TononixOS/ubports_kernel_google_msm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
987121b8febb131e9017e1e64557a546e1a71417
ubports_kernel_google_msm/security
History
John Johansen 987121b8fe UBUNTU SAUCE: apparmor: 3.4 backport of apparmor3 
This is a squash of the following commits from the branch
  v3.4-backport-of-apparmor3

Signed-off-by: John Johansen <john.johansen@canonical.com>

----------------------------------------------------------------

sync to Linux 3.10 apparmor

UBUNTU SAUCE: apparmor: sync apparmor3 dev snapshot

----------------------------------------------------------------
John Johansen (67):
      apparmor: fix auditing of domain transition failures due to incomplete policy
      apparmor: Remove -W1 warnings
      apparmor: refactor profile mode macros
      apparmor: fix error code to failure message mapping for name lookup
      apparmor: add utility function to get an arbitrary tasks profile.
      apparmor: add kvzalloc to handle zeroing for kvmalloc
      apparmor: use common fn to clear task_context for domain transitions
      apparmor: remove "permipc" command
      apparmor: relax the restrictions on setting rlimits
      apparmor: misc cleanup of match
      apparmor: move perm defines into policy_unpack
      apparmor: remove sid from profiles
      apparmor: move the free_profile fn ahead of aa_alloc_profile
      apparmor: reserve and mask off the top 8 bits of the base field
      apparmor: fix the audit type table
      apparmor: add a features/policy dir to interface
      apparmor: Fix smatch warning in aa_remove_profiles
      apparmor: fix sparse warnings
      apparmor: localize getting the security context to a few macros
      apparmor: fix setprocattr arg processing for onexec
      apparmor: fix fully qualified name parsing
      apparmor: enable users to query whether apparmor is enabled
      apparmor: provide base for multiple profiles to be replaced at once
      apparmor: convert profile lists to RCU based locking
      apparmor: change how profile replacement update is done
      apparmor: update how unconfined is handled
      apparmor: fix namespace to be freeded via RCU
      apparmor: rework namespace free path
      apparmor: make free_profile available outside of policy.c
      apparmor: allow setting any profile into the unconfined state
      apparmor: provide the ability to boot with a default profile set on init
      apparmor: fix fs extry display for default profile
      apparmor: Add interface files for profiles and namespaces
      FIX: collapse aa_fs_entry to a single entry instead of a null terminated array
      apparmor: merge profile mode names
      apparmor: fix the locking etc. in the new policy interface
      apparmor: add an optional profile attachment string
      apparmor: Add profile introspection file to interface
      apparmor: update compatibility patch for RCU locking
      FIX: more fixes to aafs/profiles file
      apparmor: reuse name string from previous profile
      apparmor: add basic support for implicit labeling of files
      apparmor: directly free a label if it has not been added to a labelset
      FIX: ensure label is only inserted if not already in tree
      apparmor: baby step - now add labels to the labelset trees
      FIX: ensure all profiles get added to the correct lists
      apparmor: move replacedby to use labels instead of profiles
      apparmor: introduce using labels from contexts
      apparmor: add abilitiy to print labels and update interface to use
      apparmor: rework auditing to use the label
      apparmor: audit the profile and namespace for all messages
      apparmor: treat each task as if the label can have mutiple entries
      apparmor: use most recent label available, when possible.
      apparmor: remove FLAG_MEDIATE_DELETED
      apparmor: move aa_label_insert
      apparmor: add a log fn to generate log message for each profile in a label
      apparmor: add helper for getting the newest profile
      apparmor: add the ability to create a new label based on merging 2 labels
      apparmor: invalidate compound labels, and replace
      apparmor: set up base labeling on sockets
      apparmor: Add the ability to mediate mount
      apparmor: convert mount to label instead of profile
      apparmor: treat mount as if each task may have multi-profile labels
      apparmor: implement profile-based query interface in      apparmorfs
      apparmor: update profile permission query interface to use labels
      apparmor: fix returning -einval when should be no perms on query interface
      apparmor: add a features/dbus dir to securityfs interface

 security/apparmor/.gitignore              |    1 +
 security/apparmor/Kconfig                 |   35 ++
 security/apparmor/Makefile                |   42 ++-
 security/apparmor/apparmorfs.c            |  757 +++++++++++++++++++++++++++++++++++++-
 security/apparmor/audit.c                 |   30 +-
 security/apparmor/context.c               |  122 ++++---
 security/apparmor/domain.c                |  123 ++++---
 security/apparmor/file.c                  |  173 +++++----
 security/apparmor/include/apparmor.h      |   58 ++-
 security/apparmor/include/apparmorfs.h    |   39 ++
 security/apparmor/include/audit.h         |   21 +-
 security/apparmor/include/context.h       |  158 +++++---
 security/apparmor/include/domain.h        |    2 +
 security/apparmor/include/file.h          |   23 +-
 security/apparmor/include/ipc.h           |    4 +-
 security/apparmor/include/label.h         |  325 +++++++++++++++++
 security/apparmor/include/match.h         |   21 +-
 security/apparmor/include/mount.h         |   54 +++
 security/apparmor/include/net.h           |   54 +++
 security/apparmor/include/path.h          |    2 +-
 security/apparmor/include/policy.h        |  214 ++++++-----
 security/apparmor/include/policy_unpack.h |   21 +-
 security/apparmor/include/procattr.h      |    3 +-
 security/apparmor/include/resource.h      |    4 +-
 security/apparmor/include/sid.h           |    4 +-
 security/apparmor/ipc.c                   |   48 +--
 security/apparmor/label.c                 | 1626 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 security/apparmor/lib.c                   |   37 +-
 security/apparmor/lsm.c                   |  645 ++++++++++++++++++++++++++++-----
 security/apparmor/match.c                 |   23 +-
 security/apparmor/mount.c                 |  704 ++++++++++++++++++++++++++++++++++++
 security/apparmor/net.c                   |  169 +++++++++
 security/apparmor/path.c                  |    2 +-
 security/apparmor/policy.c                |  871 +++++++++++++++++++++++++++-----------------
 security/apparmor/policy_unpack.c         |  188 ++++++++--
 security/apparmor/procattr.c              |   57 +--
 security/apparmor/resource.c              |   91 +++--
 37 files changed, 5790 insertions(+), 961 deletions(-)
 create mode 100644 security/apparmor/include/label.h
 create mode 100644 security/apparmor/include/mount.h
 create mode 100644 security/apparmor/include/net.h
 create mode 100644 security/apparmor/label.c
 create mode 100644 security/apparmor/mount.c
 create mode 100644 security/apparmor/net.c

UBUNTU SAUCE: apparmor: 3.8 backport provide file_inode helper 496ad9aa

support changes from commit 496ad9aa8ef448058e36ca7a787c61f2e63f0f54

UBUNTU SAUCE: apparmor: 3.6 backport revert uapi for capnames 43c422ed

partial revert of 43c422eda99b894f18d1cca17bcd2401efaf7bd0

UBUNTU SAUCE: apparmor: 3.6 backport revert uapi for resnames 8a1ab315

partial revert 8a1ab3155c2ac7fbe5f2038d6e26efeb607a1498

UBUNTU SAUCE: apparmor: 3.6 backport define kuid_t d2b31ca64

support changes from commit d2b31ca644fdc8704de3367a6a56a5c958c77f53

UBUNTU SAUCE: apparmor: 3.6 backport kuid_t support for audit 2db81452

support changes from commit 2db81452931eb51cc739d6e495cf1bd4860c3c99

UBUNTU SAUCE: apparmor: 3.6 backport remove const from sb_mount 808d4e3c

partial revert of 808d4e3cfdcc52b19276175464f6dbca4df13b09

UBUNTU SAUCE: apparmor: 3.4 backport revert file_mmap e5467859

partial revert of e5467859f7f79b69fc49004403009dfdba3bec53

UBUNTU SAUCE: apparmor: 3.4 backport cap_mmap_addr d007794a

support changes from d007794a182bc072a7b7479909dbd0d67ba341be

UBUNTU SAUCE: apparmor: 3.4 backport fake no_new_privs 259e5e6c

support interface from 259e5e6c75a910f3b5e656151dc602f53f9d7548
                       c29bceb3967398cf2ac8bf8edf9634fdb722df7d

UBUNTU SAUCE: apparmor: 3.4 backport alias file_open 83d49856

add support for 83d498569e9a7a4b92c4c5d3566f2d6a604f28c9
2014-01-09 07:43:49 -07:00
..
apparmor
UBUNTU SAUCE: apparmor: 3.4 backport of apparmor3
2014-01-09 07:43:49 -07:00
integrity
security: fix ima kconfig warning
2012-02-28 11:01:15 +11:00
keys
usermodehelper: kill umh_wait, renumber UMH_* constants
2012-03-23 16:58:41 -07:00
selinux
Add security hooks to binder and implement the hooks for SELinux.
2013-04-18 16:08:08 -07:00
smack
Smack: move label list initialization
2012-04-18 12:02:28 +10:00
tomoyo
usermodehelper: use UMH_WAIT_PROC consistently
2012-03-23 16:58:41 -07:00
yama
Yama: add PR_SET_PTRACER_ANY
2012-02-16 10:25:18 +11:00
capability.c
Add security hooks to binder and implement the hooks for SELinux.
2013-04-18 16:08:08 -07:00
commoncap.c
security: Add proper checks for Android specific capability checks
2012-05-07 18:04:12 -07:00
device_cgroup.c
cgroup: remove cgroup_subsys argument from callbacks
2012-02-02 09:20:22 -08:00
inode.c
securityfs: fix object creation races
2012-01-10 10:20:35 -05:00
Kconfig
security: Yama LSM
2012-02-10 09:18:52 +11:00
lsm_audit.c
lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data'
2012-04-03 09:49:59 -07:00
Makefile
security: Yama LSM
2012-02-10 09:18:52 +11:00
min_addr.c
mmap_min_addr check CAP_SYS_RAWIO only for write
2010-04-23 08:56:31 +10:00
security.c
Add security hooks to binder and implement the hooks for SELinux.
2013-04-18 16:08:08 -07:00