[Maverick][PATCH][pull request] sync to AppArmor mainline 2010-07-29
John Johansen
john.johansen at canonical.com
Fri Jul 30 13:25:34 UTC 2010
On 07/30/2010 12:02 AM, John Johansen wrote:
Please ignore this one a small unintended change leaked into Documentation/kernel-parameters.txt
I'll reissue the pull request.
> This is a pull-request to sync apparmor with the mainline version
> In doing this tree I did a rebase popping off the 2 compatibility
> patches. And apply commit
> a0cd75e19f450e7f231ac05c53ff471eb24541b9
> immediately after the previous sync
> c4fa4d12e4f8cbbd142e617214244b6f9c59baf0
>
> and then pushed the 2 compatibility patches back on top. This keeps
> the base clean (matching what is upstream) without having to fixup the
> compatibility patches that are on top.
>
> The attached patch is the sync commit a0cd75 that I slipped in, so the
> sync can be pulled from the tree or patch.
>
> The following changes since commit a0cd75e19f450e7f231ac05c53ff471eb24541b9:
> John Johansen (1):
> UBUNTU: SAUCE: AppArmor: -- sync to AppArmor mainline 2010-07-29
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/jj/ubuntu-maverick apparmor
>
> John Johansen (2):
> UBUNTU: SAUCE: AppArmor 2.4 compatibility patch
> UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace
>
> include/linux/lsm_audit.h | 4 +
> security/apparmor/Kconfig | 9 +++
> security/apparmor/Makefile | 8 ++-
> security/apparmor/apparmorfs-24.c | 2 +-
> security/apparmor/apparmorfs.c | 18 +++++-
> security/apparmor/include/apparmorfs.h | 6 ++
> security/apparmor/include/policy.h | 3 +
> security/apparmor/lsm.c | 112 ++++++++++++++++++++++++++++++++
> security/apparmor/match.c | 17 +++++
> security/apparmor/net.c | 8 ++-
> security/apparmor/policy.c | 1 +
> security/apparmor/policy_unpack.c | 39 +++++++++++-
> 12 files changed, 219 insertions(+), 8 deletions(-)
>
>
> 0001-UBUNTU-SAUCE-AppArmor-sync-to-AppArmor-mainline-2010.patch
>
> From a0cd75e19f450e7f231ac05c53ff471eb24541b9 Mon Sep 17 00:00:00 2001
> From: John Johansen <john.johansen at canonical.com>
> Date: Thu, 29 Jul 2010 17:11:12 -0700
> Subject: [PATCH] UBUNTU: SAUCE: AppArmor: -- sync to AppArmor mainline 2010-07-29
>
> Sync to version of AppArmor in security-next tree as of 2010-07-29
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> Documentation/apparmor.txt | 40 ++++++++++++++++++++++++++++++++
> Documentation/kernel-parameters.txt | 12 ++++++++-
> MAINTAINERS | 8 ++++++
> security/apparmor/Kconfig | 6 ++--
> security/apparmor/apparmorfs.c | 12 ++++----
> security/apparmor/audit.c | 4 +-
> security/apparmor/capability.c | 2 +-
> security/apparmor/context.c | 2 +-
> security/apparmor/domain.c | 22 ++++++++++-------
> security/apparmor/file.c | 2 +-
> security/apparmor/include/apparmor.h | 9 +++----
> security/apparmor/include/apparmorfs.h | 2 +-
> security/apparmor/include/file.h | 6 ++--
> security/apparmor/include/match.h | 2 +-
> security/apparmor/include/policy.h | 32 ++++++++++++-------------
> security/apparmor/include/procattr.h | 2 +-
> security/apparmor/include/resource.h | 4 +-
> security/apparmor/lib.c | 11 +++++---
> security/apparmor/lsm.c | 2 +-
> security/apparmor/match.c | 4 +-
> security/apparmor/path.c | 6 ++--
> security/apparmor/policy.c | 24 +++++++++---------
> security/apparmor/policy_unpack.c | 17 +++++++++----
> security/apparmor/procattr.c | 6 ++--
> security/apparmor/resource.c | 2 +-
> 25 files changed, 153 insertions(+), 86 deletions(-)
> create mode 100644 Documentation/apparmor.txt
>
> diff --git a/Documentation/apparmor.txt b/Documentation/apparmor.txt
> new file mode 100644
> index 0000000..6240438
> --- /dev/null
> +++ b/Documentation/apparmor.txt
> @@ -0,0 +1,40 @@
> +--- What is AppArmor? ---
> +
> +AppArmor is MAC style security extension for the Linux kernel. It implements
> +a task centered policy, with task "profiles" being created and loaded
> +from user space. Tasks on the system that do not have a profile defined for
> +them run in an unconfined state which is equivalent to standard Linux DAC
> +permissions.
> +
> +--- How to enable/disable ---
> +
> +set CONFIG_SECURITY_APPARMOR=y
> +
> +If AppArmor should be selected as the default security module then
> + set CONFIG_DEFAULT_SECURITY="apparmor"
> + and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
> +
> +Build the kernel
> +
> +If AppArmor is not the default security module it can be enabled by passing
> +security=apparmor on the kernel's command line.
> +
> +If AppArmor is the default security module it can be disabled by passing
> +apparmor=0, security=XXXX (where XXX is valid security module), on the
> +kernel's command line
> +
> +For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
> +policy must be loaded into the kernel from user space (see the Documentation
> +and tools links).
> +
> +--- Documentation ---
> +
> +Documentation can be found on the wiki.
> +
> +--- Links ---
> +
> +Mailing List - apparmor at lists.ubuntu.com
> +Wiki - http://apparmor.wiki.kernel.org/
> +User space tools - https://launchpad.net/apparmor
> +Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
> +
> diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
> index 4ddb58d..b61f89f 100644
> --- a/Documentation/kernel-parameters.txt
> +++ b/Documentation/kernel-parameters.txt
> @@ -93,6 +93,7 @@ parameter is applicable:
> Documentation/scsi/.
> SECURITY Different security models are enabled.
> SELINUX SELinux support is enabled.
> + APPARMOR AppArmor support is enabled.
> SERIAL Serial support is enabled.
> SH SuperH architecture is enabled.
> SMP The kernel is an SMP kernel.
> @@ -254,8 +255,8 @@ and is between 256 and 4096 characters. It is defined in the file
> control method, with respect to putting devices into
> low power states, to be enforced (the ACPI 2.0 ordering
> of _PTS is used by default).
> - s4_nonvs prevents the kernel from saving/restoring the
> - ACPI NVS memory during hibernation.
> + nonvs prevents the kernel from saving/restoring the
> + ACPI NVS memory during suspend/hibernation and resume.
> sci_force_enable causes the kernel to set SCI_EN directly
> on resume from S1/S3 (which is against the ACPI spec,
> but some broken systems don't work without it).
> @@ -2312,6 +2313,13 @@ and is between 256 and 4096 characters. It is defined in the file
> If enabled at boot time, /selinux/disable can be used
> later to disable prior to initial policy load.
>
> + apparmor= [APPARMOR] Disable or enable AppArmor at boot time
> + Format: { "0" | "1" }
> + See security/apparmor/Kconfig help text
> + 0 -- disable.
> + 1 -- enable.
> + Default value is set via kernel config option.
> +
> serialnumber [BUGS=X86-32]
>
> shapers= [NET]
> diff --git a/MAINTAINERS b/MAINTAINERS
> index db3d0f5..b4e8b7d 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -5061,6 +5061,14 @@ S: Supported
> F: include/linux/selinux*
> F: security/selinux/
>
> +APPARMOR SECURITY MODULE
> +M: John Johansen <john.johansen at canonical.com>
> +L: apparmor at lists.ubuntu.com (subscribers-only, general discussion)
> +W: apparmor.wiki.kernel.org
> +T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
> +S: Supported
> +F: security/apparmor/
> +
> SENSABLE PHANTOM
> M: Jiri Slaby <jirislaby at gmail.com>
> S: Maintained
> diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
> index c054cf7..72555b9 100644
> --- a/security/apparmor/Kconfig
> +++ b/security/apparmor/Kconfig
> @@ -10,7 +10,7 @@ config SECURITY_APPARMOR
> This enables the AppArmor security module.
> Required userspace tools (if they are not included in your
> distribution) and further information may be found at
> - <http://forge.novell.com/modules/xfmod/project/?apparmor>
> + http://apparmor.wiki.kernel.org
>
> If you are unsure how to answer this question, answer N.
>
> @@ -24,8 +24,8 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
> 'apparmor', which allows AppArmor to be enabled or disabled
> at boot. If this option is set to 0 (zero), the AppArmor
> kernel parameter will default to 0, disabling AppArmor at
> - bootup. If this option is set to 1 (one), the AppArmor
> + boot. If this option is set to 1 (one), the AppArmor
> kernel parameter will default to 1, enabling AppArmor at
> - bootup.
> + boot.
>
> If you are unsure how to answer this question, answer 1.
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index d8a27a4..7320331 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -139,9 +139,9 @@ static const struct file_operations aa_fs_profile_remove = {
>
> /** Base file system setup **/
>
> -static struct dentry *aa_fs_dentry;
> +static struct dentry *aa_fs_dentry __initdata;
>
> -static void aafs_remove(const char *name)
> +static void __init aafs_remove(const char *name)
> {
> struct dentry *dentry;
>
> @@ -160,8 +160,8 @@ static void aafs_remove(const char *name)
> *
> * Used aafs_remove to remove entries created with this fn.
> */
> -static int aafs_create(const char *name, int mask,
> - const struct file_operations *fops)
> +static int __init aafs_create(const char *name, int mask,
> + const struct file_operations *fops)
> {
> struct dentry *dentry;
>
> @@ -176,7 +176,7 @@ static int aafs_create(const char *name, int mask,
> *
> * releases dentries allocated by aa_create_aafs
> */
> -void aa_destroy_aafs(void)
> +void __init aa_destroy_aafs(void)
> {
> if (aa_fs_dentry) {
> aafs_remove(".remove");
> @@ -195,7 +195,7 @@ void aa_destroy_aafs(void)
> *
> * Returns: error on failure
> */
> -int aa_create_aafs(void)
> +int __init aa_create_aafs(void)
> {
> int error;
>
> diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
> index d0311eb..96502b2 100644
> --- a/security/apparmor/audit.c
> +++ b/security/apparmor/audit.c
> @@ -197,10 +197,10 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
> AUDIT_MODE(profile) == AUDIT_QUIET))
> return sa->aad.error;
>
> - if (profile && KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
> + if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
> type = AUDIT_APPARMOR_KILL;
>
> - if (profile && !unconfined(profile))
> + if (!unconfined(profile))
> sa->aad.profile = profile;
>
> aa_audit_msg(type, sa, cb);
> diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
> index 80f710f..9982c48 100644
> --- a/security/apparmor/capability.c
> +++ b/security/apparmor/capability.c
> @@ -56,7 +56,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
> * Do auditing of capability and handle, audit/complain/kill modes switching
> * and duplicate message elimination.
> *
> - * Returns: 0 or sa->error on succes, error code on failure
> + * Returns: 0 or sa->error on success, error code on failure
> */
> static int audit_caps(struct aa_profile *profile, struct task_struct *task,
> int cap, int error)
> diff --git a/security/apparmor/context.c b/security/apparmor/context.c
> index deb4a30..8a9b502 100644
> --- a/security/apparmor/context.c
> +++ b/security/apparmor/context.c
> @@ -30,7 +30,7 @@
> #include "include/policy.h"
>
> /**
> - * aa_alloc_task_context - allocat a new task_cxt
> + * aa_alloc_task_context - allocate a new task_cxt
> * @flags: gfp flags for allocation
> *
> * Returns: allocated buffer or NULL on failure
> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
> index 9efb5d9..08bbe63 100644
> --- a/security/apparmor/domain.c
> +++ b/security/apparmor/domain.c
> @@ -114,7 +114,7 @@ static struct file_perms change_profile_perms(struct aa_profile *profile,
> } else if (!profile->file.dfa) {
> return nullperms;
> } else if ((ns == profile->ns)) {
> - /* try matching against rules with out namespace prependend */
> + /* try matching against rules with out namespace prepended */
> aa_str_perms(profile->file.dfa, start, name, &cond, &perms);
> if (COMBINED_PERM_MASK(perms) & request)
> return perms;
> @@ -134,9 +134,9 @@ static struct file_perms change_profile_perms(struct aa_profile *profile,
> * @head - profile list to walk (NOT NULL)
> *
> * Do a linear search on the profiles in the list. There is a matching
> - * preference where an exact match is prefered over a name which uses
> + * preference where an exact match is preferred over a name which uses
> * expressions to match, and matching expressions with the greatest
> - * xmatch_len are prefered.
> + * xmatch_len are preferred.
> *
> * Requires: @head not be shared or have appropriate locks held
> *
> @@ -196,7 +196,7 @@ static struct aa_profile *find_attach(struct aa_namespace *ns,
> * This is the xtable equivalent routine of aa_split_fqname. It finds the
> * split in an xtable fqname which contains an embedded \0 instead of a :
> * if a namespace is specified. This is done so the xtable is constant and
> - * isn't resplit on every lookup.
> + * isn't re-split on every lookup.
> *
> * Either the profile or namespace name may be optional but if the namespace
> * is specified the profile name termination must be present. This results
> @@ -205,7 +205,7 @@ static struct aa_profile *find_attach(struct aa_namespace *ns,
> * :ns_name\0profile_name\0
> * :ns_name\0\0
> *
> - * NOTE: the xtable fqname is prevalidated at load time in unpack_trans_table
> + * NOTE: the xtable fqname is pre-validated at load time in unpack_trans_table
> *
> * Returns: profile name if it is specified else NULL
> */
> @@ -214,6 +214,10 @@ static const char *separate_fqname(const char *fqname, const char **ns_name)
> const char *name;
>
> if (fqname[0] == ':') {
> + /* In this case there is guaranteed to be two \0 terminators
> + * in the string. They are verified at load time by
> + * by unpack_trans_table
> + */
> *ns_name = fqname + 1; /* skip : */
> name = *ns_name + strlen(*ns_name) + 1;
> if (!*name)
> @@ -246,7 +250,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
> int index = xindex & AA_X_INDEX_MASK;
> const char *name;
>
> - /* index is guarenteed to be in range, validated at load time */
> + /* index is guaranteed to be in range, validated at load time */
> for (name = profile->file.trans.table[index]; !new_profile && name;
> name = next_name(xtype, name)) {
> struct aa_namespace *new_ns;
> @@ -292,7 +296,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
> /**
> * x_to_profile - get target profile for a given xindex
> * @profile: current profile (NOT NULL)
> - * @name: to to lookup (NOT NULL)
> + * @name: name to lookup (NOT NULL)
> * @xindex: index into x transition table
> *
> * find profile for a transition index
> @@ -673,7 +677,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
> if (!permtest) {
> error = aa_set_current_hat(hat, token);
> if (error == -EACCES)
> - /* kill task incase of brute force attacks */
> + /* kill task in case of brute force attacks */
> perms.kill = AA_MAY_CHANGEHAT;
> else if (name && !error)
> /* reset error for learning of new hats */
> @@ -782,7 +786,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
> error = -ENOENT;
> if (permtest || !COMPLAIN_MODE(profile))
> goto audit;
> - /* release below */
> + /* released below */
> target = aa_new_null_profile(profile, 0);
> if (!target) {
> info = "failed null profile create";
> diff --git a/security/apparmor/file.c b/security/apparmor/file.c
> index 1b3c0a9..7312db7 100644
> --- a/security/apparmor/file.c
> +++ b/security/apparmor/file.c
> @@ -23,7 +23,7 @@ struct file_perms nullperms;
>
>
> /**
> - * audit_file_mask - convert mask to owner::other string
> + * audit_file_mask - convert mask to permission string
> * @buffer: buffer to write string to (NOT NULL)
> * @mask: permission mask to convert
> */
> diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
> index c51e551..38ccaea 100644
> --- a/security/apparmor/include/apparmor.h
> +++ b/security/apparmor/include/apparmor.h
> @@ -19,8 +19,7 @@
>
> #include "match.h"
>
> -/* Control parameters settable thru module/boot flags or
> - * via /sys/kernel/security/apparmor/control */
> +/* Control parameters settable through module/boot flags */
> extern enum audit_mode aa_g_audit;
> extern int aa_g_audit_header;
> extern int aa_g_debug;
> @@ -47,7 +46,7 @@ extern unsigned int aa_g_path_max;
> } while (0)
>
> /* Flag indicating whether initialization completed */
> -extern int apparmor_initialized;
> +extern int apparmor_initialized __initdata;
>
> /* fn's in lib */
> char *aa_split_fqname(char *args, char **ns_name);
> @@ -76,12 +75,12 @@ static inline bool aa_strneq(const char *str, const char *sub, int len)
> *
> * aa_dfa_null_transition transitions to the next state after a null
> * character which is not used in standard matching and is only
> - * used to seperate pairs.
> + * used to separate pairs.
> */
> static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
> unsigned int start)
> {
> - /* the null transition only needs a single null byte of the string */
> + /* the null transition only needs the string's null terminator byte */
> return aa_dfa_match_len(dfa, start, "", 1);
> }
>
> diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
> index cfbae70..cb1e93a 100644
> --- a/security/apparmor/include/apparmorfs.h
> +++ b/security/apparmor/include/apparmorfs.h
> @@ -15,6 +15,6 @@
> #ifndef __AA_APPARMORFS_H
> #define __AA_APPARMORFS_H
>
> -extern void aa_destroy_aafs(void);
> +extern void __init aa_destroy_aafs(void);
>
> #endif /* __AA_APPARMORFS_H */
> diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
> index bba5ced..be36fea 100644
> --- a/security/apparmor/include/file.h
> +++ b/security/apparmor/include/file.h
> @@ -37,7 +37,7 @@ struct aa_profile;
> #define AA_EXEC_MMAP 0x0800
>
> #define AA_MAY_LINK 0x1000
> -#define AA_LINK_SUBSET AA_MAY_LOCK /* overlayed */
> +#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */
> #define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */
> #define AA_MAY_CHANGE_PROFILE 0x80000000
> #define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */
> @@ -70,13 +70,13 @@ struct aa_profile;
> /* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */
> #define AA_SECURE_X_NEEDED 0x8000
>
> -/* need to conditionalize which ones are being set */
> +/* need to make conditional which ones are being set */
> struct path_cond {
> uid_t uid;
> umode_t mode;
> };
>
> -/* struct file_perms - file permission fo
> +/* struct file_perms - file permission
> * @allow: mask of permissions that are allowed
> * @audit: mask of permissions to force an audit message for
> * @quiet: mask of permissions to quiet audit messages for
> diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h
> index 3cd089f..734a6d3 100644
> --- a/security/apparmor/include/match.h
> +++ b/security/apparmor/include/match.h
> @@ -121,7 +121,7 @@ void aa_dfa_free_kref(struct kref *kref);
> * aa_put_dfa - put a dfa refcount
> * @dfa: dfa to put refcount (MAYBE NULL)
> *
> - * Requires: if @dfa != NULL that valid refcount be held
> + * Requires: if @dfa != NULL that a valid refcount be held
> */
> static inline void aa_put_dfa(struct aa_dfa *dfa)
> {
> diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
> index 7d757b8..aeda5cf 100644
> --- a/security/apparmor/include/policy.h
> +++ b/security/apparmor/include/policy.h
> @@ -56,20 +56,18 @@ enum profile_mode {
>
> enum profile_flags {
> PFLAG_HAT = 1, /* profile is a hat */
> - PFLAG_UNCONFINED = 2, /* profile is the unconfined profile */
> + PFLAG_UNCONFINED = 2, /* profile is an unconfined profile */
> PFLAG_NULL = 4, /* profile is null learning profile */
> PFLAG_IX_ON_NAME_ERROR = 8, /* fallback to ix on name lookup fail */
> PFLAG_IMMUTABLE = 0x10, /* don't allow changes/replacement */
> - PFLAG_USER_DEFINED = 0x20, /* user based profile */
> + PFLAG_USER_DEFINED = 0x20, /* user based profile - lower privs */
> PFLAG_NO_LIST_REF = 0x40, /* list doesn't keep profile ref */
> PFLAG_OLD_NULL_TRANS = 0x100, /* use // as the null transition */
>
> - /* These flags must coorespond with PATH_flags */
> + /* These flags must correspond with PATH_flags */
> PFLAG_MEDIATE_DELETED = 0x10000, /* mediate instead delegate deleted */
> };
>
> -#define AA_NEW_SID 0
> -
> struct aa_profile;
>
> /* struct aa_policy - common part of both namespaces and profiles
> @@ -110,8 +108,8 @@ struct aa_ns_acct {
> *
> * An aa_namespace defines the set profiles that are searched to determine
> * which profile to attach to a task. Profiles can not be shared between
> - * aa_namespaces and profile names within a namespace are guarenteed to be
> - * unique. When profiles in seperate namespaces have the same name they
> + * aa_namespaces and profile names within a namespace are guaranteed to be
> + * unique. When profiles in separate namespaces have the same name they
> * are NOT considered to be equivalent.
> *
> * Namespaces are hierarchical and only namespaces and profiles below the
> @@ -119,7 +117,8 @@ struct aa_ns_acct {
> *
> * Namespace names must be unique and can not contain the characters :/\0
> *
> - * FIXME TODO: add vserver support so a vserer (can it all be done in userspace)
> + * FIXME TODO: add vserver support of namespaces (can it all be done in
> + * userspace?)
> */
> struct aa_namespace {
> struct aa_policy base;
> @@ -131,10 +130,10 @@ struct aa_namespace {
> };
>
> /* struct aa_profile - basic confinement data
> - * @base - base componets of the profile (name, refcount, lists, lock ...)
> + * @base - base components of the profile (name, refcount, lists, lock ...)
> * @parent: parent of profile
> * @ns: namespace the profile is in
> - * @replacedby: is set profile that replaced this profile
> + * @replacedby: is set to the profile that replaced this profile
> * @rename: optional profile name that this profile renamed
> * @xmatch: optional extended matching for unconfined executables names
> * @xmatch_len: xmatch prefix len, used to determine xmatch priority
> @@ -156,7 +155,7 @@ struct aa_namespace {
> * The @replacedby field is write protected by the profile lock. Reads
> * are assumed to be atomic, and are done without locking.
> *
> - * Profiles have a hierachy where hats and children profiles keep
> + * Profiles have a hierarchy where hats and children profiles keep
> * a reference to their parent.
> *
> * Profile names can not begin with a : and can not contain the \0
> @@ -211,7 +210,7 @@ static inline struct aa_policy *aa_get_common(struct aa_policy *c)
> * aa_get_namespace - increment references count on @ns
> * @ns: namespace to increment reference count of (MAYBE NULL)
> *
> - * Returns: pointer to @ns if @ns is NULL returns NULL
> + * Returns: pointer to @ns, if @ns is NULL returns NULL
> * Requires: @ns must be held with valid refcount when called
> */
> static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns)
> @@ -224,9 +223,9 @@ static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns)
>
> /**
> * aa_put_namespace - decrement refcount on @ns
> - * @ns: namespace to put reference to
> + * @ns: namespace to put reference of
> *
> - * Decrement reference count to @ns and if no longer in use free it
> + * Decrement reference count of @ns and if no longer in use free it
> */
> static inline void aa_put_namespace(struct aa_namespace *ns)
> {
> @@ -262,9 +261,8 @@ ssize_t aa_remove_profiles(char *name, size_t size);
> */
> static inline struct aa_profile *aa_newest_version(struct aa_profile *profile)
> {
> - if (unlikely(profile && profile->replacedby))
> - for (; profile->replacedby; profile = profile->replacedby)
> - ;
> + while (profile->replacedby)
> + profile = profile->replacedby;
>
> return profile;
> }
> diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h
> index 8802522..544aa6b 100644
> --- a/security/apparmor/include/procattr.h
> +++ b/security/apparmor/include/procattr.h
> @@ -1,7 +1,7 @@
> /*
> * AppArmor security module
> *
> - * This file contains AppArmor /proc/<pid>/attr/ interface function defintions.
> + * This file contains AppArmor /proc/<pid>/attr/ interface function definitions.
> *
> * Copyright (C) 1998-2008 Novell/SUSE
> * Copyright 2009-2010 Canonical Ltd.
> diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
> index 1e009ce..3c88be9 100644
> --- a/security/apparmor/include/resource.h
> +++ b/security/apparmor/include/resource.h
> @@ -1,7 +1,7 @@
> /*
> * AppArmor security module
> *
> - * This file contains AppArmor resource limits function defintions.
> + * This file contains AppArmor resource limits function definitions.
> *
> * Copyright (C) 1998-2008 Novell/SUSE
> * Copyright 2009-2010 Canonical Ltd.
> @@ -20,7 +20,7 @@
>
> struct aa_profile;
>
> -/* struct aa_rlimit - rlimits settings for the profile
> +/* struct aa_rlimit - rlimit settings for the profile
> * @mask: which hard limits to set
> * @limits: rlimit values that override task limits
> *
> diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
> index 51837b5..6e85cdb 100644
> --- a/security/apparmor/lib.c
> +++ b/security/apparmor/lib.c
> @@ -30,7 +30,7 @@
> * description). If a portion of the name is missing it returns NULL for
> * that portion.
> *
> - * NOTE: may modifiy the @fqname string. The pointers returned point
> + * NOTE: may modify the @fqname string. The pointers returned point
> * into the @fqname string.
> */
> char *aa_split_fqname(char *fqname, char **ns_name)
> @@ -65,13 +65,13 @@ void aa_info_message(const char *str)
> struct common_audit_data sa;
> COMMON_AUDIT_DATA_INIT(&sa, NONE);
> sa.aad.info = str;
> - printk(KERN_INFO "AppArmor: %s\n", str);
> aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
> }
> + printk(KERN_INFO "AppArmor: %s\n", str);
> }
>
> /**
> - * kvmalloc - do allocation prefering kmalloc but falling back to vmalloc
> + * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
> * @size: size of allocation
> *
> * Return: allocated buffer or NULL if failed
> @@ -90,6 +90,9 @@ void *kvmalloc(size_t size)
> if (size <= (16*PAGE_SIZE))
> buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
> if (!buffer) {
> + /* see kvfree for why size must be at least work_struct size
> + * when allocated via vmalloc
> + */
> if (size < sizeof(struct work_struct))
> size = sizeof(struct work_struct);
> buffer = vmalloc(size);
> @@ -101,7 +104,7 @@ void *kvmalloc(size_t size)
> * do_vfree - workqueue routine for freeing vmalloced memory
> * @work: data to be freed
> *
> - * The work_struct is overlayed to the data being freed, as at the point
> + * The work_struct is overlaid to the data being freed, as at the point
> * the work is scheduled the data is no longer valid, be its freeing
> * needs to be delayed until safe.
> */
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index b4828d7..7daf0d5 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -36,7 +36,7 @@
> #include "include/procattr.h"
>
> /* Flag indicating whether initialization completed */
> -int apparmor_initialized;
> +int apparmor_initialized __initdata;
>
> /*
> * LSM hook functions
> diff --git a/security/apparmor/match.c b/security/apparmor/match.c
> index 8e7523a..5cb4dc1 100644
> --- a/security/apparmor/match.c
> +++ b/security/apparmor/match.c
> @@ -193,8 +193,8 @@ void aa_dfa_free_kref(struct kref *kref)
> * @size: size of data to unpack
> * @flags: flags controlling what type of accept tables are acceptable
> *
> - * Unpack a dfa that has been serialized. Dfa format and information in
> - * Documentation/AppArmor/dfa.txt
> + * Unpack a dfa that has been serialized. To find information on the dfa
> + * format look in Documentation/apparmor.txt
> * Assumes the dfa @blob stream has been aligned on a 8 byte boundry
> *
> * Returns: an unpacked dfa ready for matching or ERR_PTR on failure
> diff --git a/security/apparmor/path.c b/security/apparmor/path.c
> index a19ba05..96bab94 100644
> --- a/security/apparmor/path.c
> +++ b/security/apparmor/path.c
> @@ -46,7 +46,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
> * @buf: buffer to store path to (NOT NULL)
> * @buflen: length of @buf
> * @name: Returns - pointer for start of path name with in @buf (NOT NULL)
> - * @flags: flags controling path lookup
> + * @flags: flags controlling path lookup
> *
> * Handle path name lookup.
> *
> @@ -110,7 +110,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
> *
> * Remove the appended deleted text and return as string for
> * normal mediation, or auditing. The (deleted) string is
> - * guarenteed to be added in this case, so just strip it.
> + * guaranteed to be added in this case, so just strip it.
> */
> buf[buflen - 11] = 0; /* - (len(" (deleted)") +\0) */
>
> @@ -190,7 +190,7 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer,
> /**
> * aa_get_name - compute the pathname of a file
> * @path: path the file (NOT NULL)
> - * @flags: flags controling path name generation
> + * @flags: flags controlling path name generation
> * @buffer: buffer that aa_get_name() allocated (NOT NULL)
> * @name: Returns - the generated path name if !error (NOT NULL)
> *
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index 7fecdf2..3cdc1ad 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -13,7 +13,7 @@
> *
> *
> * AppArmor policy is based around profiles, which contain the rules a
> - * task is confined by. Every task in the sytem has a profile attached
> + * task is confined by. Every task in the system has a profile attached
> * to it determined either by matching "unconfined" tasks against the
> * visible set of profiles or by following a profiles attachment rules.
> *
> @@ -31,21 +31,21 @@
> * Reserved profile names
> * unconfined - special automatically generated unconfined profile
> * inherit - special name to indicate profile inheritance
> - * null-XXXX-YYYY - special automically generated learning profiles
> + * null-XXXX-YYYY - special automatically generated learning profiles
> *
> * Namespace names may not start with / or @ and may not contain \0 or :
> - * Reserved namespace namespace
> + * Reserved namespace names
> * user-XXXX - user defined profiles
> *
> - * a // in a profile or namespace name indicates a hierarcical name with the
> + * a // in a profile or namespace name indicates a hierarchical name with the
> * name before the // being the parent and the name after the child.
> *
> - * Profile and namespace hierachies serve two different but similar purposes.
> + * Profile and namespace hierarchies serve two different but similar purposes.
> * The namespace contains the set of visible profiles that are considered
> * for attachment. The hierarchy of namespaces allows for virtualizing
> * the namespace so that for example a chroot can have its own set of profiles
> * which may define some local user namespaces.
> - * The profile hierachy severs two distinct purposes,
> + * The profile hierarchy severs two distinct purposes,
> * - it allows for sub profiles or hats, which allows an application to run
> * subprograms under its own profile with different restriction than it
> * self, and not have it use the system profile.
> @@ -60,8 +60,8 @@
> * eg. /bin/bash///bin/ls as a name would indicate /bin/ls was started
> * from /bin/bash
> *
> - * A profile or namespace name that can contain one or more // seperators
> - * is refered to as an hname (hierarchical).
> + * A profile or namespace name that can contain one or more // separators
> + * is referred to as an hname (hierarchical).
> * eg. /bin/bash//bin/ls
> *
> * An fqname is a name that may contain both namespace and profile hnames.
> @@ -191,7 +191,7 @@ static struct aa_policy *__policy_find(struct list_head *head, const char *name)
> }
>
> /**
> - * __policy_strn_find - find a policy thats name matches @len chars of @str
> + * __policy_strn_find - find a policy that's name matches @len chars of @str
> * @head: list to search (NOT NULL)
> * @str: string to search for (NOT NULL)
> * @len: length of match required
> @@ -257,7 +257,7 @@ const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
> /* at this point if a ns is visible it is in a view ns
> * thus the curr ns.hname is a prefix of its name.
> * Only output the virtualized portion of the name
> - * Add + 2 to skip over // seperating curr hname prefix
> + * Add + 2 to skip over // separating curr hname prefix
> * from the visible tail of the views hname
> */
> return view->base.hname + strlen(curr->base.hname) + 2;
> @@ -477,7 +477,7 @@ static void __list_remove_profile(struct aa_profile *profile)
> * @old: profile to be replaced (NOT NULL)
> * @new: profile to replace @old with (NOT NULL)
> *
> - * Will duplicaticate and refcount elements that @new inherits from @old
> + * Will duplicate and refcount elements that @new inherits from @old
> * and will inherit @old children.
> *
> * refcount @new for list, put @old list refcount
> @@ -503,7 +503,7 @@ static void __replace_profile(struct aa_profile *old, struct aa_profile *new)
> list_for_each_entry_safe(child, tmp, &old->base.profiles, base.list) {
> aa_put_profile(child->parent);
> child->parent = aa_get_profile(new);
> - /* list refcount transfered to @new*/
> + /* list refcount transferred to @new*/
> list_move(&child->base.list, &new->base.profiles);
> }
>
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index 5b5dacb..eb3700e 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -13,7 +13,7 @@
> * License.
> *
> * AppArmor uses a serialized binary format for loading policy.
> - * The policy format is documented in Documentation/???
> + * To find policy format documentation look in Documentation/apparmor.txt
> * All policy is validated before it is used.
> */
>
> @@ -35,7 +35,7 @@
> * which has a name (AA_NAME typecode followed by name string) followed by
> * the entries typecode and data. Named types allow for optional
> * elements and extensions to be added and tested for without breaking
> - * backwards compatability.
> + * backwards compatibility.
> */
>
> enum aa_code {
> @@ -154,10 +154,11 @@ static bool unpack_X(struct aa_ext *e, enum aa_code code)
> * name @name. If @name is specified then there must be a matching
> * name element in the stream. If @name is NULL any name element will be
> * skipped and only the typecode will be tested.
> - * returns 1 on success (both type code and name tests match) and the read
> + *
> + * Returns 1 on success (both type code and name tests match) and the read
> * head is advanced past the headers
> *
> - * Returns: 0 if either match failes, the read head does not move
> + * Returns: 0 if either match fails, the read head does not move
> */
> static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
> {
> @@ -381,6 +382,9 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
> for (i = 0; i < size; i++) {
> char *str;
> int c, j, size = unpack_strdup(e, &str, NULL);
> + /* unpack_strdup verifies that the last character is
> + * null termination byte.
> + */
> if (!size)
> goto fail;
> profile->file.trans.table[i] = str;
> @@ -394,7 +398,10 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
> c++;
> }
> if (*str == ':') {
> - /* beginning with : requires an embedded \0 */
> + /* beginning with : requires an embedded \0,
> + * verify that exactly 1 internal \0 exists
> + * trailing \0 already verified by unpack_strdup
> + */
> if (c != 1)
> goto fail;
> /* first character after : must be valid */
> diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
> index 8a2d22c..04a2cf8 100644
> --- a/security/apparmor/procattr.c
> +++ b/security/apparmor/procattr.c
> @@ -57,13 +57,13 @@ int aa_getprocattr(struct aa_profile *profile, char **string)
> mode_len = strlen(mode_str) + 3; /* + 3 for _() */
>
> name_len = strlen(profile->base.hname);
> - len = mode_len + ns_len + name_len + 1; /*+ 1 for \n */
> + len = mode_len + ns_len + name_len + 1; /* + 1 for \n */
> s = str = kmalloc(len + 1, GFP_KERNEL); /* + 1 \0 */
> if (!str)
> return -ENOMEM;
>
> if (ns_len) {
> - /* skip over prefix current_ns->base.hname and seperating // */
> + /* skip over prefix current_ns->base.hname and separating // */
> sprintf(s, ":%s://", ns_name);
> s += ns_len;
> }
> @@ -127,7 +127,7 @@ int aa_setprocattr_changehat(char *args, size_t size, int test)
> }
>
> if (hat) {
> - /* set up hat name vector, args guarenteed null terminated
> + /* set up hat name vector, args guaranteed null terminated
> * at args[size] by setprocattr.
> *
> * If there are multiple hat names in the buffer each is
> diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
> index ad69bf3..4a368f1 100644
> --- a/security/apparmor/resource.c
> +++ b/security/apparmor/resource.c
> @@ -61,7 +61,7 @@ static int audit_resource(struct aa_profile *profile, unsigned int resource,
> *
> * Returns: resource # for the current architecture.
> *
> - * rlimit resource can vary based on architecture map the compiled policy
> + * rlimit resource can vary based on architecture, map the compiled policy
> * resource # to the internal representation for the architecture.
> */
> int aa_map_resource(int resource)
> -- 1.7.0.4
>
>
More information about the kernel-team
mailing list