iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apparmor: rename replacedby to proxy

Browse Source 
Proxy is shorter and a better fit than replaceby, so rename it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2017-01-16 00:42:19 -08:00
parent d97d51d253
commit 8399588a7f
5 changed files with 65 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
security/apparmor/apparmorfs.c
View File

@ -228,12 +228,12 @@ const struct file_operations aa_fs_seq_file_ops = {
static int aa_fs_seq_profile_open(struct inode *inode, struct file *file, static int aa_fs_seq_profile_open(struct inode *inode, struct file *file,
int (*show)(struct seq_file *, void *)) int (*show)(struct seq_file *, void *))
{ {
struct aa_replacedby *r = aa_get_replacedby(inode->i_private); struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
int error = single_open(file, show, r); int error = single_open(file, show, proxy);
if (error) { if (error) {
file->private_data = NULL; file->private_data = NULL;
aa_put_replacedby(r); aa_put_proxy(proxy);
} }
return error; return error;
@ -243,14 +243,14 @@ static int aa_fs_seq_profile_release(struct inode *inode, struct file *file)
{ {
struct seq_file *seq = (struct seq_file *) file->private_data; struct seq_file *seq = (struct seq_file *) file->private_data;
if (seq) if (seq)
aa_put_replacedby(seq->private); aa_put_proxy(seq->private);
return single_release(inode, file); return single_release(inode, file);
} }
static int aa_fs_seq_profname_show(struct seq_file *seq, void *v) static int aa_fs_seq_profname_show(struct seq_file *seq, void *v)
{ {
struct aa_replacedby *r = seq->private; struct aa_proxy *proxy = seq->private;
struct aa_profile *profile = aa_get_profile_rcu(&r->profile); struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
seq_printf(seq, "%s\n", profile->base.name); seq_printf(seq, "%s\n", profile->base.name);
aa_put_profile(profile); aa_put_profile(profile);
@ -272,8 +272,8 @@ static const struct file_operations aa_fs_profname_fops = {
static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v) static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v)
{ {
struct aa_replacedby *r = seq->private; struct aa_proxy *proxy = seq->private;
struct aa_profile *profile = aa_get_profile_rcu(&r->profile); struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]); seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
aa_put_profile(profile); aa_put_profile(profile);
@ -295,8 +295,8 @@ static const struct file_operations aa_fs_profmode_fops = {
static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v) static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v)
{ {
struct aa_replacedby *r = seq->private; struct aa_proxy *proxy = seq->private;
struct aa_profile *profile = aa_get_profile_rcu(&r->profile); struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
if (profile->attach) if (profile->attach)
seq_printf(seq, "%s\n", profile->attach); seq_printf(seq, "%s\n", profile->attach);
else if (profile->xmatch) else if (profile->xmatch)
@ -323,8 +323,8 @@ static const struct file_operations aa_fs_profattach_fops = {
static int aa_fs_seq_hash_show(struct seq_file *seq, void *v) static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
{ {
struct aa_replacedby *r = seq->private; struct aa_proxy *proxy = seq->private;
struct aa_profile *profile = aa_get_profile_rcu(&r->profile); struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
unsigned int i, size = aa_hash_size(); unsigned int i, size = aa_hash_size();
if (profile->hash) { if (profile->hash) {
@ -363,13 +363,13 @@ void __aa_fs_profile_rmdir(struct aa_profile *profile)
__aa_fs_profile_rmdir(child); __aa_fs_profile_rmdir(child);
for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) { for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
struct aa_replacedby *r; struct aa_proxy *proxy;
if (!profile->dents[i]) if (!profile->dents[i])
continue; continue;
r = d_inode(profile->dents[i])->i_private; proxy = d_inode(profile->dents[i])->i_private;
securityfs_remove(profile->dents[i]); securityfs_remove(profile->dents[i]);
aa_put_replacedby(r); aa_put_proxy(proxy);
profile->dents[i] = NULL; profile->dents[i] = NULL;
} }
} }
@ -391,12 +391,12 @@ static struct dentry *create_profile_file(struct dentry *dir, const char *name,
struct aa_profile *profile, struct aa_profile *profile,
const struct file_operations *fops) const struct file_operations *fops)
{ {
struct aa_replacedby *r = aa_get_replacedby(profile->replacedby); struct aa_proxy *proxy = aa_get_proxy(profile->proxy);
struct dentry *dent; struct dentry *dent;
dent = securityfs_create_file(name, S_IFREG | 0444, dir, r, fops); dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
if (IS_ERR(dent)) if (IS_ERR(dent))
aa_put_replacedby(r); aa_put_proxy(proxy);
return dent; return dent;
} }

2
security/apparmor/context.c
View File

@ -112,7 +112,7 @@ int aa_replace_current_profile(struct aa_profile *profile)
aa_clear_task_cxt_trans(cxt); aa_clear_task_cxt_trans(cxt);
/* be careful switching cxt->profile, when racing replacement it /* be careful switching cxt->profile, when racing replacement it
* is possible that cxt->profile->replacedby->profile is the reference * is possible that cxt->profile->proxy->profile is the reference
* keeping @profile valid, so make sure to get its reference before * keeping @profile valid, so make sure to get its reference before
* dropping the reference on cxt->profile */ * dropping the reference on cxt->profile */
aa_get_profile(profile); aa_get_profile(profile);

20
security/apparmor/include/policy.h
View File

@ -91,7 +91,7 @@ struct aa_policydb {
}; };
struct aa_replacedby { struct aa_proxy {
struct kref count; struct kref count;
struct aa_profile __rcu *profile; struct aa_profile __rcu *profile;
}; };
@ -103,7 +103,7 @@ struct aa_replacedby {
* @rcu: rcu head used when removing from @list * @rcu: rcu head used when removing from @list
* @parent: parent of profile * @parent: parent of profile
* @ns: namespace the profile is in * @ns: namespace the profile is in
* @replacedby: is set to the profile that replaced this profile * @proxy: is set to the profile that replaced this profile
* @rename: optional profile name that this profile renamed * @rename: optional profile name that this profile renamed
* @attach: human readable attachment string * @attach: human readable attachment string
* @xmatch: optional extended matching for unconfined executables names * @xmatch: optional extended matching for unconfined executables names
@ -126,7 +126,7 @@ struct aa_replacedby {
* used to determine profile attachment against unconfined tasks. All other * used to determine profile attachment against unconfined tasks. All other
* attachments are determined by profile X transition rules. * attachments are determined by profile X transition rules.
* *
* The @replacedby struct is write protected by the profile lock. * The @proxy struct is write protected by the profile lock.
* *
* Profiles have a hierarchy where hats and children profiles keep * Profiles have a hierarchy where hats and children profiles keep
* a reference to their parent. * a reference to their parent.
@ -142,7 +142,7 @@ struct aa_profile {
struct aa_profile __rcu *parent; struct aa_profile __rcu *parent;
struct aa_ns *ns; struct aa_ns *ns;
struct aa_replacedby *replacedby; struct aa_proxy *proxy;
const char *rename; const char *rename;
const char *attach; const char *attach;
@ -166,12 +166,12 @@ struct aa_profile {
extern enum profile_mode aa_g_profile_mode; extern enum profile_mode aa_g_profile_mode;
void __aa_update_replacedby(struct aa_profile *orig, struct aa_profile *new); void __aa_update_proxy(struct aa_profile *orig, struct aa_profile *new);
void aa_add_profile(struct aa_policy *common, struct aa_profile *profile); void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
void aa_free_replacedby_kref(struct kref *kref); void aa_free_proxy_kref(struct kref *kref);
struct aa_profile *aa_alloc_profile(const char *name); struct aa_profile *aa_alloc_profile(const char *name);
struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat); struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
void aa_free_profile(struct aa_profile *profile); void aa_free_profile(struct aa_profile *profile);
@ -254,7 +254,7 @@ static inline struct aa_profile *aa_get_newest_profile(struct aa_profile *p)
return NULL; return NULL;
if (profile_is_stale(p)) if (profile_is_stale(p))
return aa_get_profile_rcu(&p->replacedby->profile); return aa_get_profile_rcu(&p->proxy->profile);
return aa_get_profile(p); return aa_get_profile(p);
} }
@ -269,7 +269,7 @@ static inline void aa_put_profile(struct aa_profile *p)
kref_put(&p->count, aa_free_profile_kref); kref_put(&p->count, aa_free_profile_kref);
} }
static inline struct aa_replacedby *aa_get_replacedby(struct aa_replacedby *p) static inline struct aa_proxy *aa_get_proxy(struct aa_proxy *p)
{ {
if (p) if (p)
kref_get(&(p->count)); kref_get(&(p->count));
@ -277,10 +277,10 @@ static inline struct aa_replacedby *aa_get_replacedby(struct aa_replacedby *p)
return p; return p;
} }
static inline void aa_put_replacedby(struct aa_replacedby *p) static inline void aa_put_proxy(struct aa_proxy *p)
{ {
if (p) if (p)
kref_put(&p->count, aa_free_replacedby_kref); kref_put(&p->count, aa_free_proxy_kref);
} }
static inline int AUDIT_MODE(struct aa_profile *profile) static inline int AUDIT_MODE(struct aa_profile *profile)

70
security/apparmor/policy.c
View File

@ -99,13 +99,13 @@ const char *const aa_profile_mode_names[] = {
/* requires profile list write lock held */ /* requires profile list write lock held */
void __aa_update_replacedby(struct aa_profile *orig, struct aa_profile *new) void __aa_update_proxy(struct aa_profile *orig, struct aa_profile *new)
{ {
struct aa_profile *tmp; struct aa_profile *tmp;
tmp = rcu_dereference_protected(orig->replacedby->profile, tmp = rcu_dereference_protected(orig->proxy->profile,
mutex_is_locked(&orig->ns->lock)); mutex_is_locked(&orig->ns->lock));
rcu_assign_pointer(orig->replacedby->profile, aa_get_profile(new)); rcu_assign_pointer(orig->proxy->profile, aa_get_profile(new));
orig->flags |= PFLAG_STALE; orig->flags |= PFLAG_STALE;
aa_put_profile(tmp); aa_put_profile(tmp);
} }
@ -156,7 +156,7 @@ static void __remove_profile(struct aa_profile *profile)
/* release any children lists first */ /* release any children lists first */
__aa_profile_list_release(&profile->base.profiles); __aa_profile_list_release(&profile->base.profiles);
/* released by free_profile */ /* released by free_profile */
__aa_update_replacedby(profile, profile->ns->unconfined); __aa_update_proxy(profile, profile->ns->unconfined);
__aa_fs_profile_rmdir(profile); __aa_fs_profile_rmdir(profile);
__list_remove_profile(profile); __list_remove_profile(profile);
} }
@ -175,21 +175,21 @@ void __aa_profile_list_release(struct list_head *head)
} }
static void free_replacedby(struct aa_replacedby *r) static void free_proxy(struct aa_proxy *p)
{ {
if (r) { if (p) {
/* r->profile will not be updated any more as r is dead */ /* r->profile will not be updated any more as r is dead */
aa_put_profile(rcu_dereference_protected(r->profile, true)); aa_put_profile(rcu_dereference_protected(p->profile, true));
kzfree(r); kzfree(p);
} }
} }
void aa_free_replacedby_kref(struct kref *kref) void aa_free_proxy_kref(struct kref *kref)
{ {
struct aa_replacedby *r = container_of(kref, struct aa_replacedby, struct aa_proxy *p = container_of(kref, struct aa_proxy, count);
count);
free_replacedby(r); free_proxy(p);
} }
/** /**
@ -223,7 +223,7 @@ void aa_free_profile(struct aa_profile *profile)
kzfree(profile->dirname); kzfree(profile->dirname);
aa_put_dfa(profile->xmatch); aa_put_dfa(profile->xmatch);
aa_put_dfa(profile->policy.dfa); aa_put_dfa(profile->policy.dfa);
aa_put_replacedby(profile->replacedby); aa_put_proxy(profile->proxy);
kzfree(profile->hash); kzfree(profile->hash);
kzfree(profile); kzfree(profile);
@ -267,10 +267,10 @@ struct aa_profile *aa_alloc_profile(const char *hname)
if (!profile) if (!profile)
return NULL; return NULL;
profile->replacedby = kzalloc(sizeof(struct aa_replacedby), GFP_KERNEL); profile->proxy = kzalloc(sizeof(struct aa_proxy), GFP_KERNEL);
if (!profile->replacedby) if (!profile->proxy)
goto fail; goto fail;
kref_init(&profile->replacedby->count); kref_init(&profile->proxy->count);
if (!aa_policy_init(&profile->base, NULL, hname)) if (!aa_policy_init(&profile->base, NULL, hname))
goto fail; goto fail;
@ -280,7 +280,7 @@ struct aa_profile *aa_alloc_profile(const char *hname)
return profile; return profile;
fail: fail:
kzfree(profile->replacedby); kzfree(profile->proxy);
kzfree(profile); kzfree(profile);
return NULL; return NULL;
@ -598,7 +598,7 @@ static struct aa_profile *__list_lookup_parent(struct list_head *lh,
* __replace_profile - replace @old with @new on a list * __replace_profile - replace @old with @new on a list
* @old: profile to be replaced (NOT NULL) * @old: profile to be replaced (NOT NULL)
* @new: profile to replace @old with (NOT NULL) * @new: profile to replace @old with (NOT NULL)
* @share_replacedby: transfer @old->replacedby to @new * @share_proxy: transfer @old->proxy to @new
* *
* Will duplicate and refcount elements that @new inherits from @old * Will duplicate and refcount elements that @new inherits from @old
* and will inherit @old children. * and will inherit @old children.
@ -608,7 +608,7 @@ static struct aa_profile *__list_lookup_parent(struct list_head *lh,
* Requires: namespace list lock be held, or list not be shared * Requires: namespace list lock be held, or list not be shared
*/ */
static void __replace_profile(struct aa_profile *old, struct aa_profile *new, static void __replace_profile(struct aa_profile *old, struct aa_profile *new,
bool share_replacedby) bool share_proxy)
{ {
struct aa_profile *child, *tmp; struct aa_profile *child, *tmp;
@ -623,7 +623,7 @@ static void __replace_profile(struct aa_profile *old, struct aa_profile *new,
p = __find_child(&new->base.profiles, child->base.name); p = __find_child(&new->base.profiles, child->base.name);
if (p) { if (p) {
/* @p replaces @child */ /* @p replaces @child */
__replace_profile(child, p, share_replacedby); __replace_profile(child, p, share_proxy);
continue; continue;
} }
@ -641,13 +641,13 @@ static void __replace_profile(struct aa_profile *old, struct aa_profile *new,
struct aa_profile *parent = aa_deref_parent(old); struct aa_profile *parent = aa_deref_parent(old);
rcu_assign_pointer(new->parent, aa_get_profile(parent)); rcu_assign_pointer(new->parent, aa_get_profile(parent));
} }
__aa_update_replacedby(old, new); __aa_update_proxy(old, new);
if (share_replacedby) { if (share_proxy) {
aa_put_replacedby(new->replacedby); aa_put_proxy(new->proxy);
new->replacedby = aa_get_replacedby(old->replacedby); new->proxy = aa_get_proxy(old->proxy);
} else if (!rcu_access_pointer(new->replacedby->profile)) } else if (!rcu_access_pointer(new->proxy->profile))
/* aafs interface uses replacedby */ /* aafs interface uses proxy */
rcu_assign_pointer(new->replacedby->profile, rcu_assign_pointer(new->proxy->profile,
aa_get_profile(new)); aa_get_profile(new));
__aa_fs_profile_migrate_dents(old, new); __aa_fs_profile_migrate_dents(old, new);
@ -797,15 +797,15 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
if (ent->old) { if (ent->old) {
__replace_profile(ent->old, ent->new, 1); __replace_profile(ent->old, ent->new, 1);
if (ent->rename) { if (ent->rename) {
/* aafs interface uses replacedby */ /* aafs interface uses proxy */
struct aa_replacedby *r = ent->new->replacedby; struct aa_proxy *r = ent->new->proxy;
rcu_assign_pointer(r->profile, rcu_assign_pointer(r->profile,
aa_get_profile(ent->new)); aa_get_profile(ent->new));
__replace_profile(ent->rename, ent->new, 0); __replace_profile(ent->rename, ent->new, 0);
} }
} else if (ent->rename) { } else if (ent->rename) {
/* aafs interface uses replacedby */ /* aafs interface uses proxy */
rcu_assign_pointer(ent->new->replacedby->profile, rcu_assign_pointer(ent->new->proxy->profile,
aa_get_profile(ent->new)); aa_get_profile(ent->new));
__replace_profile(ent->rename, ent->new, 0); __replace_profile(ent->rename, ent->new, 0);
} else if (ent->new->parent) { } else if (ent->new->parent) {
@ -819,14 +819,14 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
rcu_assign_pointer(ent->new->parent, newest); rcu_assign_pointer(ent->new->parent, newest);
aa_put_profile(parent); aa_put_profile(parent);
} }
/* aafs interface uses replacedby */ /* aafs interface uses proxy */
rcu_assign_pointer(ent->new->replacedby->profile, rcu_assign_pointer(ent->new->proxy->profile,
aa_get_profile(ent->new)); aa_get_profile(ent->new));
__list_add_profile(&newest->base.profiles, ent->new); __list_add_profile(&newest->base.profiles, ent->new);
aa_put_profile(newest); aa_put_profile(newest);
} else { } else {
/* aafs interface uses replacedby */ /* aafs interface uses proxy */
rcu_assign_pointer(ent->new->replacedby->profile, rcu_assign_pointer(ent->new->proxy->profile,
aa_get_profile(ent->new)); aa_get_profile(ent->new));
__list_add_profile(&ns->base.profiles, ent->new); __list_add_profile(&ns->base.profiles, ent->new);
} }

2
security/apparmor/policy_ns.c
View File

@ -225,7 +225,7 @@ static void destroy_ns(struct aa_ns *ns)
__ns_list_release(&ns->sub_ns); __ns_list_release(&ns->sub_ns);
if (ns->parent) if (ns->parent)
__aa_update_replacedby(ns->unconfined, ns->parent->unconfined); __aa_update_proxy(ns->unconfined, ns->parent->unconfined);
__aa_fs_ns_rmdir(ns); __aa_fs_ns_rmdir(ns);
mutex_unlock(&ns->lock); mutex_unlock(&ns->lock);
} }