Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

apparmor: Add a wildcard secid

Reserve a secid value that we can use as a wildcard, allowing us to
define policy that's expected to match against all secids.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Matthew Garrett 7 years ago
parent
1f8266ff58
commit
617a629c08
2 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 3 0
      security/apparmor/include/secid.h
  2. 1 2
      security/apparmor/secid.c

+ 3 - 0
security/apparmor/include/secid.h
View File 

@@ -22,6 +22,9 @@ struct aa_label;
 
 /* secid value that will not be allocated */
 
 #define AA_SECID_INVALID 0
 
 
+/* secid value that matches any other secid */
 
+#define AA_SECID_WILDCARD 1
 
+
 
 struct aa_label *aa_secid_to_label(u32 secid);
 
 int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
 
 int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);

+ 1 - 2
security/apparmor/secid.c
View File 

@@ -32,8 +32,7 @@
 
  * secids - do not pin labels with a refcount. They rely on the label
 
  * properly updating/freeing them
 
  */
 
-
 
-#define AA_FIRST_SECID 1
 
+#define AA_FIRST_SECID 2
 
 
 static DEFINE_IDR(aa_secids);
 
 static DEFINE_SPINLOCK(secid_lock);