Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 6380bd8ddf613b29f478396308b591867d401de4
commit6380bd8ddf613b29f478396308b591867d401de4[log] [tgz]
authorJohn Johansen <john.johansen@canonical.com>Thu Jul 29 14:48:04 2010 -0700
committerJames Morris <jmorris@namei.org>Mon Aug 02 15:35:14 2010 +1000
tree6d8fc9356a652f8452ccf49e7f79cc700cc2768d
parent63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0 [diff]
AppArmor: file enforcement routines

AppArmor does files enforcement via pathname matching.  Matching is done
at file open using a dfa match engine.  Permission is against the final
file object not parent directories, ie. the traversal of directories
as part of the file match is implicitly allowed.  In the case of nonexistant
files (creation) permissions are checked against the target file not the
directory.  eg. In case of creating the file /dir/new, permissions are
checked against the match /dir/new not against /dir/.

The permissions for matches are currently stored in the dfa accept table,
but this will change to allow for dfa reuse and also to allow for sharing
of wider accept states.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2 files changed
tree: 6d8fc9356a652f8452ccf49e7f79cc700cc2768d
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS