<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/security/apparmor/audit.c, branch linux-5.4.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>apparmor: fix quiet_denied for file rules</title>
<updated>2022-08-25T09:18:20+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2021-04-29T08:48:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dd78c35a27d41e21c83200689b92e6387a4c58a2'/>
<id>dd78c35a27d41e21c83200689b92e6387a4c58a2</id>
<content type='text'>
commit 68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c upstream.

Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.

Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c upstream.

Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.

Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: Fix use-after-free in aa_audit_rule_init</title>
<updated>2020-05-27T15:46:41+00:00</updated>
<author>
<name>Navid Emamdoost</name>
<email>navid.emamdoost@gmail.com</email>
</author>
<published>2019-10-21T15:23:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=97d817b9ef13e2d52a86ea032b0df6a922e0e9df'/>
<id>97d817b9ef13e2d52a86ea032b0df6a922e0e9df</id>
<content type='text'>
commit c54d481d71c6849e044690d3960aaebc730224cc upstream.

In the implementation of aa_audit_rule_init(), when aa_label_parse()
fails the allocated memory for rule is released using
aa_audit_rule_free(). But after this release, the return statement
tries to access the label field of the rule which results in
use-after-free. Before releasing the rule, copy errNo and return it
after release.

Fixes: 52e8c38001d8 ("apparmor: Fix memory leak of rule on error exit path")
Signed-off-by: Navid Emamdoost &lt;navid.emamdoost@gmail.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit c54d481d71c6849e044690d3960aaebc730224cc upstream.

In the implementation of aa_audit_rule_init(), when aa_label_parse()
fails the allocated memory for rule is released using
aa_audit_rule_free(). But after this release, the return statement
tries to access the label field of the rule which results in
use-after-free. Before releasing the rule, copy errNo and return it
after release.

Fixes: 52e8c38001d8 ("apparmor: Fix memory leak of rule on error exit path")
Signed-off-by: Navid Emamdoost &lt;navid.emamdoost@gmail.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441</title>
<updated>2019-06-05T15:37:17+00:00</updated>
<author>
<name>Thomas Gleixner</name>
<email>tglx@linutronix.de</email>
</author>
<published>2019-06-01T08:08:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b886d83c5b621abc84ff9616f14c529be3f6b147'/>
<id>b886d83c5b621abc84ff9616f14c529be3f6b147</id>
<content type='text'>
Based on 1 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license as published by
  the free software foundation version 2 of the license

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 315 file(s).

Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Reviewed-by: Allison Randal &lt;allison@lohutok.net&gt;
Reviewed-by: Armijn Hemel &lt;armijn@tjaldur.nl&gt;
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Based on 1 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license as published by
  the free software foundation version 2 of the license

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 315 file(s).

Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Reviewed-by: Allison Randal &lt;allison@lohutok.net&gt;
Reviewed-by: Armijn Hemel &lt;armijn@tjaldur.nl&gt;
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>audit: remove unused actx param from audit_rule_match</title>
<updated>2019-02-01T04:00:15+00:00</updated>
<author>
<name>Richard Guy Briggs</name>
<email>rgb@redhat.com</email>
</author>
<published>2019-01-31T16:52:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=90462a5bd30c6ed91c6758e59537d047d7878ff9'/>
<id>90462a5bd30c6ed91c6758e59537d047d7878ff9</id>
<content type='text'>
The audit_rule_match() struct audit_context *actx parameter is not used
by any in-tree consumers (selinux, apparmour, integrity, smack).

The audit context is an internal audit structure that should only be
accessed by audit accessor functions.

It was part of commit 03d37d25e0f9 ("LSM/Audit: Introduce generic
Audit LSM hooks") but appears to have never been used.

Remove it.

Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/107

Signed-off-by: Richard Guy Briggs &lt;rgb@redhat.com&gt;
[PM: fixed the referenced commit title]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The audit_rule_match() struct audit_context *actx parameter is not used
by any in-tree consumers (selinux, apparmour, integrity, smack).

The audit context is an internal audit structure that should only be
accessed by audit accessor functions.

It was part of commit 03d37d25e0f9 ("LSM/Audit: Introduce generic
Audit LSM hooks") but appears to have never been used.

Remove it.

Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/107

Signed-off-by: Richard Guy Briggs &lt;rgb@redhat.com&gt;
[PM: fixed the referenced commit title]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: Fix memory leak of rule on error exit path</title>
<updated>2018-06-07T08:50:48+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@canonical.com</email>
</author>
<published>2018-05-17T19:53:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=52e8c38001d8ef0ca07ef428e480cd4a35e46abf'/>
<id>52e8c38001d8ef0ca07ef428e480cd4a35e46abf</id>
<content type='text'>
Currently on the error exit path the allocated rule is not free'd
causing a memory leak. Fix this by calling aa_audit_rule_free().

Detected by CoverityScan, CID#1468966 ("Resource leaks")

Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile stacks")
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently on the error exit path the allocated rule is not free'd
causing a memory leak. Fix this by calling aa_audit_rule_free().

Detected by CoverityScan, CID#1468966 ("Resource leaks")

Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile stacks")
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: modify audit rule support to support profile stacks</title>
<updated>2018-06-07T08:50:48+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2018-05-03T07:39:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2ab47dae54d567bbb1ad3e96e5b2601cc13f4d2b'/>
<id>2ab47dae54d567bbb1ad3e96e5b2601cc13f4d2b</id>
<content type='text'>
Allows for audit rules, where a rule could specify a profile stack
A//&amp;B, while extending the current semantic so if the label specified
in the audit rule is a subset of the secid it is considered a match.

Eg. if the secid resolves to the label stack A//&amp;B//&amp;C

Then an audit rule specifying a label of

  A - would match
  B - would match
  C - would match
  D - would not
  A//&amp;B - would match as a subset
  A//&amp;C - would match as a subset
  B//&amp;C - would match as a subset
  A//&amp;B//&amp;C - would match

  A//&amp;D - would not match, because while A does match, D is also
  specified and does not

Note: audit rules are currently assumed to be coming from the root
namespace.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Allows for audit rules, where a rule could specify a profile stack
A//&amp;B, while extending the current semantic so if the label specified
in the audit rule is a subset of the secid it is considered a match.

Eg. if the secid resolves to the label stack A//&amp;B//&amp;C

Then an audit rule specifying a label of

  A - would match
  B - would match
  C - would match
  D - would not
  A//&amp;B - would match as a subset
  A//&amp;C - would match as a subset
  B//&amp;C - would match as a subset
  A//&amp;B//&amp;C - would match

  A//&amp;D - would not match, because while A does match, D is also
  specified and does not

Note: audit rules are currently assumed to be coming from the root
namespace.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: Add support for audit rule filtering</title>
<updated>2018-06-07T08:50:47+00:00</updated>
<author>
<name>Matthew Garrett</name>
<email>mjg59@google.com</email>
</author>
<published>2018-04-16T18:23:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e79c26d04043b15de64f082d4da52e9fff7ca607'/>
<id>e79c26d04043b15de64f082d4da52e9fff7ca607</id>
<content type='text'>
This patch adds support to Apparmor for integrating with audit rule
filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
single component of a label. This is sufficient to get Apparmor working
with IMA's appraisal rules without any modifications on the IMA side.

Signed-off-by: Matthew Garrett &lt;mjg59@google.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch adds support to Apparmor for integrating with audit rule
filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
single component of a label. This is sufficient to get Apparmor working
with IMA's appraisal rules without any modifications on the IMA side.

Signed-off-by: Matthew Garrett &lt;mjg59@google.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: switch from profiles to using labels on contexts</title>
<updated>2017-06-11T00:11:38+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-06-09T15:14:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=637f688dc3dc304a89f441d76f49a0e35bc49c08'/>
<id>637f688dc3dc304a89f441d76f49a0e35bc49c08</id>
<content type='text'>
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: replace remaining BUG_ON() asserts with AA_BUG()</title>
<updated>2017-01-16T09:18:56+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-01-16T08:43:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e6bfa25deb5096c05a08f01e4d6a436dd331fa88'/>
<id>e6bfa25deb5096c05a08f01e4d6a436dd331fa88</id>
<content type='text'>
AA_BUG() uses WARN and won't break the kernel like BUG_ON().

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
AA_BUG() uses WARN and won't break the kernel like BUG_ON().

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: change aad apparmor_audit_data macro to a fn macro</title>
<updated>2017-01-16T09:18:47+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-01-16T08:43:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ef88a7ac55fdd3bf6ac3942b83aa29311b45339b'/>
<id>ef88a7ac55fdd3bf6ac3942b83aa29311b45339b</id>
<content type='text'>
The aad macro can replace aad strings when it is not intended to. Switch
to a fn macro so it is only applied when intended.

Also at the same time cleanup audit_data initialization by putting
common boiler plate behind a macro, and dropping the gfp_t parameter
which will become useless.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The aad macro can replace aad strings when it is not intended to. Switch
to a fn macro so it is only applied when intended.

Also at the same time cleanup audit_data initialization by putting
common boiler plate behind a macro, and dropping the gfp_t parameter
which will become useless.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
