[apparmor] [PATCH 4/4] apparmor: use security_path_access hook

Seth Arnold seth.arnold at canonical.com
Thu Nov 28 08:22:54 UTC 2013 

On Tue, Nov 05, 2013 at 05:35:01AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

> ---
>  security/apparmor/audit.c         |  1 +
>  security/apparmor/include/audit.h |  1 +
>  security/apparmor/lsm.c           | 13 +++++++++++++
>  3 files changed, 15 insertions(+)
> 
> diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
> index 6ebebd5..cc7d6c6 100644
> --- a/security/apparmor/audit.c
> +++ b/security/apparmor/audit.c
> @@ -39,6 +39,7 @@ const char *const op_table[] = {
>  	"chdir",
>  	"getattr",
>  	"open",
> +	"access",
>  
>  	"file_perm",
>  	"file_lock",
> diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
> index 57f5ce8..190cc8b 100644
> --- a/security/apparmor/include/audit.h
> +++ b/security/apparmor/include/audit.h
> @@ -67,6 +67,7 @@ enum aa_ops {
>  	OP_CHDIR,
>  	OP_GETATTR,
>  	OP_OPEN,
> +	OP_ACCESS,
>  
>  	OP_FPERM,
>  	OP_FLOCK,
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 794aa1a..1f5e370 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -376,6 +376,18 @@ static int apparmor_path_chdir(struct path *path)
>  	return common_perm(OP_CHDIR, path, MAY_READ, &cond);
>  }
>  
> +static int apparmor_path_access(struct path *path, umode_t mode)
> +{
> +	struct path_cond cond =  { path->dentry->d_inode->i_uid,
> +				   path->dentry->d_inode->i_mode
> +	};
> +
> +	if (!mediated_filesystem(path->dentry->d_inode))
> +		return 0;
> +
> +	return common_perm(OP_ACCESS, path, mode & ~MAY_ACCESS, &cond);
> +}
> +
>  static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
>  {
>  	if (!mediated_filesystem(dentry->d_inode))
> @@ -645,6 +657,7 @@ static struct security_operations apparmor_ops = {
>  	.path_chmod =			apparmor_path_chmod,
>  	.path_chown =			apparmor_path_chown,
>  	.path_chdir =			apparmor_path_chdir,
> +	.path_access =			apparmor_path_access,
>  	.path_truncate =		apparmor_path_truncate,
>  	.inode_getattr =                apparmor_inode_getattr,
>  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131128/bb0519a5/attachment.pgp>

More information about the AppArmor mailing list