Re: [apparmor] [PATCH 2/4] apparmor: use security_path_chdir hook

Thu, 28 Nov 2013 00:19:37 -0800 

On Tue, Nov 05, 2013 at 05:34:59AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen <john.johan...@canonical.com>

Acked-by: Seth Arnold <seth.arn...@canonical.com>

Thanks

> ---
>  security/apparmor/audit.c         |  1 +
>  security/apparmor/include/audit.h |  1 +
>  security/apparmor/lsm.c           | 13 +++++++++++++
>  3 files changed, 15 insertions(+)
> 
> diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
> index 89c7865..6ebebd5 100644
> --- a/security/apparmor/audit.c
> +++ b/security/apparmor/audit.c
> @@ -36,6 +36,7 @@ const char *const op_table[] = {
>       "rename_dest",
>       "chmod",
>       "chown",
> +     "chdir",
>       "getattr",
>       "open",
>  
> diff --git a/security/apparmor/include/audit.h 
> b/security/apparmor/include/audit.h
> index ba3dfd1..57f5ce8 100644
> --- a/security/apparmor/include/audit.h
> +++ b/security/apparmor/include/audit.h
> @@ -64,6 +64,7 @@ enum aa_ops {
>       OP_RENAME_DEST,
>       OP_CHMOD,
>       OP_CHOWN,
> +     OP_CHDIR,
>       OP_GETATTR,
>       OP_OPEN,
>  
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 4257b7e..794aa1a 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -364,6 +364,18 @@ static int apparmor_path_chown(struct path *path, kuid_t 
> uid, kgid_t gid)
>       return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
>  }
>  
> +static int apparmor_path_chdir(struct path *path)
> +{
> +     struct path_cond cond =  { path->dentry->d_inode->i_uid,
> +                                path->dentry->d_inode->i_mode
> +     };
> +
> +     if (!mediated_filesystem(path->dentry->d_inode))
> +             return 0;
> +
> +     return common_perm(OP_CHDIR, path, MAY_READ, &cond);
> +}
> +
>  static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry 
> *dentry)
>  {
>       if (!mediated_filesystem(dentry->d_inode))
> @@ -632,6 +644,7 @@ static struct security_operations apparmor_ops = {
>       .path_rename =                  apparmor_path_rename,
>       .path_chmod =                   apparmor_path_chmod,
>       .path_chown =                   apparmor_path_chown,
> +     .path_chdir =                   apparmor_path_chdir,
>       .path_truncate =                apparmor_path_truncate,
>       .inode_getattr =                apparmor_inode_getattr,
>

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to