git/linux-cryptodev-2.6
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git synced 2026-04-23 05:56:14 -04:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: compute file permissions on profile load

Browse Source 
Rather than computing file permissions for each file access, file
permissions can be computed once on profile load and stored for lookup.

Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Mike Salvatore
2020-03-30 16:43:29 -04:00
committed by John Johansen
parent 2218d08123
commit 408d53e923
5 changed files with 112 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
security/apparmor/include/file.h
View File

@@ -181,11 +181,13 @@ struct aa_file_rules {
/* struct perms perms; */
struct aa_domain trans;
/* TODO: add delegate table */
struct aa_perms *fperms_table;
};
struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state,
struct path_cond *cond);
unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
void aa_compute_fperms(struct aa_file_rules *file_rules);
struct aa_perms *aa_lookup_fperms(struct aa_file_rules *file_rules,
unsigned int state, struct path_cond *cond);
unsigned int aa_str_perms(struct aa_file_rules *file_rules, unsigned int start,
const char *name, struct path_cond *cond,
struct aa_perms *perms);
@@ -204,10 +206,17 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
void aa_inherit_files(const struct cred *cred, struct files_struct *files);
static inline void aa_free_fperms_table(struct aa_perms *fperms_table)
{
if (fperms_table)
kvfree(fperms_table);
}
static inline void aa_free_file_rules(struct aa_file_rules *rules)
{
aa_put_dfa(rules->dfa);
aa_free_domain_entries(&rules->trans);
aa_free_fperms_table(rules->fperms_table);
}
/**