add single module patch and changes to other patches required by it

2025-03-04 16:35:02 +01:00 · 2007-02-05 22:37:20 +00:00 · 2007-02-05 22:37:20 +00:00 · a2bfe528f0
commit a2bfe528f0
parent 49c4f94e5c
6 changed files with 3944 additions and 60 deletions
--- a/kernel-patches/for-mainline/apparmor-d_path_flags.diff
+++ b/kernel-patches/for-mainline/apparmor-d_path_flags.diff
@ -1,8 +1,8 @@
-Index: linux-2.6/security/apparmor/main.c
+Index: linux-2.6.19.1/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
-@@ -804,6 +804,7 @@ char *aa_get_name(struct dentry *dentry,
+--- linux-2.6.19.1.orig/security/apparmor/main.c
+++ linux-2.6.19.1/security/apparmor/main.c
+@@ -668,6 +668,7 @@ char *aa_get_name(struct dentry *dentry,
 {
 	char *buffer, *name;
 	int order = 0;
@ -10,7 +10,7 @@ Index: linux-2.6/security/apparmor/main.c
 
 	*addr = NULL;
 	buffer = (char *)aa_get_path(GFP_KERNEL);
-@@ -813,7 +814,8 @@ char *aa_get_name(struct dentry *dentry,
+@@ -677,7 +678,8 @@ char *aa_get_name(struct dentry *dentry,
 		goto out;
 	}
 
@ -20,7 +20,7 @@ Index: linux-2.6/security/apparmor/main.c
 	/* check for (deleted) that d_path appends to pathnames if the dentry
 	 * has been removed from the cache.
 	 * The size > deleted_size and strcmp checks are redundant safe guards.
-@@ -826,16 +828,6 @@ char *aa_get_name(struct dentry *dentry,
+@@ -690,16 +692,6 @@ char *aa_get_name(struct dentry *dentry,
 		order++;
 		buffer = kmalloc(PAGE_SIZE << order, GFP_KERNEL);
 		goto retry;
--- a/kernel-patches/for-mainline/apparmor-dfa.diff
+++ b/kernel-patches/for-mainline/apparmor-dfa.diff
@ -1,7 +1,7 @@
-Index: linux-2.6/security/apparmor/match/Kbuild
+Index: linux-2.6.19.1/security/apparmor/match/Kbuild
 ===================================================================
--- linux-2.6.orig/security/apparmor/match/Kbuild
-+++ linux-2.6/security/apparmor/match/Kbuild
+--- linux-2.6.19.1.orig/security/apparmor/match/Kbuild
+++ linux-2.6.19.1/security/apparmor/match/Kbuild
@@ -1,6 +1,6 @@
 # Makefile for AppArmor aamatch submodule
 #
@ -11,10 +11,10 @@ Index: linux-2.6/security/apparmor/match/Kbuild
 
 -aamatch_pcre-y := match_pcre.o pcre_exec.o
 +aamatch_dfa-y := match_dfa.o
-Index: linux-2.6/security/apparmor/match/match_dfa.c
+Index: linux-2.6.19.1/security/apparmor/match/match_dfa.c
 ===================================================================
 --- /dev/null
-+++ linux-2.6/security/apparmor/match/match_dfa.c
+++ linux-2.6.19.1/security/apparmor/match/match_dfa.c
@@ -0,0 +1,398 @@
 +/*
 + *	Copyright (C) 2002-2005 Novell/SUSE
@ -414,10 +414,10 @@ Index: linux-2.6/security/apparmor/match/match_dfa.c
 +MODULE_DESCRIPTION("AppArmor aa_match module [dfa]");
 +MODULE_AUTHOR("John Johansen <jjohansen@suse.de>");
 +MODULE_LICENSE("GPL");
-Index: linux-2.6/security/apparmor/module_interface.c
+Index: linux-2.6.19.1/security/apparmor/module_interface.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/module_interface.c
-+++ linux-2.6/security/apparmor/module_interface.c
+--- linux-2.6.19.1.orig/security/apparmor/module_interface.c
+++ linux-2.6.19.1/security/apparmor/module_interface.c
@@ -206,6 +206,7 @@ static void aaconvert(enum aa_code code,
 		*(u16 *)dest = le16_to_cpu(get_unaligned((u16 *)src));
 		break;
@ -465,10 +465,10 @@ Index: linux-2.6/security/apparmor/module_interface.c
 	free_aa_entry(entry);
 	return NULL;
 }
-Index: linux-2.6/security/apparmor/module_interface.h
+Index: linux-2.6.19.1/security/apparmor/module_interface.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/module_interface.h
-+++ linux-2.6/security/apparmor/module_interface.h
+--- linux-2.6.19.1.orig/security/apparmor/module_interface.h
+++ linux-2.6.19.1/security/apparmor/module_interface.h
@@ -20,6 +20,7 @@ enum aa_code {
 	AA_LIST,
 	AA_LISTEND,
@ -477,10 +477,10 @@ Index: linux-2.6/security/apparmor/module_interface.h
 	AA_BAD
 };
 
-Index: linux-2.6/security/apparmor/shared.h
+Index: linux-2.6.19.1/security/apparmor/shared.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/shared.h
-+++ linux-2.6/security/apparmor/shared.h
+--- linux-2.6.19.1.orig/security/apparmor/shared.h
+++ linux-2.6.19.1/security/apparmor/shared.h
@@ -28,6 +28,9 @@
 #define POS_AA_EXEC_UNSAFE		(POS_AA_EXEC_MMAP + 1)
 #define POS_AA_FILE_MAX			POS_AA_EXEC_UNSAFE
--- a/kernel-patches/for-mainline/apparmor-path_resize.diff
+++ b/kernel-patches/for-mainline/apparmor-path_resize.diff
@ -1,8 +1,8 @@
-Index: linux-2.6/security/apparmor/apparmor.h
+Index: linux-2.6.19.1/security/apparmor/apparmor.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmor.h
-+++ linux-2.6/security/apparmor/apparmor.h
-@@ -255,7 +255,8 @@ extern int aa_audit_message(struct aapro
+--- linux-2.6.19.1.orig/security/apparmor/apparmor.h
+++ linux-2.6.19.1/security/apparmor/apparmor.h
+@@ -218,7 +218,8 @@ extern int aa_audit_message(struct aapro
 extern int aa_audit_syscallreject(struct aaprofile *active, gfp_t gfp,
 				  const char *);
 extern int aa_audit(struct aaprofile *active, const struct aa_audit *);
@ -12,11 +12,11 @@ Index: linux-2.6/security/apparmor/apparmor.h
 
 extern int aa_attr(struct aaprofile *active, struct dentry *dentry,
 		   struct vfsmount *mnt, struct iattr *iattr);
-Index: linux-2.6/security/apparmor/inline.h
+Index: linux-2.6.19.1/security/apparmor/inline.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/inline.h
-+++ linux-2.6/security/apparmor/inline.h
-@@ -220,9 +220,12 @@ static inline struct aaprofile *alloc_aa
+--- linux-2.6.19.1.orig/security/apparmor/inline.h
+++ linux-2.6.19.1/security/apparmor/inline.h
+@@ -214,9 +214,12 @@ static inline struct aaprofile *alloc_aa
  * Release space (free_page) allocated to hold pathname
  * name may be NULL (checked for by free_page)
  */
@ -31,11 +31,11 @@ Index: linux-2.6/security/apparmor/inline.h
 }
 
 /** __aa_find_profile
-Index: linux-2.6/security/apparmor/main.c
+Index: linux-2.6.19.1/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
-@@ -454,8 +454,9 @@ static int _aa_perm_vfsmount(struct aapr
+--- linux-2.6.19.1.orig/security/apparmor/main.c
+++ linux-2.6.19.1/security/apparmor/main.c
+@@ -318,8 +318,9 @@ static int _aa_perm_vfsmount(struct aapr
                       struct vfsmount *mnt, struct aa_audit *sa, int mask)
 {
 	int permerror, error;
@ -46,7 +46,7 @@ Index: linux-2.6/security/apparmor/main.c
 
 	if (IS_ERR(sa->name)) {
 		permerror = PTR_ERR(sa->name);
-@@ -468,7 +469,7 @@ static int _aa_perm_vfsmount(struct aapr
+@@ -332,7 +333,7 @@ static int _aa_perm_vfsmount(struct aapr
 
 	error = aa_audit(active, sa);
 
@ -55,7 +55,7 @@ Index: linux-2.6/security/apparmor/main.c
 
 	return error;
 }
-@@ -794,27 +795,37 @@ out:
+@@ -658,27 +659,37 @@ out:
  * aa_get_name - retrieve fully qualified path name
  * @dentry: relative path element
  * @mnt: where in tree
@ -100,7 +100,7 @@ Index: linux-2.6/security/apparmor/main.c
 	} else {
 		const char deleted_str[] = " (deleted)";
 		const size_t deleted_size = sizeof(deleted_str) - 1;
-@@ -828,6 +839,8 @@ char *aa_get_name(struct dentry *dentry,
+@@ -692,6 +703,8 @@ char *aa_get_name(struct dentry *dentry,
 	}
 
 out:
@ -109,7 +109,15 @@ Index: linux-2.6/security/apparmor/main.c
 	return name;
 }
 
-@@ -986,9 +999,10 @@ int aa_link(struct aaprofile *active,
+@@ -766,6 +779,7 @@ int aa_perm(struct aaprofile *active, st
+ {
+ 	int error = 0;
+ 	struct aa_audit sa;
+	char *addr;
+ 
+ 	if ((mask = aa_filter_mask(mask, dentry->d_inode)) == 0)
+ 		goto out;
+@@ -850,9 +864,10 @@ int aa_link(struct aaprofile *active,
 {
         int permerror = -EPERM, error;
 	struct aa_audit sa;
@ -122,7 +130,7 @@ Index: linux-2.6/security/apparmor/main.c
 
         if (IS_ERR(sa.name)) {
                 permerror = PTR_ERR(sa.name);
-@@ -1010,8 +1024,8 @@ int aa_link(struct aaprofile *active,
+@@ -874,8 +889,8 @@ int aa_link(struct aaprofile *active,
 
 	error = aa_audit(active, &sa);
 
@ -133,7 +141,7 @@ Index: linux-2.6/security/apparmor/main.c
 
         return error;
 }
-@@ -1078,6 +1092,7 @@ int aa_fork(struct task_struct *p)
+@@ -942,6 +957,7 @@ int aa_fork(struct task_struct *p)
 int aa_register(struct linux_binprm *bprm)
 {
 	char *filename;
@ -141,7 +149,7 @@ Index: linux-2.6/security/apparmor/main.c
 	struct file *filp = bprm->file;
 	struct aaprofile *active;
 	struct aaprofile *newprofile = NULL, unconstrained_flag;
-@@ -1090,7 +1105,7 @@ int aa_register(struct linux_binprm *bpr
+@@ -954,7 +970,7 @@ int aa_register(struct linux_binprm *bpr
 
 	AA_DEBUG("%s\n", __FUNCTION__);
 
@ -150,7 +158,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (IS_ERR(filename)) {
 		AA_WARN("%s: Failed to get filename\n", __FUNCTION__);
 		goto out;
-@@ -1339,7 +1354,7 @@ apply_profile:
+@@ -1206,7 +1222,7 @@ apply_profile:
 	}
 
 cleanup:
--- a/kernel-patches/for-mainline/apparmor-percpu_path_cache.diff
+++ b/kernel-patches/for-mainline/apparmor-percpu_path_cache.diff
@ -1,8 +1,8 @@
-Index: linux-2.6/security/apparmor/apparmor.h
+Index: linux-2.6.19.1/security/apparmor/apparmor.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/apparmor.h
-+++ linux-2.6/security/apparmor/apparmor.h
-@@ -234,7 +234,19 @@ enum aa_xattroptype {
+--- linux-2.6.19.1.orig/security/apparmor/apparmor.h
+++ linux-2.6.19.1/security/apparmor/apparmor.h
+@@ -197,7 +197,19 @@ enum aa_xattroptype {
 #define BASE_PROFILE(p) ((p)->parent ? (p)->parent : (p))
 #define IN_SUBPROFILE(p) ((p)->parent)
 
@ -22,11 +22,11 @@ Index: linux-2.6/security/apparmor/apparmor.h
 extern int alloc_null_complain_profile(void);
 extern void free_null_complain_profile(void);
 extern int attach_nullprofile(struct aaprofile *profile);
-Index: linux-2.6/security/apparmor/inline.h
+Index: linux-2.6.19.1/security/apparmor/inline.h
 ===================================================================
--- linux-2.6.orig/security/apparmor/inline.h
-+++ linux-2.6/security/apparmor/inline.h
-@@ -222,7 +222,7 @@ static inline struct aaprofile *alloc_aa
+--- linux-2.6.19.1.orig/security/apparmor/inline.h
+++ linux-2.6.19.1/security/apparmor/inline.h
+@@ -216,7 +216,7 @@ static inline struct aaprofile *alloc_aa
  */
 static inline void aa_put_name(const char *name)
 {
@ -35,11 +35,11 @@ Index: linux-2.6/security/apparmor/inline.h
 }
 
 /** __aa_find_profile
-Index: linux-2.6/security/apparmor/lsm.c
+Index: linux-2.6.19.1/security/apparmor/lsm.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/lsm.c
-+++ linux-2.6/security/apparmor/lsm.c
-@@ -816,6 +816,11 @@ static int __init apparmor_init(void)
+--- linux-2.6.19.1.orig/security/apparmor/lsm.c
+++ linux-2.6.19.1/security/apparmor/lsm.c
+@@ -814,6 +814,11 @@ static int __init apparmor_init(void)
 		goto alloc_out;
 	}
 
@ -51,7 +51,7 @@ Index: linux-2.6/security/apparmor/lsm.c
 	if ((error = register_security(&apparmor_ops))) {
 		AA_ERROR("Unable to load AppArmor\n");
 		goto register_security_out;
-@@ -830,6 +835,9 @@ static int __init apparmor_init(void)
+@@ -828,6 +833,9 @@ static int __init apparmor_init(void)
 	return error;
 
 register_security_out:
@ -61,18 +61,17 @@ Index: linux-2.6/security/apparmor/lsm.c
 	free_null_complain_profile();
 
 alloc_out:
-Index: linux-2.6/security/apparmor/main.c
+Index: linux-2.6.19.1/security/apparmor/main.c
 ===================================================================
--- linux-2.6.orig/security/apparmor/main.c
-+++ linux-2.6/security/apparmor/main.c
-@@ -12,12 +12,133 @@
+--- linux-2.6.19.1.orig/security/apparmor/main.c
+++ linux-2.6.19.1/security/apparmor/main.c
+@@ -12,11 +12,132 @@
 #include <linux/security.h>
 #include <linux/namei.h>
 #include <linux/audit.h>
 +#include <linux/mm.h>
 
 #include "apparmor.h"
- #include "match/match.h"
 
 #include "inline.h"
 
@ -199,7 +198,7 @@ Index: linux-2.6/security/apparmor/main.c
 /* NULL complain profile
  *
  * Used when in complain mode, to emit Permitting messages for non-existant
-@@ -681,7 +802,7 @@ char *aa_get_name(struct dentry *dentry,
+@@ -545,7 +666,7 @@ char *aa_get_name(struct dentry *dentry,
 {
 	char *page, *name;
 
@ -208,7 +207,7 @@ Index: linux-2.6/security/apparmor/main.c
 	if (!page) {
 		name = ERR_PTR(-ENOMEM);
 		goto out;
-@@ -693,7 +814,7 @@ char *aa_get_name(struct dentry *dentry,
+@@ -557,7 +678,7 @@ char *aa_get_name(struct dentry *dentry,
 	 * The size > deleted_size and strcmp checks are redundant safe guards.
 	 */
 	if (IS_ERR(name)) {
--- a/kernel-patches/for-mainline/apparmor-single_module.diff
+++ b/kernel-patches/for-mainline/apparmor-single_module.diff
--- a/kernel-patches/for-mainline/series
+++ b/kernel-patches/for-mainline/series
@ -40,6 +40,7 @@ apparmor-bootdisable.diff
 apparmor-novalidfstype.diff
 apparmor-match_perms.diff
 apparmor-dfa.diff
+apparmor-single_module.diff
 apparmor-percpu_path_cache.diff
 apparmor-path_resize.diff
 apparmor-d_path_flags.diff