mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/kernel-patches/for-mainline/no-safex-link-subset.diff
John Johansen 923fc92c7a M split_init.diff 
- fix split init so that apparmor can be enabled at the boot command line.
  The init was broken so that apparmor couldn't be enabled unless enabled
  by default.

M    apparmor-fix-lock-letter.diff
- fix the lock letter being reported (z -> k) and update some comments

A    apparmor-create-append.diff
- fix semanitc bug where full write perms were needed to create a new file,
  where only append is needed.

M    fix-link-subset.diff
- partial fix of link subset
A    no-safex-link-subset.diff
- more link subset fixes

A    audit-log-type-in-syslog.diff
- fix audit type being missing when messages go to syslog.  This patch
  is needed for apparmor to work when messages go to syslog instead of
  auditd.  This patch can be dropped when upstream includes the
  patch to report audit number when reporting to syslog

A    audit-uid.diff
- report the fsuid to the log

A    hat_perm.diff
- setup to use hat permissions instead of just profile search for
  2.3

A    apparmor-failed-name-error.diff
- fix a bug where on failed name resolution no error or information is
  output.  It now reports info in the status field and includes an
  error_code

A    extend-x-mods.diff
- extend the x-mods in preparation of audit ctl

A    apparmor-secondary-accept.diff
- extend the dfa to have a second accept table used for audit ctl

A    apparmor-audit-flags2.diff
- extend apparmor to support audit ctl of individual permissions.
- finish fixing link-subset

A    fix-change_profile-namespace.diff
- Not applied, ignore
2008-03-13 16:36:38 +00:00

139 lines
4.5 KiB
Diff
Raw Blame History

---
security/apparmor/apparmor.h | 21 ++++++++++-----------
security/apparmor/main.c | 40 ++++++++++++----------------------------
security/apparmor/match.c | 9 +++++++--
3 files changed, 29 insertions(+), 41 deletions(-)
--- a/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -42,15 +42,18 @@
AA_EXEC_MOD_2 | AA_EXEC_MOD_3 | \
AA_EXEC_MOD_4)
+#define AA_EXEC_MODIFIERS (AA_EXEC_MOD_0 | AA_EXEC_MOD_1 | \
+ AA_EXEC_MOD_2 | AA_EXEC_MOD_3 | \
+ AA_EXEC_MOD_4)
+
+#define AA_EXEC_TYPE (MAY_EXEC | AA_EXEC_UNSAFE | \
+ AA_EXEC_MODIFIERS)
+
#define AA_EXEC_UNCONFINED AA_EXEC_MOD_0
#define AA_EXEC_INHERIT AA_EXEC_MOD_1
#define AA_EXEC_PROFILE (AA_EXEC_MOD_0 | AA_EXEC_MOD_1)
#define AA_EXEC_PIX AA_EXEC_MOD_2
-#define AA_EXEC_MODIFIERS (AA_EXEC_MOD_0 | AA_EXEC_MOD_1 | \
- AA_EXEC_MOD_2 | AA_EXEC_MOD_3 | \
- AA_EXEC_MOD_4)
-
#define AA_USER_SHIFT 0
#define AA_OTHER_SHIFT 14
@@ -65,16 +68,12 @@
#define AA_USER_EXEC (MAY_EXEC << AA_USER_SHIFT)
#define AA_OTHER_EXEC (MAY_EXEC << AA_OTHER_SHIFT)
-#define AA_USER_EXEC_MODS (AA_EXEC_MODIFIERS << AA_USER_SHIFT)
-#define AA_OTHER_EXEC_MODS (AA_EXEC_MODIFIERS << AA_OTHER_SHIFT)
-
-#define AA_USER_EXEC_UNSAFE (AA_EXEC_UNSAFE << AA_USER_SHIFT)
-#define AA_OTHER_EXEC_UNSAFE (AA_EXEC_UNSAFE << AA_OTHER_SHIFT)
+#define AA_USER_EXEC_TYPE (AA_EXEC_TYPE << AA_USER_SHIFT)
+#define AA_OTHER_EXEC_TYPE (AA_EXEC_TYPE << AA_OTHER_SHIFT)
#define AA_EXEC_BITS (AA_USER_EXEC | AA_OTHER_EXEC)
-#define AA_ALL_EXEC_MODS (AA_USER_EXEC_MODS | \
- AA_OTHER_EXEC_MODS)
+#define ALL_AA_EXEC_TYPE (AA_USER_EXEC_TYPE | AA_OTHER_EXEC_TYPE)
/* overloaded permissions for link pairs */
#define AA_LINK_SUBSET_TEST 0x0020
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -68,7 +68,7 @@ static int aa_link_denied(struct aa_prof
int *request_mask)
{
unsigned int state;
- int l_mode, t_mode, l_subset, denied_mask = 0;
+ int l_mode, t_mode, denied_mask = 0;
int link_mask = AA_MAY_LINK << target_mode;
*request_mask = link_mask;
@@ -90,7 +90,7 @@ static int aa_link_denied(struct aa_prof
/* Do link perm subset test
* If a subset test is required a permission subset test of the
- * perms for the link are done against the user:group:other of the
+ * perms for the link are done against the user::other of the
* target's 'r', 'w', 'x', 'a', 'k', and 'm' permissions.
*
* If the link has 'x', an exact match of all the execute flags
@@ -100,38 +100,22 @@ static int aa_link_denied(struct aa_prof
t_mode = aa_match(profile->file_rules, target);
-
/* For actual subset test ignore valid-profile-transition flags,
* and link bits
*/
- l_mode &= ~(AA_SHARED_PERMS | AA_LINK_BITS);
- t_mode &= ~(AA_SHARED_PERMS | AA_LINK_BITS);
- l_subset = l_mode & AA_FILE_PERMS;
+ l_mode &= AA_FILE_PERMS & ~AA_LINK_BITS;
+ t_mode &= AA_FILE_PERMS & ~AA_LINK_BITS;
*request_mask = l_mode | link_mask;
- if (l_subset) {
- denied_mask |= (l_subset) & ~t_mode;
- if (denied_mask & AA_EXEC_BITS)
- denied_mask |= l_mode & AA_ALL_EXEC_MODS;
- else if (l_mode & AA_EXEC_BITS) {
- if (!(l_mode & AA_USER_EXEC_UNSAFE))
- l_mode |= t_mode & AA_USER_EXEC_UNSAFE;
- if (l_mode & AA_USER_EXEC &&
- (l_mode & AA_USER_EXEC_MODS) !=
- (t_mode & AA_USER_EXEC_MODS))
- denied_mask |= AA_USER_EXEC |
- (l_mode & AA_USER_EXEC_MODS);
- if (!(l_mode & AA_OTHER_EXEC_UNSAFE))
- l_mode |= t_mode & AA_OTHER_EXEC_UNSAFE;
- if (l_mode & AA_OTHER_EXEC &&
- (l_mode & AA_OTHER_EXEC_MODS) !=
- (t_mode & AA_OTHER_EXEC_MODS))
- denied_mask |= AA_OTHER_EXEC |
- (l_mode & AA_OTHER_EXEC_MODS);
- }
- } else if (t_mode & AA_FILE_PERMS)
- denied_mask |= t_mode | link_mask;
+ if (l_mode) {
+ denied_mask |= l_mode & ~t_mode;
+ if ((l_mode & AA_EXEC_BITS) &&
+ (l_mode & ALL_AA_EXEC_TYPE) !=
+ (t_mode & ALL_AA_EXEC_TYPE))
+ denied_mask = (denied_mask & ~ALL_AA_EXEC_TYPE) |
+ (l_mode & ALL_AA_EXEC_TYPE);
+ }
return denied_mask;
}
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -175,9 +175,14 @@ int verify_dfa(struct aa_dfa *dfa)
for (i = 0; i < state_count; i++) {
int mode = ACCEPT_TABLE(dfa)[i];
- if (mode & ~AA_VALID_PERM_MASK) {
+ if (mode & ~AA_VALID_PERM_MASK)
+ goto out;
+
+ /* if any exec modifier is set MAY_EXEC must be set */
+ if ((mode & AA_USER_EXEC_TYPE) && !(mode & AA_USER_EXEC))
+ goto out;
+ if ((mode & AA_OTHER_EXEC_TYPE) && !(mode & AA_OTHER_EXEC))
goto out;
- }
}
error = 0;
Reference in a new issue View git blame Copy permalink