summaryrefslogtreecommitdiffstats
path: root/security/apparmor/include/lib.h
Commit message (Collapse)AuthorAgeFilesLines
* apparmor: fix parameters so that the permission test is bypassed at bootJohn Johansen2017-04-071-1/+1
| | | | | | | | | | | | | Boot parameters are written before apparmor is ready to answer whether the user is policy_view_capable(). Setting the parameters at boot results in an oops and failure to boot. Setting the parameters at boot is obviously allowed so skip the permission check when apparmor is not initialized. While we are at it move the more complicated check to last. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
* Merge branch 'next' of ↵Linus Torvalds2017-02-211-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security layer updates from James Morris: "Highlights: - major AppArmor update: policy namespaces & lots of fixes - add /sys/kernel/security/lsm node for easy detection of loaded LSMs - SELinux cgroupfs labeling support - SELinux context mounts on tmpfs, ramfs, devpts within user namespaces - improved TPM 2.0 support" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (117 commits) tpm: declare tpm2_get_pcr_allocation() as static tpm: Fix expected number of response bytes of TPM1.2 PCR Extend tpm xen: drop unneeded chip variable tpm: fix misspelled "facilitate" in module parameter description tpm_tis: fix the error handling of init_tis() KEYS: Use memzero_explicit() for secret data KEYS: Fix an error code in request_master_key() sign-file: fix build error in sign-file.c with libressl selinux: allow changing labels for cgroupfs selinux: fix off-by-one in setprocattr tpm: silence an array overflow warning tpm: fix the type of owned field in cap_t tpm: add securityfs support for TPM 2.0 firmware event log tpm: enhance read_log_of() to support Physical TPM event log tpm: enhance TPM 2.0 PCR extend to support multiple banks tpm: implement TPM 2.0 capability to get active PCR banks tpm: fix RC value check in tpm2_seal_trusted tpm_tis: fix iTPM probe via probe_itpm() function tpm: Begin the process to deprecate user_read_timer tpm: remove tpm_read_index and tpm_write_index from tpm.h ...
* apparmor: pass gfp param into aa_policy_init()John Johansen2017-01-161-1/+1
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: constify policy name and hnameJohn Johansen2017-01-161-2/+2
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: rename hname_tail to basenameJohn Johansen2017-01-161-2/+2
| | | | | | Rename to the shorter and more familiar shell cmd name Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: rename mediated_filesystem() to path_mediated_fs()John Johansen2017-01-161-1/+1
| | | | | | | Rename to indicate the test is only about whether path mediation is used, not whether other types of mediation might be used. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add debug assert AA_BUG and Kconfig to control debug infoJohn Johansen2017-01-161-1/+13
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add macro for bug asserts to check that a lock is heldJohn Johansen2017-01-161-0/+11
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add lib fn to find the "split" for fqnamesJohn Johansen2017-01-161-0/+2
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: split out shared policy_XXX fns to libJohn Johansen2017-01-161-0/+81
| | | | Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: move lib definitions into separate lib includeJohn Johansen2017-01-161-0/+94
Signed-off-by: John Johansen <john.johansen@canonical.com>
OpenPOWER on IntegriCloud