apparmor: allow ns visibility question to consider subnses

Signed-off-by: John Johansen <john.johansen@canonical.com>

apparmor: allow ns visibility question to consider subnses
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen
1 parent 31617ddfdd
Showing 4 changed files with 14 additions and 8 deletions Side-by-side Diff
security/apparmor/apparmorfs.c
security/apparmor/include/policy_ns.h
security/apparmor/policy_ns.c
security/apparmor/procattr.c
@@ -750,7 +750,7 @@
 	struct aa_ns *root = f->private;
  
 	if (profile->ns != root)
-		seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
+		seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true));
 	seq_printf(f, "%s (%s)\n", profile->base.hname,
 		   aa_profile_mode_names[profile->mode]);
  
@@ -74,8 +74,8 @@
  
 extern const char *aa_hidden_ns_name;
  
-bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view);
-const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child);
+bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns);
+const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns);
 void aa_free_ns(struct aa_ns *ns);
 int aa_alloc_root_ns(void);
 void aa_free_root_ns(void);
@@ -33,18 +33,23 @@
  * aa_ns_visible - test if @view is visible from @curr
  * @curr: namespace to treat as the parent (NOT NULL)
  * @view: namespace to test if visible from @curr (NOT NULL)
+ * @subns: whether view of a subns is allowed
  *
  * Returns: true if @view is visible from @curr else false
  */
-bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view)
+bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns)
 {
 	if (curr == view)
 		return true;
  
+	if (!subns)
+		return false;
+
 	for ( ; view; view = view->parent) {
 		if (view->parent == curr)
 			return true;
 	}
+
 	return false;
 }
  
  
  
@@ -52,16 +57,17 @@
  * aa_na_name - Find the ns name to display for @view from @curr
  * @curr - current namespace (NOT NULL)
  * @view - namespace attempting to view (NOT NULL)
+ * @subns - are subns visible
  *
  * Returns: name of @view visible from @curr
  */
-const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view)
+const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view, bool subns)
 {
 	/* if view == curr then the namespace name isn't displayed */
 	if (curr == view)
 		return "";
  
-	if (aa_ns_visible(curr, view)) {
+	if (aa_ns_visible(curr, view, subns)) {
 		/* at this point if a ns is visible it is in a view ns
 		 * thus the curr ns.hname is a prefix of its name.
 		 * Only output the virtualized portion of the name
@@ -44,10 +44,10 @@
 	struct aa_ns *current_ns = __aa_current_profile()->ns;
 	char *s;
  
-	if (!aa_ns_visible(current_ns, ns))
+	if (!aa_ns_visible(current_ns, ns, true))
 		return -EACCES;
  
-	ns_name = aa_ns_name(current_ns, ns);
+	ns_name = aa_ns_name(current_ns, ns, true);
 	ns_len = strlen(ns_name);
  
 	/* if the visible ns_name is > 0 increase size for : :// seperator */
...	...	@@ -750,7 +750,7 @@
750	750	struct aa_ns *root = f->private;
751	751
752	752	if (profile->ns != root)
753		- seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
	753	+ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true));
754	754	seq_printf(f, "%s (%s)\n", profile->base.hname,
755	755	aa_profile_mode_names[profile->mode]);
756	756
...	...	@@ -74,8 +74,8 @@
74	74
75	75	extern const char *aa_hidden_ns_name;
76	76
77		-bool aa_ns_visible(struct aa_ns curr, struct aa_ns view);
78		-const char aa_ns_name(struct aa_ns parent, struct aa_ns *child);
	77	+bool aa_ns_visible(struct aa_ns curr, struct aa_ns view, bool subns);
	78	+const char aa_ns_name(struct aa_ns parent, struct aa_ns *child, bool subns);
79	79	void aa_free_ns(struct aa_ns *ns);
80	80	int aa_alloc_root_ns(void);
81	81	void aa_free_root_ns(void);
...	...	@@ -33,18 +33,23 @@
33	33	* aa_ns_visible - test if @view is visible from @curr
34	34	* @curr: namespace to treat as the parent (NOT NULL)
35	35	* @view: namespace to test if visible from @curr (NOT NULL)
	36	+ * @subns: whether view of a subns is allowed
36	37	*
37	38	* Returns: true if @view is visible from @curr else false
38	39	*/
39		-bool aa_ns_visible(struct aa_ns curr, struct aa_ns view)
	40	+bool aa_ns_visible(struct aa_ns curr, struct aa_ns view, bool subns)
40	41	{
41	42	if (curr == view)
42	43	return true;
43	44
	45	+ if (!subns)
	46	+ return false;
	47	+
44	48	for ( ; view; view = view->parent) {
45	49	if (view->parent == curr)
46	50	return true;
47	51	}
	52	+
48	53	return false;
49	54	}
50	55
51	56
52	57
...	...	@@ -52,16 +57,17 @@
52	57	* aa_na_name - Find the ns name to display for @view from @curr
53	58	* @curr - current namespace (NOT NULL)
54	59	* @view - namespace attempting to view (NOT NULL)
	60	+ * @subns - are subns visible
55	61	*
56	62	* Returns: name of @view visible from @curr
57	63	*/
58		-const char aa_ns_name(struct aa_ns curr, struct aa_ns *view)
	64	+const char aa_ns_name(struct aa_ns curr, struct aa_ns *view, bool subns)
59	65	{
60	66	/* if view == curr then the namespace name isn't displayed */
61	67	if (curr == view)
62	68	return "";
63	69
64		- if (aa_ns_visible(curr, view)) {
	70	+ if (aa_ns_visible(curr, view, subns)) {
65	71	/* at this point if a ns is visible it is in a view ns
66	72	* thus the curr ns.hname is a prefix of its name.
67	73	* Only output the virtualized portion of the name
...	...	@@ -44,10 +44,10 @@
44	44	struct aa_ns *current_ns = __aa_current_profile()->ns;
45	45	char *s;
46	46
47		- if (!aa_ns_visible(current_ns, ns))
	47	+ if (!aa_ns_visible(current_ns, ns, true))
48	48	return -EACCES;
49	49
50		- ns_name = aa_ns_name(current_ns, ns);
	50	+ ns_name = aa_ns_name(current_ns, ns, true);
51	51	ns_len = strlen(ns_name);
52	52
53	53	/* if the visible ns_name is > 0 increase size for : :// seperator */