| secid.c (df4390934da48e0462d1e77fba3e15f080e2c2a0) | secid.c (524d8e14258a3c31bcaf915db5762e41249eb924) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor security identifier (secid) manipulation fns 6 * 7 * Copyright 2009-2017 Canonical Ltd. 8 * --- 17 unchanged lines hidden (view full) --- 26/* 27 * secids - do not pin labels with a refcount. They rely on the label 28 * properly updating/freeing them 29 */ 30#define AA_FIRST_SECID 2 31 32static DEFINE_XARRAY_FLAGS(aa_secids, XA_FLAGS_LOCK_IRQ | XA_FLAGS_TRACK_FREE); 33 | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor security identifier (secid) manipulation fns 6 * 7 * Copyright 2009-2017 Canonical Ltd. 8 * --- 17 unchanged lines hidden (view full) --- 26/* 27 * secids - do not pin labels with a refcount. They rely on the label 28 * properly updating/freeing them 29 */ 30#define AA_FIRST_SECID 2 31 32static DEFINE_XARRAY_FLAGS(aa_secids, XA_FLAGS_LOCK_IRQ | XA_FLAGS_TRACK_FREE); 33 |
| 34int apparmor_display_secid_mode; 35 |
|
| 34/* 35 * TODO: allow policy to reserve a secid range? 36 * TODO: add secid pinning 37 * TODO: use secid_update in label replace 38 */ 39 40/** 41 * aa_secid_update - update a secid mapping to a new label --- 17 unchanged lines hidden (view full) --- 59{ 60 return xa_load(&aa_secids, secid); 61} 62 63int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 64{ 65 /* TODO: cache secctx and ref count so we don't have to recreate */ 66 struct aa_label *label = aa_secid_to_label(secid); | 36/* 37 * TODO: allow policy to reserve a secid range? 38 * TODO: add secid pinning 39 * TODO: use secid_update in label replace 40 */ 41 42/** 43 * aa_secid_update - update a secid mapping to a new label --- 17 unchanged lines hidden (view full) --- 61{ 62 return xa_load(&aa_secids, secid); 63} 64 65int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 66{ 67 /* TODO: cache secctx and ref count so we don't have to recreate */ 68 struct aa_label *label = aa_secid_to_label(secid); |
| 69 int flags = FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT; |
|
| 67 int len; 68 69 AA_BUG(!seclen); 70 71 if (!label) 72 return -EINVAL; 73 | 70 int len; 71 72 AA_BUG(!seclen); 73 74 if (!label) 75 return -EINVAL; 76 |
| 77 if (apparmor_display_secid_mode) 78 flags |= FLAG_SHOW_MODE; 79 |
|
| 74 if (secdata) 75 len = aa_label_asxprint(secdata, root_ns, label, | 80 if (secdata) 81 len = aa_label_asxprint(secdata, root_ns, label, |
| 76 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | 77 FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT, 78 GFP_ATOMIC); | 82 flags, GFP_ATOMIC); |
| 79 else | 83 else |
| 80 len = aa_label_snxprint(NULL, 0, root_ns, label, 81 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | 82 FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT); | 84 len = aa_label_snxprint(NULL, 0, root_ns, label, flags); 85 |
| 83 if (len < 0) 84 return -ENOMEM; 85 86 *seclen = len; 87 88 return 0; 89} 90 --- 56 unchanged lines hidden --- | 86 if (len < 0) 87 return -ENOMEM; 88 89 *seclen = len; 90 91 return 0; 92} 93 --- 56 unchanged lines hidden --- |