apparmor: Remove deadcode

aa_label_audit, aa_label_find, aa_label_seq_print and aa_update_label_name
were added by commit
f1bd904175e8 ("apparmor: add the base fns() for domain labels")
but never us

apparmor: Remove deadcode

aa_label_audit, aa_label_find, aa_label_seq_print and aa_update_label_name
were added by commit
f1bd904175e8 ("apparmor: add the base fns() for domain labels")
but never used.

aa_profile_label_perm was added by commit
637f688dc3dc ("apparmor: switch from profiles to using labels on contexts")
but never used.

aa_secid_update was added by commit
c092921219d2 ("apparmor: add support for mapping secids and using secctxes")
but never used.

aa_split_fqname has been unused since commit
3664268f19ea ("apparmor: add namespace lookup fns()")

aa_lookup_profile has been unused since commit
93c98a484c49 ("apparmor: move exec domain mediation to using labels")

aa_audit_perms_cb was only used by aa_profile_label_perm (see above).

All of these commits are from around 2017.

Remove them.

Signed-off-by: Dr. David Alan Gilbert <[email protected]>
Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: add io_uring mediation

For now, the io_uring mediation is limited to sqpoll and
override_creds.

Signed-off-by: Georgia Garcia <[email protected]>
Signed-off-by: John Johansen <

apparmor: add io_uring mediation

For now, the io_uring mediation is limited to sqpoll and
override_creds.

Signed-off-by: Georgia Garcia <[email protected]>
Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: combine common_audit_data and apparmor_audit_data

Everywhere where common_audit_data is used apparmor audit_data is also
used. We can simplify the code and drop the use of the aad macro
ev

apparmor: combine common_audit_data and apparmor_audit_data

Everywhere where common_audit_data is used apparmor audit_data is also
used. We can simplify the code and drop the use of the aad macro
everywhere by combining the two structures.

Reviewed-by: Georgia Garcia <[email protected]>
Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: refactor profile rules and attachments

In preparation for moving from a single set of rules and a single
attachment to multiple rulesets and attachments separate from the
profile refactor

apparmor: refactor profile rules and attachments

In preparation for moving from a single set of rules and a single
attachment to multiple rulesets and attachments separate from the
profile refactor attachment information and ruleset info into their
own structures.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: cleanup: move perm accumulation into perms.h

Perm accumulation is going to be used much more frequently so let
the compiler figure out if it can be optimized when used.

Signed-off-by: Joh

apparmor: cleanup: move perm accumulation into perms.h

Perm accumulation is going to be used much more frequently so let
the compiler figure out if it can be optimized when used.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: make sure perm indexes are accumulated

accumulate permission indexes on a first encountered basis. This
favors original rulesets so that new ones can not override without
profile replaceme

apparmor: make sure perm indexes are accumulated

accumulate permission indexes on a first encountered basis. This
favors original rulesets so that new ones can not override without
profile replacement.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: extend permissions to support a label and tag string

add indexes for label and tag entries. Rename the domain table to the
str_table as its a shared string table with label and tags.

Sign

apparmor: extend permissions to support a label and tag string

add indexes for label and tag entries. Rename the domain table to the
str_table as its a shared string table with label and tags.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: extend xindex size

Allow the xindex to have 2^24 entries.

Signed-off-by: John Johansen <[email protected]>

apparmor: convert policy lookup to use accept as an index

Remap polidydb dfa accept table from embedded perms to an index, and
then move the perm lookup to use the accept entry as an index into the

apparmor: convert policy lookup to use accept as an index

Remap polidydb dfa accept table from embedded perms to an index, and
then move the perm lookup to use the accept entry as an index into the
perm table. This is done so that the perm table can be separated from
the dfa, allowing dfa accept to index to share expanded permission
sets.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: cleanup shared permission struct

The shared permissions struct has the stop field which is unneeded
and the "reserved" subtree field commented which is needed. Also
reorganize so that the

apparmor: cleanup shared permission struct

The shared permissions struct has the stop field which is unneeded
and the "reserved" subtree field commented which is needed. Also
reorganize so that the entries are logically grouped.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: compute policydb permission on profile load

Rather than computing policydb permissions for each access
permissions can be computed once on profile load and stored for lookup.

Signed-off-b

apparmor: compute policydb permission on profile load

Rather than computing policydb permissions for each access
permissions can be computed once on profile load and stored for lookup.

Signed-off-by: John Johansen <[email protected]>

show more ...

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441

Based on 1 normalized pattern(s):

this program is free software you can redistribute it and or modify
it under the terms of th

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441

Based on 1 normalized pattern(s):

this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation version 2 of the license

extracted by the scancode license scanner the SPDX license identifier

GPL-2.0-only

has been chosen to replace the boilerplate/reference in 315 file(s).

Signed-off-by: Thomas Gleixner <[email protected]>
Reviewed-by: Allison Randal <[email protected]>
Reviewed-by: Armijn Hemel <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>

show more ...

apparmor: Check buffer bounds when mapping permissions mask

Don't read past the end of the buffer containing permissions
characters or write past the end of the destination string.

Detected by Cove

apparmor: Check buffer bounds when mapping permissions mask

Don't read past the end of the buffer containing permissions
characters or write past the end of the destination string.

Detected by CoverityScan CID#1415361, 1415376 ("Out-of-bounds access")

Fixes: e53cfe6c7caa ("apparmor: rework perm mapping to a slightly broader set")
Signed-off-by: Tyler Hicks <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: add base infastructure for socket mediation

version 2 - Force an abi break. Network mediation will only be
available in v8 abi complaint policy.

Provide a basic mediation of s

apparmor: add base infastructure for socket mediation

version 2 - Force an abi break. Network mediation will only be
available in v8 abi complaint policy.

Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.

the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]

DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','

TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )

PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )

eg.
network,
network inet,

Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]>

show more ...

apparmor: fix ptrace label match when matching stacked labels

Given a label with a profile stack of
A//&B or A//&C ...

A ptrace rule should be able to specify a generic trace pattern with
a rule

apparmor: fix ptrace label match when matching stacked labels

Given a label with a profile stack of
A//&B or A//&C ...

A ptrace rule should be able to specify a generic trace pattern with
a rule like

ptrace trace A//&**,

however this is failing because while the correct label match routine
is called, it is being done post label decomposition so it is always
being done against a profile instead of the stacked label.

To fix this refactor the cross check to pass the full peer label in to
the label_match.

Fixes: 290f458a4f16 ("apparmor: allow ptrace checks to be finer grained than just capability")
Cc: Stable <[email protected]>
Reported-by: Matthew Garrett <[email protected]>
Tested-by: Matthew Garrett <[email protected]>
Signed-off-by: John Johansen <[email protected]>

show more ...

Revert "apparmor: add base infastructure for socket mediation"

This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e.

This caused a regression:
"The specific problem is that dnsmasq refuses

Revert "apparmor: add base infastructure for socket mediation"

This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e.

This caused a regression:
"The specific problem is that dnsmasq refuses to start on openSUSE Leap
42.2. The specific cause is that and attempt to open a PF_LOCAL socket
gets EACCES. This means that networking doesn't function on a system
with a 4.14-rc2 system."

Sadly, the developers involved seemed to be in denial for several weeks
about this, delaying the revert. This has not been a good release for
the security subsystem, and this area needs to change development
practices.

Reported-and-bisected-by: James Bottomley <[email protected]>
Tracked-by: Thorsten Leemhuis <[email protected]>
Cc: John Johansen <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Seth Arnold <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

show more ...

apparmor: add base infastructure for socket mediation

Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application

apparmor: add base infastructure for socket mediation

Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.

the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]

DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','

TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )

PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )

eg.
network,
network inet,

Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]>

show more ...

apparmor: add cross check permission helper macros

The cross check permission helper macros will help simplify code
that does cross task permission checks like ptrace.

Signed-off-by: John Johansen

apparmor: add cross check permission helper macros

The cross check permission helper macros will help simplify code
that does cross task permission checks like ptrace.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: switch from profiles to using labels on contexts

Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible

apparmor: switch from profiles to using labels on contexts

Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.

Signed-off-by: John Johansen <[email protected]>

show more ...

apparmor: switch from file_perms to aa_perms

Signed-off-by: John Johansen <[email protected]>

apparmor: add gerneric permissions struct and support fns

Signed-off-by: John Johansen <[email protected]>

apparmor: rework perm mapping to a slightly broader set

Signed-off-by: John Johansen <[email protected]>

apparmor: move permissions into their own file to be more easily shared

Signed-off-by: John Johansen <[email protected]>