pm24.git/security/apparmor/lib.c, branch rust-6.8

apparmor: refcount the pdb

2023-10-18T22:30:47Z

With the move to permission tables the dfa is no longer a stand alone entity when used, needing a minimum of a permission table. However it still could be shared among different pdbs each using a different permission table. Instead of duping the permission table when sharing a pdb, add a refcount to the pdb so it can be easily shared. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: rename audit_data->label to audit_data->subj_label

2023-10-18T22:30:34Z

rename audit_data's label field to subj_label to better reflect its use. Also at the same time drop unneeded assignments to ->subj_label as the later call to aa_check_perms will do the assignment if needed. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: combine common_audit_data and apparmor_audit_data

2023-10-18T22:30:29Z

Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: Fix kernel-doc warnings in apparmor/lib.c

2023-07-10T08:13:52Z

Fix kernel-doc warnings: security/apparmor/lib.c:33: warning: Excess function parameter 'str' description in 'aa_free_str_table' security/apparmor/lib.c:33: warning: Function parameter or member 't' not described in 'aa_free_str_table' security/apparmor/lib.c:94: warning: Function parameter or member 'n' not described in 'skipn_spaces' security/apparmor/lib.c:390: warning: Excess function parameter 'deny' description in 'aa_check_perms' Signed-off-by: Gaosheng Cui Signed-off-by: John Johansen

apparmor: rework profile->rules to be a list

2022-10-03T21:49:04Z

Convert profile->rules to a list as the next step towards supporting multiple rulesets in a profile. For this step only support a single list entry item. The logic for iterating the list will come as a separate step. Signed-off-by: John Johansen

apparmor: refactor profile rules and attachments

2022-10-03T21:49:04Z

In preparation for moving from a single set of rules and a single attachment to multiple rulesets and attachments separate from the profile refactor attachment information and ruleset info into their own structures. Signed-off-by: John Johansen

apparmor: cleanup: move perm accumulation into perms.h

2022-10-03T21:49:04Z

Perm accumulation is going to be used much more frequently so let the compiler figure out if it can be optimized when used. Signed-off-by: John Johansen

apparmor: make sure perm indexes are accumulated

2022-10-03T21:49:04Z

accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement. Signed-off-by: John Johansen

apparmor: add user mode flag

2022-10-03T21:49:03Z

Allow the profile to contain a user mode prompt flag. This works similar to complain mode but will try to send messages to a userspace daemon. If the daemon is not present or timesout regular informent will occur. Signed-off-by: John Johansen

apparmor: add mediation class information to auditing

2022-10-03T21:49:03Z

Audit messages currently don't contain the mediation class which can make them less clear than they should be in some circumstances. With newer mediation classes coming this potential confusion will become worse. Fix this by adding the mediatin class to the messages. Signed-off-by: John Johansen