linux/security/apparmor/lib.c, branch v4.11Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
https://git.shady.money/linux/atom?h=v4.112017-01-16T09:18:47Zapparmor: change aad apparmor_audit_data macro to a fn macro2017-01-16T09:18:47ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:43:02Zurn:sha1:ef88a7ac55fdd3bf6ac3942b83aa29311b45339b
The aad macro can replace aad strings when it is not intended to. Switch
to a fn macro so it is only applied when intended.
Also at the same time cleanup audit_data initialization by putting
common boiler plate behind a macro, and dropping the gfp_t parameter
which will become useless.
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: update policy_destroy to use new debug asserts2017-01-16T09:18:27ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:42:32Zurn:sha1:5fd1b95fc9b96629d185f5fe3d9342fcff78eb30
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: pass gfp param into aa_policy_init()2017-01-16T09:18:27ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:42:31Zurn:sha1:d102d895713c736fd13e21feaab38b52d8ab32ad
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: constify policy name and hname2017-01-16T09:18:26ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:42:30Zurn:sha1:bbe4a7c8733c925b061dcce2d1af8926cefbe539
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: rename hname_tail to basename2017-01-16T09:18:25ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:42:29Zurn:sha1:6e474e3063eae9767f219d83cf91d8360f63be0c
Rename to the shorter and more familiar shell cmd name
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: add lib fn to find the "split" for fqnames2017-01-16T09:18:21ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:42:23Zurn:sha1:3b0aaf5866bf92a3e47627a02ed5e1be6d7cc110
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: split out shared policy_XXX fns to lib2017-01-16T08:42:14ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:42:14Zurn:sha1:fe6bb31f590c9cd9c8d3ddbdfd4301f72db91718
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: move lib definitions into separate lib include2017-01-16T08:42:13ZJohn Johansenjohn.johansen@canonical.com2017-01-16T08:42:13Zurn:sha1:12557dcba21b015f470076da6947e68bc70fff64
Signed-off-by: John Johansen <john.johansen@canonical.com>
AppArmor: Use GFP_KERNEL for __aa_kvmalloc().2017-01-15T21:41:09ZTetsuo Handapenguin-kernel@I-love.SAKURA.ne.jp2016-11-14T11:11:52Zurn:sha1:a7f6c1b63b863d29f126d9b163ad5b40008544b2
Calling kmalloc(GFP_NOIO) with order == PAGE_ALLOC_COSTLY_ORDER is not
recommended because it might fall into infinite retry loop without
invoking the OOM killer.
Since aa_dfa_unpack() is the only caller of kvzalloc() and
aa_dfa_unpack() which is calling kvzalloc() via unpack_table() is
doing kzalloc(GFP_KERNEL), it is safe to use GFP_KERNEL from
__aa_kvmalloc().
Since aa_simple_write_to_buffer() is the only caller of kvmalloc()
and aa_simple_write_to_buffer() is calling copy_from_user() which
is GFP_KERNEL context (see memdup_user_nul()), it is safe to use
GFP_KERNEL from __aa_kvmalloc().
Therefore, replace GFP_NOIO with GFP_KERNEL. Also, since we have
vmalloc() fallback, add __GFP_NORETRY so that we don't invoke the OOM
killer by kmalloc(GFP_KERNEL) with order == PAGE_ALLOC_COSTLY_ORDER.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>
nick kvfree() from apparmor2014-05-06T18:02:53ZAl Viroviro@zeniv.linux.org.uk2014-05-06T18:02:53Zurn:sha1:39f1f78d53b9bcbca91967380c5f0f2305a5c55f
too many places open-code it
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>