Re: [apparmor] [patch] apparmor: add parameter to control whether policy hashing is used

[Tyler Hicks]

On 2014-10-23 11:51:30, John Johansen wrote:
> From 0c0a584c0d073a51e2e8b4c23e7c96f1d3abc358 Mon Sep 17 00:00:00 2001
> From: John Johansen <john.johan...@canonical.com>
> Date: Wed, 22 Oct 2014 18:04:34 -0400
> Subject: [PATCH] apparmor: add parameter to control whether policy hashing is
>  used
> 
> Signed-off-by: John Johansen <john.johan...@canonical.com>

Looks good!

Acked-by: Tyler Hicks <tyhi...@canonical.com>

Tyler

> ---
>  security/apparmor/include/apparmor.h | 1 +
>  security/apparmor/lsm.c              | 4 ++++
>  security/apparmor/policy_unpack.c    | 5 +++--
>  3 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/security/apparmor/include/apparmor.h 
> b/security/apparmor/include/apparmor.h
> index a59a330..7d2f457 100644
> --- a/security/apparmor/include/apparmor.h
> +++ b/security/apparmor/include/apparmor.h
> @@ -52,6 +52,7 @@
>  extern enum audit_mode aa_g_audit;
>  extern bool aa_g_audit_header;
>  extern bool aa_g_debug;
> +extern bool aa_g_hash_policy;
>  extern bool aa_g_lock_policy;
>  extern bool aa_g_logsyscall;
>  extern bool aa_g_paranoid_load;
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index cd2b4f4..5a7eb43 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -1248,6 +1248,10 @@ enum profile_mode aa_g_profile_mode = APPARMOR_ENFORCE;
>  module_param_call(mode, param_set_mode, param_get_mode,
>                 &aa_g_profile_mode, S_IRUSR | S_IWUSR);
>  
> +/* whether policy verification hashing is enabled */
> +bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH;
> +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR);
> +
>  /* Debug mode */
>  bool aa_g_debug;
>  module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);
> diff --git a/security/apparmor/policy_unpack.c 
> b/security/apparmor/policy_unpack.c
> index 188d36e..7f63b67 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -832,8 +832,9 @@ int aa_unpack(void *udata, size_t size, struct list_head 
> *lh, const char **ns)
>               if (error)
>                       goto fail_profile;
>  
> -             error = aa_calc_profile_hash(profile, e.version, start,
> -                                          e.pos - start);
> +             if (aa_g_hash_policy)
> +                     error = aa_calc_profile_hash(profile, e.version, start,
> +                                                  e.pos - start);
>               if (error)
>                       goto fail_profile;
>  
> -- 
> 2.1.0
> 
> 
> -- 
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/apparmor

signature.asc
Description: Digital signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor