leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
706,291 Commits 2 Branches 0 Tags
db06ae41945b14feb7f696dcafe8048cc37e8a20
Commit Graph

17 Commits

Author SHA1 Message Date
John Johansen
651e28c553 apparmor: add base infastructure for socket mediation 
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.

the user space rule hav the basic form of
  NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
                 [ TYPE | PROTOCOL ]

  DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
             'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
	     'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
	     'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
	     'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
	     'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
	     'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
	     'vsock' | 'mpls' | 'ib' | 'kcm' ) ','

  TYPE = ( 'stream' | 'dgram' | 'seqpacket' |  'rdm' | 'raw' |
           'packet' )

  PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )

eg.
  network,
  network inet,

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2017-09-22 13:00:58 -07:00
John Johansen
2ea3ffb778 apparmor: add mount mediation 
Add basic mount mediation. That allows controlling based on basic
mount parameters. It does not include special mount parameters for
apparmor, super block labeling, or any triggers for apparmor namespace
parameter modifications on pivot root.

default userspace policy rules have the form of
  MOUNT RULE = ( MOUNT | REMOUNT | UMOUNT )

  MOUNT = [ QUALIFIERS ] 'mount' [ MOUNT CONDITIONS ] [ SOURCE FILEGLOB ]
          [ '->' MOUNTPOINT FILEGLOB ]

  REMOUNT = [ QUALIFIERS ] 'remount' [ MOUNT CONDITIONS ]
            MOUNTPOINT FILEGLOB

  UMOUNT = [ QUALIFIERS ] 'umount' [ MOUNT CONDITIONS ] MOUNTPOINT FILEGLOB

  MOUNT CONDITIONS = [ ( 'fstype' | 'vfstype' ) ( '=' | 'in' )
                       MOUNT FSTYPE EXPRESSION ]
		       [ 'options' ( '=' | 'in' ) MOUNT FLAGS EXPRESSION ]

  MOUNT FSTYPE EXPRESSION = ( MOUNT FSTYPE LIST | MOUNT EXPRESSION )

  MOUNT FSTYPE LIST = Comma separated list of valid filesystem and
                      virtual filesystem types (eg ext4, debugfs, etc)

  MOUNT FLAGS EXPRESSION = ( MOUNT FLAGS LIST | MOUNT EXPRESSION )

  MOUNT FLAGS LIST = Comma separated list of MOUNT FLAGS.

  MOUNT FLAGS = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' |
                  'noexec' | 'exec' | 'sync' | 'async' | 'remount' |
		  'mand' | 'nomand' | 'dirsync' | 'noatime' | 'atime' |
		  'nodiratime' | 'diratime' | 'bind' | 'rbind' | 'move' |
		  'verbose' | 'silent' | 'loud' | 'acl' | 'noacl' |
		  'unbindable' | 'runbindable' | 'private' | 'rprivate' |
		  'slave' | 'rslave' | 'shared' | 'rshared' |
		  'relatime' | 'norelatime' | 'iversion' | 'noiversion' |
		  'strictatime' | 'nouser' | 'user' )

  MOUNT EXPRESSION = ( ALPHANUMERIC | AARE ) ...

  PIVOT ROOT RULE = [ QUALIFIERS ] pivot_root [ oldroot=OLD PUT FILEGLOB ]
                    [ NEW ROOT FILEGLOB ]

  SOURCE FILEGLOB = FILEGLOB

  MOUNTPOINT FILEGLOB = FILEGLOB

eg.
  mount,
  mount /dev/foo,
  mount options=ro /dev/foo -> /mnt/,
  mount options in (ro,atime) /dev/foo -> /mnt/,
  mount options=ro options=atime,

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2017-09-22 13:00:57 -07:00
John Johansen
637f688dc3 apparmor: switch from profiles to using labels on contexts 
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:38 -07:00
John Johansen
c97204baf8 apparmor: rename apparmor file fns and data to indicate use 
prefixes are used for fns/data that are not static to apparmorfs.c
with the prefixes being
  aafs   - special magic apparmorfs for policy namespace data
  aa_sfs - for fns/data that go into securityfs
  aa_fs  - for fns/data that may be used in the either of aafs or
           securityfs

Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
 2017-06-08 12:51:52 -07:00
Thomas Schneider
651e54953b security/apparmor: Use POSIX-compatible "printf '%s'" 
When using a strictly POSIX-compliant shell, "-n #define ..." gets
written into the file.  Use "printf '%s'" to avoid this.

Signed-off-by: Thomas Schneider <qsx@qsx.re>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-08 11:29:27 -07:00
John Johansen
121d4a91e3 apparmor: rename sid to secid 
Move to common terminology with other LSMs and kernel infrastucture

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 00:42:17 -08:00
John Johansen
cff281f686 apparmor: split apparmor policy namespaces code into its own file 
Policy namespaces will be diverging from profile management and
expanding so put it in its own file.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-01-16 00:42:15 -08:00
John Johansen
f8eb8a1324 apparmor: add the ability to report a sha1 hash of loaded policy 
Provide userspace the ability to introspect a sha1 hash value for each
profile currently loaded.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2013-08-14 11:42:08 -07:00
John Johansen
84f1f78742 apparmor: export set of capabilities supported by the apparmor module 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2013-08-14 11:42:07 -07:00
John Johansen
43c422eda9 apparmor: fix apparmor OOPS in audit_log_untrustedstring+0x1c/0x40 
The capability defines have moved causing the auto generated names
of capabilities that apparmor uses in logging to be incorrect.

Fix the autogenerated table source to uapi/linux/capability.h

Reported-by: YanHong <clouds.yan@gmail.com>
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Analyzed-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 2012-10-17 16:29:46 -07:00
David Howells
8a1ab3155c UAPI: (Scripted) Disintegrate include/asm-generic 
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Michael Kerrisk <mtk.manpages@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Dave Jones <davej@redhat.com>
 2012-10-04 18:20:15 +01:00
Tetsuo Handa
7e570145cb AppArmor: Fix location of const qualifier on generated string tables 
Signed-off-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2012-03-19 18:22:46 -07:00
John Johansen
33e521acff AppArmor: Add const qualifiers to generated string tables 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2012-03-14 06:15:12 -07:00
Kees Cook
d384b0a1a3 AppArmor: export known rlimit names/value mappings in securityfs 
Since the parser needs to know which rlimits are known to the kernel,
export the list via a mask file in the "rlimit" subdirectory in the
securityfs "features" directory.

Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2012-02-27 11:38:19 -08:00
Michal Hocko
0f82502656 AppArmor: cleanup generated files correctly 
clean-files should be defined as a variable not a target.

Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-03-08 17:03:53 -08:00
John Johansen
4fdef2183e AppArmor: Cleanup make file to remove cruft and make it easier to read 
Cleanups based on comments from Sam Ravnborg,

* remove references to the currently unused af_names.h
* add rlim_names.h to clean-files:
* rework cmd_make-XXX to make them more readable by adding comments,
  reworking the expressions to put logical components on individual lines,
  and keep lines < 80 characters.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
 2011-03-05 02:46:26 -08:00
John Johansen
016d825fe0 AppArmor: Enable configuring and building of the AppArmor security module 
Kconfig and Makefiles to enable configuration and building of AppArmor.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
 2010-08-02 15:38:39 +10:00