<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/security/apparmor/secid.c, branch v4.18</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>apparmor: fixup secid map conversion to using IDR</title>
<updated>2018-06-07T08:50:49+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2018-06-05T02:44:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a4c3f89c9b5a9fab5a8e4ea05399acd6e23072df'/>
<id>a4c3f89c9b5a9fab5a8e4ea05399acd6e23072df</id>
<content type='text'>
The IDR conversion did not handle an error case for when allocating a
mapping fails, and it did not ensure that mappings did not allocate or
use a 0 value, which is used as an invalid secid. Which is used when a
mapping fails.

Fixes: 3ae7eb49a2be ("apparmor: Use an IDR to allocate apparmor secids")
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The IDR conversion did not handle an error case for when allocating a
mapping fails, and it did not ensure that mappings did not allocate or
use a 0 value, which is used as an invalid secid. Which is used when a
mapping fails.

Fixes: 3ae7eb49a2be ("apparmor: Use an IDR to allocate apparmor secids")
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: Use an IDR to allocate apparmor secids</title>
<updated>2018-06-07T08:50:49+00:00</updated>
<author>
<name>Matthew Wilcox</name>
<email>willy@infradead.org</email>
</author>
<published>2018-05-22T09:32:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=99cc45e486786c7215a7e39824c3bbaf7cf2fc08'/>
<id>99cc45e486786c7215a7e39824c3bbaf7cf2fc08</id>
<content type='text'>
Replace the custom usage of the radix tree to store a list of free IDs
with the IDR.

Signed-off-by: Matthew Wilcox &lt;mawilcox@microsoft.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Replace the custom usage of the radix tree to store a list of free IDs
with the IDR.

Signed-off-by: Matthew Wilcox &lt;mawilcox@microsoft.com&gt;
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix '*seclen' is never less than zero</title>
<updated>2018-05-08T15:34:08+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2018-05-04T08:57:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=52e7128ebbdd7b05ba8615efbe410e88a5925a1d'/>
<id>52e7128ebbdd7b05ba8615efbe410e88a5925a1d</id>
<content type='text'>
smatch warnings:
security/apparmor/secid.c:162 apparmor_secid_to_secctx() warn: unsigned '*seclen' is never less than zero.

vim +162 security/apparmor/secid.c

   140
   141	int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
   142	{
   143		/* TODO: cache secctx and ref count so we don't have to recreate */
   144		struct aa_label *label = aa_secid_to_label(secid);
   145
   146		AA_BUG(!secdata);
   147		AA_BUG(!seclen);
   148
   149		if (!label)
   150			return -EINVAL;
   151
   152		if (secdata)
   153			*seclen = aa_label_asxprint(secdata, root_ns, label,
   154						    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
   155						    FLAG_HIDDEN_UNCONFINED |
   156						    FLAG_ABS_ROOT, GFP_ATOMIC);
   157		else
   158			*seclen = aa_label_snxprint(NULL, 0, root_ns, label,
   159						    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
   160						    FLAG_HIDDEN_UNCONFINED |
   161						    FLAG_ABS_ROOT);
 &gt; 162		if (*seclen &lt; 0)
   163			return -ENOMEM;
   164
   165		return 0;
   166	}
   167

Fixes: c092921219d2 ("apparmor: add support for mapping secids and using secctxes")
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
smatch warnings:
security/apparmor/secid.c:162 apparmor_secid_to_secctx() warn: unsigned '*seclen' is never less than zero.

vim +162 security/apparmor/secid.c

   140
   141	int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
   142	{
   143		/* TODO: cache secctx and ref count so we don't have to recreate */
   144		struct aa_label *label = aa_secid_to_label(secid);
   145
   146		AA_BUG(!secdata);
   147		AA_BUG(!seclen);
   148
   149		if (!label)
   150			return -EINVAL;
   151
   152		if (secdata)
   153			*seclen = aa_label_asxprint(secdata, root_ns, label,
   154						    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
   155						    FLAG_HIDDEN_UNCONFINED |
   156						    FLAG_ABS_ROOT, GFP_ATOMIC);
   157		else
   158			*seclen = aa_label_snxprint(NULL, 0, root_ns, label,
   159						    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
   160						    FLAG_HIDDEN_UNCONFINED |
   161						    FLAG_ABS_ROOT);
 &gt; 162		if (*seclen &lt; 0)
   163			return -ENOMEM;
   164
   165		return 0;
   166	}
   167

Fixes: c092921219d2 ("apparmor: add support for mapping secids and using secctxes")
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: add support for mapping secids and using secctxes</title>
<updated>2018-05-02T07:48:55+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-08-01T00:36:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c092921219d227b13cb80dbecd3545ee66ab89b3'/>
<id>c092921219d227b13cb80dbecd3545ee66ab89b3</id>
<content type='text'>
Use a radix tree to provide a map between the secid and the label,
and along with it a basic ability to provide secctx conversion.

Shared/cached secctx will be added later.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Use a radix tree to provide a map between the secid and the label,
and along with it a basic ability to provide secctx conversion.

Shared/cached secctx will be added later.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: rename sid to secid</title>
<updated>2017-01-16T08:42:17+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2017-01-16T08:42:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=121d4a91e3c12ddfb167edafb9aa64cc5cc3a406'/>
<id>121d4a91e3c12ddfb167edafb9aa64cc5cc3a406</id>
<content type='text'>
Move to common terminology with other LSMs and kernel infrastucture

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Move to common terminology with other LSMs and kernel infrastucture

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
