user/sven/linux.git/security/apparmor/capability.c, branch v6.15.1

apparmor: audit_cap dedup based on subj_cred instead of profile

2024-11-27T03:21:06Z

The previous audit_cap cache deduping was based on the profile that was being audited. This could cause confusion due to the deduplication then occurring across multiple processes, which could happen if multiple instances of binaries matched the same profile attachment (and thus ran under the same profile) or a profile was attached to a container and its processes. Instead, perform audit_cap deduping over ad->subj_cred, which ensures the deduping only occurs across a single process, instead of across all processes that match the current one's profile. Signed-off-by: Ryan Lee Signed-off-by: John Johansen

apparmor: add a cache entry expiration time aging out capability audit cache

2024-11-27T03:21:06Z

When auditing capabilities, AppArmor uses a per-CPU, per-profile cache such that the same capability for the same profile doesn't get repeatedly audited, with the original goal of reducing audit logspam. However, this cache does not have an expiration time, resulting in confusion when a profile is shared across binaries (for example) and an expected DENIED audit entry doesn't appear, despite the cache entry having been populated much longer ago. This confusion was exacerbated by the per-CPU nature of the cache resulting in the expected entries sporadically appearing when the later denial+audit occurred on a different CPU. To resolve this, record the last time a capability was audited for a profile and add a timestamp expiration check before doing the audit. v1 -> v2: - Hardcode a longer timeout and drop the patches making it a sysctl, after discussion with John Johansen. - Cache the expiration time instead of the last-audited time. This value can never be zero, which lets us drop the kernel_cap_t caps field from the cache struct. Signed-off-by: Ryan Lee Signed-off-by: John Johansen

apparmor: document capability.c:profile_capable ad ptr not being NULL

2024-11-27T03:21:06Z

The profile_capabile function takes a struct apparmor_audit_data *ad, which is documented as possibly being NULL. However, the single place that calls this function never passes it a NULL ad. If we were ever to call profile_capable with a NULL ad elsewhere, we would need to rework the function, as its very first use of ad is to dereference ad->class without checking if ad is NULL. Thus, document profile_capable's ad parameter as not accepting NULL. Signed-off-by: Ryan Lee Signed-off-by: John Johansen

apparmor: fix 'Do simple duplicate message elimination'

2024-11-27T03:21:05Z

Multiple profiles shared 'ent->caps', so some logs missed. Fixes: 0ed3b28ab8bf ("AppArmor: mediation of non file objects") Signed-off-by: chao liu Signed-off-by: John Johansen

apparmor: Fix some kernel-doc comments

2023-10-23T07:25:49Z

Fix some kernel-doc comments to silence the warnings: security/apparmor/capability.c:66: warning: Function parameter or member 'ad' not described in 'audit_caps' security/apparmor/capability.c:66: warning: Excess function parameter 'as' description in 'audit_caps' security/apparmor/capability.c:154: warning: Function parameter or member 'subj_cred' not described in 'aa_capable' security/apparmor/capability.c:154: warning: Excess function parameter 'subj_cread' description in 'aa_capable' Reported-by: Abaci Robot Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=7035 Signed-off-by: Yang Li Signed-off-by: John Johansen

apparmor: pass cred through to audit info.

2023-10-18T22:30:38Z

The cred is needed to properly audit some messages, and will be needed in the future for uid conditional mediation. So pass it through to where the apparmor_audit_data struct gets defined. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: combine common_audit_data and apparmor_audit_data

2023-10-18T22:30:29Z

Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia Signed-off-by: John Johansen

apparmor: Fix kernel-doc warnings in apparmor/capability.c

2023-07-10T08:05:41Z

Fix kernel-doc warnings: security/apparmor/capability.c:45: warning: Function parameter or member 'ab' not described in 'audit_cb' security/apparmor/capability.c:45: warning: Function parameter or member 'va' not described in 'audit_cb' Signed-off-by: Gaosheng Cui Signed-off-by: John Johansen

apparmor: rework profile->rules to be a list

2022-10-03T21:49:04Z

Convert profile->rules to a list as the next step towards supporting multiple rulesets in a profile. For this step only support a single list entry item. The logic for iterating the list will come as a separate step. Signed-off-by: John Johansen

apparmor: refactor profile rules and attachments

2022-10-03T21:49:04Z

In preparation for moving from a single set of rules and a single attachment to multiple rulesets and attachments separate from the profile refactor attachment information and ruleset info into their own structures. Signed-off-by: John Johansen