TononixOS/ubports_kernel_google_msm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
1287fc5333faf5074b206161eede39af7eb8d3ad
ubports_kernel_google_msm/security/apparmor/crypto.c
John Johansen 1287fc5333 UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor3 - RC1 snapshot 
This is a sync and squash to the apparmor 3 RC 1 development snapshot.
The set of patches in this squash are available at the apparmor-3.RC1
tag in git://kernel.ubuntu.com/jj/ubuntu-utopic.git.

This cleans up several functions over the alpha6 sync, and includes
multiple bug fixes. In addition it picks up
- new network mediation
- fine grained mediation of all unix socket types

In addition to the apparmor 3 RC 1 sync this contains the backport patch
series for the 3.4 goldfish kernel
- apparmor: 3.4 backport alias file_open 83d49856
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.5 backport dentry_open params 765927b2
- apparmor: 3.6 backport provide replace_fd 8280d161
- apparmor: 3.6 backport provide iterate_fd c3c073f8
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.11 backport revert module/lsm: Have apparm 5265fc62
- apparmor: 3.12 backport mtd: Move major number f83c3838
- apparmor: 3.15 backport revert nick kvfree() from apparmor
- apparmor: backport setup base backport files

BugLink: http://bugs.launchpad.net/bugs/1362199

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
2014-09-19 09:09:26 -06:00

96 lines
2.1 KiB
C
Raw Blame History

/*
* AppArmor security module
*
* This file contains AppArmor policy loading interface function definitions.
*
* Copyright 2013 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, version 2 of the
* License.
*
* Fns to provide a checksum of policy that has been loaded this can be
* compared to userspace policy compiles to check loaded policy is what
* it should be.
*/
#include <crypto/hash.h>
#include "include/apparmor.h"
#include "include/crypto.h"
static unsigned int apparmor_hash_size;
static struct crypto_shash *apparmor_tfm;
unsigned int aa_hash_size(void)
{
return apparmor_hash_size;
}
int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
size_t len)
{
struct {
struct shash_desc shash;
char ctx[crypto_shash_descsize(apparmor_tfm)];
} desc;
int error = -ENOMEM;
u32 le32_version = cpu_to_le32(version);
if (!apparmor_tfm)
return 0;
profile->hash = kzalloc(apparmor_hash_size, GFP_KERNEL);
if (!profile->hash)
goto fail;
desc.shash.tfm = apparmor_tfm;
desc.shash.flags = 0;
error = crypto_shash_init(&desc.shash);
if (error)
goto fail;
error = crypto_shash_update(&desc.shash, (u8 *) &le32_version, 4);
if (error)
goto fail;
error = crypto_shash_update(&desc.shash, (u8 *) start, len);
if (error)
goto fail;
error = crypto_shash_final(&desc.shash, profile->hash);
if (error)
goto fail;
return 0;
fail:
kfree(profile->hash);
profile->hash = NULL;
return error;
}
static int __init init_profile_hash(void)
{
struct crypto_shash *tfm;
if (!apparmor_initialized)
return 0;
tfm = crypto_alloc_shash("sha1", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) {
int error = PTR_ERR(tfm);
AA_ERROR("failed to setup profile sha1 hashing: %d\n", error);
return error;
}
apparmor_tfm = tfm;
apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm);
aa_info_message("AppArmor sha1 policy hashing enabled");
return 0;
}
late_initcall(init_profile_hash);
Reference in New Issue View Git Blame Copy Permalink