Commit Graph

10 Commits

Author SHA1 Message Date
Eric Paris
50c205f5e5 LSM: do not initialize common_audit_data to 0
It isn't needed.  If you don't set the type of the data associated with
that type it is a pretty obvious programming bug.  So why waste the cycles?

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-04-09 12:23:04 -04:00
Eric Paris
bd5e50f9c1 LSM: remove the COMMON_AUDIT_DATA_INIT type expansion
Just open code it so grep on the source code works better.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-04-09 12:23:01 -04:00
Eric Paris
3b3b0e4fc1 LSM: shrink sizeof LSM specific portion of common_audit_data
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-04-03 09:48:40 -07:00
John Johansen
ad5ff3db53 AppArmor: Add ability to load extended policy
Add the base support for the new policy extensions. This does not bring
any additional functionality, or change current semantics.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
2012-03-14 19:09:03 -07:00
John Johansen
b1b4bc2ed9 AppArmor: Fix oops in policy unpack auditing
Post unpacking of policy a verification pass is made on x transition
indexes.  When this fails a call to audit_iface is made resulting in an
oops, because audit_iface is expecting a valid buffer position but
since the failure comes from post unpack verification there is none.

Make the position argument optional so that audit_iface can be called
from post unpack verification.

Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-03-14 06:15:02 -07:00
John Johansen
cdbd2884df AppArmor: Add mising end of structure test to caps unpacking
The unpacking of struct capsx is missing a check for the end of the
caps structure.  This can lead to unpack failures depending on what else
is packed into the policy file being unpacked.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
2012-02-27 11:38:20 -08:00
James Morris
7ee95850ba apparmor: sparse fix: rename shadowed variables in policy_unpack.c
Fix the following warnings:

security/apparmor/policy_unpack.c:384:35: warning: symbol 'size' shadows an earlier one
security/apparmor/policy_unpack.c:370:24: originally declared here
security/apparmor/policy_unpack.c:443:29: warning: symbol 'tmp' shadows an earlier one
security/apparmor/policy_unpack.c:434:21: originally declared here

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2011-09-09 16:56:28 -07:00
Randy Dunlap
d410fa4ef9 Create Documentation/security/,
move LSM-, credentials-, and keys-related files from Documentation/
  to Documentation/security/,
add Documentation/security/00-INDEX, and
update all occurrences of Documentation/<moved_file>
  to Documentation/security/<moved_file>.
2011-05-19 15:59:38 -07:00
Lucas De Marchi
25985edced Fix common misspellings
Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
2011-03-31 11:26:23 -03:00
John Johansen
736ec752d9 AppArmor: policy routines for loading and unpacking policy
AppArmor policy is loaded in a platform independent flattened binary
stream.  Verify and unpack the data converting it to the internal
format needed for enforcement.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02 15:38:36 +10:00