linux-stable.git/security/apparmor/context.c, branch master Linux kernel stable tree apparmor: move task related defines and fns to task.X files 2018-02-09T19:30:01+00:00 John Johansen john.johansen@canonical.com 2017-10-08T07:43:02+00:00 de62de59c27881c59c7df2e535cb9e1275cd52cc Signed-off-by: John Johansen <john.johansen@canonical.com> 
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: rename tctx to ctx 2018-02-09T19:30:01+00:00 John Johansen john.johansen@canonical.com 2017-01-27T12:09:40+00:00 f175221af35bedf99b201d861a0fe54e19ef36c2 now that cred_ctx has been removed we can rename task_ctxs from tctx without causing confusion. Signed-off-by: John Johansen <john.johansen@canonical.com> 
now that cred_ctx has been removed we can rename task_ctxs from tctx
without causing confusion.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: drop cred_ctx and reference the label directly 2018-02-09T19:30:01+00:00 John Johansen john.johansen@canonical.com 2017-01-27T11:53:53+00:00 d9087c49d4388e3f35f09a5cf7ed6e09c9106604 With the task domain change information now stored in the task->security context, the cred->security context only stores the label. We can get rid of the cred_ctx and directly reference the label, removing a layer of indirection, and unneeded extra allocations. Signed-off-by: John Johansen <john.johansen@canonical.com> 
With the task domain change information now stored in the task->security
context, the cred->security context only stores the label. We can get
rid of the cred_ctx and directly reference the label, removing a layer
of indirection, and unneeded extra allocations.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: move task domain change info to task security 2018-02-09T19:30:01+00:00 John Johansen john.johansen@canonical.com 2017-01-20T09:59:25+00:00 3b529a7600d834f450ac244f43a7c082687284b4 The task domain change info is task specific and its and abuse of the cred to store the information in there. Now that a task->security field exists store it in the proper place. Signed-off-by: John Johansen <john.johansen@canonical.com> 
The task domain change info is task specific and its and abuse of
the cred to store the information in there. Now that a task->security
field exists store it in the proper place.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: rename task_ctx to the more accurate cred_ctx 2018-02-09T19:30:01+00:00 John Johansen john.johansen@canonical.com 2017-01-19T22:08:36+00:00 4d2f8ba3e3b76e34f84ae1de456934713e9e59af Signed-off-by: John Johansen <john.johansen@canonical.com> 
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: switch from profiles to using labels on contexts 2017-06-11T00:11:38+00:00 John Johansen john.johansen@canonical.com 2017-06-09T15:14:28+00:00 637f688dc3dc304a89f441d76f49a0e35bc49c08 Begin the actual switch to using domain labels by storing them on the context and converting the label to a singular profile where possible. Signed-off-by: John Johansen <john.johansen@canonical.com> 
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: convert to profile block critical sections 2017-06-11T00:11:34+00:00 John Johansen john.johansen@canonical.com 2017-06-09T09:08:28+00:00 cf797c0e5e312520b0b9f0367039fc0279a07a76 There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen <john.johansen@canonical.com> 
There are still a few places where profile replacement fails to update
and a stale profile is used for mediation. Fix this by moving to
accessing the current label through a critical section that will
always ensure mediation is using the current label regardless of
whether the tasks cred has been updated or not.

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: replace remaining BUG_ON() asserts with AA_BUG() 2017-01-16T09:18:56+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:43:15+00:00 e6bfa25deb5096c05a08f01e4d6a436dd331fa88 AA_BUG() uses WARN and won't break the kernel like BUG_ON(). Signed-off-by: John Johansen <john.johansen@canonical.com> 
AA_BUG() uses WARN and won't break the kernel like BUG_ON().

Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: rename context abreviation cxt to the more standard ctx 2017-01-16T09:18:45+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:43:00+00:00 55a26ebf630b6bf1cb7ddf8882fdc81d58afeaa2 Signed-off-by: John Johansen <john.johansen@canonical.com> 
Signed-off-by: John Johansen <john.johansen@canonical.com>
apparmor: fail task profile update if current_cred isn't real_cred 2017-01-16T09:18:45+00:00 John Johansen john.johansen@canonical.com 2017-01-16T08:42:59+00:00 a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12 Trying to update the task cred while the task current cred is not the real cred will result in an error at the cred layer. Avoid this by failing early and delaying the update. Signed-off-by: John Johansen <john.johansen@canonical.com> 
Trying to update the task cred while the task current cred is not the
real cred will result in an error at the cred layer. Avoid this by
failing early and delaying the update.

Signed-off-by: John Johansen <john.johansen@canonical.com>