file.c (95a0c7c2d6cfde3fb5fdb713428ed0df4d6bdd58) file.c (651e28c5537abb39076d3949fb7618536f1d242e)
1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor mediation of files
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *

--- 7 unchanged lines hidden (view full) ---

16#include <linux/fdtable.h>
17#include <linux/file.h>
18
19#include "include/apparmor.h"
20#include "include/audit.h"
21#include "include/context.h"
22#include "include/file.h"
23#include "include/match.h"
1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor mediation of files
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *

--- 7 unchanged lines hidden (view full) ---

16#include <linux/fdtable.h>
17#include <linux/file.h>
18
19#include "include/apparmor.h"
20#include "include/audit.h"
21#include "include/context.h"
22#include "include/file.h"
23#include "include/match.h"
24#include "include/net.h"
24#include "include/path.h"
25#include "include/policy.h"
26#include "include/label.h"
27
28static u32 map_mask_to_chr_mask(u32 mask)
29{
30 u32 m = mask & PERMS_CHRS_MASK;
31

--- 529 unchanged lines hidden (view full) ---

561 if (!error)
562 update_file_ctx(file_ctx(file), label, request);
563
564 put_buffers(buffer);
565
566 return error;
567}
568
25#include "include/path.h"
26#include "include/policy.h"
27#include "include/label.h"
28
29static u32 map_mask_to_chr_mask(u32 mask)
30{
31 u32 m = mask & PERMS_CHRS_MASK;
32

--- 529 unchanged lines hidden (view full) ---

562 if (!error)
563 update_file_ctx(file_ctx(file), label, request);
564
565 put_buffers(buffer);
566
567 return error;
568}
569
570static int __file_sock_perm(const char *op, struct aa_label *label,
571 struct aa_label *flabel, struct file *file,
572 u32 request, u32 denied)
573{
574 struct socket *sock = (struct socket *) file->private_data;
575 int error;
576
577 AA_BUG(!sock);
578
579 /* revalidation due to label out of date. No revocation at this time */
580 if (!denied && aa_label_is_subset(flabel, label))
581 return 0;
582
583 /* TODO: improve to skip profiles cached in flabel */
584 error = aa_sock_file_perm(label, op, request, sock);
585 if (denied) {
586 /* TODO: improve to skip profiles checked above */
587 /* check every profile in file label to is cached */
588 last_error(error, aa_sock_file_perm(flabel, op, request, sock));
589 }
590 if (!error)
591 update_file_ctx(file_ctx(file), label, request);
592
593 return error;
594}
595
569/**
570 * aa_file_perm - do permission revalidation check & audit for @file
571 * @op: operation being checked
572 * @label: label being enforced (NOT NULL)
573 * @file: file to revalidate access permissions on (NOT NULL)
574 * @request: requested permissions
575 *
576 * Returns: %0 if access allowed else error

--- 28 unchanged lines hidden (view full) ---

605 goto done;
606
607 /* TODO: label cross check */
608
609 if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
610 error = __file_path_perm(op, label, flabel, file, request,
611 denied);
612
596/**
597 * aa_file_perm - do permission revalidation check & audit for @file
598 * @op: operation being checked
599 * @label: label being enforced (NOT NULL)
600 * @file: file to revalidate access permissions on (NOT NULL)
601 * @request: requested permissions
602 *
603 * Returns: %0 if access allowed else error

--- 28 unchanged lines hidden (view full) ---

632 goto done;
633
634 /* TODO: label cross check */
635
636 if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
637 error = __file_path_perm(op, label, flabel, file, request,
638 denied);
639
640 else if (S_ISSOCK(file_inode(file)->i_mode))
641 error = __file_sock_perm(op, label, flabel, file, request,
642 denied);
613done:
614 rcu_read_unlock();
615
616 return error;
617}
618
619static void revalidate_tty(struct aa_label *label)
620{

--- 62 unchanged lines hidden --- 		643done:
644 rcu_read_unlock();
645
646 return error;
647}
648
649static void revalidate_tty(struct aa_label *label)
650{

--- 62 unchanged lines hidden ---