[apparmor] [PATCH 2/4] apparmor: use security_path_chdir hook
Seth Arnold
seth.arnold at canonical.com
Thu Nov 28 08:18:28 UTC 2013
On Tue, Nov 05, 2013 at 05:34:59AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> security/apparmor/audit.c | 1 +
> security/apparmor/include/audit.h | 1 +
> security/apparmor/lsm.c | 13 +++++++++++++
> 3 files changed, 15 insertions(+)
>
> diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
> index 89c7865..6ebebd5 100644
> --- a/security/apparmor/audit.c
> +++ b/security/apparmor/audit.c
> @@ -36,6 +36,7 @@ const char *const op_table[] = {
> "rename_dest",
> "chmod",
> "chown",
> + "chdir",
> "getattr",
> "open",
>
> diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
> index ba3dfd1..57f5ce8 100644
> --- a/security/apparmor/include/audit.h
> +++ b/security/apparmor/include/audit.h
> @@ -64,6 +64,7 @@ enum aa_ops {
> OP_RENAME_DEST,
> OP_CHMOD,
> OP_CHOWN,
> + OP_CHDIR,
> OP_GETATTR,
> OP_OPEN,
>
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 4257b7e..794aa1a 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -364,6 +364,18 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
> return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
> }
>
> +static int apparmor_path_chdir(struct path *path)
> +{
> + struct path_cond cond = { path->dentry->d_inode->i_uid,
> + path->dentry->d_inode->i_mode
> + };
> +
> + if (!mediated_filesystem(path->dentry->d_inode))
> + return 0;
> +
> + return common_perm(OP_CHDIR, path, MAY_READ, &cond);
> +}
> +
> static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
> {
> if (!mediated_filesystem(dentry->d_inode))
> @@ -632,6 +644,7 @@ static struct security_operations apparmor_ops = {
> .path_rename = apparmor_path_rename,
> .path_chmod = apparmor_path_chmod,
> .path_chown = apparmor_path_chown,
> + .path_chdir = apparmor_path_chdir,
> .path_truncate = apparmor_path_truncate,
> .inode_getattr = apparmor_inode_getattr,
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131128/e5ffb608/attachment.pgp>
More information about the AppArmor
mailing list