07 Jun, 2018
1 commit
-
The IDR conversion did not handle an error case for when allocating a
mapping fails, and it did not ensure that mappings did not allocate or
use a 0 value, which is used as an invalid secid. Which is used when a
mapping fails.Fixes: 3ae7eb49a2be ("apparmor: Use an IDR to allocate apparmor secids")
Signed-off-by: John Johansen
03 May, 2018
2 commits
-
Signed-off-by: Zygmunt Krynicki
Acked-by: Christian Boltz
Signed-off-by: John Johansen -
Signed-off-by: Zygmunt Krynicki
Acked-by: Christian Boltz
Signed-off-by: John Johansen
02 May, 2018
1 commit
-
Use a radix tree to provide a map between the secid and the label,
and along with it a basic ability to provide secctx conversion.Shared/cached secctx will be added later.
Signed-off-by: John Johansen
10 Feb, 2018
4 commits
-
Now that file contexts have been moved into file, and task context
fns() and data have been split from the context, only the cred context
remains in context.h so rename to cred.h to better reflect what it
deals with.Signed-off-by: John Johansen
-
The root view of the label parse should not be exposed to user
control.Signed-off-by: John Johansen
Acked-by: Seth Arnold -
some label/context sources might not be guaranteed to be null terminiated
provide a size bounded version of label parse to deal with these.Signed-off-by: John Johansen
Acked-by: Seth Arnold -
The current split scheme is actually wrong in that it splits
///&where that is invalid and should fail. Use the dfa to do a proper
bounded split without having to worry about getting the string
processing right in code.Signed-off-by: John Johansen
Acked-by: Seth Arnold
24 Nov, 2017
1 commit
-
…git/jj/linux-apparmor
Pull apparmor updates from John Johansen:
"No features this time, just minor cleanups and bug fixes.Cleanups:
- fix spelling mistake: "resoure" -> "resource"
- remove unused redundant variable stop
- Fix bool initialization/comparisonBug Fixes:
- initialized returned struct aa_perms
- fix leak of null profile name if profile allocation fails
- ensure that undecidable profile attachments fail
- fix profile attachment for special unconfined profiles
- fix locking when creating a new complain profile.
- fix possible recursive lock warning in __aa_create_ns"* tag 'apparmor-pr-2017-11-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: fix possible recursive lock warning in __aa_create_ns
apparmor: fix locking when creating a new complain profile.
apparmor: fix profile attachment for special unconfined profiles
apparmor: ensure that undecidable profile attachments fail
apparmor: fix leak of null profile name if profile allocation fails
apparmor: remove unused redundant variable stop
apparmor: Fix bool initialization/comparison
apparmor: initialized returned struct aa_perms
apparmor: fix spelling mistake: "resoure" -> "resource"
21 Nov, 2017
1 commit
-
Use mutex_lock_nested to provide lockdep the parent child lock ordering of
the tree.This fixes the lockdep Warning
[ 305.275177] ============================================
[ 305.275178] WARNING: possible recursive locking detected
[ 305.275179] 4.14.0-rc7+ #320 Not tainted
[ 305.275180] --------------------------------------------
[ 305.275181] apparmor_parser/1339 is trying to acquire lock:
[ 305.275182] (&ns->lock){+.+.}, at: [] __aa_create_ns+0x6d/0x1e0
[ 305.275187]
but task is already holding lock:
[ 305.275187] (&ns->lock){+.+.}, at: [] aa_prepare_ns+0x3d/0xd0
[ 305.275190]
other info that might help us debug this:
[ 305.275191] Possible unsafe locking scenario:[ 305.275192] CPU0
[ 305.275193] ----
[ 305.275193] lock(&ns->lock);
[ 305.275194] lock(&ns->lock);
[ 305.275195]
*** DEADLOCK ***[ 305.275196] May be due to missing lock nesting notation
[ 305.275198] 2 locks held by apparmor_parser/1339:
[ 305.275198] #0: (sb_writers#10){.+.+}, at: [] vfs_write+0x1a7/0x1d0
[ 305.275202] #1: (&ns->lock){+.+.}, at: [] aa_prepare_ns+0x3d/0xd0
[ 305.275205]
stack backtrace:
[ 305.275207] CPU: 1 PID: 1339 Comm: apparmor_parser Not tainted 4.14.0-rc7+ #320
[ 305.275208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014
[ 305.275209] Call Trace:
[ 305.275212] dump_stack+0x85/0xcb
[ 305.275214] __lock_acquire+0x141c/0x1460
[ 305.275216] ? __aa_create_ns+0x6d/0x1e0
[ 305.275218] ? ___slab_alloc+0x183/0x540
[ 305.275219] ? ___slab_alloc+0x183/0x540
[ 305.275221] lock_acquire+0xed/0x1e0
[ 305.275223] ? lock_acquire+0xed/0x1e0
[ 305.275224] ? __aa_create_ns+0x6d/0x1e0
[ 305.275227] __mutex_lock+0x89/0x920
[ 305.275228] ? __aa_create_ns+0x6d/0x1e0
[ 305.275230] ? trace_hardirqs_on_caller+0x11f/0x190
[ 305.275231] ? __aa_create_ns+0x6d/0x1e0
[ 305.275233] ? __lockdep_init_map+0x57/0x1d0
[ 305.275234] ? lockdep_init_map+0x9/0x10
[ 305.275236] ? __rwlock_init+0x32/0x60
[ 305.275238] mutex_lock_nested+0x1b/0x20
[ 305.275240] ? mutex_lock_nested+0x1b/0x20
[ 305.275241] __aa_create_ns+0x6d/0x1e0
[ 305.275243] aa_prepare_ns+0xc2/0xd0
[ 305.275245] aa_replace_profiles+0x168/0xf30
[ 305.275247] ? __might_fault+0x85/0x90
[ 305.275250] policy_update+0xb9/0x380
[ 305.275252] profile_load+0x7e/0x90
[ 305.275254] __vfs_write+0x28/0x150
[ 305.275256] ? rcu_read_lock_sched_held+0x72/0x80
[ 305.275257] ? rcu_sync_lockdep_assert+0x2f/0x60
[ 305.275259] ? __sb_start_write+0xdc/0x1c0
[ 305.275261] ? vfs_write+0x1a7/0x1d0
[ 305.275262] vfs_write+0xca/0x1d0
[ 305.275264] ? trace_hardirqs_on_caller+0x11f/0x190
[ 305.275266] SyS_write+0x49/0xa0
[ 305.275268] entry_SYSCALL_64_fastpath+0x23/0xc2
[ 305.275271] RIP: 0033:0x7fa6b22e8c74
[ 305.275272] RSP: 002b:00007ffeaaee6288 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 305.275273] RAX: ffffffffffffffda RBX: 00007ffeaaee62a4 RCX: 00007fa6b22e8c74
[ 305.275274] RDX: 0000000000000a51 RSI: 00005566a8198c10 RDI: 0000000000000004
[ 305.275275] RBP: 0000000000000a39 R08: 0000000000000a51 R09: 0000000000000000
[ 305.275276] R10: 0000000000000000 R11: 0000000000000246 R12: 00005566a8198c10
[ 305.275277] R13: 0000000000000004 R14: 00005566a72ecb88 R15: 00005566a72ec3a8Fixes: 73688d1ed0b8 ("apparmor: refactor prepare_ns() and make usable from different views")
Signed-off-by: John Johansen
10 Oct, 2017
1 commit
-
The lockdep subsystem provides a robust way to assert that a lock is
held, so use that instead of write_can_lock, which can give incorrect
results for qrwlocks.Signed-off-by: Will Deacon
Signed-off-by: Peter Zijlstra (Intel)
Acked-by: John Johansen
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: paulmck@linux.vnet.ibm.com
Link: http://lkml.kernel.org/r/1507055129-12300-1-git-send-email-will.deacon@arm.com
Signed-off-by: Ingo Molnar
23 Sep, 2017
4 commits
-
sparse reports
poisoning the proxy->label before freeing the struct is resulting in
a sparse build warning.
../security/apparmor/label.c:52:30: warning: incorrect type in assignment (different address spaces)
../security/apparmor/label.c:52:30: expected struct aa_label [noderef] *label
../security/apparmor/label.c:52:30: got struct aa_label *fix with RCU_INIT_POINTER as this is one of those cases where
rcu_assign_pointer() is not needed.Signed-off-by: John Johansen
-
With apparmor policy virtualization based on policy namespace View's
we don't generally want/need absolute root based views, however there
are cases like debugging and some secid based conversions where
using a root based view is important.Signed-off-by: John Johansen
Acked-by: Seth Arnold -
Signed-off-by: John Johansen
Acked-by: Seth Arnold -
Reported-by: David Binderman
Signed-off-by: John Johansen
11 Jun, 2017
1 commit
-
Begin moving apparmor to using broader domain labels, that will allow
run time computation of domain type splitting via "stacking" of
profiles into a domain label vec.Signed-off-by: John Johansen