diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-06-09 20:15:56 -0400 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 20:11:45 -0400 |
| commit | 064dc9472fa2bc31a7b178882bd7eff782c3d239 (patch) | |
| tree | cb00df746773f501309f21d5da8dbf16664a0c96 | |
| parent | 496c93196654d3e604013d750b7047886af14506 (diff) | |
apparmor: mediate files when they are received
Signed-off-by: John Johansen <john.johansen@canonical.com>
| -rw-r--r-- | security/apparmor/include/audit.h | 1 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 20fa6c77db05..99ed83cf6941 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h | |||
| @@ -64,6 +64,7 @@ enum audit_type { | |||
| 64 | #define OP_GETATTR "getattr" | 64 | #define OP_GETATTR "getattr" |
| 65 | #define OP_OPEN "open" | 65 | #define OP_OPEN "open" |
| 66 | 66 | ||
| 67 | #define OP_FRECEIVE "file_receive" | ||
| 67 | #define OP_FPERM "file_perm" | 68 | #define OP_FPERM "file_perm" |
| 68 | #define OP_FLOCK "file_lock" | 69 | #define OP_FLOCK "file_lock" |
| 69 | #define OP_FMMAP "file_mmap" | 70 | #define OP_FMMAP "file_mmap" |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7a986763b2b7..0f7c5c2be732 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -456,6 +456,11 @@ static int common_file_perm(const char *op, struct file *file, u32 mask) | |||
| 456 | return error; | 456 | return error; |
| 457 | } | 457 | } |
| 458 | 458 | ||
| 459 | static int apparmor_file_receive(struct file *file) | ||
| 460 | { | ||
| 461 | return common_file_perm(OP_FRECEIVE, file, aa_map_file_to_perms(file)); | ||
| 462 | } | ||
| 463 | |||
| 459 | static int apparmor_file_permission(struct file *file, int mask) | 464 | static int apparmor_file_permission(struct file *file, int mask) |
| 460 | { | 465 | { |
| 461 | return common_file_perm(OP_FPERM, file, mask); | 466 | return common_file_perm(OP_FPERM, file, mask); |
| @@ -665,6 +670,7 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { | |||
| 665 | LSM_HOOK_INIT(inode_getattr, apparmor_inode_getattr), | 670 | LSM_HOOK_INIT(inode_getattr, apparmor_inode_getattr), |
| 666 | 671 | ||
| 667 | LSM_HOOK_INIT(file_open, apparmor_file_open), | 672 | LSM_HOOK_INIT(file_open, apparmor_file_open), |
| 673 | LSM_HOOK_INIT(file_receive, apparmor_file_receive), | ||
| 668 | LSM_HOOK_INIT(file_permission, apparmor_file_permission), | 674 | LSM_HOOK_INIT(file_permission, apparmor_file_permission), |
| 669 | LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security), | 675 | LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security), |
| 670 | LSM_HOOK_INIT(file_free_security, apparmor_file_free_security), | 676 | LSM_HOOK_INIT(file_free_security, apparmor_file_free_security), |