summaryrefslogtreecommitdiffstats
path: root/security/apparmor/capability.c
Commit message (Collapse)AuthorAgeFilesLines
* LSM: generalize flag passing to security_capableMicah Morton2019-01-101-7/+7
| | | | | | | | | | | | | | This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>
* apparmor: move context.h to cred.hJohn Johansen2018-02-091-1/+1
| | | | | | | | | Now that file contexts have been moved into file, and task context fns() and data have been split from the context, only the cred context remains in context.h so rename to cred.h to better reflect what it deals with. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: move capability checks to using labelsJohn Johansen2017-06-101-19/+38
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: rename apparmor file fns and data to indicate useJohn Johansen2017-06-081-2/+2
| | | | | | | | | | | | | prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>
* apparmor: update cap audit to check SECURITY_CAP_NOAUDITJohn Johansen2017-01-161-6/+10
| | | | | | | | apparmor should be checking the SECURITY_CAP_NOAUDIT constant. Also in complain mode make it so apparmor can elect to log a message, informing of the check. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: change aad apparmor_audit_data macro to a fn macroJohn Johansen2017-01-161-7/+3
| | | | | | | | | | | The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: fix capability to not use the current task, during reportingJohn Johansen2013-10-291-10/+5
| | | | | | | Mediation is based off of the cred but auditing includes the current task which may not be related to the actual request. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: export set of capabilities supported by the apparmor moduleJohn Johansen2013-08-141-0/+5
| | | | | | Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
* LSM: do not initialize common_audit_data to 0Eric Paris2012-04-091-1/+1
| | | | | | | It isn't needed. If you don't set the type of the data associated with that type it is a pretty obvious programming bug. So why waste the cycles? Signed-off-by: Eric Paris <eparis@redhat.com>
* apparmor: move task from common_audit_data to apparmor_audit_dataEric Paris2012-04-091-1/+1
| | | | | | | | apparmor is the only LSM that uses the common_audit_data tsk field. Instead of making all LSMs pay for the stack space move the aa usage into the apparmor_audit_data. Signed-off-by: Eric Paris <eparis@redhat.com>
* LSM: remove the COMMON_AUDIT_DATA_INIT type expansionEric Paris2012-04-091-1/+1
| | | | | | Just open code it so grep on the source code works better. Signed-off-by: Eric Paris <eparis@redhat.com>
* LSM: shrink sizeof LSM specific portion of common_audit_dataEric Paris2012-04-031-2/+4
| | | | | | | | | | | | Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* AppArmor: mediation of non file objectsJohn Johansen2010-08-021-0/+141
ipc: AppArmor ipc is currently limited to mediation done by file mediation and basic ptrace tests. Improved mediation is a wip. rlimits: AppArmor provides basic abilities to set and control rlimits at a per profile level. Only resources specified in a profile are controled or set. AppArmor rules set the hard limit to a value <= to the current hard limit (ie. they can not currently raise hard limits), and if necessary will lower the soft limit to the new hard limit value. AppArmor does not track resource limits to reset them when a profile is left so that children processes inherit the limits set by the parent even if they are not confined by the same profile. Capabilities: AppArmor provides a per profile mask of capabilities, that will further restrict. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>