-From d29d73fa5d7b5d016f9c17236fff2a741acea247 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Mon, 4 Oct 2010 15:03:36 -0700
-Subject: [PATCH 1/3] UBUNTU: SAUCE: AppArmor: basic networking rules
+commit 09aa4788d6052c6dc423d939319334ebb5d00847
+Author: John Johansen <john.johansen@canonical.com>
+Date: Mon Oct 4 15:03:36 2010 -0700
-Base support for network mediation.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-
-Conflicts:
- security/apparmor/Makefile
- security/apparmor/policy.c
----
- security/apparmor/.gitignore | 1 +
- security/apparmor/Makefile | 42 +++++++++-
- security/apparmor/apparmorfs.c | 1 +
- security/apparmor/include/audit.h | 4 +
- security/apparmor/include/net.h | 44 ++++++++++
- security/apparmor/include/policy.h | 3 +
- security/apparmor/lsm.c | 112 +++++++++++++++++++++++++
- security/apparmor/net.c | 162 +++++++++++++++++++++++++++++++++++++
- security/apparmor/policy.c | 1 +
- security/apparmor/policy_unpack.c | 46 +++++++++++
- 10 files changed, 414 insertions(+), 2 deletions(-)
- create mode 100644 security/apparmor/include/net.h
- create mode 100644 security/apparmor/net.c
+ UBUNTU: SAUCE: AppArmor: basic networking rules
+
+ Base support for network mediation.
+
+ Signed-off-by: John Johansen <john.johansen@canonical.com>
diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore
index 9cdec70..d5b291e 100644
+ $(call cmd,make-af)
+ $(call cmd,make-sock)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 7db9954..18fc02c 100644
+index 729e595..181d961 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
-@@ -806,6 +806,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
+@@ -807,6 +807,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
AA_FS_DIR("policy", aa_fs_entry_policy),
AA_FS_DIR("domain", aa_fs_entry_domain),
AA_FS_DIR("file", aa_fs_entry_file),
AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
AA_FS_DIR("caps", aa_fs_entry_caps),
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
-index 30e8d76..61abec5 100644
+index ba3dfd1..5d3c419 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
-@@ -126,6 +126,10 @@ struct apparmor_audit_data {
+@@ -125,6 +125,10 @@ struct apparmor_audit_data {
u32 denied;
kuid_t ouid;
} fs;
+
+#endif /* __AA_NET_H */
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
-index c28b0f2..b524d88 100644
+index 52275f0..4fc4dac 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -27,6 +27,7 @@
unsigned char *hash;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index fb99e18..de55a7f 100644
+index 41b8cb1..d96b5f7 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -32,6 +32,7 @@
#include "include/path.h"
#include "include/policy.h"
#include "include/procattr.h"
-@@ -615,6 +616,104 @@ static int apparmor_task_setrlimit(struct task_struct *task,
+@@ -584,6 +585,104 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
+ return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
+}
+
- static struct security_operations apparmor_ops = {
- .name = "apparmor",
-
-@@ -647,6 +746,19 @@ static struct security_operations apparmor_ops = {
- .getprocattr = apparmor_getprocattr,
- .setprocattr = apparmor_setprocattr,
+ static struct security_hook_list apparmor_hooks[] = {
+ LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
+ LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
+@@ -613,6 +712,19 @@ static struct security_hook_list apparmor_hooks[] = {
+ LSM_HOOK_INIT(getprocattr, apparmor_getprocattr),
+ LSM_HOOK_INIT(setprocattr, apparmor_setprocattr),
-+ .socket_create = apparmor_socket_create,
-+ .socket_bind = apparmor_socket_bind,
-+ .socket_connect = apparmor_socket_connect,
-+ .socket_listen = apparmor_socket_listen,
-+ .socket_accept = apparmor_socket_accept,
-+ .socket_sendmsg = apparmor_socket_sendmsg,
-+ .socket_recvmsg = apparmor_socket_recvmsg,
-+ .socket_getsockname = apparmor_socket_getsockname,
-+ .socket_getpeername = apparmor_socket_getpeername,
-+ .socket_getsockopt = apparmor_socket_getsockopt,
-+ .socket_setsockopt = apparmor_socket_setsockopt,
-+ .socket_shutdown = apparmor_socket_shutdown,
-+
- .cred_alloc_blank = apparmor_cred_alloc_blank,
- .cred_free = apparmor_cred_free,
- .cred_prepare = apparmor_cred_prepare,
++ LSM_HOOK_INIT(socket_create, apparmor_socket_create),
++ LSM_HOOK_INIT(socket_bind, apparmor_socket_bind),
++ LSM_HOOK_INIT(socket_connect, apparmor_socket_connect),
++ LSM_HOOK_INIT(socket_listen, apparmor_socket_listen),
++ LSM_HOOK_INIT(socket_accept, apparmor_socket_accept),
++ LSM_HOOK_INIT(socket_sendmsg, apparmor_socket_sendmsg),
++ LSM_HOOK_INIT(socket_recvmsg, apparmor_socket_recvmsg),
++ LSM_HOOK_INIT(socket_getsockname, apparmor_socket_getsockname),
++ LSM_HOOK_INIT(socket_getpeername, apparmor_socket_getpeername),
++ LSM_HOOK_INIT(socket_getsockopt, apparmor_socket_getsockopt),
++ LSM_HOOK_INIT(socket_setsockopt, apparmor_socket_setsockopt),
++ LSM_HOOK_INIT(socket_shutdown, apparmor_socket_shutdown),
++
+ LSM_HOOK_INIT(cred_alloc_blank, apparmor_cred_alloc_blank),
+ LSM_HOOK_INIT(cred_free, apparmor_cred_free),
+ LSM_HOOK_INIT(cred_prepare, apparmor_cred_prepare),
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
new file mode 100644
index 0000000..003dd18
+ return error;
+}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 705c287..e2afe29 100644
+index 179e68d..f1a8541 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -603,6 +603,7 @@ void aa_free_profile(struct aa_profile *profile)
kzfree(profile->dirname);
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index a689f10..1a35e6b 100644
+index 1381206..7dc15ff 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -193,6 +193,19 @@ fail:
if (unpack_nameX(e, AA_STRUCT, "policydb")) {
/* generic policy dfa - optional and may be NULL */
profile->policy.dfa = unpack_dfa(e);
---
-1.8.3.2
-From b452a37e97af826ba6c7548230e07c95bd13d9c4 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Fri, 29 Jun 2012 17:34:00 -0700
-Subject: [PATCH 2/3] apparmor: Fix quieting of audit messages for network
- mediation
+commit f5c5644745201b5b7d398e841e5045d0a5d14b18
+Author: John Johansen <john.johansen@canonical.com>
+Date: Fri Jun 29 17:34:00 2012 -0700
-If a profile specified a quieting of network denials for a given rule by
-either the quiet or deny rule qualifiers, the resultant quiet mask for
-denied requests was applied incorrectly, resulting in two potential bugs.
-1. The misapplied quiet mask would prevent denials from being correctly
- tested against the kill mask/mode. Thus network access requests that
- should have resulted in the application being killed did not.
-
-2. The actual quieting of the denied network request was not being applied.
- This would result in network rejections always being logged even when
- they had been specifically marked as quieted.
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
----
- security/apparmor/net.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ apparmor: Fix quieting of audit messages for network mediation
+
+ If a profile specified a quieting of network denials for a given rule by
+ either the quiet or deny rule qualifiers, the resultant quiet mask for
+ denied requests was applied incorrectly, resulting in two potential bugs.
+ 1. The misapplied quiet mask would prevent denials from being correctly
+ tested against the kill mask/mode. Thus network access requests that
+ should have resulted in the application being killed did not.
+
+ 2. The actual quieting of the denied network request was not being applied.
+ This would result in network rejections always being logged even when
+ they had been specifically marked as quieted.
+
+ Signed-off-by: John Johansen <john.johansen@canonical.com>
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 003dd18..6e6e5c9 100644
if (denied & kill_mask)
audit_type = AUDIT_APPARMOR_KILL;
---
-1.8.3.2
-
-From 0f113c1f052be315f5097d8b7294a620b0adda87 Mon Sep 17 00:00:00 2001
-From: John Johansen <john.johansen@canonical.com>
-Date: Wed, 16 May 2012 10:58:05 -0700
-Subject: [PATCH 3/3] UBUNTU: SAUCE: apparmor: Add the ability to mediate mount
-
-Add the ability for apparmor to do mediation of mount operations. Mount
-rules require an updated apparmor_parser (2.8 series) for policy compilation.
-
-The basic form of the rules are.
-
- [audit] [deny] mount [conds]* [device] [ -> [conds] path],
- [audit] [deny] remount [conds]* [path],
- [audit] [deny] umount [conds]* [path],
- [audit] [deny] pivotroot [oldroot=<value>] <path>
-
- remount is just a short cut for mount options=remount
-
- where [conds] can be
- fstype=<expr>
- options=<expr>
-Example mount commands
- mount, # allow all mounts, but not umount or pivotroot
+commit 0269f1631e1496798e5b0a319ff05b1133cfeaa3
+Author: John Johansen <john.johansen@canonical.com>
+Date: Wed May 16 10:58:05 2012 -0700
- mount fstype=procfs, # allow mounting procfs anywhere
-
- mount options=(bind, ro) /foo -> /bar, # readonly bind mount
-
- mount /dev/sda -> /mnt,
-
- mount /dev/sd** -> /mnt/**,
-
- mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) -> /mnt/
-
- umount,
-
- umount /m*,
-
-See the apparmor userspace for full documentation
-
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: Kees Cook <kees@ubuntu.com>
-
-Conflicts:
- security/apparmor/Makefile
- security/apparmor/apparmorfs.c
----
- security/apparmor/Makefile | 2 +-
- security/apparmor/apparmorfs.c | 15 +-
- security/apparmor/audit.c | 4 +
- security/apparmor/domain.c | 2 +-
- security/apparmor/include/apparmor.h | 3 +-
- security/apparmor/include/audit.h | 11 +
- security/apparmor/include/domain.h | 2 +
- security/apparmor/include/mount.h | 54 +++
- security/apparmor/lsm.c | 59 ++++
- security/apparmor/mount.c | 620 +++++++++++++++++++++++++++++++++++
- 10 files changed, 768 insertions(+), 4 deletions(-)
- create mode 100644 security/apparmor/include/mount.h
- create mode 100644 security/apparmor/mount.c
+ UBUNTU: SAUCE: apparmor: Add the ability to mediate mount
+
+ Add the ability for apparmor to do mediation of mount operations. Mount
+ rules require an updated apparmor_parser (2.8 series) for policy compilation.
+
+ The basic form of the rules are.
+
+ [audit] [deny] mount [conds]* [device] [ -> [conds] path],
+ [audit] [deny] remount [conds]* [path],
+ [audit] [deny] umount [conds]* [path],
+ [audit] [deny] pivotroot [oldroot=<value>] <path>
+
+ remount is just a short cut for mount options=remount
+
+ where [conds] can be
+ fstype=<expr>
+ options=<expr>
+
+ Example mount commands
+ mount, # allow all mounts, but not umount or pivotroot
+
+ mount fstype=procfs, # allow mounting procfs anywhere
+
+ mount options=(bind, ro) /foo -> /bar, # readonly bind mount
+
+ mount /dev/sda -> /mnt,
+
+ mount /dev/sd** -> /mnt/**,
+
+ mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) -> /mnt/
+
+ umount,
+
+ umount /m*,
+
+ See the apparmor userspace for full documentation
+
+ Signed-off-by: John Johansen <john.johansen@canonical.com>
+ Acked-by: Kees Cook <kees@ubuntu.com>
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 5dbb72f..89b3445 100644
clean-files := capability_names.h rlim_names.h net_names.h
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 18fc02c..e709030 100644
+index 181d961..5fb67f6 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
-@@ -799,7 +799,18 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
+@@ -800,7 +800,18 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
static struct aa_fs_entry aa_fs_entry_policy[] = {
AA_FS_FILE_BOOLEAN("set_load", 1),
};
static struct aa_fs_entry aa_fs_entry_features[] = {
-@@ -807,6 +818,8 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
+@@ -808,6 +819,8 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
AA_FS_DIR("domain", aa_fs_entry_domain),
AA_FS_DIR("file", aa_fs_entry_file),
AA_FS_DIR("network", aa_fs_entry_network),
AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
AA_FS_DIR("caps", aa_fs_entry_caps),
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
-index 031d2d9..02d804c 100644
+index 3a7f1da..c2a8b8a 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -44,6 +44,10 @@ const char *const op_table[] = {
"post_create",
"bind",
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index 26c607c..23936c5 100644
+index fc3036b..f2a83b4 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
-@@ -238,7 +238,7 @@ static const char *next_name(int xtype, const char *name)
+@@ -236,7 +236,7 @@ static const char *next_name(int xtype, const char *name)
*
* Returns: refcounted profile, or NULL on failure (MAYBE NULL)
*/
struct aa_profile *new_profile = NULL;
struct aa_namespace *ns = profile->ns;
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
-index 8fb1488..22b172c 100644
+index 5d721e9..b57da7b 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -30,8 +30,9 @@
/* Control parameters settable through module/boot flags */
extern enum audit_mode aa_g_audit;
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
-index 61abec5..a9835c3 100644
+index 5d3c419..b9f1d57 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -72,6 +72,10 @@ enum aa_ops {
OP_CREATE,
OP_POST_CREATE,
OP_BIND,
-@@ -121,6 +125,13 @@ struct apparmor_audit_data {
+@@ -120,6 +124,13 @@ struct apparmor_audit_data {
unsigned long max;
} rlim;
struct {
void apparmor_bprm_committing_creds(struct linux_binprm *bprm);
diff --git a/security/apparmor/include/mount.h b/security/apparmor/include/mount.h
new file mode 100644
-index 0000000..bc17a53
+index 0000000..a43b1d6
--- /dev/null
+++ b/security/apparmor/include/mount.h
@@ -0,0 +1,54 @@
+
+#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
+
-+int aa_remount(struct aa_profile *profile, struct path *path,
++int aa_remount(struct aa_profile *profile, const struct path *path,
+ unsigned long flags, void *data);
+
-+int aa_bind_mount(struct aa_profile *profile, struct path *path,
++int aa_bind_mount(struct aa_profile *profile, const struct path *path,
+ const char *old_name, unsigned long flags);
+
+
-+int aa_mount_change_type(struct aa_profile *profile, struct path *path,
++int aa_mount_change_type(struct aa_profile *profile, const struct path *path,
+ unsigned long flags);
+
-+int aa_move_mount(struct aa_profile *profile, struct path *path,
++int aa_move_mount(struct aa_profile *profile, const struct path *path,
+ const char *old_name);
+
+int aa_new_mount(struct aa_profile *profile, const char *dev_name,
-+ struct path *path, const char *type, unsigned long flags,
++ const struct path *path, const char *type, unsigned long flags,
+ void *data);
+
+int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags);
+
-+int aa_pivotroot(struct aa_profile *profile, struct path *old_path,
-+ struct path *new_path);
++int aa_pivotroot(struct aa_profile *profile, const struct path *old_path,
++ const struct path *new_path);
+
+#endif /* __AA_MOUNT_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index de55a7f..e0dd95f 100644
+index d96b5f7..7a02376 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -36,6 +36,7 @@
/* Flag indicating whether initialization completed */
int apparmor_initialized __initdata;
-@@ -502,6 +503,60 @@ static int apparmor_file_mprotect(struct vm_area_struct *vma,
+@@ -469,6 +470,61 @@ static int apparmor_file_mprotect(struct vm_area_struct *vma,
!(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0);
}
-+static int apparmor_sb_mount(char *dev_name, struct path *path, char *type,
-+ unsigned long flags, void *data)
++static int apparmor_sb_mount(const char *dev_name, const struct path *path,
++ const char *type, unsigned long flags, void *data)
+{
+ struct aa_profile *profile;
+ int error = 0;
+ return error;
+}
+
-+static int apparmor_sb_pivotroot(struct path *old_path, struct path *new_path)
++static int apparmor_sb_pivotroot(const struct path *old_path,
++ const struct path *new_path)
+{
+ struct aa_profile *profile;
+ int error = 0;
static int apparmor_getprocattr(struct task_struct *task, char *name,
char **value)
{
-@@ -722,6 +777,10 @@ static struct security_operations apparmor_ops = {
- .capget = apparmor_capget,
- .capable = apparmor_capable,
+@@ -689,6 +745,10 @@ static struct security_hook_list apparmor_hooks[] = {
+ LSM_HOOK_INIT(capget, apparmor_capget),
+ LSM_HOOK_INIT(capable, apparmor_capable),
-+ .sb_mount = apparmor_sb_mount,
-+ .sb_umount = apparmor_sb_umount,
-+ .sb_pivotroot = apparmor_sb_pivotroot,
-+
- .path_link = apparmor_path_link,
- .path_unlink = apparmor_path_unlink,
- .path_symlink = apparmor_path_symlink,
++ LSM_HOOK_INIT(sb_mount, apparmor_sb_mount),
++ LSM_HOOK_INIT(sb_umount, apparmor_sb_umount),
++ LSM_HOOK_INIT(sb_pivotroot, apparmor_sb_pivotroot),
++
+ LSM_HOOK_INIT(path_link, apparmor_path_link),
+ LSM_HOOK_INIT(path_unlink, apparmor_path_unlink),
+ LSM_HOOK_INIT(path_symlink, apparmor_path_symlink),
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
new file mode 100644
-index 0000000..478aa4d
+index 0000000..9cf9170
--- /dev/null
+++ b/security/apparmor/mount.c
@@ -0,0 +1,620 @@
+ return 0;
+}
+
-+static int path_flags(struct aa_profile *profile, struct path *path)
++static int path_flags(struct aa_profile *profile, const struct path *path)
+{
+ return profile->path_flags |
+ S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0;
+}
+
-+int aa_remount(struct aa_profile *profile, struct path *path,
++int aa_remount(struct aa_profile *profile, const struct path *path,
+ unsigned long flags, void *data)
+{
+ struct file_perms perms = { };
+ return error;
+}
+
-+int aa_bind_mount(struct aa_profile *profile, struct path *path,
++int aa_bind_mount(struct aa_profile *profile, const struct path *path,
+ const char *dev_name, unsigned long flags)
+{
+ struct file_perms perms = { };
+ return error;
+}
+
-+int aa_mount_change_type(struct aa_profile *profile, struct path *path,
++int aa_mount_change_type(struct aa_profile *profile, const struct path *path,
+ unsigned long flags)
+{
+ struct file_perms perms = { };
+ return error;
+}
+
-+int aa_move_mount(struct aa_profile *profile, struct path *path,
++int aa_move_mount(struct aa_profile *profile, const struct path *path,
+ const char *orig_name)
+{
+ struct file_perms perms = { };
+}
+
+int aa_new_mount(struct aa_profile *profile, const char *orig_dev_name,
-+ struct path *path, const char *type, unsigned long flags,
++ const struct path *path, const char *type, unsigned long flags,
+ void *data)
+{
+ struct file_perms perms = { };
+ return error;
+}
+
-+int aa_pivotroot(struct aa_profile *profile, struct path *old_path,
-+ struct path *new_path)
++int aa_pivotroot(struct aa_profile *profile, const struct path *old_path,
++ const struct path *new_path)
+{
+ struct file_perms perms = { };
+ struct aa_profile *target = NULL;
+
+ return error;
+}
---
-1.8.3.2
+