p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
706,361 Commits 2 Branches 0 Tags 3.6 GiB
Commit Graph

7 Commits

Author SHA1 Message Date
John Johansen 651e28c553 apparmor: add base infastructure for socket mediation 
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.

the user space rule hav the basic form of
  NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
                 [ TYPE | PROTOCOL ]

  DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
             'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
	     'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
	     'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
	     'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
	     'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
	     'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
	     'vsock' | 'mpls' | 'ib' | 'kcm' ) ','

  TYPE = ( 'stream' | 'dgram' | 'seqpacket' |  'rdm' | 'raw' |
           'packet' )

  PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )

eg.
  network,
  network inet,

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2017-09-22 13:00:58 -07:00
John Johansen ca916e8e2d apparmor: add cross check permission helper macros 
The cross check permission helper macros will help simplify code
that does cross task permission checks like ptrace.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:41 -07:00
John Johansen 637f688dc3 apparmor: switch from profiles to using labels on contexts 
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:38 -07:00
John Johansen 2d679f3cb0 apparmor: switch from file_perms to aa_perms 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:30 -07:00
John Johansen aa9aeea8d4 apparmor: add gerneric permissions struct and support fns 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-10 17:11:30 -07:00
John Johansen e53cfe6c7c apparmor: rework perm mapping to a slightly broader set 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-09 05:59:22 -07:00
John Johansen fc7e0b26b8 apparmor: move permissions into their own file to be more easily shared 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2017-06-08 12:51:53 -07:00