Merge tag 'aa-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor into ra-next

author: James Morris <james.l.morris@oracle.com> 2013-05-12 07:28:38 -0400
committer: James Morris <james.l.morris@oracle.com> 2013-05-12 07:28:38 -0400
commit: bd71164abc141ea696014e3e23c561b0d7f1b434 (patch)
tree: 3b9c64698800566197bf4ecec604ba8bb1228bd3 /security/apparmor/include/policy.h
parent: f722406faae2d073cc1d01063d1123c35425939e (diff)
parent: 2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index bda4569fdd83..b25491a3046a 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -32,13 +32,13 @@
 extern const char *const profile_mode_names[];
 #define APPARMOR_NAMES_MAX_INDEX 3
-#define COMPLAIN_MODE(_profile) \
+#define PROFILE_MODE(_profile, _mode)           \
-        ((aa_g_profile_mode == APPARMOR_COMPLAIN) || \
+        ((aa_g_profile_mode == (_mode)) ||      \
-         ((_profile)->mode == APPARMOR_COMPLAIN))
+         ((_profile)->mode == (_mode)))
-#define KILL_MODE(_profile) \
+#define COMPLAIN_MODE(_profile) PROFILE_MODE((_profile), APPARMOR_COMPLAIN)
-        ((aa_g_profile_mode == APPARMOR_KILL) || \
-         ((_profile)->mode == APPARMOR_KILL))
+#define KILL_MODE(_profile) PROFILE_MODE((_profile), APPARMOR_KILL)
 #define PROFILE_IS_HAT(_profile) ((_profile)->flags & PFLAG_HAT)
@@ -105,6 +105,7 @@ struct aa_ns_acct {
 * @acct: accounting for the namespace
 * @unconfined: special unconfined profile for the namespace
 * @sub_ns: list of namespaces under the current namespace.
+ * @uniq_null: uniq value used for null learning profiles
 *
 * An aa_namespace defines the set profiles that are searched to determine
 * which profile to attach to a task.  Profiles can not be shared between
@@ -127,6 +128,7 @@ struct aa_namespace {
        struct aa_ns_acct acct;
        struct aa_profile *unconfined;
        struct list_head sub_ns;
+        atomic_t uniq_null;
 };
 /* struct aa_policydb - match engine for a policy
@@ -148,7 +150,6 @@ struct aa_policydb {
 * @rename: optional profile name that this profile renamed
 * @xmatch: optional extended matching for unconfined executables names
 * @xmatch_len: xmatch prefix len, used to determine xmatch priority
- * @sid: the unique security id number of this profile
 * @audit: the auditing mode of the profile
 * @mode: the enforcement mode of the profile
 * @flags: flags controlling profile behavior
@@ -184,7 +185,6 @@ struct aa_profile {
        struct aa_dfa *xmatch;
        int xmatch_len;
-        u32 sid;
        enum audit_mode audit;
        enum profile_mode mode;
        u32 flags;
author	James Morris <james.l.morris@oracle.com>	2013-05-12 07:28:38 -0400
committer	James Morris <james.l.morris@oracle.com>	2013-05-12 07:28:38 -0400
commit	bd71164abc141ea696014e3e23c561b0d7f1b434 (patch)
tree	3b9c64698800566197bf4ecec604ba8bb1228bd3 /security/apparmor/include/policy.h
parent	f722406faae2d073cc1d01063d1123c35425939e (diff)
parent	2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c (diff)

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index bda4569fdd83..b25491a3046a 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h
@@ -32,13 +32,13 @@
32	extern const char *const profile_mode_names[];	32	extern const char *const profile_mode_names[];
33	#define APPARMOR_NAMES_MAX_INDEX 3	33	#define APPARMOR_NAMES_MAX_INDEX 3
34		34
35	#define COMPLAIN_MODE(_profile) \	35	#define PROFILE_MODE(_profile, _mode) \
36	((aa_g_profile_mode == APPARMOR_COMPLAIN) \|\| \	36	((aa_g_profile_mode == (_mode)) \|\| \
37	((_profile)->mode == APPARMOR_COMPLAIN))	37	((_profile)->mode == (_mode)))
38		38
39	#define KILL_MODE(_profile) \	39	#define COMPLAIN_MODE(_profile) PROFILE_MODE((_profile), APPARMOR_COMPLAIN)
40	((aa_g_profile_mode == APPARMOR_KILL) \|\| \	40
41	((_profile)->mode == APPARMOR_KILL))	41	#define KILL_MODE(_profile) PROFILE_MODE((_profile), APPARMOR_KILL)
42		42
43	#define PROFILE_IS_HAT(_profile) ((_profile)->flags & PFLAG_HAT)	43	#define PROFILE_IS_HAT(_profile) ((_profile)->flags & PFLAG_HAT)
44		44
@@ -105,6 +105,7 @@ struct aa_ns_acct {
105	* @acct: accounting for the namespace	105	* @acct: accounting for the namespace
106	* @unconfined: special unconfined profile for the namespace	106	* @unconfined: special unconfined profile for the namespace
107	* @sub_ns: list of namespaces under the current namespace.	107	* @sub_ns: list of namespaces under the current namespace.
		108	* @uniq_null: uniq value used for null learning profiles
108	*	109	*
109	* An aa_namespace defines the set profiles that are searched to determine	110	* An aa_namespace defines the set profiles that are searched to determine
110	* which profile to attach to a task. Profiles can not be shared between	111	* which profile to attach to a task. Profiles can not be shared between
@@ -127,6 +128,7 @@ struct aa_namespace {
127	struct aa_ns_acct acct;	128	struct aa_ns_acct acct;
128	struct aa_profile *unconfined;	129	struct aa_profile *unconfined;
129	struct list_head sub_ns;	130	struct list_head sub_ns;
		131	atomic_t uniq_null;
130	};	132	};
131		133
132	/* struct aa_policydb - match engine for a policy	134	/* struct aa_policydb - match engine for a policy
@@ -148,7 +150,6 @@ struct aa_policydb {
148	* @rename: optional profile name that this profile renamed	150	* @rename: optional profile name that this profile renamed
149	* @xmatch: optional extended matching for unconfined executables names	151	* @xmatch: optional extended matching for unconfined executables names
150	* @xmatch_len: xmatch prefix len, used to determine xmatch priority	152	* @xmatch_len: xmatch prefix len, used to determine xmatch priority
151	* @sid: the unique security id number of this profile
152	* @audit: the auditing mode of the profile	153	* @audit: the auditing mode of the profile
153	* @mode: the enforcement mode of the profile	154	* @mode: the enforcement mode of the profile
154	* @flags: flags controlling profile behavior	155	* @flags: flags controlling profile behavior
@@ -184,7 +185,6 @@ struct aa_profile {
184		185
185	struct aa_dfa *xmatch;	186	struct aa_dfa *xmatch;
186	int xmatch_len;	187	int xmatch_len;
187	u32 sid;
188	enum audit_mode audit;	188	enum audit_mode audit;
189	enum profile_mode mode;	189	enum profile_mode mode;
190	u32 flags;	190	u32 flags;