mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-09-18 22:14:16 +00:00
apparmor: extend xindex size
Allow the xindex to have 2^24 entries. Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
parent
b06a62ebf5
commit
ae6d35ed0a
3 changed files with 14 additions and 15 deletions
|
|
@ -88,18 +88,17 @@ static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx)
|
||||||
* - exec type - which determines how the executable name and index are used
|
* - exec type - which determines how the executable name and index are used
|
||||||
* - flags - which modify how the destination name is applied
|
* - flags - which modify how the destination name is applied
|
||||||
*/
|
*/
|
||||||
#define AA_X_INDEX_MASK 0x03ff
|
#define AA_X_INDEX_MASK 0x00ffffff
|
||||||
|
|
||||||
#define AA_X_TYPE_MASK 0x0c00
|
#define AA_X_TYPE_MASK 0x0c000000
|
||||||
#define AA_X_TYPE_SHIFT 10
|
#define AA_X_NONE 0x00000000
|
||||||
#define AA_X_NONE 0x0000
|
#define AA_X_NAME 0x04000000 /* use executable name px */
|
||||||
#define AA_X_NAME 0x0400 /* use executable name px */
|
#define AA_X_TABLE 0x08000000 /* use a specified name ->n# */
|
||||||
#define AA_X_TABLE 0x0800 /* use a specified name ->n# */
|
|
||||||
|
|
||||||
#define AA_X_UNSAFE 0x1000
|
#define AA_X_UNSAFE 0x10000000
|
||||||
#define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */
|
#define AA_X_CHILD 0x20000000
|
||||||
#define AA_X_INHERIT 0x4000
|
#define AA_X_INHERIT 0x40000000
|
||||||
#define AA_X_UNCONFINED 0x8000
|
#define AA_X_UNCONFINED 0x80000000
|
||||||
|
|
||||||
/* need to make conditional which ones are being set */
|
/* need to make conditional which ones are being set */
|
||||||
struct path_cond {
|
struct path_cond {
|
||||||
|
|
|
||||||
|
|
@ -78,7 +78,7 @@ struct aa_perms {
|
||||||
u32 quiet; /* set only when ~allow | deny */
|
u32 quiet; /* set only when ~allow | deny */
|
||||||
u32 hide; /* set only when ~allow | deny */
|
u32 hide; /* set only when ~allow | deny */
|
||||||
|
|
||||||
u16 xindex;
|
u32 xindex;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define ALL_PERMS_MASK 0xffffffff
|
#define ALL_PERMS_MASK 0xffffffff
|
||||||
|
|
|
||||||
|
|
@ -489,8 +489,8 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
|
||||||
int i, size;
|
int i, size;
|
||||||
|
|
||||||
size = unpack_array(e, NULL);
|
size = unpack_array(e, NULL);
|
||||||
/* currently 4 exec bits and entries 0-3 are reserved iupcx */
|
/* currently 2^24 bits entries 0-3 */
|
||||||
if (size > 16 - 4)
|
if (size > (1 << 24))
|
||||||
goto fail;
|
goto fail;
|
||||||
profile->file.trans.table = kcalloc(size, sizeof(char *),
|
profile->file.trans.table = kcalloc(size, sizeof(char *),
|
||||||
GFP_KERNEL);
|
GFP_KERNEL);
|
||||||
|
|
@ -672,10 +672,10 @@ static int datacmp(struct rhashtable_compare_arg *arg, const void *obj)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* remap old accept table embedded permissions to separate permission table */
|
/* remap old accept table embedded permissions to separate permission table */
|
||||||
static u16 dfa_map_xindex(u16 mask)
|
static u32 dfa_map_xindex(u16 mask)
|
||||||
{
|
{
|
||||||
u16 old_index = (mask >> 10) & 0xf;
|
u16 old_index = (mask >> 10) & 0xf;
|
||||||
u16 index = 0;
|
u32 index = 0;
|
||||||
|
|
||||||
if (mask & 0x100)
|
if (mask & 0x100)
|
||||||
index |= AA_X_UNSAFE;
|
index |= AA_X_UNSAFE;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue