Loading security/apparmor/include/policy.h +2 −0 Original line number Diff line number Diff line Loading @@ -180,6 +180,8 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name); struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname, size_t n); struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name); struct aa_profile *aa_fqlookupn_profile(struct aa_profile *base, const char *fqname, size_t n); struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name); ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace); Loading security/apparmor/include/policy_ns.h +5 −5 Original line number Diff line number Diff line Loading @@ -46,11 +46,11 @@ struct aa_ns_acct { * @uniq_id: a unique id count for the profiles in the namespace * @dents: dentries for the namespaces file entries in apparmorfs * * An aa_ns defines the set profiles that are searched to determine * which profile to attach to a task. Profiles can not be shared between * aa_nss and profile names within a namespace are guaranteed to be * unique. When profiles in separate namespaces have the same name they * are NOT considered to be equivalent. * An aa_ns defines the set profiles that are searched to determine which * profile to attach to a task. Profiles can not be shared between aa_ns * and profile names within a namespace are guaranteed to be unique. When * profiles in separate namespaces have the same name they are NOT considered * to be equivalent. * * Namespaces are hierarchical and only namespaces and profiles below the * current namespace are visible. Loading security/apparmor/policy.c +29 −0 Original line number Diff line number Diff line Loading @@ -498,6 +498,35 @@ struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname) { return aa_lookupn_profile(ns, hname, strlen(hname)); } struct aa_profile *aa_fqlookupn_profile(struct aa_profile *base, const char *fqname, size_t n) { struct aa_profile *profile; struct aa_ns *ns; const char *name, *ns_name; size_t ns_len; name = aa_splitn_fqname(fqname, n, &ns_name, &ns_len); if (ns_name) { ns = aa_findn_ns(base->ns, ns_name, ns_len); if (!ns) return NULL; } else ns = aa_get_ns(base->ns); if (name) profile = aa_lookupn_profile(ns, name, n - (name - fqname)); else if (ns) /* default profile for ns, currently unconfined */ profile = aa_get_newest_profile(ns->unconfined); else profile = NULL; aa_put_ns(ns); return profile; } /** * replacement_allowed - test to see if replacement is allowed * @profile: profile to test if it can be replaced (MAYBE NULL) Loading security/apparmor/policy_ns.c +2 −2 Original line number Diff line number Diff line Loading @@ -226,7 +226,7 @@ static void __ns_list_release(struct list_head *head); /** * destroy_ns - remove everything contained by @ns * @ns: ns to have it contents removed (NOT NULL) * @ns: namespace to have it contents removed (NOT NULL) */ static void destroy_ns(struct aa_ns *ns) { Loading Loading @@ -276,7 +276,7 @@ static void __ns_list_release(struct list_head *head) } /** * aa_alloc_root_ns - allocate the root profile namespcae * aa_alloc_root_ns - allocate the root profile namespace * * Returns: %0 on success else error * Loading Loading
security/apparmor/include/policy.h +2 −0 Original line number Diff line number Diff line Loading @@ -180,6 +180,8 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name); struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname, size_t n); struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name); struct aa_profile *aa_fqlookupn_profile(struct aa_profile *base, const char *fqname, size_t n); struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name); ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace); Loading
security/apparmor/include/policy_ns.h +5 −5 Original line number Diff line number Diff line Loading @@ -46,11 +46,11 @@ struct aa_ns_acct { * @uniq_id: a unique id count for the profiles in the namespace * @dents: dentries for the namespaces file entries in apparmorfs * * An aa_ns defines the set profiles that are searched to determine * which profile to attach to a task. Profiles can not be shared between * aa_nss and profile names within a namespace are guaranteed to be * unique. When profiles in separate namespaces have the same name they * are NOT considered to be equivalent. * An aa_ns defines the set profiles that are searched to determine which * profile to attach to a task. Profiles can not be shared between aa_ns * and profile names within a namespace are guaranteed to be unique. When * profiles in separate namespaces have the same name they are NOT considered * to be equivalent. * * Namespaces are hierarchical and only namespaces and profiles below the * current namespace are visible. Loading
security/apparmor/policy.c +29 −0 Original line number Diff line number Diff line Loading @@ -498,6 +498,35 @@ struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname) { return aa_lookupn_profile(ns, hname, strlen(hname)); } struct aa_profile *aa_fqlookupn_profile(struct aa_profile *base, const char *fqname, size_t n) { struct aa_profile *profile; struct aa_ns *ns; const char *name, *ns_name; size_t ns_len; name = aa_splitn_fqname(fqname, n, &ns_name, &ns_len); if (ns_name) { ns = aa_findn_ns(base->ns, ns_name, ns_len); if (!ns) return NULL; } else ns = aa_get_ns(base->ns); if (name) profile = aa_lookupn_profile(ns, name, n - (name - fqname)); else if (ns) /* default profile for ns, currently unconfined */ profile = aa_get_newest_profile(ns->unconfined); else profile = NULL; aa_put_ns(ns); return profile; } /** * replacement_allowed - test to see if replacement is allowed * @profile: profile to test if it can be replaced (MAYBE NULL) Loading
security/apparmor/policy_ns.c +2 −2 Original line number Diff line number Diff line Loading @@ -226,7 +226,7 @@ static void __ns_list_release(struct list_head *head); /** * destroy_ns - remove everything contained by @ns * @ns: ns to have it contents removed (NOT NULL) * @ns: namespace to have it contents removed (NOT NULL) */ static void destroy_ns(struct aa_ns *ns) { Loading Loading @@ -276,7 +276,7 @@ static void __ns_list_release(struct list_head *head) } /** * aa_alloc_root_ns - allocate the root profile namespcae * aa_alloc_root_ns - allocate the root profile namespace * * Returns: %0 on success else error * Loading
John Johansen <john.johansen@canonical.com>John Johansen <john.johansen@canonical.com>