Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 2ab47dae54d567bbb1ad3e96e5b2601cc13f4d2b
commit2ab47dae54d567bbb1ad3e96e5b2601cc13f4d2b[log] [tgz]
authorJohn Johansen <john.johansen@canonical.com>Thu May 03 00:39:58 2018 -0700
committerJohn Johansen <john.johansen@canonical.com>Thu Jun 07 01:50:48 2018 -0700
tree74701da99807b936cf7fb7474fcd38dacf140ef8
parente79c26d04043b15de64f082d4da52e9fff7ca607 [diff]
apparmor: modify audit rule support to support profile stacks

Allows for audit rules, where a rule could specify a profile stack
A//&B, while extending the current semantic so if the label specified
in the audit rule is a subset of the secid it is considered a match.

Eg. if the secid resolves to the label stack A//&B//&C

Then an audit rule specifying a label of

  A - would match
  B - would match
  C - would match
  D - would not
  A//&B - would match as a subset
  A//&C - would match as a subset
  B//&C - would match as a subset
  A//&B//&C - would match

  A//&D - would not match, because while A does match, D is also
  specified and does not

Note: audit rules are currently assumed to be coming from the root
namespace.

Signed-off-by: John Johansen <john.johansen@canonical.com>
1 file changed
tree: 74701da99807b936cf7fb7474fcd38dacf140ef8
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README