tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

apparmor: extend xindex size

Allow the xindex to have 2^24 entries.

Signed-off-by: John Johansen <john.johansen@canonical.com>

John Johansen ae6d35ed b06a62eb

+14 -15
+9 -10
security/apparmor/include/file.h
··· 88 88 * - exec type - which determines how the executable name and index are used 89 89 * - flags - which modify how the destination name is applied 90 90 */ 91 - #define AA_X_INDEX_MASK 0x03ff 91 + #define AA_X_INDEX_MASK 0x00ffffff 92 92 93 - #define AA_X_TYPE_MASK 0x0c00 94 - #define AA_X_TYPE_SHIFT 10 95 - #define AA_X_NONE 0x0000 96 - #define AA_X_NAME 0x0400 /* use executable name px */ 97 - #define AA_X_TABLE 0x0800 /* use a specified name ->n# */ 93 + #define AA_X_TYPE_MASK 0x0c000000 94 + #define AA_X_NONE 0x00000000 95 + #define AA_X_NAME 0x04000000 /* use executable name px */ 96 + #define AA_X_TABLE 0x08000000 /* use a specified name ->n# */ 98 97 99 - #define AA_X_UNSAFE 0x1000 100 - #define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */ 101 - #define AA_X_INHERIT 0x4000 102 - #define AA_X_UNCONFINED 0x8000 98 + #define AA_X_UNSAFE 0x10000000 99 + #define AA_X_CHILD 0x20000000 100 + #define AA_X_INHERIT 0x40000000 101 + #define AA_X_UNCONFINED 0x80000000 103 102 104 103 /* need to make conditional which ones are being set */ 105 104 struct path_cond {
+1 -1
security/apparmor/include/perms.h
··· 78 78 u32 quiet; /* set only when ~allow | deny */ 79 79 u32 hide; /* set only when ~allow | deny */ 80 80 81 - u16 xindex; 81 + u32 xindex; 82 82 }; 83 83 84 84 #define ALL_PERMS_MASK 0xffffffff
+4 -4
security/apparmor/policy_unpack.c
··· 489 489 int i, size; 490 490 491 491 size = unpack_array(e, NULL); 492 - /* currently 4 exec bits and entries 0-3 are reserved iupcx */ 493 - if (size > 16 - 4) 492 + /* currently 2^24 bits entries 0-3 */ 493 + if (size > (1 << 24)) 494 494 goto fail; 495 495 profile->file.trans.table = kcalloc(size, sizeof(char *), 496 496 GFP_KERNEL); ··· 672 672 } 673 673 674 674 /* remap old accept table embedded permissions to separate permission table */ 675 - static u16 dfa_map_xindex(u16 mask) 675 + static u32 dfa_map_xindex(u16 mask) 676 676 { 677 677 u16 old_index = (mask >> 10) & 0xf; 678 - u16 index = 0; 678 + u32 index = 0; 679 679 680 680 if (mask & 0x100) 681 681 index |= AA_X_UNSAFE;