diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-05-29 21:16:04 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 02:11:30 +0200 |
| commit | aa9aeea8d4c3dfb9297723c4340671ef88e372d3 (patch) | |
| tree | 5e12bad66f4a0f98043c97b21e866e2edb7d18b3 /security/apparmor/file.c | |
| parent | apparmor: add fn to test if profile supports a given mediation class (diff) | |
| download | linux-aa9aeea8d4c3dfb9297723c4340671ef88e372d3.tar.xz linux-aa9aeea8d4c3dfb9297723c4340671ef88e372d3.zip | |
apparmor: add gerneric permissions struct and support fns
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/file.c')
| -rw-r--r-- | security/apparmor/file.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 44549db904b3..1ee656f66aa4 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -56,15 +56,15 @@ static void file_audit_cb(struct audit_buffer *ab, void *va) struct common_audit_data *sa = va; kuid_t fsuid = current_fsuid(); - if (aad(sa)->fs.request & AA_AUDIT_FILE_MASK) { + if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " requested_mask="); - audit_file_mask(ab, aad(sa)->fs.request); + audit_file_mask(ab, aad(sa)->request); } - if (aad(sa)->fs.denied & AA_AUDIT_FILE_MASK) { + if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " denied_mask="); - audit_file_mask(ab, aad(sa)->fs.denied); + audit_file_mask(ab, aad(sa)->denied); } - if (aad(sa)->fs.request & AA_AUDIT_FILE_MASK) { + if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " fsuid=%d", from_kuid(&init_user_ns, fsuid)); audit_log_format(ab, " ouid=%d", @@ -100,7 +100,7 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_TASK, op); sa.u.tsk = NULL; - aad(&sa)->fs.request = request; + aad(&sa)->request = request; aad(&sa)->name = name; aad(&sa)->fs.target = target; aad(&sa)->fs.ouid = ouid; @@ -115,30 +115,30 @@ int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, mask = 0xffff; /* mask off perms that are not being force audited */ - aad(&sa)->fs.request &= mask; + aad(&sa)->request &= mask; - if (likely(!aad(&sa)->fs.request)) + if (likely(!aad(&sa)->request)) return 0; type = AUDIT_APPARMOR_AUDIT; } else { /* only report permissions that were denied */ - aad(&sa)->fs.request = aad(&sa)->fs.request & ~perms->allow; - AA_BUG(!aad(&sa)->fs.request); + aad(&sa)->request = aad(&sa)->request & ~perms->allow; + AA_BUG(!aad(&sa)->request); - if (aad(&sa)->fs.request & perms->kill) + if (aad(&sa)->request & perms->kill) type = AUDIT_APPARMOR_KILL; /* quiet known rejects, assumes quiet and kill do not overlap */ - if ((aad(&sa)->fs.request & perms->quiet) && + if ((aad(&sa)->request & perms->quiet) && AUDIT_MODE(profile) != AUDIT_NOQUIET && AUDIT_MODE(profile) != AUDIT_ALL) - aad(&sa)->fs.request &= ~perms->quiet; + aad(&sa)->request &= ~perms->quiet; - if (!aad(&sa)->fs.request) + if (!aad(&sa)->request) return COMPLAIN_MODE(profile) ? 0 : aad(&sa)->error; } - aad(&sa)->fs.denied = aad(&sa)->fs.request & ~perms->allow; + aad(&sa)->denied = aad(&sa)->request & ~perms->allow; return aa_audit(type, profile, &sa, file_audit_cb); } |