next_profile(profile); -+ if (next) -+ return next; -+ -+ /* finished all profiles in namespace move to next namespace */ -+ return __first_profile(root, __next_namespace(root, profile->ns)); -+} -+ -+/** -+ * p_start - start a depth first traversal of profile tree -+ * @f: seq_file to fill -+ * @pos: current position -+ * -+ * Returns: first profile under current namespace or NULL if none found -+ * -+ * acquires first ns->lock -+ */ -+static void *p_start(struct seq_file *f, loff_t *pos) -+ __acquires(root->lock) -+{ -+ struct aa_profile *profile = NULL; -+ struct aa_namespace *root = aa_current_profile()->ns; -+ loff_t l = *pos; -+ f->private = aa_get_namespace(root); -+ -+ -+ /* find the first profile */ -+ read_lock(&root->lock); -+ profile = __first_profile(root, root); -+ -+ /* skip to position */ -+ for (; profile && l > 0; l--) -+ profile = next_profile(root, profile); -+ -+ return profile; -+} -+ -+/** -+ * p_next - read the next profile entry -+ * @f: seq_file to fill -+ * @p: profile previously returned -+ * @pos: current position -+ * -+ * Returns: next profile after @p or NULL if none -+ * -+ * may acquire/release locks in namespace tree as necessary -+ */ -+static void *p_next(struct seq_file *f, void *p, loff_t *pos) -+{ -+ struct aa_profile *profile = p; -+ struct aa_namespace *root = f->private; -+ (*pos)++; -+ -+ return next_profile(root, profile); -+} -+ -+/** -+ * p_stop - stop depth first traversal -+ * @f: seq_file we are filling -+ * @p: the last profile writen -+ * -+ * Release all locking done by p_start/p_next on namespace tree -+ */ -+static void p_stop(struct seq_file *f, void *p) -+ __releases(root->lock) -+{ -+ struct aa_profile *profile = p; -+ struct aa_namespace *root = f->private, *ns; -+ -+ if (profile) { -+ for (ns = profile->ns; ns && ns != root; ns = ns->parent) -+ read_unlock(&ns->lock); -+ } -+ read_unlock(&root->lock); -+ aa_put_namespace(root); -+} -+ -+/** -+ * seq_show_profile - show a profile entry -+ * @f: seq_file to file -+ * @p: current position (profile) (NOT NULL) -+ * -+ * Returns: error on failure -+ */ -+static int seq_show_profile(struct seq_file *f, void *p) -+{ -+ struct aa_profile *profile = (struct aa_profile *)p; -+ struct aa_namespace *root = f->private; -+ -+ if (profile->ns != root) -+ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); -+ seq_printf(f, "%s (%s)\n", profile->base.hname, -+ COMPLAIN_MODE(profile) ? "complain" : "enforce"); -+ -+ return 0; -+} -+ -+static const struct seq_operations aa_fs_profiles_op = { -+ .start = p_start, -+ .next = p_next, -+ .stop = p_stop, -+ .show = seq_show_profile, -+}; -+ -+static int profiles_open(struct inode *inode, struct file *file) -+{ -+ return seq_open(file, &aa_fs_profiles_op); -+} -+ -+static int profiles_release(struct inode *inode, struct file *file) -+{ -+ return seq_release(inode, file); -+} -+ -+const struct file_operations aa_fs_profiles_fops = { -+ .open = profiles_open, -+ .read = seq_read, -+ .llseek = seq_lseek, -+ .release = profiles_release, -+}; -+ - /** Base file system setup **/ - - static struct aa_fs_entry aa_fs_entry_file[] = { -@@ -210,6 +436,7 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = { - AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load), - AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace), - AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove), -+ AA_FS_FILE_FOPS("profiles", 0640, &aa_fs_profiles_fops), - AA_FS_DIR("features", aa_fs_entry_features), - { } - }; --- -1.7.9.5 - |