From 92b6d8eff55f8dca57ade26e1dde2c3b6acdae02 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Mon, 16 Jan 2017 00:42:25 -0800 Subject: [PATCH] apparmor: allow ns visibility question to consider subnses Signed-off-by: John Johansen --- security/apparmor/apparmorfs.c | 2 +- security/apparmor/include/policy_ns.h | 4 ++-- security/apparmor/policy_ns.c | 12 +++++++++--- security/apparmor/procattr.c | 4 ++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 0f1a4a28e025..d7cfd79d9857 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -750,7 +750,7 @@ static int seq_show_profile(struct seq_file *f, void *p) struct aa_ns *root = f->private; if (profile->ns != root) - seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); + seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true)); seq_printf(f, "%s (%s)\n", profile->base.hname, aa_profile_mode_names[profile->mode]); diff --git a/security/apparmor/include/policy_ns.h b/security/apparmor/include/policy_ns.h index ebf9b40f84ed..e4c876544adc 100644 --- a/security/apparmor/include/policy_ns.h +++ b/security/apparmor/include/policy_ns.h @@ -74,8 +74,8 @@ extern struct aa_ns *root_ns; extern const char *aa_hidden_ns_name; -bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view); -const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child); +bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns); +const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns); void aa_free_ns(struct aa_ns *ns); int aa_alloc_root_ns(void); void aa_free_root_ns(void); diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index bab23cce197c..e7b7a829532e 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -33,18 +33,23 @@ const char *aa_hidden_ns_name = "---"; * aa_ns_visible - test if @view is visible from @curr * @curr: namespace to treat as the parent (NOT NULL) * @view: namespace to test if visible from @curr (NOT NULL) + * @subns: whether view of a subns is allowed * * Returns: true if @view is visible from @curr else false */ -bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view) +bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns) { if (curr == view) return true; + if (!subns) + return false; + for ( ; view; view = view->parent) { if (view->parent == curr) return true; } + return false; } @@ -52,16 +57,17 @@ bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view) * aa_na_name - Find the ns name to display for @view from @curr * @curr - current namespace (NOT NULL) * @view - namespace attempting to view (NOT NULL) + * @subns - are subns visible * * Returns: name of @view visible from @curr */ -const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view) +const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view, bool subns) { /* if view == curr then the namespace name isn't displayed */ if (curr == view) return ""; - if (aa_ns_visible(curr, view)) { + if (aa_ns_visible(curr, view, subns)) { /* at this point if a ns is visible it is in a view ns * thus the curr ns.hname is a prefix of its name. * Only output the virtualized portion of the name diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index 15ddf74ac269..1babd3655520 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -44,10 +44,10 @@ int aa_getprocattr(struct aa_profile *profile, char **string) struct aa_ns *current_ns = __aa_current_profile()->ns; char *s; - if (!aa_ns_visible(current_ns, ns)) + if (!aa_ns_visible(current_ns, ns, true)) return -EACCES; - ns_name = aa_ns_name(current_ns, ns); + ns_name = aa_ns_name(current_ns, ns, true); ns_len = strlen(ns_name); /* if the visible ns_name is > 0 increase size for : :// seperator */