linux-stable.git/security/apparmor, branch v4.7.3

apparmor: fix ref count leak when profile sha1 hash is read

2016-08-16T07:34:58+00:00

commit 0b938a2e2cf0b0a2c8bac9769111545aff0fee97 upstream.

Signed-off-by: John Johansen 
Acked-by: Seth Arnold 
Signed-off-by: Greg Kroah-Hartman

apparmor: fix oops, validate buffer size in apparmor_setprocattr()

2016-07-08T00:26:25+00:00

When proc_pid_attr_write() was changed to use memdup_user apparmor's
(interface violating) assumption that the setprocattr buffer was always
a single page was violated.

The size test is not strictly speaking needed as proc_pid_attr_write()
will reject anything larger, but for the sake of robustness we can keep
it in.

SMACK and SELinux look safe to me, but somebody else should probably
have a look just in case.

Based on original patch from Vegard Nossum 
modified for the case that apparmor provides null termination.

Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
Reported-by: Vegard Nossum 
Cc: Al Viro 
Cc: John Johansen 
Cc: Paul Moore 
Cc: Stephen Smalley 
Cc: Eric Paris 
Cc: Casey Schaufler 
Cc: stable@kernel.org
Signed-off-by: John Johansen 
Reviewed-by: Tyler Hicks 
Signed-off-by: James Morris

constify security_path_{link,rename}

2016-03-28T04:47:36+00:00

Signed-off-by: Al Viro

apparmor: remove useless checks for NULL ->mnt

2016-03-28T04:47:28+00:00

Signed-off-by: Al Viro

constify security_path_{mkdir,mknod,symlink}

2016-03-28T04:47:27+00:00

... as well as unix_mknod() and may_o_create()

Signed-off-by: Al Viro

constify security_path_{unlink,rmdir}

2016-03-28T04:47:27+00:00

Signed-off-by: Al Viro

apparmor: constify common_perm_...()

2016-03-28T04:47:26+00:00

Signed-off-by: Al Viro

apparmor: constify aa_path_link()

2016-03-28T04:47:26+00:00

Signed-off-by: Al Viro

apparmor: new helper - common_path_perm()

2016-03-28T04:47:25+00:00

was open-coded in several places...

Signed-off-by: Al Viro

constify chmod_common/security_path_chmod

2016-03-28T04:47:25+00:00

Signed-off-by: Al Viro