file.c (d8889d49e414b371eb235c08c3a759ab3e0cfa51) file.c (56974a6fcfef69ee0825bd66ed13e92070ac5224)
1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor mediation of files
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *

--- 7 unchanged lines hidden (view full) ---

16#include <linux/fdtable.h>
17#include <linux/file.h>
18
19#include "include/apparmor.h"
20#include "include/audit.h"
21#include "include/cred.h"
22#include "include/file.h"
23#include "include/match.h"
1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor mediation of files
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *

--- 7 unchanged lines hidden (view full) ---

16#include <linux/fdtable.h>
17#include <linux/file.h>
18
19#include "include/apparmor.h"
20#include "include/audit.h"
21#include "include/cred.h"
22#include "include/file.h"
23#include "include/match.h"
24#include "include/net.h"
24#include "include/path.h"
25#include "include/policy.h"
26#include "include/label.h"
27
28static u32 map_mask_to_chr_mask(u32 mask)
29{
30 u32 m = mask & PERMS_CHRS_MASK;
31

--- 523 unchanged lines hidden (view full) ---

555 if (!error)
556 update_file_ctx(file_ctx(file), label, request);
557
558 put_buffers(buffer);
559
560 return error;
561}
562
25#include "include/path.h"
26#include "include/policy.h"
27#include "include/label.h"
28
29static u32 map_mask_to_chr_mask(u32 mask)
30{
31 u32 m = mask & PERMS_CHRS_MASK;
32

--- 523 unchanged lines hidden (view full) ---

556 if (!error)
557 update_file_ctx(file_ctx(file), label, request);
558
559 put_buffers(buffer);
560
561 return error;
562}
563
564static int __file_sock_perm(const char *op, struct aa_label *label,
565 struct aa_label *flabel, struct file *file,
566 u32 request, u32 denied)
567{
568 struct socket *sock = (struct socket *) file->private_data;
569 int error;
570
571 AA_BUG(!sock);
572
573 /* revalidation due to label out of date. No revocation at this time */
574 if (!denied && aa_label_is_subset(flabel, label))
575 return 0;
576
577 /* TODO: improve to skip profiles cached in flabel */
578 error = aa_sock_file_perm(label, op, request, sock);
579 if (denied) {
580 /* TODO: improve to skip profiles checked above */
581 /* check every profile in file label to is cached */
582 last_error(error, aa_sock_file_perm(flabel, op, request, sock));
583 }
584 if (!error)
585 update_file_ctx(file_ctx(file), label, request);
586
587 return error;
588}
589
563/**
564 * aa_file_perm - do permission revalidation check & audit for @file
565 * @op: operation being checked
566 * @label: label being enforced (NOT NULL)
567 * @file: file to revalidate access permissions on (NOT NULL)
568 * @request: requested permissions
569 *
570 * Returns: %0 if access allowed else error

--- 28 unchanged lines hidden (view full) ---

599 goto done;
600
601 /* TODO: label cross check */
602
603 if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
604 error = __file_path_perm(op, label, flabel, file, request,
605 denied);
606
590/**
591 * aa_file_perm - do permission revalidation check & audit for @file
592 * @op: operation being checked
593 * @label: label being enforced (NOT NULL)
594 * @file: file to revalidate access permissions on (NOT NULL)
595 * @request: requested permissions
596 *
597 * Returns: %0 if access allowed else error

--- 28 unchanged lines hidden (view full) ---

626 goto done;
627
628 /* TODO: label cross check */
629
630 if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))
631 error = __file_path_perm(op, label, flabel, file, request,
632 denied);
633
634 else if (S_ISSOCK(file_inode(file)->i_mode))
635 error = __file_sock_perm(op, label, flabel, file, request,
636 denied);
607done:
608 rcu_read_unlock();
609
610 return error;
611}
612
613static void revalidate_tty(struct aa_label *label)
614{

--- 62 unchanged lines hidden --- 		637done:
638 rcu_read_unlock();
639
640 return error;
641}
642
643static void revalidate_tty(struct aa_label *label)
644{

--- 62 unchanged lines hidden ---