| net.c (5cc619db5c34146ee821acd08382b9d78579b52e) | net.c (56974a6fcfef69ee0825bd66ed13e92070ac5224) |
|---|---|
| 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor network mediation 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2017 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15#include "include/apparmor.h" 16#include "include/audit.h" | 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor network mediation 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2017 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15#include "include/apparmor.h" 16#include "include/audit.h" |
| 17#include "include/context.h" | 17#include "include/cred.h" |
| 18#include "include/label.h" 19#include "include/net.h" 20#include "include/policy.h" 21 22#include "net_names.h" 23 24 25struct aa_sfs_entry aa_sfs_entry_network[] = { --- 74 unchanged lines hidden (view full) --- 100 } 101 if (aad(sa)->peer) { 102 audit_log_format(ab, " peer="); 103 aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, 104 FLAGS_NONE, GFP_ATOMIC); 105 } 106} 107 | 18#include "include/label.h" 19#include "include/net.h" 20#include "include/policy.h" 21 22#include "net_names.h" 23 24 25struct aa_sfs_entry aa_sfs_entry_network[] = { --- 74 unchanged lines hidden (view full) --- 100 } 101 if (aad(sa)->peer) { 102 audit_log_format(ab, " peer="); 103 aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, 104 FLAGS_NONE, GFP_ATOMIC); 105 } 106} 107 |
| 108 | |
| 109/* Generic af perm */ 110int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa, 111 u32 request, u16 family, int type) 112{ 113 struct aa_perms perms = { }; | 108/* Generic af perm */ 109int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa, 110 u32 request, u16 family, int type) 111{ 112 struct aa_perms perms = { }; |
| 113 unsigned int state; 114 __be16 buffer[2]; |
|
| 114 115 AA_BUG(family >= AF_MAX); 116 AA_BUG(type < 0 || type >= SOCK_MAX); 117 118 if (profile_unconfined(profile)) 119 return 0; | 115 116 AA_BUG(family >= AF_MAX); 117 AA_BUG(type < 0 || type >= SOCK_MAX); 118 119 if (profile_unconfined(profile)) 120 return 0; |
| 121 state = PROFILE_MEDIATES(profile, AA_CLASS_NET); 122 if (!state) 123 return 0; |
|
| 120 | 124 |
| 121 perms.allow = (profile->net.allow[family] & (1 << type)) ? 122 ALL_PERMS_MASK : 0; 123 perms.audit = (profile->net.audit[family] & (1 << type)) ? 124 ALL_PERMS_MASK : 0; 125 perms.quiet = (profile->net.quiet[family] & (1 << type)) ? 126 ALL_PERMS_MASK : 0; | 125 buffer[0] = cpu_to_be16(family); 126 buffer[1] = cpu_to_be16((u16) type); 127 state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer, 128 4); 129 aa_compute_perms(profile->policy.dfa, state, &perms); |
| 127 aa_apply_modes_to_perms(profile, &perms); 128 129 return aa_check_perms(profile, &perms, request, sa, audit_net_cb); 130} 131 132int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family, 133 int type, int protocol) 134{ --- 50 unchanged lines hidden --- | 130 aa_apply_modes_to_perms(profile, &perms); 131 132 return aa_check_perms(profile, &perms, request, sa, audit_net_cb); 133} 134 135int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family, 136 int type, int protocol) 137{ --- 50 unchanged lines hidden --- |