From 871480933a1c28f8a9fed4c4d34d06c439a7a422 Mon Sep 17 00:00:00 2001
From: Srikant Patnaik
Date: Sun, 11 Jan 2015 12:28:04 +0530
Subject: Moved, renamed, and deleted files
The original directory structure was scattered and unorganized.
Changes are basically to make it look like kernel structure.
---
ANDROID_3.4.5/security/Kconfig | 237 -
ANDROID_3.4.5/security/Makefile | 30 -
ANDROID_3.4.5/security/apparmor/Kconfig | 31 -
ANDROID_3.4.5/security/apparmor/Makefile | 65 -
ANDROID_3.4.5/security/apparmor/apparmorfs.c | 355 --
ANDROID_3.4.5/security/apparmor/audit.c | 214 -
ANDROID_3.4.5/security/apparmor/capability.c | 143 -
ANDROID_3.4.5/security/apparmor/context.c | 216 -
ANDROID_3.4.5/security/apparmor/domain.c | 823 ---
ANDROID_3.4.5/security/apparmor/file.c | 456 --
ANDROID_3.4.5/security/apparmor/include/apparmor.h | 105 -
.../security/apparmor/include/apparmorfs.h | 64 -
ANDROID_3.4.5/security/apparmor/include/audit.h | 148 -
.../security/apparmor/include/capability.h | 45 -
ANDROID_3.4.5/security/apparmor/include/context.h | 154 -
ANDROID_3.4.5/security/apparmor/include/domain.h | 36 -
ANDROID_3.4.5/security/apparmor/include/file.h | 216 -
ANDROID_3.4.5/security/apparmor/include/ipc.h | 28 -
ANDROID_3.4.5/security/apparmor/include/match.h | 136 -
ANDROID_3.4.5/security/apparmor/include/path.h | 32 -
ANDROID_3.4.5/security/apparmor/include/policy.h | 318 --
.../security/apparmor/include/policy_unpack.h | 20 -
ANDROID_3.4.5/security/apparmor/include/procattr.h | 26 -
ANDROID_3.4.5/security/apparmor/include/resource.h | 50 -
ANDROID_3.4.5/security/apparmor/include/sid.h | 24 -
ANDROID_3.4.5/security/apparmor/ipc.c | 117 -
ANDROID_3.4.5/security/apparmor/lib.c | 137 -
ANDROID_3.4.5/security/apparmor/lsm.c | 953 ----
ANDROID_3.4.5/security/apparmor/match.c | 427 --
ANDROID_3.4.5/security/apparmor/path.c | 234 -
ANDROID_3.4.5/security/apparmor/policy.c | 1189 ----
ANDROID_3.4.5/security/apparmor/policy_unpack.c | 730 ---
ANDROID_3.4.5/security/apparmor/procattr.c | 171 -
ANDROID_3.4.5/security/apparmor/resource.c | 145 -
ANDROID_3.4.5/security/apparmor/sid.c | 55 -
ANDROID_3.4.5/security/capability.c | 1074 ----
ANDROID_3.4.5/security/commoncap.c | 985 ----
ANDROID_3.4.5/security/device_cgroup.c | 537 --
ANDROID_3.4.5/security/inode.c | 236 -
ANDROID_3.4.5/security/integrity/Kconfig | 21 -
ANDROID_3.4.5/security/integrity/Makefile | 13 -
ANDROID_3.4.5/security/integrity/digsig.c | 48 -
ANDROID_3.4.5/security/integrity/evm/Kconfig | 13 -
ANDROID_3.4.5/security/integrity/evm/Makefile | 7 -
ANDROID_3.4.5/security/integrity/evm/evm.h | 50 -
ANDROID_3.4.5/security/integrity/evm/evm_crypto.c | 257 -
ANDROID_3.4.5/security/integrity/evm/evm_main.c | 452 --
.../security/integrity/evm/evm_posix_acl.c | 26 -
ANDROID_3.4.5/security/integrity/evm/evm_secfs.c | 108 -
ANDROID_3.4.5/security/integrity/iint.c | 172 -
ANDROID_3.4.5/security/integrity/ima/Kconfig | 56 -
ANDROID_3.4.5/security/integrity/ima/Makefile | 9 -
ANDROID_3.4.5/security/integrity/ima/ima.h | 146 -
ANDROID_3.4.5/security/integrity/ima/ima_api.c | 185 -
ANDROID_3.4.5/security/integrity/ima/ima_audit.c | 66 -
ANDROID_3.4.5/security/integrity/ima/ima_crypto.c | 143 -
ANDROID_3.4.5/security/integrity/ima/ima_fs.c | 386 --
ANDROID_3.4.5/security/integrity/ima/ima_init.c | 97 -
ANDROID_3.4.5/security/integrity/ima/ima_main.c | 241 -
ANDROID_3.4.5/security/integrity/ima/ima_policy.c | 493 --
ANDROID_3.4.5/security/integrity/ima/ima_queue.c | 149 -
ANDROID_3.4.5/security/integrity/integrity.h | 71 -
ANDROID_3.4.5/security/keys/Makefile | 20 -
ANDROID_3.4.5/security/keys/compat.c | 141 -
.../security/keys/encrypted-keys/Makefile | 10 -
.../security/keys/encrypted-keys/ecryptfs_format.c | 81 -
.../security/keys/encrypted-keys/ecryptfs_format.h | 30 -
.../security/keys/encrypted-keys/encrypted.c | 1038 ----
.../security/keys/encrypted-keys/encrypted.h | 66 -
.../keys/encrypted-keys/masterkey_trusted.c | 47 -
ANDROID_3.4.5/security/keys/gc.c | 390 --
ANDROID_3.4.5/security/keys/internal.h | 251 -
ANDROID_3.4.5/security/keys/key.c | 1031 ----
ANDROID_3.4.5/security/keys/keyctl.c | 1628 ------
ANDROID_3.4.5/security/keys/keyring.c | 1232 ----
ANDROID_3.4.5/security/keys/permission.c | 118 -
ANDROID_3.4.5/security/keys/proc.c | 352 --
ANDROID_3.4.5/security/keys/process_keys.c | 878 ---
ANDROID_3.4.5/security/keys/request_key.c | 713 ---
ANDROID_3.4.5/security/keys/request_key_auth.c | 267 -
ANDROID_3.4.5/security/keys/sysctl.c | 65 -
ANDROID_3.4.5/security/keys/trusted.c | 1191 ----
ANDROID_3.4.5/security/keys/trusted.h | 134 -
ANDROID_3.4.5/security/keys/user_defined.c | 228 -
ANDROID_3.4.5/security/lsm_audit.c | 410 --
ANDROID_3.4.5/security/min_addr.c | 52 -
ANDROID_3.4.5/security/security.c | 1328 -----
ANDROID_3.4.5/security/selinux/Kconfig | 133 -
ANDROID_3.4.5/security/selinux/Makefile | 25 -
ANDROID_3.4.5/security/selinux/avc.c | 886 ---
ANDROID_3.4.5/security/selinux/exports.c | 23 -
ANDROID_3.4.5/security/selinux/hooks.c | 5923 --------------------
ANDROID_3.4.5/security/selinux/include/audit.h | 65 -
ANDROID_3.4.5/security/selinux/include/avc.h | 133 -
ANDROID_3.4.5/security/selinux/include/avc_ss.h | 28 -
ANDROID_3.4.5/security/selinux/include/classmap.h | 155 -
.../security/selinux/include/conditional.h | 22 -
.../selinux/include/initial_sid_to_string.h | 33 -
ANDROID_3.4.5/security/selinux/include/netif.h | 23 -
ANDROID_3.4.5/security/selinux/include/netlabel.h | 149 -
ANDROID_3.4.5/security/selinux/include/netnode.h | 32 -
ANDROID_3.4.5/security/selinux/include/netport.h | 31 -
ANDROID_3.4.5/security/selinux/include/objsec.h | 119 -
ANDROID_3.4.5/security/selinux/include/security.h | 229 -
ANDROID_3.4.5/security/selinux/include/xfrm.h | 90 -
ANDROID_3.4.5/security/selinux/netif.c | 304 -
ANDROID_3.4.5/security/selinux/netlabel.c | 470 --
ANDROID_3.4.5/security/selinux/netlink.c | 119 -
ANDROID_3.4.5/security/selinux/netnode.c | 331 --
ANDROID_3.4.5/security/selinux/netport.c | 268 -
ANDROID_3.4.5/security/selinux/nlmsgtab.c | 183 -
ANDROID_3.4.5/security/selinux/selinuxfs.c | 1960 -------
ANDROID_3.4.5/security/selinux/ss/avtab.c | 556 --
ANDROID_3.4.5/security/selinux/ss/avtab.h | 91 -
ANDROID_3.4.5/security/selinux/ss/conditional.c | 648 ---
ANDROID_3.4.5/security/selinux/ss/conditional.h | 80 -
ANDROID_3.4.5/security/selinux/ss/constraint.h | 61 -
ANDROID_3.4.5/security/selinux/ss/context.h | 143 -
ANDROID_3.4.5/security/selinux/ss/ebitmap.c | 525 --
ANDROID_3.4.5/security/selinux/ss/ebitmap.h | 145 -
ANDROID_3.4.5/security/selinux/ss/hashtab.c | 165 -
ANDROID_3.4.5/security/selinux/ss/hashtab.h | 87 -
ANDROID_3.4.5/security/selinux/ss/mls.c | 654 ---
ANDROID_3.4.5/security/selinux/ss/mls.h | 91 -
ANDROID_3.4.5/security/selinux/ss/mls_types.h | 51 -
ANDROID_3.4.5/security/selinux/ss/policydb.c | 3379 -----------
ANDROID_3.4.5/security/selinux/ss/policydb.h | 345 --
ANDROID_3.4.5/security/selinux/ss/services.c | 3226 -----------
ANDROID_3.4.5/security/selinux/ss/services.h | 15 -
ANDROID_3.4.5/security/selinux/ss/sidtab.c | 313 --
ANDROID_3.4.5/security/selinux/ss/sidtab.h | 56 -
ANDROID_3.4.5/security/selinux/ss/status.c | 126 -
ANDROID_3.4.5/security/selinux/ss/symtab.c | 43 -
ANDROID_3.4.5/security/selinux/ss/symtab.h | 23 -
ANDROID_3.4.5/security/selinux/xfrm.c | 490 --
ANDROID_3.4.5/security/smack/Kconfig | 10 -
ANDROID_3.4.5/security/smack/Makefile | 7 -
ANDROID_3.4.5/security/smack/smack.h | 394 --
ANDROID_3.4.5/security/smack/smack_access.c | 557 --
ANDROID_3.4.5/security/smack/smack_lsm.c | 3725 ------------
ANDROID_3.4.5/security/smack/smackfs.c | 1620 ------
ANDROID_3.4.5/security/tomoyo/Kconfig | 74 -
ANDROID_3.4.5/security/tomoyo/Makefile | 48 -
ANDROID_3.4.5/security/tomoyo/audit.c | 461 --
ANDROID_3.4.5/security/tomoyo/common.c | 2806 ----------
ANDROID_3.4.5/security/tomoyo/common.h | 1331 -----
ANDROID_3.4.5/security/tomoyo/condition.c | 1094 ----
ANDROID_3.4.5/security/tomoyo/domain.c | 901 ---
ANDROID_3.4.5/security/tomoyo/environ.c | 122 -
ANDROID_3.4.5/security/tomoyo/file.c | 1026 ----
ANDROID_3.4.5/security/tomoyo/gc.c | 655 ---
ANDROID_3.4.5/security/tomoyo/group.c | 198 -
ANDROID_3.4.5/security/tomoyo/load_policy.c | 109 -
ANDROID_3.4.5/security/tomoyo/memory.c | 201 -
ANDROID_3.4.5/security/tomoyo/mount.c | 235 -
ANDROID_3.4.5/security/tomoyo/network.c | 771 ---
ANDROID_3.4.5/security/tomoyo/realpath.c | 328 --
ANDROID_3.4.5/security/tomoyo/securityfs_if.c | 273 -
ANDROID_3.4.5/security/tomoyo/tomoyo.c | 560 --
ANDROID_3.4.5/security/tomoyo/util.c | 1090 ----
ANDROID_3.4.5/security/yama/Kconfig | 13 -
ANDROID_3.4.5/security/yama/Makefile | 3 -
ANDROID_3.4.5/security/yama/yama_lsm.c | 323 --
163 files changed, 67854 deletions(-)
delete mode 100644 ANDROID_3.4.5/security/Kconfig
delete mode 100644 ANDROID_3.4.5/security/Makefile
delete mode 100644 ANDROID_3.4.5/security/apparmor/Kconfig
delete mode 100644 ANDROID_3.4.5/security/apparmor/Makefile
delete mode 100644 ANDROID_3.4.5/security/apparmor/apparmorfs.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/audit.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/capability.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/context.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/domain.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/file.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/apparmor.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/apparmorfs.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/audit.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/capability.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/context.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/domain.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/file.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/ipc.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/match.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/path.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/policy.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/policy_unpack.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/procattr.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/resource.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/include/sid.h
delete mode 100644 ANDROID_3.4.5/security/apparmor/ipc.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/lib.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/lsm.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/match.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/path.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/policy.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/policy_unpack.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/procattr.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/resource.c
delete mode 100644 ANDROID_3.4.5/security/apparmor/sid.c
delete mode 100644 ANDROID_3.4.5/security/capability.c
delete mode 100644 ANDROID_3.4.5/security/commoncap.c
delete mode 100644 ANDROID_3.4.5/security/device_cgroup.c
delete mode 100644 ANDROID_3.4.5/security/inode.c
delete mode 100644 ANDROID_3.4.5/security/integrity/Kconfig
delete mode 100644 ANDROID_3.4.5/security/integrity/Makefile
delete mode 100644 ANDROID_3.4.5/security/integrity/digsig.c
delete mode 100644 ANDROID_3.4.5/security/integrity/evm/Kconfig
delete mode 100644 ANDROID_3.4.5/security/integrity/evm/Makefile
delete mode 100644 ANDROID_3.4.5/security/integrity/evm/evm.h
delete mode 100644 ANDROID_3.4.5/security/integrity/evm/evm_crypto.c
delete mode 100644 ANDROID_3.4.5/security/integrity/evm/evm_main.c
delete mode 100644 ANDROID_3.4.5/security/integrity/evm/evm_posix_acl.c
delete mode 100644 ANDROID_3.4.5/security/integrity/evm/evm_secfs.c
delete mode 100644 ANDROID_3.4.5/security/integrity/iint.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/Kconfig
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/Makefile
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima.h
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_api.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_audit.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_crypto.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_fs.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_init.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_main.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_policy.c
delete mode 100644 ANDROID_3.4.5/security/integrity/ima/ima_queue.c
delete mode 100644 ANDROID_3.4.5/security/integrity/integrity.h
delete mode 100644 ANDROID_3.4.5/security/keys/Makefile
delete mode 100644 ANDROID_3.4.5/security/keys/compat.c
delete mode 100644 ANDROID_3.4.5/security/keys/encrypted-keys/Makefile
delete mode 100644 ANDROID_3.4.5/security/keys/encrypted-keys/ecryptfs_format.c
delete mode 100644 ANDROID_3.4.5/security/keys/encrypted-keys/ecryptfs_format.h
delete mode 100644 ANDROID_3.4.5/security/keys/encrypted-keys/encrypted.c
delete mode 100644 ANDROID_3.4.5/security/keys/encrypted-keys/encrypted.h
delete mode 100644 ANDROID_3.4.5/security/keys/encrypted-keys/masterkey_trusted.c
delete mode 100644 ANDROID_3.4.5/security/keys/gc.c
delete mode 100644 ANDROID_3.4.5/security/keys/internal.h
delete mode 100644 ANDROID_3.4.5/security/keys/key.c
delete mode 100644 ANDROID_3.4.5/security/keys/keyctl.c
delete mode 100644 ANDROID_3.4.5/security/keys/keyring.c
delete mode 100644 ANDROID_3.4.5/security/keys/permission.c
delete mode 100644 ANDROID_3.4.5/security/keys/proc.c
delete mode 100644 ANDROID_3.4.5/security/keys/process_keys.c
delete mode 100644 ANDROID_3.4.5/security/keys/request_key.c
delete mode 100644 ANDROID_3.4.5/security/keys/request_key_auth.c
delete mode 100644 ANDROID_3.4.5/security/keys/sysctl.c
delete mode 100644 ANDROID_3.4.5/security/keys/trusted.c
delete mode 100644 ANDROID_3.4.5/security/keys/trusted.h
delete mode 100644 ANDROID_3.4.5/security/keys/user_defined.c
delete mode 100644 ANDROID_3.4.5/security/lsm_audit.c
delete mode 100644 ANDROID_3.4.5/security/min_addr.c
delete mode 100644 ANDROID_3.4.5/security/security.c
delete mode 100644 ANDROID_3.4.5/security/selinux/Kconfig
delete mode 100644 ANDROID_3.4.5/security/selinux/Makefile
delete mode 100644 ANDROID_3.4.5/security/selinux/avc.c
delete mode 100644 ANDROID_3.4.5/security/selinux/exports.c
delete mode 100644 ANDROID_3.4.5/security/selinux/hooks.c
delete mode 100644 ANDROID_3.4.5/security/selinux/include/audit.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/avc.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/avc_ss.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/classmap.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/conditional.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/initial_sid_to_string.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/netif.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/netlabel.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/netnode.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/netport.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/objsec.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/security.h
delete mode 100644 ANDROID_3.4.5/security/selinux/include/xfrm.h
delete mode 100644 ANDROID_3.4.5/security/selinux/netif.c
delete mode 100644 ANDROID_3.4.5/security/selinux/netlabel.c
delete mode 100644 ANDROID_3.4.5/security/selinux/netlink.c
delete mode 100644 ANDROID_3.4.5/security/selinux/netnode.c
delete mode 100644 ANDROID_3.4.5/security/selinux/netport.c
delete mode 100644 ANDROID_3.4.5/security/selinux/nlmsgtab.c
delete mode 100644 ANDROID_3.4.5/security/selinux/selinuxfs.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/avtab.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/avtab.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/conditional.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/conditional.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/constraint.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/context.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/ebitmap.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/ebitmap.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/hashtab.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/hashtab.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/mls.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/mls.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/mls_types.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/policydb.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/policydb.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/services.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/services.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/sidtab.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/sidtab.h
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/status.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/symtab.c
delete mode 100644 ANDROID_3.4.5/security/selinux/ss/symtab.h
delete mode 100644 ANDROID_3.4.5/security/selinux/xfrm.c
delete mode 100644 ANDROID_3.4.5/security/smack/Kconfig
delete mode 100644 ANDROID_3.4.5/security/smack/Makefile
delete mode 100644 ANDROID_3.4.5/security/smack/smack.h
delete mode 100644 ANDROID_3.4.5/security/smack/smack_access.c
delete mode 100644 ANDROID_3.4.5/security/smack/smack_lsm.c
delete mode 100644 ANDROID_3.4.5/security/smack/smackfs.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/Kconfig
delete mode 100644 ANDROID_3.4.5/security/tomoyo/Makefile
delete mode 100644 ANDROID_3.4.5/security/tomoyo/audit.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/common.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/common.h
delete mode 100644 ANDROID_3.4.5/security/tomoyo/condition.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/domain.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/environ.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/file.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/gc.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/group.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/load_policy.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/memory.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/mount.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/network.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/realpath.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/securityfs_if.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/tomoyo.c
delete mode 100644 ANDROID_3.4.5/security/tomoyo/util.c
delete mode 100644 ANDROID_3.4.5/security/yama/Kconfig
delete mode 100644 ANDROID_3.4.5/security/yama/Makefile
delete mode 100644 ANDROID_3.4.5/security/yama/yama_lsm.c
(limited to 'ANDROID_3.4.5/security')
diff --git a/ANDROID_3.4.5/security/Kconfig b/ANDROID_3.4.5/security/Kconfig
deleted file mode 100644
index ccc61f80..00000000
--- a/ANDROID_3.4.5/security/Kconfig
+++ /dev/null
@@ -1,237 +0,0 @@
-#
-# Security configuration
-#
-
-menu "Security options"
-
-config KEYS
- bool "Enable access key retention support"
- help
- This option provides support for retaining authentication tokens and
- access keys in the kernel.
-
- It also includes provision of methods by which such keys might be
- associated with a process so that network filesystems, encryption
- support and the like can find them.
-
- Furthermore, a special type of key is available that acts as keyring:
- a searchable sequence of keys. Each process is equipped with access
- to five standard keyrings: UID-specific, GID-specific, session,
- process and thread.
-
- If you are unsure as to whether this is required, answer N.
-
-config TRUSTED_KEYS
- tristate "TRUSTED KEYS"
- depends on KEYS && TCG_TPM
- select CRYPTO
- select CRYPTO_HMAC
- select CRYPTO_SHA1
- help
- This option provides support for creating, sealing, and unsealing
- keys in the kernel. Trusted keys are random number symmetric keys,
- generated and RSA-sealed by the TPM. The TPM only unseals the keys,
- if the boot PCRs and other criteria match. Userspace will only ever
- see encrypted blobs.
-
- If you are unsure as to whether this is required, answer N.
-
-config ENCRYPTED_KEYS
- tristate "ENCRYPTED KEYS"
- depends on KEYS
- select CRYPTO
- select CRYPTO_HMAC
- select CRYPTO_AES
- select CRYPTO_CBC
- select CRYPTO_SHA256
- select CRYPTO_RNG
- help
- This option provides support for create/encrypting/decrypting keys
- in the kernel. Encrypted keys are kernel generated random numbers,
- which are encrypted/decrypted with a 'master' symmetric key. The
- 'master' key can be either a trusted-key or user-key type.
- Userspace only ever sees/stores encrypted blobs.
-
- If you are unsure as to whether this is required, answer N.
-
-config KEYS_DEBUG_PROC_KEYS
- bool "Enable the /proc/keys file by which keys may be viewed"
- depends on KEYS
- help
- This option turns on support for the /proc/keys file - through which
- can be listed all the keys on the system that are viewable by the
- reading process.
-
- The only keys included in the list are those that grant View
- permission to the reading process whether or not it possesses them.
- Note that LSM security checks are still performed, and may further
- filter out keys that the current process is not authorised to view.
-
- Only key attributes are listed here; key payloads are not included in
- the resulting table.
-
- If you are unsure as to whether this is required, answer N.
-
-config SECURITY_DMESG_RESTRICT
- bool "Restrict unprivileged access to the kernel syslog"
- default n
- help
- This enforces restrictions on unprivileged users reading the kernel
- syslog via dmesg(8).
-
- If this option is not selected, no restrictions will be enforced
- unless the dmesg_restrict sysctl is explicitly set to (1).
-
- If you are unsure how to answer this question, answer N.
-
-config SECURITY
- bool "Enable different security models"
- depends on SYSFS
- help
- This allows you to choose different security modules to be
- configured into your kernel.
-
- If this option is not selected, the default Linux security
- model will be used.
-
- If you are unsure how to answer this question, answer N.
-
-config SECURITYFS
- bool "Enable the securityfs filesystem"
- help
- This will build the securityfs filesystem. It is currently used by
- the TPM bios character driver and IMA, an integrity provider. It is
- not used by SELinux or SMACK.
-
- If you are unsure how to answer this question, answer N.
-
-config SECURITY_NETWORK
- bool "Socket and Networking Security Hooks"
- depends on SECURITY
- help
- This enables the socket and networking security hooks.
- If enabled, a security module can use these hooks to
- implement socket and networking access controls.
- If you are unsure how to answer this question, answer N.
-
-config SECURITY_NETWORK_XFRM
- bool "XFRM (IPSec) Networking Security Hooks"
- depends on XFRM && SECURITY_NETWORK
- help
- This enables the XFRM (IPSec) networking security hooks.
- If enabled, a security module can use these hooks to
- implement per-packet access controls based on labels
- derived from IPSec policy. Non-IPSec communications are
- designated as unlabelled, and only sockets authorized
- to communicate unlabelled data can send without using
- IPSec.
- If you are unsure how to answer this question, answer N.
-
-config SECURITY_PATH
- bool "Security hooks for pathname based access control"
- depends on SECURITY
- help
- This enables the security hooks for pathname based access control.
- If enabled, a security module can use these hooks to
- implement pathname based access controls.
- If you are unsure how to answer this question, answer N.
-
-config INTEL_TXT
- bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
- depends on HAVE_INTEL_TXT
- help
- This option enables support for booting the kernel with the
- Trusted Boot (tboot) module. This will utilize
- Intel(R) Trusted Execution Technology to perform a measured launch
- of the kernel. If the system does not support Intel(R) TXT, this
- will have no effect.
-
- Intel TXT will provide higher assurance of system configuration and
- initial state as well as data reset protection. This is used to
- create a robust initial kernel measurement and verification, which
- helps to ensure that kernel security mechanisms are functioning
- correctly. This level of protection requires a root of trust outside
- of the kernel itself.
-
- Intel TXT also helps solve real end user concerns about having
- confidence that their hardware is running the VMM or kernel that
- it was configured with, especially since they may be responsible for
- providing such assurances to VMs and services running on it.
-
- See for more information
- about Intel(R) TXT.
- See for more information about tboot.
- See Documentation/intel_txt.txt for a description of how to enable
- Intel TXT support in a kernel boot.
-
- If you are unsure as to whether this is required, answer N.
-
-config LSM_MMAP_MIN_ADDR
- int "Low address space for LSM to protect from user allocation"
- depends on SECURITY && SECURITY_SELINUX
- default 32768 if ARM
- default 65536
- help
- This is the portion of low virtual memory which should be protected
- from userspace allocation. Keeping a user from writing to low pages
- can help reduce the impact of kernel NULL pointer bugs.
-
- For most ia64, ppc64 and x86 users with lots of address space
- a value of 65536 is reasonable and should cause no problems.
- On arm and other archs it should not be higher than 32768.
- Programs which use vm86 functionality or have some need to map
- this low address space will need the permission specific to the
- systems running LSM.
-
-source security/selinux/Kconfig
-source security/smack/Kconfig
-source security/tomoyo/Kconfig
-source security/apparmor/Kconfig
-source security/yama/Kconfig
-
-source security/integrity/Kconfig
-
-choice
- prompt "Default security module"
- default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
- default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
- default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
- default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
- default DEFAULT_SECURITY_YAMA if SECURITY_YAMA
- default DEFAULT_SECURITY_DAC
-
- help
- Select the security module that will be used by default if the
- kernel parameter security= is not specified.
-
- config DEFAULT_SECURITY_SELINUX
- bool "SELinux" if SECURITY_SELINUX=y
-
- config DEFAULT_SECURITY_SMACK
- bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
-
- config DEFAULT_SECURITY_TOMOYO
- bool "TOMOYO" if SECURITY_TOMOYO=y
-
- config DEFAULT_SECURITY_APPARMOR
- bool "AppArmor" if SECURITY_APPARMOR=y
-
- config DEFAULT_SECURITY_YAMA
- bool "Yama" if SECURITY_YAMA=y
-
- config DEFAULT_SECURITY_DAC
- bool "Unix Discretionary Access Controls"
-
-endchoice
-
-config DEFAULT_SECURITY
- string
- default "selinux" if DEFAULT_SECURITY_SELINUX
- default "smack" if DEFAULT_SECURITY_SMACK
- default "tomoyo" if DEFAULT_SECURITY_TOMOYO
- default "apparmor" if DEFAULT_SECURITY_APPARMOR
- default "yama" if DEFAULT_SECURITY_YAMA
- default "" if DEFAULT_SECURITY_DAC
-
-endmenu
-
diff --git a/ANDROID_3.4.5/security/Makefile b/ANDROID_3.4.5/security/Makefile
deleted file mode 100644
index c26c81e9..00000000
--- a/ANDROID_3.4.5/security/Makefile
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# Makefile for the kernel security code
-#
-
-obj-$(CONFIG_KEYS) += keys/
-subdir-$(CONFIG_SECURITY_SELINUX) += selinux
-subdir-$(CONFIG_SECURITY_SMACK) += smack
-subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
-subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
-subdir-$(CONFIG_SECURITY_YAMA) += yama
-
-# always enable default capabilities
-obj-y += commoncap.o
-obj-$(CONFIG_MMU) += min_addr.o
-
-# Object file lists
-obj-$(CONFIG_SECURITY) += security.o capability.o
-obj-$(CONFIG_SECURITYFS) += inode.o
-# Must precede capability.o in order to stack properly.
-obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
-obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
-obj-$(CONFIG_AUDIT) += lsm_audit.o
-obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
-obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o
-obj-$(CONFIG_SECURITY_YAMA) += yama/built-in.o
-obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
-
-# Object integrity file lists
-subdir-$(CONFIG_INTEGRITY) += integrity
-obj-$(CONFIG_INTEGRITY) += integrity/built-in.o
diff --git a/ANDROID_3.4.5/security/apparmor/Kconfig b/ANDROID_3.4.5/security/apparmor/Kconfig
deleted file mode 100644
index 9b9013b2..00000000
--- a/ANDROID_3.4.5/security/apparmor/Kconfig
+++ /dev/null
@@ -1,31 +0,0 @@
-config SECURITY_APPARMOR
- bool "AppArmor support"
- depends on SECURITY && NET
- select AUDIT
- select SECURITY_PATH
- select SECURITYFS
- select SECURITY_NETWORK
- default n
- help
- This enables the AppArmor security module.
- Required userspace tools (if they are not included in your
- distribution) and further information may be found at
- http://apparmor.wiki.kernel.org
-
- If you are unsure how to answer this question, answer N.
-
-config SECURITY_APPARMOR_BOOTPARAM_VALUE
- int "AppArmor boot parameter default value"
- depends on SECURITY_APPARMOR
- range 0 1
- default 1
- help
- This option sets the default value for the kernel parameter
- 'apparmor', which allows AppArmor to be enabled or disabled
- at boot. If this option is set to 0 (zero), the AppArmor
- kernel parameter will default to 0, disabling AppArmor at
- boot. If this option is set to 1 (one), the AppArmor
- kernel parameter will default to 1, enabling AppArmor at
- boot.
-
- If you are unsure how to answer this question, answer 1.
diff --git a/ANDROID_3.4.5/security/apparmor/Makefile b/ANDROID_3.4.5/security/apparmor/Makefile
deleted file mode 100644
index 806bd19a..00000000
--- a/ANDROID_3.4.5/security/apparmor/Makefile
+++ /dev/null
@@ -1,65 +0,0 @@
-# Makefile for AppArmor Linux Security Module
-#
-obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
-
-apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
- path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
- resource.o sid.o file.o
-
-clean-files := capability_names.h rlim_names.h
-
-
-# Build a lower case string table of capability names
-# Transforms lines from
-# #define CAP_DAC_OVERRIDE 1
-# to
-# [1] = "dac_override",
-quiet_cmd_make-caps = GEN $@
-cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
- sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
- -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
- echo "};" >> $@
-
-
-# Build a lower case string table of rlimit names.
-# Transforms lines from
-# #define RLIMIT_STACK 3 /* max stack size */
-# to
-# [RLIMIT_STACK] = "stack",
-#
-# and build a second integer table (with the second sed cmd), that maps
-# RLIMIT defines to the order defined in asm-generic/resource.h This is
-# required by policy load to map policy ordering of RLIMITs to internal
-# ordering for architectures that redefine an RLIMIT.
-# Transforms lines from
-# #define RLIMIT_STACK 3 /* max stack size */
-# to
-# RLIMIT_STACK,
-#
-# and build the securityfs entries for the mapping.
-# Transforms lines from
-# #define RLIMIT_FSIZE 1 /* Maximum filesize */
-# #define RLIMIT_STACK 3 /* max stack size */
-# to
-# #define AA_FS_RLIMIT_MASK "fsize stack"
-quiet_cmd_make-rlim = GEN $@
-cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \
- > $@ ;\
- sed $< >> $@ -r -n \
- -e 's/^\# ?define[ \t]+(RLIMIT_([A-Z0-9_]+)).*/[\1] = "\L\2",/p';\
- echo "};" >> $@ ;\
- echo "static const int rlim_map[RLIM_NLIMITS] = {" >> $@ ;\
- sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
- echo "};" >> $@ ; \
- echo -n '\#define AA_FS_RLIMIT_MASK "' >> $@ ;\
- sed -r -n 's/^\# ?define[ \t]+RLIMIT_([A-Z0-9_]+).*/\L\1/p' $< | \
- tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
-
-$(obj)/capability.o : $(obj)/capability_names.h
-$(obj)/resource.o : $(obj)/rlim_names.h
-$(obj)/capability_names.h : $(srctree)/include/linux/capability.h \
- $(src)/Makefile
- $(call cmd,make-caps)
-$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h \
- $(src)/Makefile
- $(call cmd,make-rlim)
diff --git a/ANDROID_3.4.5/security/apparmor/apparmorfs.c b/ANDROID_3.4.5/security/apparmor/apparmorfs.c
deleted file mode 100644
index 16c15ec6..00000000
--- a/ANDROID_3.4.5/security/apparmor/apparmorfs.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor /sys/kernel/security/apparmor interface functions
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/apparmorfs.h"
-#include "include/audit.h"
-#include "include/context.h"
-#include "include/policy.h"
-#include "include/resource.h"
-
-/**
- * aa_simple_write_to_buffer - common routine for getting policy from user
- * @op: operation doing the user buffer copy
- * @userbuf: user buffer to copy data from (NOT NULL)
- * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
- * @copy_size: size of data to copy from user buffer
- * @pos: position write is at in the file (NOT NULL)
- *
- * Returns: kernel buffer containing copy of user buffer data or an
- * ERR_PTR on failure.
- */
-static char *aa_simple_write_to_buffer(int op, const char __user *userbuf,
- size_t alloc_size, size_t copy_size,
- loff_t *pos)
-{
- char *data;
-
- BUG_ON(copy_size > alloc_size);
-
- if (*pos != 0)
- /* only writes from pos 0, that is complete writes */
- return ERR_PTR(-ESPIPE);
-
- /*
- * Don't allow profile load/replace/remove from profiles that don't
- * have CAP_MAC_ADMIN
- */
- if (!aa_may_manage_policy(op))
- return ERR_PTR(-EACCES);
-
- /* freed by caller to simple_write_to_buffer */
- data = kvmalloc(alloc_size);
- if (data == NULL)
- return ERR_PTR(-ENOMEM);
-
- if (copy_from_user(data, userbuf, copy_size)) {
- kvfree(data);
- return ERR_PTR(-EFAULT);
- }
-
- return data;
-}
-
-
-/* .load file hook fn to load policy */
-static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
- loff_t *pos)
-{
- char *data;
- ssize_t error;
-
- data = aa_simple_write_to_buffer(OP_PROF_LOAD, buf, size, size, pos);
-
- error = PTR_ERR(data);
- if (!IS_ERR(data)) {
- error = aa_replace_profiles(data, size, PROF_ADD);
- kvfree(data);
- }
-
- return error;
-}
-
-static const struct file_operations aa_fs_profile_load = {
- .write = profile_load,
- .llseek = default_llseek,
-};
-
-/* .replace file hook fn to load and/or replace policy */
-static ssize_t profile_replace(struct file *f, const char __user *buf,
- size_t size, loff_t *pos)
-{
- char *data;
- ssize_t error;
-
- data = aa_simple_write_to_buffer(OP_PROF_REPL, buf, size, size, pos);
- error = PTR_ERR(data);
- if (!IS_ERR(data)) {
- error = aa_replace_profiles(data, size, PROF_REPLACE);
- kvfree(data);
- }
-
- return error;
-}
-
-static const struct file_operations aa_fs_profile_replace = {
- .write = profile_replace,
- .llseek = default_llseek,
-};
-
-/* .remove file hook fn to remove loaded policy */
-static ssize_t profile_remove(struct file *f, const char __user *buf,
- size_t size, loff_t *pos)
-{
- char *data;
- ssize_t error;
-
- /*
- * aa_remove_profile needs a null terminated string so 1 extra
- * byte is allocated and the copied data is null terminated.
- */
- data = aa_simple_write_to_buffer(OP_PROF_RM, buf, size + 1, size, pos);
-
- error = PTR_ERR(data);
- if (!IS_ERR(data)) {
- data[size] = 0;
- error = aa_remove_profiles(data, size);
- kvfree(data);
- }
-
- return error;
-}
-
-static const struct file_operations aa_fs_profile_remove = {
- .write = profile_remove,
- .llseek = default_llseek,
-};
-
-static int aa_fs_seq_show(struct seq_file *seq, void *v)
-{
- struct aa_fs_entry *fs_file = seq->private;
-
- if (!fs_file)
- return 0;
-
- switch (fs_file->v_type) {
- case AA_FS_TYPE_BOOLEAN:
- seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
- break;
- case AA_FS_TYPE_STRING:
- seq_printf(seq, "%s\n", fs_file->v.string);
- break;
- case AA_FS_TYPE_U64:
- seq_printf(seq, "%#08lx\n", fs_file->v.u64);
- break;
- default:
- /* Ignore unpritable entry types. */
- break;
- }
-
- return 0;
-}
-
-static int aa_fs_seq_open(struct inode *inode, struct file *file)
-{
- return single_open(file, aa_fs_seq_show, inode->i_private);
-}
-
-const struct file_operations aa_fs_seq_file_ops = {
- .owner = THIS_MODULE,
- .open = aa_fs_seq_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = single_release,
-};
-
-/** Base file system setup **/
-
-static struct aa_fs_entry aa_fs_entry_file[] = {
- AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
- "link lock"),
- { }
-};
-
-static struct aa_fs_entry aa_fs_entry_domain[] = {
- AA_FS_FILE_BOOLEAN("change_hat", 1),
- AA_FS_FILE_BOOLEAN("change_hatv", 1),
- AA_FS_FILE_BOOLEAN("change_onexec", 1),
- AA_FS_FILE_BOOLEAN("change_profile", 1),
- { }
-};
-
-static struct aa_fs_entry aa_fs_entry_features[] = {
- AA_FS_DIR("domain", aa_fs_entry_domain),
- AA_FS_DIR("file", aa_fs_entry_file),
- AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
- AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
- { }
-};
-
-static struct aa_fs_entry aa_fs_entry_apparmor[] = {
- AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
- AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
- AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
- AA_FS_DIR("features", aa_fs_entry_features),
- { }
-};
-
-static struct aa_fs_entry aa_fs_entry =
- AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
-
-/**
- * aafs_create_file - create a file entry in the apparmor securityfs
- * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
- * @parent: the parent dentry in the securityfs
- *
- * Use aafs_remove_file to remove entries created with this fn.
- */
-static int __init aafs_create_file(struct aa_fs_entry *fs_file,
- struct dentry *parent)
-{
- int error = 0;
-
- fs_file->dentry = securityfs_create_file(fs_file->name,
- S_IFREG | fs_file->mode,
- parent, fs_file,
- fs_file->file_ops);
- if (IS_ERR(fs_file->dentry)) {
- error = PTR_ERR(fs_file->dentry);
- fs_file->dentry = NULL;
- }
- return error;
-}
-
-/**
- * aafs_create_dir - recursively create a directory entry in the securityfs
- * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
- * @parent: the parent dentry in the securityfs
- *
- * Use aafs_remove_dir to remove entries created with this fn.
- */
-static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
- struct dentry *parent)
-{
- int error;
- struct aa_fs_entry *fs_file;
-
- fs_dir->dentry = securityfs_create_dir(fs_dir->name, parent);
- if (IS_ERR(fs_dir->dentry)) {
- error = PTR_ERR(fs_dir->dentry);
- fs_dir->dentry = NULL;
- goto failed;
- }
-
- for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
- if (fs_file->v_type == AA_FS_TYPE_DIR)
- error = aafs_create_dir(fs_file, fs_dir->dentry);
- else
- error = aafs_create_file(fs_file, fs_dir->dentry);
- if (error)
- goto failed;
- }
-
- return 0;
-
-failed:
- return error;
-}
-
-/**
- * aafs_remove_file - drop a single file entry in the apparmor securityfs
- * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
- */
-static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
-{
- if (!fs_file->dentry)
- return;
-
- securityfs_remove(fs_file->dentry);
- fs_file->dentry = NULL;
-}
-
-/**
- * aafs_remove_dir - recursively drop a directory entry from the securityfs
- * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
- */
-static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
-{
- struct aa_fs_entry *fs_file;
-
- for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
- if (fs_file->v_type == AA_FS_TYPE_DIR)
- aafs_remove_dir(fs_file);
- else
- aafs_remove_file(fs_file);
- }
-
- aafs_remove_file(fs_dir);
-}
-
-/**
- * aa_destroy_aafs - cleanup and free aafs
- *
- * releases dentries allocated by aa_create_aafs
- */
-void __init aa_destroy_aafs(void)
-{
- aafs_remove_dir(&aa_fs_entry);
-}
-
-/**
- * aa_create_aafs - create the apparmor security filesystem
- *
- * dentries created here are released by aa_destroy_aafs
- *
- * Returns: error on failure
- */
-static int __init aa_create_aafs(void)
-{
- int error;
-
- if (!apparmor_initialized)
- return 0;
-
- if (aa_fs_entry.dentry) {
- AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
- return -EEXIST;
- }
-
- /* Populate fs tree. */
- error = aafs_create_dir(&aa_fs_entry, NULL);
- if (error)
- goto error;
-
- /* TODO: add support for apparmorfs_null and apparmorfs_mnt */
-
- /* Report that AppArmor fs is enabled */
- aa_info_message("AppArmor Filesystem Enabled");
- return 0;
-
-error:
- aa_destroy_aafs();
- AA_ERROR("Error creating AppArmor securityfs\n");
- return error;
-}
-
-fs_initcall(aa_create_aafs);
diff --git a/ANDROID_3.4.5/security/apparmor/audit.c b/ANDROID_3.4.5/security/apparmor/audit.c
deleted file mode 100644
index cc3520d3..00000000
--- a/ANDROID_3.4.5/security/apparmor/audit.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor auditing functions
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/audit.h"
-#include "include/policy.h"
-
-const char *const op_table[] = {
- "null",
-
- "sysctl",
- "capable",
-
- "unlink",
- "mkdir",
- "rmdir",
- "mknod",
- "truncate",
- "link",
- "symlink",
- "rename_src",
- "rename_dest",
- "chmod",
- "chown",
- "getattr",
- "open",
-
- "file_perm",
- "file_lock",
- "file_mmap",
- "file_mprotect",
-
- "create",
- "post_create",
- "bind",
- "connect",
- "listen",
- "accept",
- "sendmsg",
- "recvmsg",
- "getsockname",
- "getpeername",
- "getsockopt",
- "setsockopt",
- "socket_shutdown",
-
- "ptrace",
-
- "exec",
- "change_hat",
- "change_profile",
- "change_onexec",
-
- "setprocattr",
- "setrlimit",
-
- "profile_replace",
- "profile_load",
- "profile_remove"
-};
-
-const char *const audit_mode_names[] = {
- "normal",
- "quiet_denied",
- "quiet",
- "noquiet",
- "all"
-};
-
-static const char *const aa_audit_type[] = {
- "AUDIT",
- "ALLOWED",
- "DENIED",
- "HINT",
- "STATUS",
- "ERROR",
- "KILLED"
- "AUTO"
-};
-
-/*
- * Currently AppArmor auditing is fed straight into the audit framework.
- *
- * TODO:
- * netlink interface for complain mode
- * user auditing, - send user auditing to netlink interface
- * system control of whether user audit messages go to system log
- */
-
-/**
- * audit_base - core AppArmor function.
- * @ab: audit buffer to fill (NOT NULL)
- * @ca: audit structure containing data to audit (NOT NULL)
- *
- * Record common AppArmor audit data from @sa
- */
-static void audit_pre(struct audit_buffer *ab, void *ca)
-{
- struct common_audit_data *sa = ca;
- struct task_struct *tsk = sa->tsk ? sa->tsk : current;
-
- if (aa_g_audit_header) {
- audit_log_format(ab, "apparmor=");
- audit_log_string(ab, aa_audit_type[sa->aad->type]);
- }
-
- if (sa->aad->op) {
- audit_log_format(ab, " operation=");
- audit_log_string(ab, op_table[sa->aad->op]);
- }
-
- if (sa->aad->info) {
- audit_log_format(ab, " info=");
- audit_log_string(ab, sa->aad->info);
- if (sa->aad->error)
- audit_log_format(ab, " error=%d", sa->aad->error);
- }
-
- if (sa->aad->profile) {
- struct aa_profile *profile = sa->aad->profile;
- pid_t pid;
- rcu_read_lock();
- pid = rcu_dereference(tsk->real_parent)->pid;
- rcu_read_unlock();
- audit_log_format(ab, " parent=%d", pid);
- if (profile->ns != root_ns) {
- audit_log_format(ab, " namespace=");
- audit_log_untrustedstring(ab, profile->ns->base.hname);
- }
- audit_log_format(ab, " profile=");
- audit_log_untrustedstring(ab, profile->base.hname);
- }
-
- if (sa->aad->name) {
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, sa->aad->name);
- }
-}
-
-/**
- * aa_audit_msg - Log a message to the audit subsystem
- * @sa: audit event structure (NOT NULL)
- * @cb: optional callback fn for type specific fields (MAYBE NULL)
- */
-void aa_audit_msg(int type, struct common_audit_data *sa,
- void (*cb) (struct audit_buffer *, void *))
-{
- sa->aad->type = type;
- common_lsm_audit(sa, audit_pre, cb);
-}
-
-/**
- * aa_audit - Log a profile based audit event to the audit subsystem
- * @type: audit type for the message
- * @profile: profile to check against (NOT NULL)
- * @gfp: allocation flags to use
- * @sa: audit event (NOT NULL)
- * @cb: optional callback fn for type specific fields (MAYBE NULL)
- *
- * Handle default message switching based off of audit mode flags
- *
- * Returns: error on failure
- */
-int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
- struct common_audit_data *sa,
- void (*cb) (struct audit_buffer *, void *))
-{
- BUG_ON(!profile);
-
- if (type == AUDIT_APPARMOR_AUTO) {
- if (likely(!sa->aad->error)) {
- if (AUDIT_MODE(profile) != AUDIT_ALL)
- return 0;
- type = AUDIT_APPARMOR_AUDIT;
- } else if (COMPLAIN_MODE(profile))
- type = AUDIT_APPARMOR_ALLOWED;
- else
- type = AUDIT_APPARMOR_DENIED;
- }
- if (AUDIT_MODE(profile) == AUDIT_QUIET ||
- (type == AUDIT_APPARMOR_DENIED &&
- AUDIT_MODE(profile) == AUDIT_QUIET))
- return sa->aad->error;
-
- if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
- type = AUDIT_APPARMOR_KILL;
-
- if (!unconfined(profile))
- sa->aad->profile = profile;
-
- aa_audit_msg(type, sa, cb);
-
- if (sa->aad->type == AUDIT_APPARMOR_KILL)
- (void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current);
-
- if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
- return complain_error(sa->aad->error);
-
- return sa->aad->error;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/capability.c b/ANDROID_3.4.5/security/apparmor/capability.c
deleted file mode 100644
index 088dba3b..00000000
--- a/ANDROID_3.4.5/security/apparmor/capability.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor capability mediation functions
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/capability.h"
-#include "include/context.h"
-#include "include/policy.h"
-#include "include/audit.h"
-
-/*
- * Table of capability names: we generate it from capabilities.h.
- */
-#include "capability_names.h"
-
-struct audit_cache {
- struct aa_profile *profile;
- kernel_cap_t caps;
-};
-
-static DEFINE_PER_CPU(struct audit_cache, audit_cache);
-
-/**
- * audit_cb - call back for capability components of audit struct
- * @ab - audit buffer (NOT NULL)
- * @va - audit struct to audit data from (NOT NULL)
- */
-static void audit_cb(struct audit_buffer *ab, void *va)
-{
- struct common_audit_data *sa = va;
- audit_log_format(ab, " capname=");
- audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
-}
-
-/**
- * audit_caps - audit a capability
- * @profile: profile confining task (NOT NULL)
- * @task: task capability test was performed against (NOT NULL)
- * @cap: capability tested
- * @error: error code returned by test
- *
- * Do auditing of capability and handle, audit/complain/kill modes switching
- * and duplicate message elimination.
- *
- * Returns: 0 or sa->error on success, error code on failure
- */
-static int audit_caps(struct aa_profile *profile, struct task_struct *task,
- int cap, int error)
-{
- struct audit_cache *ent;
- int type = AUDIT_APPARMOR_AUTO;
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, CAP);
- sa.aad = &aad;
- sa.tsk = task;
- sa.u.cap = cap;
- sa.aad->op = OP_CAPABLE;
- sa.aad->error = error;
-
- if (likely(!error)) {
- /* test if auditing is being forced */
- if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
- !cap_raised(profile->caps.audit, cap)))
- return 0;
- type = AUDIT_APPARMOR_AUDIT;
- } else if (KILL_MODE(profile) ||
- cap_raised(profile->caps.kill, cap)) {
- type = AUDIT_APPARMOR_KILL;
- } else if (cap_raised(profile->caps.quiet, cap) &&
- AUDIT_MODE(profile) != AUDIT_NOQUIET &&
- AUDIT_MODE(profile) != AUDIT_ALL) {
- /* quiet auditing */
- return error;
- }
-
- /* Do simple duplicate message elimination */
- ent = &get_cpu_var(audit_cache);
- if (profile == ent->profile && cap_raised(ent->caps, cap)) {
- put_cpu_var(audit_cache);
- if (COMPLAIN_MODE(profile))
- return complain_error(error);
- return error;
- } else {
- aa_put_profile(ent->profile);
- ent->profile = aa_get_profile(profile);
- cap_raise(ent->caps, cap);
- }
- put_cpu_var(audit_cache);
-
- return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
-}
-
-/**
- * profile_capable - test if profile allows use of capability @cap
- * @profile: profile being enforced (NOT NULL, NOT unconfined)
- * @cap: capability to test if allowed
- *
- * Returns: 0 if allowed else -EPERM
- */
-static int profile_capable(struct aa_profile *profile, int cap)
-{
- return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
-}
-
-/**
- * aa_capable - test permission to use capability
- * @task: task doing capability test against (NOT NULL)
- * @profile: profile confining @task (NOT NULL)
- * @cap: capability to be tested
- * @audit: whether an audit record should be generated
- *
- * Look up capability in profile capability set.
- *
- * Returns: 0 on success, or else an error code.
- */
-int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
- int audit)
-{
- int error = profile_capable(profile, cap);
-
- if (!audit) {
- if (COMPLAIN_MODE(profile))
- return complain_error(error);
- return error;
- }
-
- return audit_caps(profile, task, cap, error);
-}
diff --git a/ANDROID_3.4.5/security/apparmor/context.c b/ANDROID_3.4.5/security/apparmor/context.c
deleted file mode 100644
index 8a9b5027..00000000
--- a/ANDROID_3.4.5/security/apparmor/context.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor functions used to manipulate object security
- * contexts.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- *
- * AppArmor sets confinement on every task, via the the aa_task_cxt and
- * the aa_task_cxt.profile, both of which are required and are not allowed
- * to be NULL. The aa_task_cxt is not reference counted and is unique
- * to each cred (which is reference count). The profile pointed to by
- * the task_cxt is reference counted.
- *
- * TODO
- * If a task uses change_hat it currently does not return to the old
- * cred or task context but instead creates a new one. Ideally the task
- * should return to the previous cred if it has not been modified.
- *
- */
-
-#include "include/context.h"
-#include "include/policy.h"
-
-/**
- * aa_alloc_task_context - allocate a new task_cxt
- * @flags: gfp flags for allocation
- *
- * Returns: allocated buffer or NULL on failure
- */
-struct aa_task_cxt *aa_alloc_task_context(gfp_t flags)
-{
- return kzalloc(sizeof(struct aa_task_cxt), flags);
-}
-
-/**
- * aa_free_task_context - free a task_cxt
- * @cxt: task_cxt to free (MAYBE NULL)
- */
-void aa_free_task_context(struct aa_task_cxt *cxt)
-{
- if (cxt) {
- aa_put_profile(cxt->profile);
- aa_put_profile(cxt->previous);
- aa_put_profile(cxt->onexec);
-
- kzfree(cxt);
- }
-}
-
-/**
- * aa_dup_task_context - duplicate a task context, incrementing reference counts
- * @new: a blank task context (NOT NULL)
- * @old: the task context to copy (NOT NULL)
- */
-void aa_dup_task_context(struct aa_task_cxt *new, const struct aa_task_cxt *old)
-{
- *new = *old;
- aa_get_profile(new->profile);
- aa_get_profile(new->previous);
- aa_get_profile(new->onexec);
-}
-
-/**
- * aa_replace_current_profile - replace the current tasks profiles
- * @profile: new profile (NOT NULL)
- *
- * Returns: 0 or error on failure
- */
-int aa_replace_current_profile(struct aa_profile *profile)
-{
- struct aa_task_cxt *cxt = current_cred()->security;
- struct cred *new;
- BUG_ON(!profile);
-
- if (cxt->profile == profile)
- return 0;
-
- new = prepare_creds();
- if (!new)
- return -ENOMEM;
-
- cxt = new->security;
- if (unconfined(profile) || (cxt->profile->ns != profile->ns)) {
- /* if switching to unconfined or a different profile namespace
- * clear out context state
- */
- aa_put_profile(cxt->previous);
- aa_put_profile(cxt->onexec);
- cxt->previous = NULL;
- cxt->onexec = NULL;
- cxt->token = 0;
- }
- /* be careful switching cxt->profile, when racing replacement it
- * is possible that cxt->profile->replacedby is the reference keeping
- * @profile valid, so make sure to get its reference before dropping
- * the reference on cxt->profile */
- aa_get_profile(profile);
- aa_put_profile(cxt->profile);
- cxt->profile = profile;
-
- commit_creds(new);
- return 0;
-}
-
-/**
- * aa_set_current_onexec - set the tasks change_profile to happen onexec
- * @profile: system profile to set at exec (MAYBE NULL to clear value)
- *
- * Returns: 0 or error on failure
- */
-int aa_set_current_onexec(struct aa_profile *profile)
-{
- struct aa_task_cxt *cxt;
- struct cred *new = prepare_creds();
- if (!new)
- return -ENOMEM;
-
- cxt = new->security;
- aa_get_profile(profile);
- aa_put_profile(cxt->onexec);
- cxt->onexec = profile;
-
- commit_creds(new);
- return 0;
-}
-
-/**
- * aa_set_current_hat - set the current tasks hat
- * @profile: profile to set as the current hat (NOT NULL)
- * @token: token value that must be specified to change from the hat
- *
- * Do switch of tasks hat. If the task is currently in a hat
- * validate the token to match.
- *
- * Returns: 0 or error on failure
- */
-int aa_set_current_hat(struct aa_profile *profile, u64 token)
-{
- struct aa_task_cxt *cxt;
- struct cred *new = prepare_creds();
- if (!new)
- return -ENOMEM;
- BUG_ON(!profile);
-
- cxt = new->security;
- if (!cxt->previous) {
- /* transfer refcount */
- cxt->previous = cxt->profile;
- cxt->token = token;
- } else if (cxt->token == token) {
- aa_put_profile(cxt->profile);
- } else {
- /* previous_profile && cxt->token != token */
- abort_creds(new);
- return -EACCES;
- }
- cxt->profile = aa_get_profile(aa_newest_version(profile));
- /* clear exec on switching context */
- aa_put_profile(cxt->onexec);
- cxt->onexec = NULL;
-
- commit_creds(new);
- return 0;
-}
-
-/**
- * aa_restore_previous_profile - exit from hat context restoring the profile
- * @token: the token that must be matched to exit hat context
- *
- * Attempt to return out of a hat to the previous profile. The token
- * must match the stored token value.
- *
- * Returns: 0 or error of failure
- */
-int aa_restore_previous_profile(u64 token)
-{
- struct aa_task_cxt *cxt;
- struct cred *new = prepare_creds();
- if (!new)
- return -ENOMEM;
-
- cxt = new->security;
- if (cxt->token != token) {
- abort_creds(new);
- return -EACCES;
- }
- /* ignore restores when there is no saved profile */
- if (!cxt->previous) {
- abort_creds(new);
- return 0;
- }
-
- aa_put_profile(cxt->profile);
- cxt->profile = aa_newest_version(cxt->previous);
- BUG_ON(!cxt->profile);
- if (unlikely(cxt->profile != cxt->previous)) {
- aa_get_profile(cxt->profile);
- aa_put_profile(cxt->previous);
- }
- /* clear exec && prev information when restoring to previous context */
- cxt->previous = NULL;
- cxt->token = 0;
- aa_put_profile(cxt->onexec);
- cxt->onexec = NULL;
-
- commit_creds(new);
- return 0;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/domain.c b/ANDROID_3.4.5/security/apparmor/domain.c
deleted file mode 100644
index 6327685c..00000000
--- a/ANDROID_3.4.5/security/apparmor/domain.c
+++ /dev/null
@@ -1,823 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor policy attachment and domain transitions
- *
- * Copyright (C) 2002-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "include/audit.h"
-#include "include/apparmorfs.h"
-#include "include/context.h"
-#include "include/domain.h"
-#include "include/file.h"
-#include "include/ipc.h"
-#include "include/match.h"
-#include "include/path.h"
-#include "include/policy.h"
-
-/**
- * aa_free_domain_entries - free entries in a domain table
- * @domain: the domain table to free (MAYBE NULL)
- */
-void aa_free_domain_entries(struct aa_domain *domain)
-{
- int i;
- if (domain) {
- if (!domain->table)
- return;
-
- for (i = 0; i < domain->size; i++)
- kzfree(domain->table[i]);
- kzfree(domain->table);
- domain->table = NULL;
- }
-}
-
-/**
- * may_change_ptraced_domain - check if can change profile on ptraced task
- * @task: task we want to change profile of (NOT NULL)
- * @to_profile: profile to change to (NOT NULL)
- *
- * Check if the task is ptraced and if so if the tracing task is allowed
- * to trace the new domain
- *
- * Returns: %0 or error if change not allowed
- */
-static int may_change_ptraced_domain(struct task_struct *task,
- struct aa_profile *to_profile)
-{
- struct task_struct *tracer;
- const struct cred *cred = NULL;
- struct aa_profile *tracerp = NULL;
- int error = 0;
-
- rcu_read_lock();
- tracer = ptrace_parent(task);
- if (tracer) {
- /* released below */
- cred = get_task_cred(tracer);
- tracerp = aa_cred_profile(cred);
- }
-
- /* not ptraced */
- if (!tracer || unconfined(tracerp))
- goto out;
-
- error = aa_may_ptrace(tracer, tracerp, to_profile, PTRACE_MODE_ATTACH);
-
-out:
- rcu_read_unlock();
- if (cred)
- put_cred(cred);
-
- return error;
-}
-
-/**
- * change_profile_perms - find permissions for change_profile
- * @profile: the current profile (NOT NULL)
- * @ns: the namespace being switched to (NOT NULL)
- * @name: the name of the profile to change to (NOT NULL)
- * @request: requested perms
- * @start: state to start matching in
- *
- * Returns: permission set
- */
-static struct file_perms change_profile_perms(struct aa_profile *profile,
- struct aa_namespace *ns,
- const char *name, u32 request,
- unsigned int start)
-{
- struct file_perms perms;
- struct path_cond cond = { };
- unsigned int state;
-
- if (unconfined(profile)) {
- perms.allow = AA_MAY_CHANGE_PROFILE | AA_MAY_ONEXEC;
- perms.audit = perms.quiet = perms.kill = 0;
- return perms;
- } else if (!profile->file.dfa) {
- return nullperms;
- } else if ((ns == profile->ns)) {
- /* try matching against rules with out namespace prepended */
- aa_str_perms(profile->file.dfa, start, name, &cond, &perms);
- if (COMBINED_PERM_MASK(perms) & request)
- return perms;
- }
-
- /* try matching with namespace name and then profile */
- state = aa_dfa_match(profile->file.dfa, start, ns->base.name);
- state = aa_dfa_match_len(profile->file.dfa, state, ":", 1);
- aa_str_perms(profile->file.dfa, state, name, &cond, &perms);
-
- return perms;
-}
-
-/**
- * __attach_match_ - find an attachment match
- * @name - to match against (NOT NULL)
- * @head - profile list to walk (NOT NULL)
- *
- * Do a linear search on the profiles in the list. There is a matching
- * preference where an exact match is preferred over a name which uses
- * expressions to match, and matching expressions with the greatest
- * xmatch_len are preferred.
- *
- * Requires: @head not be shared or have appropriate locks held
- *
- * Returns: profile or NULL if no match found
- */
-static struct aa_profile *__attach_match(const char *name,
- struct list_head *head)
-{
- int len = 0;
- struct aa_profile *profile, *candidate = NULL;
-
- list_for_each_entry(profile, head, base.list) {
- if (profile->flags & PFLAG_NULL)
- continue;
- if (profile->xmatch && profile->xmatch_len > len) {
- unsigned int state = aa_dfa_match(profile->xmatch,
- DFA_START, name);
- u32 perm = dfa_user_allow(profile->xmatch, state);
- /* any accepting state means a valid match. */
- if (perm & MAY_EXEC) {
- candidate = profile;
- len = profile->xmatch_len;
- }
- } else if (!strcmp(profile->base.name, name))
- /* exact non-re match, no more searching required */
- return profile;
- }
-
- return candidate;
-}
-
-/**
- * find_attach - do attachment search for unconfined processes
- * @ns: the current namespace (NOT NULL)
- * @list: list to search (NOT NULL)
- * @name: the executable name to match against (NOT NULL)
- *
- * Returns: profile or NULL if no match found
- */
-static struct aa_profile *find_attach(struct aa_namespace *ns,
- struct list_head *list, const char *name)
-{
- struct aa_profile *profile;
-
- read_lock(&ns->lock);
- profile = aa_get_profile(__attach_match(name, list));
- read_unlock(&ns->lock);
-
- return profile;
-}
-
-/**
- * separate_fqname - separate the namespace and profile names
- * @fqname: the fqname name to split (NOT NULL)
- * @ns_name: the namespace name if it exists (NOT NULL)
- *
- * This is the xtable equivalent routine of aa_split_fqname. It finds the
- * split in an xtable fqname which contains an embedded \0 instead of a :
- * if a namespace is specified. This is done so the xtable is constant and
- * isn't re-split on every lookup.
- *
- * Either the profile or namespace name may be optional but if the namespace
- * is specified the profile name termination must be present. This results
- * in the following possible encodings:
- * profile_name\0
- * :ns_name\0profile_name\0
- * :ns_name\0\0
- *
- * NOTE: the xtable fqname is pre-validated at load time in unpack_trans_table
- *
- * Returns: profile name if it is specified else NULL
- */
-static const char *separate_fqname(const char *fqname, const char **ns_name)
-{
- const char *name;
-
- if (fqname[0] == ':') {
- /* In this case there is guaranteed to be two \0 terminators
- * in the string. They are verified at load time by
- * by unpack_trans_table
- */
- *ns_name = fqname + 1; /* skip : */
- name = *ns_name + strlen(*ns_name) + 1;
- if (!*name)
- name = NULL;
- } else {
- *ns_name = NULL;
- name = fqname;
- }
-
- return name;
-}
-
-static const char *next_name(int xtype, const char *name)
-{
- return NULL;
-}
-
-/**
- * x_table_lookup - lookup an x transition name via transition table
- * @profile: current profile (NOT NULL)
- * @xindex: index into x transition table
- *
- * Returns: refcounted profile, or NULL on failure (MAYBE NULL)
- */
-static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
-{
- struct aa_profile *new_profile = NULL;
- struct aa_namespace *ns = profile->ns;
- u32 xtype = xindex & AA_X_TYPE_MASK;
- int index = xindex & AA_X_INDEX_MASK;
- const char *name;
-
- /* index is guaranteed to be in range, validated at load time */
- for (name = profile->file.trans.table[index]; !new_profile && name;
- name = next_name(xtype, name)) {
- struct aa_namespace *new_ns;
- const char *xname = NULL;
-
- new_ns = NULL;
- if (xindex & AA_X_CHILD) {
- /* release by caller */
- new_profile = aa_find_child(profile, name);
- continue;
- } else if (*name == ':') {
- /* switching namespace */
- const char *ns_name;
- xname = name = separate_fqname(name, &ns_name);
- if (!xname)
- /* no name so use profile name */
- xname = profile->base.hname;
- if (*ns_name == '@') {
- /* TODO: variable support */
- ;
- }
- /* released below */
- new_ns = aa_find_namespace(ns, ns_name);
- if (!new_ns)
- continue;
- } else if (*name == '@') {
- /* TODO: variable support */
- continue;
- } else {
- /* basic namespace lookup */
- xname = name;
- }
-
- /* released by caller */
- new_profile = aa_lookup_profile(new_ns ? new_ns : ns, xname);
- aa_put_namespace(new_ns);
- }
-
- /* released by caller */
- return new_profile;
-}
-
-/**
- * x_to_profile - get target profile for a given xindex
- * @profile: current profile (NOT NULL)
- * @name: name to lookup (NOT NULL)
- * @xindex: index into x transition table
- *
- * find profile for a transition index
- *
- * Returns: refcounted profile or NULL if not found available
- */
-static struct aa_profile *x_to_profile(struct aa_profile *profile,
- const char *name, u32 xindex)
-{
- struct aa_profile *new_profile = NULL;
- struct aa_namespace *ns = profile->ns;
- u32 xtype = xindex & AA_X_TYPE_MASK;
-
- switch (xtype) {
- case AA_X_NONE:
- /* fail exec unless ix || ux fallback - handled by caller */
- return NULL;
- case AA_X_NAME:
- if (xindex & AA_X_CHILD)
- /* released by caller */
- new_profile = find_attach(ns, &profile->base.profiles,
- name);
- else
- /* released by caller */
- new_profile = find_attach(ns, &ns->base.profiles,
- name);
- break;
- case AA_X_TABLE:
- /* released by caller */
- new_profile = x_table_lookup(profile, xindex);
- break;
- }
-
- /* released by caller */
- return new_profile;
-}
-
-/**
- * apparmor_bprm_set_creds - set the new creds on the bprm struct
- * @bprm: binprm for the exec (NOT NULL)
- *
- * Returns: %0 or error on failure
- */
-int apparmor_bprm_set_creds(struct linux_binprm *bprm)
-{
- struct aa_task_cxt *cxt;
- struct aa_profile *profile, *new_profile = NULL;
- struct aa_namespace *ns;
- char *buffer = NULL;
- unsigned int state;
- struct file_perms perms = {};
- struct path_cond cond = {
- bprm->file->f_path.dentry->d_inode->i_uid,
- bprm->file->f_path.dentry->d_inode->i_mode
- };
- const char *name = NULL, *target = NULL, *info = NULL;
- int error = cap_bprm_set_creds(bprm);
- if (error)
- return error;
-
- if (bprm->cred_prepared)
- return 0;
-
- cxt = bprm->cred->security;
- BUG_ON(!cxt);
-
- profile = aa_get_profile(aa_newest_version(cxt->profile));
- /*
- * get the namespace from the replacement profile as replacement
- * can change the namespace
- */
- ns = profile->ns;
- state = profile->file.start;
-
- /* buffer freed below, name is pointer into buffer */
- error = aa_path_name(&bprm->file->f_path, profile->path_flags, &buffer,
- &name, &info);
- if (error) {
- if (profile->flags &
- (PFLAG_IX_ON_NAME_ERROR | PFLAG_UNCONFINED))
- error = 0;
- name = bprm->filename;
- goto audit;
- }
-
- /* Test for onexec first as onexec directives override other
- * x transitions.
- */
- if (unconfined(profile)) {
- /* unconfined task */
- if (cxt->onexec)
- /* change_profile on exec already been granted */
- new_profile = aa_get_profile(cxt->onexec);
- else
- new_profile = find_attach(ns, &ns->base.profiles, name);
- if (!new_profile)
- goto cleanup;
- goto apply;
- }
-
- /* find exec permissions for name */
- state = aa_str_perms(profile->file.dfa, state, name, &cond, &perms);
- if (cxt->onexec) {
- struct file_perms cp;
- info = "change_profile onexec";
- if (!(perms.allow & AA_MAY_ONEXEC))
- goto audit;
-
- /* test if this exec can be paired with change_profile onexec.
- * onexec permission is linked to exec with a standard pairing
- * exec\0change_profile
- */
- state = aa_dfa_null_transition(profile->file.dfa, state);
- cp = change_profile_perms(profile, cxt->onexec->ns,
- cxt->onexec->base.name,
- AA_MAY_ONEXEC, state);
-
- if (!(cp.allow & AA_MAY_ONEXEC))
- goto audit;
- new_profile = aa_get_profile(aa_newest_version(cxt->onexec));
- goto apply;
- }
-
- if (perms.allow & MAY_EXEC) {
- /* exec permission determine how to transition */
- new_profile = x_to_profile(profile, name, perms.xindex);
- if (!new_profile) {
- if (perms.xindex & AA_X_INHERIT) {
- /* (p|c|n)ix - don't change profile but do
- * use the newest version, which was picked
- * up above when getting profile
- */
- info = "ix fallback";
- new_profile = aa_get_profile(profile);
- goto x_clear;
- } else if (perms.xindex & AA_X_UNCONFINED) {
- new_profile = aa_get_profile(ns->unconfined);
- info = "ux fallback";
- } else {
- error = -ENOENT;
- info = "profile not found";
- }
- }
- } else if (COMPLAIN_MODE(profile)) {
- /* no exec permission - are we in learning mode */
- new_profile = aa_new_null_profile(profile, 0);
- if (!new_profile) {
- error = -ENOMEM;
- info = "could not create null profile";
- } else {
- error = -EACCES;
- target = new_profile->base.hname;
- }
- perms.xindex |= AA_X_UNSAFE;
- } else
- /* fail exec */
- error = -EACCES;
-
- if (!new_profile)
- goto audit;
-
- if (bprm->unsafe & LSM_UNSAFE_SHARE) {
- /* FIXME: currently don't mediate shared state */
- ;
- }
-
- if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
- error = may_change_ptraced_domain(current, new_profile);
- if (error) {
- aa_put_profile(new_profile);
- goto audit;
- }
- }
-
- /* Determine if secure exec is needed.
- * Can be at this point for the following reasons:
- * 1. unconfined switching to confined
- * 2. confined switching to different confinement
- * 3. confined switching to unconfined
- *
- * Cases 2 and 3 are marked as requiring secure exec
- * (unless policy specified "unsafe exec")
- *
- * bprm->unsafe is used to cache the AA_X_UNSAFE permission
- * to avoid having to recompute in secureexec
- */
- if (!(perms.xindex & AA_X_UNSAFE)) {
- AA_DEBUG("scrubbing environment variables for %s profile=%s\n",
- name, new_profile->base.hname);
- bprm->unsafe |= AA_SECURE_X_NEEDED;
- }
-apply:
- target = new_profile->base.hname;
- /* when transitioning profiles clear unsafe personality bits */
- bprm->per_clear |= PER_CLEAR_ON_SETID;
-
-x_clear:
- aa_put_profile(cxt->profile);
- /* transfer new profile reference will be released when cxt is freed */
- cxt->profile = new_profile;
-
- /* clear out all temporary/transitional state from the context */
- aa_put_profile(cxt->previous);
- aa_put_profile(cxt->onexec);
- cxt->previous = NULL;
- cxt->onexec = NULL;
- cxt->token = 0;
-
-audit:
- error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC,
- name, target, cond.uid, info, error);
-
-cleanup:
- aa_put_profile(profile);
- kfree(buffer);
-
- return error;
-}
-
-/**
- * apparmor_bprm_secureexec - determine if secureexec is needed
- * @bprm: binprm for exec (NOT NULL)
- *
- * Returns: %1 if secureexec is needed else %0
- */
-int apparmor_bprm_secureexec(struct linux_binprm *bprm)
-{
- int ret = cap_bprm_secureexec(bprm);
-
- /* the decision to use secure exec is computed in set_creds
- * and stored in bprm->unsafe.
- */
- if (!ret && (bprm->unsafe & AA_SECURE_X_NEEDED))
- ret = 1;
-
- return ret;
-}
-
-/**
- * apparmor_bprm_committing_creds - do task cleanup on committing new creds
- * @bprm: binprm for the exec (NOT NULL)
- */
-void apparmor_bprm_committing_creds(struct linux_binprm *bprm)
-{
- struct aa_profile *profile = __aa_current_profile();
- struct aa_task_cxt *new_cxt = bprm->cred->security;
-
- /* bail out if unconfined or not changing profile */
- if ((new_cxt->profile == profile) ||
- (unconfined(new_cxt->profile)))
- return;
-
- current->pdeath_signal = 0;
-
- /* reset soft limits and set hard limits for the new profile */
- __aa_transition_rlimits(profile, new_cxt->profile);
-}
-
-/**
- * apparmor_bprm_commited_cred - do cleanup after new creds committed
- * @bprm: binprm for the exec (NOT NULL)
- */
-void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
-{
- /* TODO: cleanup signals - ipc mediation */
- return;
-}
-
-/*
- * Functions for self directed profile change
- */
-
-/**
- * new_compound_name - create an hname with @n2 appended to @n1
- * @n1: base of hname (NOT NULL)
- * @n2: name to append (NOT NULL)
- *
- * Returns: new name or NULL on error
- */
-static char *new_compound_name(const char *n1, const char *n2)
-{
- char *name = kmalloc(strlen(n1) + strlen(n2) + 3, GFP_KERNEL);
- if (name)
- sprintf(name, "%s//%s", n1, n2);
- return name;
-}
-
-/**
- * aa_change_hat - change hat to/from subprofile
- * @hats: vector of hat names to try changing into (MAYBE NULL if @count == 0)
- * @count: number of hat names in @hats
- * @token: magic value to validate the hat change
- * @permtest: true if this is just a permission test
- *
- * Change to the first profile specified in @hats that exists, and store
- * the @hat_magic in the current task context. If the count == 0 and the
- * @token matches that stored in the current task context, return to the
- * top level profile.
- *
- * Returns %0 on success, error otherwise.
- */
-int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
-{
- const struct cred *cred;
- struct aa_task_cxt *cxt;
- struct aa_profile *profile, *previous_profile, *hat = NULL;
- char *name = NULL;
- int i;
- struct file_perms perms = {};
- const char *target = NULL, *info = NULL;
- int error = 0;
-
- /* released below */
- cred = get_current_cred();
- cxt = cred->security;
- profile = aa_cred_profile(cred);
- previous_profile = cxt->previous;
-
- if (unconfined(profile)) {
- info = "unconfined";
- error = -EPERM;
- goto audit;
- }
-
- if (count) {
- /* attempting to change into a new hat or switch to a sibling */
- struct aa_profile *root;
- root = PROFILE_IS_HAT(profile) ? profile->parent : profile;
-
- /* find first matching hat */
- for (i = 0; i < count && !hat; i++)
- /* released below */
- hat = aa_find_child(root, hats[i]);
- if (!hat) {
- if (!COMPLAIN_MODE(root) || permtest) {
- if (list_empty(&root->base.profiles))
- error = -ECHILD;
- else
- error = -ENOENT;
- goto out;
- }
-
- /*
- * In complain mode and failed to match any hats.
- * Audit the failure is based off of the first hat
- * supplied. This is done due how userspace
- * interacts with change_hat.
- *
- * TODO: Add logging of all failed hats
- */
-
- /* freed below */
- name = new_compound_name(root->base.hname, hats[0]);
- target = name;
- /* released below */
- hat = aa_new_null_profile(profile, 1);
- if (!hat) {
- info = "failed null profile create";
- error = -ENOMEM;
- goto audit;
- }
- } else {
- target = hat->base.hname;
- if (!PROFILE_IS_HAT(hat)) {
- info = "target not hat";
- error = -EPERM;
- goto audit;
- }
- }
-
- error = may_change_ptraced_domain(current, hat);
- if (error) {
- info = "ptraced";
- error = -EPERM;
- goto audit;
- }
-
- if (!permtest) {
- error = aa_set_current_hat(hat, token);
- if (error == -EACCES)
- /* kill task in case of brute force attacks */
- perms.kill = AA_MAY_CHANGEHAT;
- else if (name && !error)
- /* reset error for learning of new hats */
- error = -ENOENT;
- }
- } else if (previous_profile) {
- /* Return to saved profile. Kill task if restore fails
- * to avoid brute force attacks
- */
- target = previous_profile->base.hname;
- error = aa_restore_previous_profile(token);
- perms.kill = AA_MAY_CHANGEHAT;
- } else
- /* ignore restores when there is no saved profile */
- goto out;
-
-audit:
- if (!permtest)
- error = aa_audit_file(profile, &perms, GFP_KERNEL,
- OP_CHANGE_HAT, AA_MAY_CHANGEHAT, NULL,
- target, 0, info, error);
-
-out:
- aa_put_profile(hat);
- kfree(name);
- put_cred(cred);
-
- return error;
-}
-
-/**
- * aa_change_profile - perform a one-way profile transition
- * @ns_name: name of the profile namespace to change to (MAYBE NULL)
- * @hname: name of profile to change to (MAYBE NULL)
- * @onexec: whether this transition is to take place immediately or at exec
- * @permtest: true if this is just a permission test
- *
- * Change to new profile @name. Unlike with hats, there is no way
- * to change back. If @name isn't specified the current profile name is
- * used.
- * If @onexec then the transition is delayed until
- * the next exec.
- *
- * Returns %0 on success, error otherwise.
- */
-int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
- bool permtest)
-{
- const struct cred *cred;
- struct aa_task_cxt *cxt;
- struct aa_profile *profile, *target = NULL;
- struct aa_namespace *ns = NULL;
- struct file_perms perms = {};
- const char *name = NULL, *info = NULL;
- int op, error = 0;
- u32 request;
-
- if (!hname && !ns_name)
- return -EINVAL;
-
- if (onexec) {
- request = AA_MAY_ONEXEC;
- op = OP_CHANGE_ONEXEC;
- } else {
- request = AA_MAY_CHANGE_PROFILE;
- op = OP_CHANGE_PROFILE;
- }
-
- cred = get_current_cred();
- cxt = cred->security;
- profile = aa_cred_profile(cred);
-
- if (ns_name) {
- /* released below */
- ns = aa_find_namespace(profile->ns, ns_name);
- if (!ns) {
- /* we don't create new namespace in complain mode */
- name = ns_name;
- info = "namespace not found";
- error = -ENOENT;
- goto audit;
- }
- } else
- /* released below */
- ns = aa_get_namespace(profile->ns);
-
- /* if the name was not specified, use the name of the current profile */
- if (!hname) {
- if (unconfined(profile))
- hname = ns->unconfined->base.hname;
- else
- hname = profile->base.hname;
- }
-
- perms = change_profile_perms(profile, ns, hname, request,
- profile->file.start);
- if (!(perms.allow & request)) {
- error = -EACCES;
- goto audit;
- }
-
- /* released below */
- target = aa_lookup_profile(ns, hname);
- if (!target) {
- info = "profile not found";
- error = -ENOENT;
- if (permtest || !COMPLAIN_MODE(profile))
- goto audit;
- /* released below */
- target = aa_new_null_profile(profile, 0);
- if (!target) {
- info = "failed null profile create";
- error = -ENOMEM;
- goto audit;
- }
- }
-
- /* check if tracing task is allowed to trace target domain */
- error = may_change_ptraced_domain(current, target);
- if (error) {
- info = "ptrace prevents transition";
- goto audit;
- }
-
- if (permtest)
- goto audit;
-
- if (onexec)
- error = aa_set_current_onexec(target);
- else
- error = aa_replace_current_profile(target);
-
-audit:
- if (!permtest)
- error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request,
- name, hname, 0, info, error);
-
- aa_put_namespace(ns);
- aa_put_profile(target);
- put_cred(cred);
-
- return error;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/file.c b/ANDROID_3.4.5/security/apparmor/file.c
deleted file mode 100644
index 2f8fcba9..00000000
--- a/ANDROID_3.4.5/security/apparmor/file.c
+++ /dev/null
@@ -1,456 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor mediation of files
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include "include/apparmor.h"
-#include "include/audit.h"
-#include "include/file.h"
-#include "include/match.h"
-#include "include/path.h"
-#include "include/policy.h"
-
-struct file_perms nullperms;
-
-
-/**
- * audit_file_mask - convert mask to permission string
- * @buffer: buffer to write string to (NOT NULL)
- * @mask: permission mask to convert
- */
-static void audit_file_mask(struct audit_buffer *ab, u32 mask)
-{
- char str[10];
-
- char *m = str;
-
- if (mask & AA_EXEC_MMAP)
- *m++ = 'm';
- if (mask & (MAY_READ | AA_MAY_META_READ))
- *m++ = 'r';
- if (mask & (MAY_WRITE | AA_MAY_META_WRITE | AA_MAY_CHMOD |
- AA_MAY_CHOWN))
- *m++ = 'w';
- else if (mask & MAY_APPEND)
- *m++ = 'a';
- if (mask & AA_MAY_CREATE)
- *m++ = 'c';
- if (mask & AA_MAY_DELETE)
- *m++ = 'd';
- if (mask & AA_MAY_LINK)
- *m++ = 'l';
- if (mask & AA_MAY_LOCK)
- *m++ = 'k';
- if (mask & MAY_EXEC)
- *m++ = 'x';
- *m = '\0';
-
- audit_log_string(ab, str);
-}
-
-/**
- * file_audit_cb - call back for file specific audit fields
- * @ab: audit_buffer (NOT NULL)
- * @va: audit struct to audit values of (NOT NULL)
- */
-static void file_audit_cb(struct audit_buffer *ab, void *va)
-{
- struct common_audit_data *sa = va;
- uid_t fsuid = current_fsuid();
-
- if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) {
- audit_log_format(ab, " requested_mask=");
- audit_file_mask(ab, sa->aad->fs.request);
- }
- if (sa->aad->fs.denied & AA_AUDIT_FILE_MASK) {
- audit_log_format(ab, " denied_mask=");
- audit_file_mask(ab, sa->aad->fs.denied);
- }
- if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) {
- audit_log_format(ab, " fsuid=%d", fsuid);
- audit_log_format(ab, " ouid=%d", sa->aad->fs.ouid);
- }
-
- if (sa->aad->fs.target) {
- audit_log_format(ab, " target=");
- audit_log_untrustedstring(ab, sa->aad->fs.target);
- }
-}
-
-/**
- * aa_audit_file - handle the auditing of file operations
- * @profile: the profile being enforced (NOT NULL)
- * @perms: the permissions computed for the request (NOT NULL)
- * @gfp: allocation flags
- * @op: operation being mediated
- * @request: permissions requested
- * @name: name of object being mediated (MAYBE NULL)
- * @target: name of target (MAYBE NULL)
- * @ouid: object uid
- * @info: extra information message (MAYBE NULL)
- * @error: 0 if operation allowed else failure error code
- *
- * Returns: %0 or error on failure
- */
-int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
- gfp_t gfp, int op, u32 request, const char *name,
- const char *target, uid_t ouid, const char *info, int error)
-{
- int type = AUDIT_APPARMOR_AUTO;
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad = &aad;
- aad.op = op,
- aad.fs.request = request;
- aad.name = name;
- aad.fs.target = target;
- aad.fs.ouid = ouid;
- aad.info = info;
- aad.error = error;
-
- if (likely(!sa.aad->error)) {
- u32 mask = perms->audit;
-
- if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
- mask = 0xffff;
-
- /* mask off perms that are not being force audited */
- sa.aad->fs.request &= mask;
-
- if (likely(!sa.aad->fs.request))
- return 0;
- type = AUDIT_APPARMOR_AUDIT;
- } else {
- /* only report permissions that were denied */
- sa.aad->fs.request = sa.aad->fs.request & ~perms->allow;
-
- if (sa.aad->fs.request & perms->kill)
- type = AUDIT_APPARMOR_KILL;
-
- /* quiet known rejects, assumes quiet and kill do not overlap */
- if ((sa.aad->fs.request & perms->quiet) &&
- AUDIT_MODE(profile) != AUDIT_NOQUIET &&
- AUDIT_MODE(profile) != AUDIT_ALL)
- sa.aad->fs.request &= ~perms->quiet;
-
- if (!sa.aad->fs.request)
- return COMPLAIN_MODE(profile) ? 0 : sa.aad->error;
- }
-
- sa.aad->fs.denied = sa.aad->fs.request & ~perms->allow;
- return aa_audit(type, profile, gfp, &sa, file_audit_cb);
-}
-
-/**
- * map_old_perms - map old file perms layout to the new layout
- * @old: permission set in old mapping
- *
- * Returns: new permission mapping
- */
-static u32 map_old_perms(u32 old)
-{
- u32 new = old & 0xf;
- if (old & MAY_READ)
- new |= AA_MAY_META_READ;
- if (old & MAY_WRITE)
- new |= AA_MAY_META_WRITE | AA_MAY_CREATE | AA_MAY_DELETE |
- AA_MAY_CHMOD | AA_MAY_CHOWN;
- if (old & 0x10)
- new |= AA_MAY_LINK;
- /* the old mapping lock and link_subset flags where overlaid
- * and use was determined by part of a pair that they were in
- */
- if (old & 0x20)
- new |= AA_MAY_LOCK | AA_LINK_SUBSET;
- if (old & 0x40) /* AA_EXEC_MMAP */
- new |= AA_EXEC_MMAP;
-
- return new;
-}
-
-/**
- * compute_perms - convert dfa compressed perms to internal perms
- * @dfa: dfa to compute perms for (NOT NULL)
- * @state: state in dfa
- * @cond: conditions to consider (NOT NULL)
- *
- * TODO: convert from dfa + state to permission entry, do computation conversion
- * at load time.
- *
- * Returns: computed permission set
- */
-static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state,
- struct path_cond *cond)
-{
- struct file_perms perms;
-
- /* FIXME: change over to new dfa format
- * currently file perms are encoded in the dfa, new format
- * splits the permissions from the dfa. This mapping can be
- * done at profile load
- */
- perms.kill = 0;
-
- if (current_fsuid() == cond->uid) {
- perms.allow = map_old_perms(dfa_user_allow(dfa, state));
- perms.audit = map_old_perms(dfa_user_audit(dfa, state));
- perms.quiet = map_old_perms(dfa_user_quiet(dfa, state));
- perms.xindex = dfa_user_xindex(dfa, state);
- } else {
- perms.allow = map_old_perms(dfa_other_allow(dfa, state));
- perms.audit = map_old_perms(dfa_other_audit(dfa, state));
- perms.quiet = map_old_perms(dfa_other_quiet(dfa, state));
- perms.xindex = dfa_other_xindex(dfa, state);
- }
- perms.allow |= AA_MAY_META_READ;
-
- /* change_profile wasn't determined by ownership in old mapping */
- if (ACCEPT_TABLE(dfa)[state] & 0x80000000)
- perms.allow |= AA_MAY_CHANGE_PROFILE;
- if (ACCEPT_TABLE(dfa)[state] & 0x40000000)
- perms.allow |= AA_MAY_ONEXEC;
-
- return perms;
-}
-
-/**
- * aa_str_perms - find permission that match @name
- * @dfa: to match against (MAYBE NULL)
- * @state: state to start matching in
- * @name: string to match against dfa (NOT NULL)
- * @cond: conditions to consider for permission set computation (NOT NULL)
- * @perms: Returns - the permissions found when matching @name
- *
- * Returns: the final state in @dfa when beginning @start and walking @name
- */
-unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
- const char *name, struct path_cond *cond,
- struct file_perms *perms)
-{
- unsigned int state;
- if (!dfa) {
- *perms = nullperms;
- return DFA_NOMATCH;
- }
-
- state = aa_dfa_match(dfa, start, name);
- *perms = compute_perms(dfa, state, cond);
-
- return state;
-}
-
-/**
- * is_deleted - test if a file has been completely unlinked
- * @dentry: dentry of file to test for deletion (NOT NULL)
- *
- * Returns: %1 if deleted else %0
- */
-static inline bool is_deleted(struct dentry *dentry)
-{
- if (d_unlinked(dentry) && dentry->d_inode->i_nlink == 0)
- return 1;
- return 0;
-}
-
-/**
- * aa_path_perm - do permissions check & audit for @path
- * @op: operation being checked
- * @profile: profile being enforced (NOT NULL)
- * @path: path to check permissions of (NOT NULL)
- * @flags: any additional path flags beyond what the profile specifies
- * @request: requested permissions
- * @cond: conditional info for this request (NOT NULL)
- *
- * Returns: %0 else error if access denied or other error
- */
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
- int flags, u32 request, struct path_cond *cond)
-{
- char *buffer = NULL;
- struct file_perms perms = {};
- const char *name, *info = NULL;
- int error;
-
- flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0);
- error = aa_path_name(path, flags, &buffer, &name, &info);
- if (error) {
- if (error == -ENOENT && is_deleted(path->dentry)) {
- /* Access to open files that are deleted are
- * give a pass (implicit delegation)
- */
- error = 0;
- info = NULL;
- perms.allow = request;
- }
- } else {
- aa_str_perms(profile->file.dfa, profile->file.start, name, cond,
- &perms);
- if (request & ~perms.allow)
- error = -EACCES;
- }
- error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request, name,
- NULL, cond->uid, info, error);
- kfree(buffer);
-
- return error;
-}
-
-/**
- * xindex_is_subset - helper for aa_path_link
- * @link: link permission set
- * @target: target permission set
- *
- * test target x permissions are equal OR a subset of link x permissions
- * this is done as part of the subset test, where a hardlink must have
- * a subset of permissions that the target has.
- *
- * Returns: %1 if subset else %0
- */
-static inline bool xindex_is_subset(u32 link, u32 target)
-{
- if (((link & ~AA_X_UNSAFE) != (target & ~AA_X_UNSAFE)) ||
- ((link & AA_X_UNSAFE) && !(target & AA_X_UNSAFE)))
- return 0;
-
- return 1;
-}
-
-/**
- * aa_path_link - Handle hard link permission check
- * @profile: the profile being enforced (NOT NULL)
- * @old_dentry: the target dentry (NOT NULL)
- * @new_dir: directory the new link will be created in (NOT NULL)
- * @new_dentry: the link being created (NOT NULL)
- *
- * Handle the permission test for a link & target pair. Permission
- * is encoded as a pair where the link permission is determined
- * first, and if allowed, the target is tested. The target test
- * is done from the point of the link match (not start of DFA)
- * making the target permission dependent on the link permission match.
- *
- * The subset test if required forces that permissions granted
- * on link are a subset of the permission granted to target.
- *
- * Returns: %0 if allowed else error
- */
-int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
-{
- struct path link = { new_dir->mnt, new_dentry };
- struct path target = { new_dir->mnt, old_dentry };
- struct path_cond cond = {
- old_dentry->d_inode->i_uid,
- old_dentry->d_inode->i_mode
- };
- char *buffer = NULL, *buffer2 = NULL;
- const char *lname, *tname = NULL, *info = NULL;
- struct file_perms lperms, perms;
- u32 request = AA_MAY_LINK;
- unsigned int state;
- int error;
-
- lperms = nullperms;
-
- /* buffer freed below, lname is pointer in buffer */
- error = aa_path_name(&link, profile->path_flags, &buffer, &lname,
- &info);
- if (error)
- goto audit;
-
- /* buffer2 freed below, tname is pointer in buffer2 */
- error = aa_path_name(&target, profile->path_flags, &buffer2, &tname,
- &info);
- if (error)
- goto audit;
-
- error = -EACCES;
- /* aa_str_perms - handles the case of the dfa being NULL */
- state = aa_str_perms(profile->file.dfa, profile->file.start, lname,
- &cond, &lperms);
-
- if (!(lperms.allow & AA_MAY_LINK))
- goto audit;
-
- /* test to see if target can be paired with link */
- state = aa_dfa_null_transition(profile->file.dfa, state);
- aa_str_perms(profile->file.dfa, state, tname, &cond, &perms);
-
- /* force audit/quiet masks for link are stored in the second entry
- * in the link pair.
- */
- lperms.audit = perms.audit;
- lperms.quiet = perms.quiet;
- lperms.kill = perms.kill;
-
- if (!(perms.allow & AA_MAY_LINK)) {
- info = "target restricted";
- goto audit;
- }
-
- /* done if link subset test is not required */
- if (!(perms.allow & AA_LINK_SUBSET))
- goto done_tests;
-
- /* Do link perm subset test requiring allowed permission on link are a
- * subset of the allowed permissions on target.
- */
- aa_str_perms(profile->file.dfa, profile->file.start, tname, &cond,
- &perms);
-
- /* AA_MAY_LINK is not considered in the subset test */
- request = lperms.allow & ~AA_MAY_LINK;
- lperms.allow &= perms.allow | AA_MAY_LINK;
-
- request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow);
- if (request & ~lperms.allow) {
- goto audit;
- } else if ((lperms.allow & MAY_EXEC) &&
- !xindex_is_subset(lperms.xindex, perms.xindex)) {
- lperms.allow &= ~MAY_EXEC;
- request |= MAY_EXEC;
- info = "link not subset of target";
- goto audit;
- }
-
-done_tests:
- error = 0;
-
-audit:
- error = aa_audit_file(profile, &lperms, GFP_KERNEL, OP_LINK, request,
- lname, tname, cond.uid, info, error);
- kfree(buffer);
- kfree(buffer2);
-
- return error;
-}
-
-/**
- * aa_file_perm - do permission revalidation check & audit for @file
- * @op: operation being checked
- * @profile: profile being enforced (NOT NULL)
- * @file: file to revalidate access permissions on (NOT NULL)
- * @request: requested permissions
- *
- * Returns: %0 if access allowed else error
- */
-int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
- u32 request)
-{
- struct path_cond cond = {
- .uid = file->f_path.dentry->d_inode->i_uid,
- .mode = file->f_path.dentry->d_inode->i_mode
- };
-
- return aa_path_perm(op, profile, &file->f_path, PATH_DELEGATE_DELETED,
- request, &cond);
-}
diff --git a/ANDROID_3.4.5/security/apparmor/include/apparmor.h b/ANDROID_3.4.5/security/apparmor/include/apparmor.h
deleted file mode 100644
index 40aedd9f..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/apparmor.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor basic global and lib definitions
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __APPARMOR_H
-#define __APPARMOR_H
-
-#include
-
-#include "match.h"
-
-/*
- * Class of mediation types in the AppArmor policy db
- */
-#define AA_CLASS_ENTRY 0
-#define AA_CLASS_UNKNOWN 1
-#define AA_CLASS_FILE 2
-#define AA_CLASS_CAP 3
-#define AA_CLASS_NET 4
-#define AA_CLASS_RLIMITS 5
-#define AA_CLASS_DOMAIN 6
-
-#define AA_CLASS_LAST AA_CLASS_DOMAIN
-
-/* Control parameters settable through module/boot flags */
-extern enum audit_mode aa_g_audit;
-extern bool aa_g_audit_header;
-extern bool aa_g_debug;
-extern bool aa_g_lock_policy;
-extern bool aa_g_logsyscall;
-extern bool aa_g_paranoid_load;
-extern unsigned int aa_g_path_max;
-
-/*
- * DEBUG remains global (no per profile flag) since it is mostly used in sysctl
- * which is not related to profile accesses.
- */
-
-#define AA_DEBUG(fmt, args...) \
- do { \
- if (aa_g_debug && printk_ratelimit()) \
- printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
- } while (0)
-
-#define AA_ERROR(fmt, args...) \
- do { \
- if (printk_ratelimit()) \
- printk(KERN_ERR "AppArmor: " fmt, ##args); \
- } while (0)
-
-/* Flag indicating whether initialization completed */
-extern int apparmor_initialized __initdata;
-
-/* fn's in lib */
-char *aa_split_fqname(char *args, char **ns_name);
-void aa_info_message(const char *str);
-void *kvmalloc(size_t size);
-void kvfree(void *buffer);
-
-
-/**
- * aa_strneq - compare null terminated @str to a non null terminated substring
- * @str: a null terminated string
- * @sub: a substring, not necessarily null terminated
- * @len: length of @sub to compare
- *
- * The @str string must be full consumed for this to be considered a match
- */
-static inline bool aa_strneq(const char *str, const char *sub, int len)
-{
- return !strncmp(str, sub, len) && !str[len];
-}
-
-/**
- * aa_dfa_null_transition - step to next state after null character
- * @dfa: the dfa to match against
- * @start: the state of the dfa to start matching in
- *
- * aa_dfa_null_transition transitions to the next state after a null
- * character which is not used in standard matching and is only
- * used to separate pairs.
- */
-static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
- unsigned int start)
-{
- /* the null transition only needs the string's null terminator byte */
- return aa_dfa_next(dfa, start, 0);
-}
-
-static inline bool mediated_filesystem(struct inode *inode)
-{
- return !(inode->i_sb->s_flags & MS_NOUSER);
-}
-
-#endif /* __APPARMOR_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/apparmorfs.h b/ANDROID_3.4.5/security/apparmor/include/apparmorfs.h
deleted file mode 100644
index 7ea4769f..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/apparmorfs.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor filesystem definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_APPARMORFS_H
-#define __AA_APPARMORFS_H
-
-enum aa_fs_type {
- AA_FS_TYPE_BOOLEAN,
- AA_FS_TYPE_STRING,
- AA_FS_TYPE_U64,
- AA_FS_TYPE_FOPS,
- AA_FS_TYPE_DIR,
-};
-
-struct aa_fs_entry;
-
-struct aa_fs_entry {
- const char *name;
- struct dentry *dentry;
- umode_t mode;
- enum aa_fs_type v_type;
- union {
- bool boolean;
- char *string;
- unsigned long u64;
- struct aa_fs_entry *files;
- } v;
- const struct file_operations *file_ops;
-};
-
-extern const struct file_operations aa_fs_seq_file_ops;
-
-#define AA_FS_FILE_BOOLEAN(_name, _value) \
- { .name = (_name), .mode = 0444, \
- .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
- .file_ops = &aa_fs_seq_file_ops }
-#define AA_FS_FILE_STRING(_name, _value) \
- { .name = (_name), .mode = 0444, \
- .v_type = AA_FS_TYPE_STRING, .v.string = (_value), \
- .file_ops = &aa_fs_seq_file_ops }
-#define AA_FS_FILE_U64(_name, _value) \
- { .name = (_name), .mode = 0444, \
- .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \
- .file_ops = &aa_fs_seq_file_ops }
-#define AA_FS_FILE_FOPS(_name, _mode, _fops) \
- { .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
- .mode = (_mode), .file_ops = (_fops) }
-#define AA_FS_DIR(_name, _value) \
- { .name = (_name), .v_type = AA_FS_TYPE_DIR, .v.files = (_value) }
-
-extern void __init aa_destroy_aafs(void);
-
-#endif /* __AA_APPARMORFS_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/audit.h b/ANDROID_3.4.5/security/apparmor/include/audit.h
deleted file mode 100644
index 3868b1e5..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/audit.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor auditing function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_AUDIT_H
-#define __AA_AUDIT_H
-
-#include
-#include
-#include
-#include
-#include
-
-#include "file.h"
-
-struct aa_profile;
-
-extern const char *const audit_mode_names[];
-#define AUDIT_MAX_INDEX 5
-
-enum audit_mode {
- AUDIT_NORMAL, /* follow normal auditing of accesses */
- AUDIT_QUIET_DENIED, /* quiet all denied access messages */
- AUDIT_QUIET, /* quiet all messages */
- AUDIT_NOQUIET, /* do not quiet audit messages */
- AUDIT_ALL /* audit all accesses */
-};
-
-enum audit_type {
- AUDIT_APPARMOR_AUDIT,
- AUDIT_APPARMOR_ALLOWED,
- AUDIT_APPARMOR_DENIED,
- AUDIT_APPARMOR_HINT,
- AUDIT_APPARMOR_STATUS,
- AUDIT_APPARMOR_ERROR,
- AUDIT_APPARMOR_KILL,
- AUDIT_APPARMOR_AUTO
-};
-
-extern const char *const op_table[];
-enum aa_ops {
- OP_NULL,
-
- OP_SYSCTL,
- OP_CAPABLE,
-
- OP_UNLINK,
- OP_MKDIR,
- OP_RMDIR,
- OP_MKNOD,
- OP_TRUNC,
- OP_LINK,
- OP_SYMLINK,
- OP_RENAME_SRC,
- OP_RENAME_DEST,
- OP_CHMOD,
- OP_CHOWN,
- OP_GETATTR,
- OP_OPEN,
-
- OP_FPERM,
- OP_FLOCK,
- OP_FMMAP,
- OP_FMPROT,
-
- OP_CREATE,
- OP_POST_CREATE,
- OP_BIND,
- OP_CONNECT,
- OP_LISTEN,
- OP_ACCEPT,
- OP_SENDMSG,
- OP_RECVMSG,
- OP_GETSOCKNAME,
- OP_GETPEERNAME,
- OP_GETSOCKOPT,
- OP_SETSOCKOPT,
- OP_SOCK_SHUTDOWN,
-
- OP_PTRACE,
-
- OP_EXEC,
- OP_CHANGE_HAT,
- OP_CHANGE_PROFILE,
- OP_CHANGE_ONEXEC,
-
- OP_SETPROCATTR,
- OP_SETRLIMIT,
-
- OP_PROF_REPL,
- OP_PROF_LOAD,
- OP_PROF_RM,
-};
-
-
-struct apparmor_audit_data {
- int error;
- int op;
- int type;
- void *profile;
- const char *name;
- const char *info;
- union {
- void *target;
- struct {
- long pos;
- void *target;
- } iface;
- struct {
- int rlim;
- unsigned long max;
- } rlim;
- struct {
- const char *target;
- u32 request;
- u32 denied;
- uid_t ouid;
- } fs;
- };
-};
-
-/* define a short hand for apparmor_audit_data structure */
-#define aad apparmor_audit_data
-
-void aa_audit_msg(int type, struct common_audit_data *sa,
- void (*cb) (struct audit_buffer *, void *));
-int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
- struct common_audit_data *sa,
- void (*cb) (struct audit_buffer *, void *));
-
-static inline int complain_error(int error)
-{
- if (error == -EPERM || error == -EACCES)
- return 0;
- return error;
-}
-
-#endif /* __AA_AUDIT_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/capability.h b/ANDROID_3.4.5/security/apparmor/include/capability.h
deleted file mode 100644
index c24d2959..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/capability.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor capability mediation definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_CAPABILITY_H
-#define __AA_CAPABILITY_H
-
-#include
-
-struct aa_profile;
-
-/* aa_caps - confinement data for capabilities
- * @allowed: capabilities mask
- * @audit: caps that are to be audited
- * @quiet: caps that should not be audited
- * @kill: caps that when requested will result in the task being killed
- * @extended: caps that are subject finer grained mediation
- */
-struct aa_caps {
- kernel_cap_t allow;
- kernel_cap_t audit;
- kernel_cap_t quiet;
- kernel_cap_t kill;
- kernel_cap_t extended;
-};
-
-int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
- int audit);
-
-static inline void aa_free_cap_rules(struct aa_caps *caps)
-{
- /* NOP */
-}
-
-#endif /* __AA_CAPBILITY_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/context.h b/ANDROID_3.4.5/security/apparmor/include/context.h
deleted file mode 100644
index a9cbee4d..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/context.h
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor contexts used to associate "labels" to objects.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_CONTEXT_H
-#define __AA_CONTEXT_H
-
-#include
-#include
-#include
-
-#include "policy.h"
-
-/* struct aa_file_cxt - the AppArmor context the file was opened in
- * @perms: the permission the file was opened with
- *
- * The file_cxt could currently be directly stored in file->f_security
- * as the profile reference is now stored in the f_cred. However the
- * cxt struct will expand in the future so we keep the struct.
- */
-struct aa_file_cxt {
- u16 allow;
-};
-
-/**
- * aa_alloc_file_context - allocate file_cxt
- * @gfp: gfp flags for allocation
- *
- * Returns: file_cxt or NULL on failure
- */
-static inline struct aa_file_cxt *aa_alloc_file_context(gfp_t gfp)
-{
- return kzalloc(sizeof(struct aa_file_cxt), gfp);
-}
-
-/**
- * aa_free_file_context - free a file_cxt
- * @cxt: file_cxt to free (MAYBE_NULL)
- */
-static inline void aa_free_file_context(struct aa_file_cxt *cxt)
-{
- if (cxt)
- kzfree(cxt);
-}
-
-/**
- * struct aa_task_cxt - primary label for confined tasks
- * @profile: the current profile (NOT NULL)
- * @exec: profile to transition to on next exec (MAYBE NULL)
- * @previous: profile the task may return to (MAYBE NULL)
- * @token: magic value the task must know for returning to @previous_profile
- *
- * Contains the task's current profile (which could change due to
- * change_hat). Plus the hat_magic needed during change_hat.
- *
- * TODO: make so a task can be confined by a stack of contexts
- */
-struct aa_task_cxt {
- struct aa_profile *profile;
- struct aa_profile *onexec;
- struct aa_profile *previous;
- u64 token;
-};
-
-struct aa_task_cxt *aa_alloc_task_context(gfp_t flags);
-void aa_free_task_context(struct aa_task_cxt *cxt);
-void aa_dup_task_context(struct aa_task_cxt *new,
- const struct aa_task_cxt *old);
-int aa_replace_current_profile(struct aa_profile *profile);
-int aa_set_current_onexec(struct aa_profile *profile);
-int aa_set_current_hat(struct aa_profile *profile, u64 token);
-int aa_restore_previous_profile(u64 cookie);
-
-/**
- * __aa_task_is_confined - determine if @task has any confinement
- * @task: task to check confinement of (NOT NULL)
- *
- * If @task != current needs to be called in RCU safe critical section
- */
-static inline bool __aa_task_is_confined(struct task_struct *task)
-{
- struct aa_task_cxt *cxt = __task_cred(task)->security;
-
- BUG_ON(!cxt || !cxt->profile);
- if (unconfined(aa_newest_version(cxt->profile)))
- return 0;
-
- return 1;
-}
-
-/**
- * aa_cred_profile - obtain cred's profiles
- * @cred: cred to obtain profiles from (NOT NULL)
- *
- * Returns: confining profile
- *
- * does NOT increment reference count
- */
-static inline struct aa_profile *aa_cred_profile(const struct cred *cred)
-{
- struct aa_task_cxt *cxt = cred->security;
- BUG_ON(!cxt || !cxt->profile);
- return aa_newest_version(cxt->profile);
-}
-
-/**
- * __aa_current_profile - find the current tasks confining profile
- *
- * Returns: up to date confining profile or the ns unconfined profile (NOT NULL)
- *
- * This fn will not update the tasks cred to the most up to date version
- * of the profile so it is safe to call when inside of locks.
- */
-static inline struct aa_profile *__aa_current_profile(void)
-{
- return aa_cred_profile(current_cred());
-}
-
-/**
- * aa_current_profile - find the current tasks confining profile and do updates
- *
- * Returns: up to date confining profile or the ns unconfined profile (NOT NULL)
- *
- * This fn will update the tasks cred structure if the profile has been
- * replaced. Not safe to call inside locks
- */
-static inline struct aa_profile *aa_current_profile(void)
-{
- const struct aa_task_cxt *cxt = current_cred()->security;
- struct aa_profile *profile;
- BUG_ON(!cxt || !cxt->profile);
-
- profile = aa_newest_version(cxt->profile);
- /*
- * Whether or not replacement succeeds, use newest profile so
- * there is no need to update it after replacement.
- */
- if (unlikely((cxt->profile != profile)))
- aa_replace_current_profile(profile);
-
- return profile;
-}
-
-#endif /* __AA_CONTEXT_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/domain.h b/ANDROID_3.4.5/security/apparmor/include/domain.h
deleted file mode 100644
index de04464f..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/domain.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor security domain transition function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-
-#ifndef __AA_DOMAIN_H
-#define __AA_DOMAIN_H
-
-struct aa_domain {
- int size;
- char **table;
-};
-
-int apparmor_bprm_set_creds(struct linux_binprm *bprm);
-int apparmor_bprm_secureexec(struct linux_binprm *bprm);
-void apparmor_bprm_committing_creds(struct linux_binprm *bprm);
-void apparmor_bprm_committed_creds(struct linux_binprm *bprm);
-
-void aa_free_domain_entries(struct aa_domain *domain);
-int aa_change_hat(const char *hats[], int count, u64 token, bool permtest);
-int aa_change_profile(const char *ns_name, const char *name, bool onexec,
- bool permtest);
-
-#endif /* __AA_DOMAIN_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/file.h b/ANDROID_3.4.5/security/apparmor/include/file.h
deleted file mode 100644
index f98fd470..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/file.h
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor file mediation function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_FILE_H
-#define __AA_FILE_H
-
-#include "domain.h"
-#include "match.h"
-
-struct aa_profile;
-struct path;
-
-/*
- * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags
- * for profile permissions
- */
-#define AA_MAY_CREATE 0x0010
-#define AA_MAY_DELETE 0x0020
-#define AA_MAY_META_WRITE 0x0040
-#define AA_MAY_META_READ 0x0080
-
-#define AA_MAY_CHMOD 0x0100
-#define AA_MAY_CHOWN 0x0200
-#define AA_MAY_LOCK 0x0400
-#define AA_EXEC_MMAP 0x0800
-
-#define AA_MAY_LINK 0x1000
-#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */
-#define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */
-#define AA_MAY_CHANGE_PROFILE 0x80000000
-#define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */
-
-#define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\
- AA_MAY_CREATE | AA_MAY_DELETE | \
- AA_MAY_META_READ | AA_MAY_META_WRITE | \
- AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \
- AA_EXEC_MMAP | AA_MAY_LINK)
-
-/*
- * The xindex is broken into 3 parts
- * - index - an index into either the exec name table or the variable table
- * - exec type - which determines how the executable name and index are used
- * - flags - which modify how the destination name is applied
- */
-#define AA_X_INDEX_MASK 0x03ff
-
-#define AA_X_TYPE_MASK 0x0c00
-#define AA_X_TYPE_SHIFT 10
-#define AA_X_NONE 0x0000
-#define AA_X_NAME 0x0400 /* use executable name px */
-#define AA_X_TABLE 0x0800 /* use a specified name ->n# */
-
-#define AA_X_UNSAFE 0x1000
-#define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */
-#define AA_X_INHERIT 0x4000
-#define AA_X_UNCONFINED 0x8000
-
-/* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */
-#define AA_SECURE_X_NEEDED 0x8000
-
-/* need to make conditional which ones are being set */
-struct path_cond {
- uid_t uid;
- umode_t mode;
-};
-
-/* struct file_perms - file permission
- * @allow: mask of permissions that are allowed
- * @audit: mask of permissions to force an audit message for
- * @quiet: mask of permissions to quiet audit messages for
- * @kill: mask of permissions that when matched will kill the task
- * @xindex: exec transition index if @allow contains MAY_EXEC
- *
- * The @audit and @queit mask should be mutually exclusive.
- */
-struct file_perms {
- u32 allow;
- u32 audit;
- u32 quiet;
- u32 kill;
- u16 xindex;
-};
-
-extern struct file_perms nullperms;
-
-#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
-
-/* FIXME: split perms from dfa and match this to description
- * also add delegation info.
- */
-static inline u16 dfa_map_xindex(u16 mask)
-{
- u16 old_index = (mask >> 10) & 0xf;
- u16 index = 0;
-
- if (mask & 0x100)
- index |= AA_X_UNSAFE;
- if (mask & 0x200)
- index |= AA_X_INHERIT;
- if (mask & 0x80)
- index |= AA_X_UNCONFINED;
-
- if (old_index == 1) {
- index |= AA_X_UNCONFINED;
- } else if (old_index == 2) {
- index |= AA_X_NAME;
- } else if (old_index == 3) {
- index |= AA_X_NAME | AA_X_CHILD;
- } else if (old_index) {
- index |= AA_X_TABLE;
- index |= old_index - 4;
- }
-
- return index;
-}
-
-/*
- * map old dfa inline permissions to new format
- */
-#define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \
- ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
-#define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f)
-#define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f)
-#define dfa_user_xindex(dfa, state) \
- (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff))
-
-#define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \
- 0x7f) | \
- ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
-#define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f)
-#define dfa_other_quiet(dfa, state) \
- ((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f)
-#define dfa_other_xindex(dfa, state) \
- dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff)
-
-int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
- gfp_t gfp, int op, u32 request, const char *name,
- const char *target, uid_t ouid, const char *info, int error);
-
-/**
- * struct aa_file_rules - components used for file rule permissions
- * @dfa: dfa to match path names and conditionals against
- * @perms: permission table indexed by the matched state accept entry of @dfa
- * @trans: transition table for indexed by named x transitions
- *
- * File permission are determined by matching a path against @dfa and then
- * then using the value of the accept entry for the matching state as
- * an index into @perms. If a named exec transition is required it is
- * looked up in the transition table.
- */
-struct aa_file_rules {
- unsigned int start;
- struct aa_dfa *dfa;
- /* struct perms perms; */
- struct aa_domain trans;
- /* TODO: add delegate table */
-};
-
-unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
- const char *name, struct path_cond *cond,
- struct file_perms *perms);
-
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
- int flags, u32 request, struct path_cond *cond);
-
-int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry);
-
-int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
- u32 request);
-
-static inline void aa_free_file_rules(struct aa_file_rules *rules)
-{
- aa_put_dfa(rules->dfa);
- aa_free_domain_entries(&rules->trans);
-}
-
-#define ACC_FMODE(x) (("\000\004\002\006"[(x)&O_ACCMODE]) | (((x) << 1) & 0x40))
-
-/* from namei.c */
-#define MAP_OPEN_FLAGS(x) ((((x) + 1) & O_ACCMODE) ? (x) + 1 : (x))
-
-/**
- * aa_map_file_perms - map file flags to AppArmor permissions
- * @file: open file to map flags to AppArmor permissions
- *
- * Returns: apparmor permission set for the file
- */
-static inline u32 aa_map_file_to_perms(struct file *file)
-{
- int flags = MAP_OPEN_FLAGS(file->f_flags);
- u32 perms = ACC_FMODE(file->f_mode);
-
- if ((flags & O_APPEND) && (perms & MAY_WRITE))
- perms = (perms & ~MAY_WRITE) | MAY_APPEND;
- /* trunc implies write permission */
- if (flags & O_TRUNC)
- perms |= MAY_WRITE;
- if (flags & O_CREAT)
- perms |= AA_MAY_CREATE;
-
- return perms;
-}
-
-#endif /* __AA_FILE_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/ipc.h b/ANDROID_3.4.5/security/apparmor/include/ipc.h
deleted file mode 100644
index aeda0fbc..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/ipc.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor ipc mediation function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_IPC_H
-#define __AA_IPC_H
-
-#include
-
-struct aa_profile;
-
-int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
- struct aa_profile *tracee, unsigned int mode);
-
-int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
- unsigned int mode);
-
-#endif /* __AA_IPC_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/match.h b/ANDROID_3.4.5/security/apparmor/include/match.h
deleted file mode 100644
index 775843e7..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/match.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor policy dfa matching engine definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_MATCH_H
-#define __AA_MATCH_H
-
-#include
-#include
-
-#define DFA_NOMATCH 0
-#define DFA_START 1
-
-#define DFA_VALID_PERM_MASK 0xffffffff
-#define DFA_VALID_PERM2_MASK 0xffffffff
-
-/**
- * The format used for transition tables is based on the GNU flex table
- * file format (--tables-file option; see Table File Format in the flex
- * info pages and the flex sources for documentation). The magic number
- * used in the header is 0x1B5E783D instead of 0xF13C57B1 though, because
- * the YY_ID_CHK (check) and YY_ID_DEF (default) tables are used
- * slightly differently (see the apparmor-parser package).
- */
-
-#define YYTH_MAGIC 0x1B5E783D
-#define YYTH_DEF_RECURSE 0x1 /* DEF Table is recursive */
-
-struct table_set_header {
- u32 th_magic; /* YYTH_MAGIC */
- u32 th_hsize;
- u32 th_ssize;
- u16 th_flags;
- char th_version[];
-};
-
-/* The YYTD_ID are one less than flex table mappings. The flex id
- * has 1 subtracted at table load time, this allows us to directly use the
- * ID's as indexes.
- */
-#define YYTD_ID_ACCEPT 0
-#define YYTD_ID_BASE 1
-#define YYTD_ID_CHK 2
-#define YYTD_ID_DEF 3
-#define YYTD_ID_EC 4
-#define YYTD_ID_META 5
-#define YYTD_ID_ACCEPT2 6
-#define YYTD_ID_NXT 7
-#define YYTD_ID_TSIZE 8
-
-#define YYTD_DATA8 1
-#define YYTD_DATA16 2
-#define YYTD_DATA32 4
-#define YYTD_DATA64 8
-
-/* Each ACCEPT2 table gets 6 dedicated flags, YYTD_DATAX define the
- * first flags
- */
-#define ACCEPT1_FLAGS(X) ((X) & 0x3f)
-#define ACCEPT2_FLAGS(X) ACCEPT1_FLAGS((X) >> YYTD_ID_ACCEPT2)
-#define TO_ACCEPT1_FLAG(X) ACCEPT1_FLAGS(X)
-#define TO_ACCEPT2_FLAG(X) (ACCEPT1_FLAGS(X) << YYTD_ID_ACCEPT2)
-#define DFA_FLAG_VERIFY_STATES 0x1000
-
-struct table_header {
- u16 td_id;
- u16 td_flags;
- u32 td_hilen;
- u32 td_lolen;
- char td_data[];
-};
-
-#define DEFAULT_TABLE(DFA) ((u16 *)((DFA)->tables[YYTD_ID_DEF]->td_data))
-#define BASE_TABLE(DFA) ((u32 *)((DFA)->tables[YYTD_ID_BASE]->td_data))
-#define NEXT_TABLE(DFA) ((u16 *)((DFA)->tables[YYTD_ID_NXT]->td_data))
-#define CHECK_TABLE(DFA) ((u16 *)((DFA)->tables[YYTD_ID_CHK]->td_data))
-#define EQUIV_TABLE(DFA) ((u8 *)((DFA)->tables[YYTD_ID_EC]->td_data))
-#define ACCEPT_TABLE(DFA) ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT]->td_data))
-#define ACCEPT_TABLE2(DFA) ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT2]->td_data))
-
-struct aa_dfa {
- struct kref count;
- u16 flags;
- struct table_header *tables[YYTD_ID_TSIZE];
-};
-
-#define byte_to_byte(X) (X)
-
-#define UNPACK_ARRAY(TABLE, BLOB, LEN, TYPE, NTOHX) \
- do { \
- typeof(LEN) __i; \
- TYPE *__t = (TYPE *) TABLE; \
- TYPE *__b = (TYPE *) BLOB; \
- for (__i = 0; __i < LEN; __i++) { \
- __t[__i] = NTOHX(__b[__i]); \
- } \
- } while (0)
-
-static inline size_t table_size(size_t len, size_t el_size)
-{
- return ALIGN(sizeof(struct table_header) + len * el_size, 8);
-}
-
-struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags);
-unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
- const char *str, int len);
-unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
- const char *str);
-unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
- const char c);
-
-void aa_dfa_free_kref(struct kref *kref);
-
-/**
- * aa_put_dfa - put a dfa refcount
- * @dfa: dfa to put refcount (MAYBE NULL)
- *
- * Requires: if @dfa != NULL that a valid refcount be held
- */
-static inline void aa_put_dfa(struct aa_dfa *dfa)
-{
- if (dfa)
- kref_put(&dfa->count, aa_dfa_free_kref);
-}
-
-#endif /* __AA_MATCH_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/path.h b/ANDROID_3.4.5/security/apparmor/include/path.h
deleted file mode 100644
index 286ac75d..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/path.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor basic path manipulation function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_PATH_H
-#define __AA_PATH_H
-
-
-enum path_flags {
- PATH_IS_DIR = 0x1, /* path is a directory */
- PATH_CONNECT_PATH = 0x4, /* connect disconnected paths to / */
- PATH_CHROOT_REL = 0x8, /* do path lookup relative to chroot */
- PATH_CHROOT_NSCONNECT = 0x10, /* connect paths that are at ns root */
-
- PATH_DELEGATE_DELETED = 0x08000, /* delegate deleted files */
- PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */
-};
-
-int aa_path_name(struct path *path, int flags, char **buffer,
- const char **name, const char **info);
-
-#endif /* __AA_PATH_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/policy.h b/ANDROID_3.4.5/security/apparmor/include/policy.h
deleted file mode 100644
index bda4569f..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/policy.h
+++ /dev/null
@@ -1,318 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor policy definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_POLICY_H
-#define __AA_POLICY_H
-
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "apparmor.h"
-#include "audit.h"
-#include "capability.h"
-#include "domain.h"
-#include "file.h"
-#include "resource.h"
-
-extern const char *const profile_mode_names[];
-#define APPARMOR_NAMES_MAX_INDEX 3
-
-#define COMPLAIN_MODE(_profile) \
- ((aa_g_profile_mode == APPARMOR_COMPLAIN) || \
- ((_profile)->mode == APPARMOR_COMPLAIN))
-
-#define KILL_MODE(_profile) \
- ((aa_g_profile_mode == APPARMOR_KILL) || \
- ((_profile)->mode == APPARMOR_KILL))
-
-#define PROFILE_IS_HAT(_profile) ((_profile)->flags & PFLAG_HAT)
-
-/*
- * FIXME: currently need a clean way to replace and remove profiles as a
- * set. It should be done at the namespace level.
- * Either, with a set of profiles loaded at the namespace level or via
- * a mark and remove marked interface.
- */
-enum profile_mode {
- APPARMOR_ENFORCE, /* enforce access rules */
- APPARMOR_COMPLAIN, /* allow and log access violations */
- APPARMOR_KILL, /* kill task on access violation */
-};
-
-enum profile_flags {
- PFLAG_HAT = 1, /* profile is a hat */
- PFLAG_UNCONFINED = 2, /* profile is an unconfined profile */
- PFLAG_NULL = 4, /* profile is null learning profile */
- PFLAG_IX_ON_NAME_ERROR = 8, /* fallback to ix on name lookup fail */
- PFLAG_IMMUTABLE = 0x10, /* don't allow changes/replacement */
- PFLAG_USER_DEFINED = 0x20, /* user based profile - lower privs */
- PFLAG_NO_LIST_REF = 0x40, /* list doesn't keep profile ref */
- PFLAG_OLD_NULL_TRANS = 0x100, /* use // as the null transition */
-
- /* These flags must correspond with PATH_flags */
- PFLAG_MEDIATE_DELETED = 0x10000, /* mediate instead delegate deleted */
-};
-
-struct aa_profile;
-
-/* struct aa_policy - common part of both namespaces and profiles
- * @name: name of the object
- * @hname - The hierarchical name
- * @count: reference count of the obj
- * @list: list policy object is on
- * @profiles: head of the profiles list contained in the object
- */
-struct aa_policy {
- char *name;
- char *hname;
- struct kref count;
- struct list_head list;
- struct list_head profiles;
-};
-
-/* struct aa_ns_acct - accounting of profiles in namespace
- * @max_size: maximum space allowed for all profiles in namespace
- * @max_count: maximum number of profiles that can be in this namespace
- * @size: current size of profiles
- * @count: current count of profiles (includes null profiles)
- */
-struct aa_ns_acct {
- int max_size;
- int max_count;
- int size;
- int count;
-};
-
-/* struct aa_namespace - namespace for a set of profiles
- * @base: common policy
- * @parent: parent of namespace
- * @lock: lock for modifying the object
- * @acct: accounting for the namespace
- * @unconfined: special unconfined profile for the namespace
- * @sub_ns: list of namespaces under the current namespace.
- *
- * An aa_namespace defines the set profiles that are searched to determine
- * which profile to attach to a task. Profiles can not be shared between
- * aa_namespaces and profile names within a namespace are guaranteed to be
- * unique. When profiles in separate namespaces have the same name they
- * are NOT considered to be equivalent.
- *
- * Namespaces are hierarchical and only namespaces and profiles below the
- * current namespace are visible.
- *
- * Namespace names must be unique and can not contain the characters :/\0
- *
- * FIXME TODO: add vserver support of namespaces (can it all be done in
- * userspace?)
- */
-struct aa_namespace {
- struct aa_policy base;
- struct aa_namespace *parent;
- rwlock_t lock;
- struct aa_ns_acct acct;
- struct aa_profile *unconfined;
- struct list_head sub_ns;
-};
-
-/* struct aa_policydb - match engine for a policy
- * dfa: dfa pattern match
- * start: set of start states for the different classes of data
- */
-struct aa_policydb {
- /* Generic policy DFA specific rule types will be subsections of it */
- struct aa_dfa *dfa;
- unsigned int start[AA_CLASS_LAST + 1];
-
-};
-
-/* struct aa_profile - basic confinement data
- * @base - base components of the profile (name, refcount, lists, lock ...)
- * @parent: parent of profile
- * @ns: namespace the profile is in
- * @replacedby: is set to the profile that replaced this profile
- * @rename: optional profile name that this profile renamed
- * @xmatch: optional extended matching for unconfined executables names
- * @xmatch_len: xmatch prefix len, used to determine xmatch priority
- * @sid: the unique security id number of this profile
- * @audit: the auditing mode of the profile
- * @mode: the enforcement mode of the profile
- * @flags: flags controlling profile behavior
- * @path_flags: flags controlling path generation behavior
- * @size: the memory consumed by this profiles rules
- * @policy: general match rules governing policy
- * @file: The set of rules governing basic file access and domain transitions
- * @caps: capabilities for the profile
- * @rlimits: rlimits for the profile
- *
- * The AppArmor profile contains the basic confinement data. Each profile
- * has a name, and exists in a namespace. The @name and @exec_match are
- * used to determine profile attachment against unconfined tasks. All other
- * attachments are determined by profile X transition rules.
- *
- * The @replacedby field is write protected by the profile lock. Reads
- * are assumed to be atomic, and are done without locking.
- *
- * Profiles have a hierarchy where hats and children profiles keep
- * a reference to their parent.
- *
- * Profile names can not begin with a : and can not contain the \0
- * character. If a profile name begins with / it will be considered when
- * determining profile attachment on "unconfined" tasks.
- */
-struct aa_profile {
- struct aa_policy base;
- struct aa_profile *parent;
-
- struct aa_namespace *ns;
- struct aa_profile *replacedby;
- const char *rename;
-
- struct aa_dfa *xmatch;
- int xmatch_len;
- u32 sid;
- enum audit_mode audit;
- enum profile_mode mode;
- u32 flags;
- u32 path_flags;
- int size;
-
- struct aa_policydb policy;
- struct aa_file_rules file;
- struct aa_caps caps;
- struct aa_rlimit rlimits;
-};
-
-extern struct aa_namespace *root_ns;
-extern enum profile_mode aa_g_profile_mode;
-
-void aa_add_profile(struct aa_policy *common, struct aa_profile *profile);
-
-bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view);
-const char *aa_ns_name(struct aa_namespace *parent, struct aa_namespace *child);
-int aa_alloc_root_ns(void);
-void aa_free_root_ns(void);
-void aa_free_namespace_kref(struct kref *kref);
-
-struct aa_namespace *aa_find_namespace(struct aa_namespace *root,
- const char *name);
-
-static inline struct aa_policy *aa_get_common(struct aa_policy *c)
-{
- if (c)
- kref_get(&c->count);
-
- return c;
-}
-
-/**
- * aa_get_namespace - increment references count on @ns
- * @ns: namespace to increment reference count of (MAYBE NULL)
- *
- * Returns: pointer to @ns, if @ns is NULL returns NULL
- * Requires: @ns must be held with valid refcount when called
- */
-static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns)
-{
- if (ns)
- kref_get(&(ns->base.count));
-
- return ns;
-}
-
-/**
- * aa_put_namespace - decrement refcount on @ns
- * @ns: namespace to put reference of
- *
- * Decrement reference count of @ns and if no longer in use free it
- */
-static inline void aa_put_namespace(struct aa_namespace *ns)
-{
- if (ns)
- kref_put(&ns->base.count, aa_free_namespace_kref);
-}
-
-struct aa_profile *aa_alloc_profile(const char *name);
-struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
-void aa_free_profile_kref(struct kref *kref);
-struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
-struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *name);
-struct aa_profile *aa_match_profile(struct aa_namespace *ns, const char *name);
-
-ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace);
-ssize_t aa_remove_profiles(char *name, size_t size);
-
-#define PROF_ADD 1
-#define PROF_REPLACE 0
-
-#define unconfined(X) ((X)->flags & PFLAG_UNCONFINED)
-
-/**
- * aa_newest_version - find the newest version of @profile
- * @profile: the profile to check for newer versions of (NOT NULL)
- *
- * Returns: newest version of @profile, if @profile is the newest version
- * return @profile.
- *
- * NOTE: the profile returned is not refcounted, The refcount on @profile
- * must be held until the caller decides what to do with the returned newest
- * version.
- */
-static inline struct aa_profile *aa_newest_version(struct aa_profile *profile)
-{
- while (profile->replacedby)
- profile = profile->replacedby;
-
- return profile;
-}
-
-/**
- * aa_get_profile - increment refcount on profile @p
- * @p: profile (MAYBE NULL)
- *
- * Returns: pointer to @p if @p is NULL will return NULL
- * Requires: @p must be held with valid refcount when called
- */
-static inline struct aa_profile *aa_get_profile(struct aa_profile *p)
-{
- if (p)
- kref_get(&(p->base.count));
-
- return p;
-}
-
-/**
- * aa_put_profile - decrement refcount on profile @p
- * @p: profile (MAYBE NULL)
- */
-static inline void aa_put_profile(struct aa_profile *p)
-{
- if (p)
- kref_put(&p->base.count, aa_free_profile_kref);
-}
-
-static inline int AUDIT_MODE(struct aa_profile *profile)
-{
- if (aa_g_audit != AUDIT_NORMAL)
- return aa_g_audit;
-
- return profile->audit;
-}
-
-bool aa_may_manage_policy(int op);
-
-#endif /* __AA_POLICY_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/policy_unpack.h b/ANDROID_3.4.5/security/apparmor/include/policy_unpack.h
deleted file mode 100644
index a2dcccac..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/policy_unpack.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor policy loading interface function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __POLICY_INTERFACE_H
-#define __POLICY_INTERFACE_H
-
-struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns);
-
-#endif /* __POLICY_INTERFACE_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/procattr.h b/ANDROID_3.4.5/security/apparmor/include/procattr.h
deleted file mode 100644
index 544aa6b7..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/procattr.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor /proc//attr/ interface function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_PROCATTR_H
-#define __AA_PROCATTR_H
-
-#define AA_DO_TEST 1
-#define AA_ONEXEC 1
-
-int aa_getprocattr(struct aa_profile *profile, char **string);
-int aa_setprocattr_changehat(char *args, size_t size, int test);
-int aa_setprocattr_changeprofile(char *fqname, bool onexec, int test);
-int aa_setprocattr_permipc(char *fqname);
-
-#endif /* __AA_PROCATTR_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/resource.h b/ANDROID_3.4.5/security/apparmor/include/resource.h
deleted file mode 100644
index d3f4cf02..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/resource.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor resource limits function definitions.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_RESOURCE_H
-#define __AA_RESOURCE_H
-
-#include
-#include
-
-#include "apparmorfs.h"
-
-struct aa_profile;
-
-/* struct aa_rlimit - rlimit settings for the profile
- * @mask: which hard limits to set
- * @limits: rlimit values that override task limits
- *
- * AppArmor rlimits are used to set confined task rlimits. Only the
- * limits specified in @mask will be controlled by apparmor.
- */
-struct aa_rlimit {
- unsigned int mask;
- struct rlimit limits[RLIM_NLIMITS];
-};
-
-extern struct aa_fs_entry aa_fs_entry_rlimit[];
-
-int aa_map_resource(int resource);
-int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
- unsigned int resource, struct rlimit *new_rlim);
-
-void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
-
-static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims)
-{
- /* NOP */
-}
-
-#endif /* __AA_RESOURCE_H */
diff --git a/ANDROID_3.4.5/security/apparmor/include/sid.h b/ANDROID_3.4.5/security/apparmor/include/sid.h
deleted file mode 100644
index 020db35c..00000000
--- a/ANDROID_3.4.5/security/apparmor/include/sid.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor security identifier (sid) definitions
- *
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#ifndef __AA_SID_H
-#define __AA_SID_H
-
-#include
-
-struct aa_profile;
-
-u32 aa_alloc_sid(void);
-void aa_free_sid(u32 sid);
-
-#endif /* __AA_SID_H */
diff --git a/ANDROID_3.4.5/security/apparmor/ipc.c b/ANDROID_3.4.5/security/apparmor/ipc.c
deleted file mode 100644
index c3da93a5..00000000
--- a/ANDROID_3.4.5/security/apparmor/ipc.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor ipc mediation
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-
-#include "include/audit.h"
-#include "include/capability.h"
-#include "include/context.h"
-#include "include/policy.h"
-#include "include/ipc.h"
-
-/* call back to audit ptrace fields */
-static void audit_cb(struct audit_buffer *ab, void *va)
-{
- struct common_audit_data *sa = va;
- audit_log_format(ab, " target=");
- audit_log_untrustedstring(ab, sa->aad->target);
-}
-
-/**
- * aa_audit_ptrace - do auditing for ptrace
- * @profile: profile being enforced (NOT NULL)
- * @target: profile being traced (NOT NULL)
- * @error: error condition
- *
- * Returns: %0 or error code
- */
-static int aa_audit_ptrace(struct aa_profile *profile,
- struct aa_profile *target, int error)
-{
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad = &aad;
- aad.op = OP_PTRACE;
- aad.target = target;
- aad.error = error;
-
- return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
- audit_cb);
-}
-
-/**
- * aa_may_ptrace - test if tracer task can trace the tracee
- * @tracer_task: task who will do the tracing (NOT NULL)
- * @tracer: profile of the task doing the tracing (NOT NULL)
- * @tracee: task to be traced
- * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
- *
- * Returns: %0 else error code if permission denied or error
- */
-int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
- struct aa_profile *tracee, unsigned int mode)
-{
- /* TODO: currently only based on capability, not extended ptrace
- * rules,
- * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
- */
-
- if (unconfined(tracer) || tracer == tracee)
- return 0;
- /* log this capability request */
- return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1);
-}
-
-/**
- * aa_ptrace - do ptrace permission check and auditing
- * @tracer: task doing the tracing (NOT NULL)
- * @tracee: task being traced (NOT NULL)
- * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
- *
- * Returns: %0 else error code if permission denied or error
- */
-int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
- unsigned int mode)
-{
- /*
- * tracer can ptrace tracee when
- * - tracer is unconfined ||
- * - tracer is in complain mode
- * - tracer has rules allowing it to trace tracee currently this is:
- * - confined by the same profile ||
- * - tracer profile has CAP_SYS_PTRACE
- */
-
- struct aa_profile *tracer_p;
- /* cred released below */
- const struct cred *cred = get_task_cred(tracer);
- int error = 0;
- tracer_p = aa_cred_profile(cred);
-
- if (!unconfined(tracer_p)) {
- /* lcred released below */
- const struct cred *lcred = get_task_cred(tracee);
- struct aa_profile *tracee_p = aa_cred_profile(lcred);
-
- error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);
- error = aa_audit_ptrace(tracer_p, tracee_p, error);
-
- put_cred(lcred);
- }
- put_cred(cred);
-
- return error;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/lib.c b/ANDROID_3.4.5/security/apparmor/lib.c
deleted file mode 100644
index e75829ba..00000000
--- a/ANDROID_3.4.5/security/apparmor/lib.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains basic common functions used in AppArmor
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-#include
-#include
-
-#include "include/audit.h"
-#include "include/apparmor.h"
-
-
-/**
- * aa_split_fqname - split a fqname into a profile and namespace name
- * @fqname: a full qualified name in namespace profile format (NOT NULL)
- * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
- *
- * Returns: profile name or NULL if one is not specified
- *
- * Split a namespace name from a profile name (see policy.c for naming
- * description). If a portion of the name is missing it returns NULL for
- * that portion.
- *
- * NOTE: may modify the @fqname string. The pointers returned point
- * into the @fqname string.
- */
-char *aa_split_fqname(char *fqname, char **ns_name)
-{
- char *name = strim(fqname);
-
- *ns_name = NULL;
- if (name[0] == ':') {
- char *split = strchr(&name[1], ':');
- *ns_name = skip_spaces(&name[1]);
- if (split) {
- /* overwrite ':' with \0 */
- *split = 0;
- name = skip_spaces(split + 1);
- } else
- /* a ns name without a following profile is allowed */
- name = NULL;
- }
- if (name && *name == 0)
- name = NULL;
-
- return name;
-}
-
-/**
- * aa_info_message - log a none profile related status message
- * @str: message to log
- */
-void aa_info_message(const char *str)
-{
- if (audit_enabled) {
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad = &aad;
- aad.info = str;
- aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
- }
- printk(KERN_INFO "AppArmor: %s\n", str);
-}
-
-/**
- * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
- * @size: size of allocation
- *
- * Return: allocated buffer or NULL if failed
- *
- * It is possible that policy being loaded from the user is larger than
- * what can be allocated by kmalloc, in those cases fall back to vmalloc.
- */
-void *kvmalloc(size_t size)
-{
- void *buffer = NULL;
-
- if (size == 0)
- return NULL;
-
- /* do not attempt kmalloc if we need more than 16 pages at once */
- if (size <= (16*PAGE_SIZE))
- buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
- if (!buffer) {
- /* see kvfree for why size must be at least work_struct size
- * when allocated via vmalloc
- */
- if (size < sizeof(struct work_struct))
- size = sizeof(struct work_struct);
- buffer = vmalloc(size);
- }
- return buffer;
-}
-
-/**
- * do_vfree - workqueue routine for freeing vmalloced memory
- * @work: data to be freed
- *
- * The work_struct is overlaid to the data being freed, as at the point
- * the work is scheduled the data is no longer valid, be its freeing
- * needs to be delayed until safe.
- */
-static void do_vfree(struct work_struct *work)
-{
- vfree(work);
-}
-
-/**
- * kvfree - free an allocation do by kvmalloc
- * @buffer: buffer to free (MAYBE_NULL)
- *
- * Free a buffer allocated by kvmalloc
- */
-void kvfree(void *buffer)
-{
- if (is_vmalloc_addr(buffer)) {
- /* Data is no longer valid so just use the allocated space
- * as the work_struct
- */
- struct work_struct *work = (struct work_struct *) buffer;
- INIT_WORK(work, do_vfree);
- schedule_work(work);
- } else
- kfree(buffer);
-}
diff --git a/ANDROID_3.4.5/security/apparmor/lsm.c b/ANDROID_3.4.5/security/apparmor/lsm.c
deleted file mode 100644
index ad05d391..00000000
--- a/ANDROID_3.4.5/security/apparmor/lsm.c
+++ /dev/null
@@ -1,953 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor LSM hooks.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/apparmorfs.h"
-#include "include/audit.h"
-#include "include/capability.h"
-#include "include/context.h"
-#include "include/file.h"
-#include "include/ipc.h"
-#include "include/path.h"
-#include "include/policy.h"
-#include "include/procattr.h"
-
-/* Flag indicating whether initialization completed */
-int apparmor_initialized __initdata;
-
-/*
- * LSM hook functions
- */
-
-/*
- * free the associated aa_task_cxt and put its profiles
- */
-static void apparmor_cred_free(struct cred *cred)
-{
- aa_free_task_context(cred->security);
- cred->security = NULL;
-}
-
-/*
- * allocate the apparmor part of blank credentials
- */
-static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
-{
- /* freed by apparmor_cred_free */
- struct aa_task_cxt *cxt = aa_alloc_task_context(gfp);
- if (!cxt)
- return -ENOMEM;
-
- cred->security = cxt;
- return 0;
-}
-
-/*
- * prepare new aa_task_cxt for modification by prepare_cred block
- */
-static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
- gfp_t gfp)
-{
- /* freed by apparmor_cred_free */
- struct aa_task_cxt *cxt = aa_alloc_task_context(gfp);
- if (!cxt)
- return -ENOMEM;
-
- aa_dup_task_context(cxt, old->security);
- new->security = cxt;
- return 0;
-}
-
-/*
- * transfer the apparmor data to a blank set of creds
- */
-static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
-{
- const struct aa_task_cxt *old_cxt = old->security;
- struct aa_task_cxt *new_cxt = new->security;
-
- aa_dup_task_context(new_cxt, old_cxt);
-}
-
-static int apparmor_ptrace_access_check(struct task_struct *child,
- unsigned int mode)
-{
- int error = cap_ptrace_access_check(child, mode);
- if (error)
- return error;
-
- return aa_ptrace(current, child, mode);
-}
-
-static int apparmor_ptrace_traceme(struct task_struct *parent)
-{
- int error = cap_ptrace_traceme(parent);
- if (error)
- return error;
-
- return aa_ptrace(parent, current, PTRACE_MODE_ATTACH);
-}
-
-/* Derived from security/commoncap.c:cap_capget */
-static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
- kernel_cap_t *inheritable, kernel_cap_t *permitted)
-{
- struct aa_profile *profile;
- const struct cred *cred;
-
- rcu_read_lock();
- cred = __task_cred(target);
- profile = aa_cred_profile(cred);
-
- *effective = cred->cap_effective;
- *inheritable = cred->cap_inheritable;
- *permitted = cred->cap_permitted;
-
- if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {
- *effective = cap_intersect(*effective, profile->caps.allow);
- *permitted = cap_intersect(*permitted, profile->caps.allow);
- }
- rcu_read_unlock();
-
- return 0;
-}
-
-static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
- int cap, int audit)
-{
- struct aa_profile *profile;
- /* cap_capable returns 0 on success, else -EPERM */
- int error = cap_capable(cred, ns, cap, audit);
- if (!error) {
- profile = aa_cred_profile(cred);
- if (!unconfined(profile))
- error = aa_capable(current, profile, cap, audit);
- }
- return error;
-}
-
-/**
- * common_perm - basic common permission check wrapper fn for paths
- * @op: operation being checked
- * @path: path to check permission of (NOT NULL)
- * @mask: requested permissions mask
- * @cond: conditional info for the permission request (NOT NULL)
- *
- * Returns: %0 else error code if error or permission denied
- */
-static int common_perm(int op, struct path *path, u32 mask,
- struct path_cond *cond)
-{
- struct aa_profile *profile;
- int error = 0;
-
- profile = __aa_current_profile();
- if (!unconfined(profile))
- error = aa_path_perm(op, profile, path, 0, mask, cond);
-
- return error;
-}
-
-/**
- * common_perm_dir_dentry - common permission wrapper when path is dir, dentry
- * @op: operation being checked
- * @dir: directory of the dentry (NOT NULL)
- * @dentry: dentry to check (NOT NULL)
- * @mask: requested permissions mask
- * @cond: conditional info for the permission request (NOT NULL)
- *
- * Returns: %0 else error code if error or permission denied
- */
-static int common_perm_dir_dentry(int op, struct path *dir,
- struct dentry *dentry, u32 mask,
- struct path_cond *cond)
-{
- struct path path = { dir->mnt, dentry };
-
- return common_perm(op, &path, mask, cond);
-}
-
-/**
- * common_perm_mnt_dentry - common permission wrapper when mnt, dentry
- * @op: operation being checked
- * @mnt: mount point of dentry (NOT NULL)
- * @dentry: dentry to check (NOT NULL)
- * @mask: requested permissions mask
- *
- * Returns: %0 else error code if error or permission denied
- */
-static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
- struct dentry *dentry, u32 mask)
-{
- struct path path = { mnt, dentry };
- struct path_cond cond = { dentry->d_inode->i_uid,
- dentry->d_inode->i_mode
- };
-
- return common_perm(op, &path, mask, &cond);
-}
-
-/**
- * common_perm_rm - common permission wrapper for operations doing rm
- * @op: operation being checked
- * @dir: directory that the dentry is in (NOT NULL)
- * @dentry: dentry being rm'd (NOT NULL)
- * @mask: requested permission mask
- *
- * Returns: %0 else error code if error or permission denied
- */
-static int common_perm_rm(int op, struct path *dir,
- struct dentry *dentry, u32 mask)
-{
- struct inode *inode = dentry->d_inode;
- struct path_cond cond = { };
-
- if (!inode || !dir->mnt || !mediated_filesystem(inode))
- return 0;
-
- cond.uid = inode->i_uid;
- cond.mode = inode->i_mode;
-
- return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
-}
-
-/**
- * common_perm_create - common permission wrapper for operations doing create
- * @op: operation being checked
- * @dir: directory that dentry will be created in (NOT NULL)
- * @dentry: dentry to create (NOT NULL)
- * @mask: request permission mask
- * @mode: created file mode
- *
- * Returns: %0 else error code if error or permission denied
- */
-static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
- u32 mask, umode_t mode)
-{
- struct path_cond cond = { current_fsuid(), mode };
-
- if (!dir->mnt || !mediated_filesystem(dir->dentry->d_inode))
- return 0;
-
- return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
-}
-
-static int apparmor_path_unlink(struct path *dir, struct dentry *dentry)
-{
- return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
-}
-
-static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry,
- umode_t mode)
-{
- return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
- S_IFDIR);
-}
-
-static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry)
-{
- return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
-}
-
-static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
- umode_t mode, unsigned int dev)
-{
- return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
-}
-
-static int apparmor_path_truncate(struct path *path)
-{
- struct path_cond cond = { path->dentry->d_inode->i_uid,
- path->dentry->d_inode->i_mode
- };
-
- if (!path->mnt || !mediated_filesystem(path->dentry->d_inode))
- return 0;
-
- return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
- &cond);
-}
-
-static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
- const char *old_name)
-{
- return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE,
- S_IFLNK);
-}
-
-static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
- struct dentry *new_dentry)
-{
- struct aa_profile *profile;
- int error = 0;
-
- if (!mediated_filesystem(old_dentry->d_inode))
- return 0;
-
- profile = aa_current_profile();
- if (!unconfined(profile))
- error = aa_path_link(profile, old_dentry, new_dir, new_dentry);
- return error;
-}
-
-static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
-{
- struct aa_profile *profile;
- int error = 0;
-
- if (!mediated_filesystem(old_dentry->d_inode))
- return 0;
-
- profile = aa_current_profile();
- if (!unconfined(profile)) {
- struct path old_path = { old_dir->mnt, old_dentry };
- struct path new_path = { new_dir->mnt, new_dentry };
- struct path_cond cond = { old_dentry->d_inode->i_uid,
- old_dentry->d_inode->i_mode
- };
-
- error = aa_path_perm(OP_RENAME_SRC, profile, &old_path, 0,
- MAY_READ | AA_MAY_META_READ | MAY_WRITE |
- AA_MAY_META_WRITE | AA_MAY_DELETE,
- &cond);
- if (!error)
- error = aa_path_perm(OP_RENAME_DEST, profile, &new_path,
- 0, MAY_WRITE | AA_MAY_META_WRITE |
- AA_MAY_CREATE, &cond);
-
- }
- return error;
-}
-
-static int apparmor_path_chmod(struct path *path, umode_t mode)
-{
- if (!mediated_filesystem(path->dentry->d_inode))
- return 0;
-
- return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
-}
-
-static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid)
-{
- struct path_cond cond = { path->dentry->d_inode->i_uid,
- path->dentry->d_inode->i_mode
- };
-
- if (!mediated_filesystem(path->dentry->d_inode))
- return 0;
-
- return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
-}
-
-static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
-{
- if (!mediated_filesystem(dentry->d_inode))
- return 0;
-
- return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry,
- AA_MAY_META_READ);
-}
-
-static int apparmor_dentry_open(struct file *file, const struct cred *cred)
-{
- struct aa_file_cxt *fcxt = file->f_security;
- struct aa_profile *profile;
- int error = 0;
-
- if (!mediated_filesystem(file->f_path.dentry->d_inode))
- return 0;
-
- /* If in exec, permission is handled by bprm hooks.
- * Cache permissions granted by the previous exec check, with
- * implicit read and executable mmap which are required to
- * actually execute the image.
- */
- if (current->in_execve) {
- fcxt->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP;
- return 0;
- }
-
- profile = aa_cred_profile(cred);
- if (!unconfined(profile)) {
- struct inode *inode = file->f_path.dentry->d_inode;
- struct path_cond cond = { inode->i_uid, inode->i_mode };
-
- error = aa_path_perm(OP_OPEN, profile, &file->f_path, 0,
- aa_map_file_to_perms(file), &cond);
- /* todo cache full allowed permissions set and state */
- fcxt->allow = aa_map_file_to_perms(file);
- }
-
- return error;
-}
-
-static int apparmor_file_alloc_security(struct file *file)
-{
- /* freed by apparmor_file_free_security */
- file->f_security = aa_alloc_file_context(GFP_KERNEL);
- if (!file->f_security)
- return -ENOMEM;
- return 0;
-
-}
-
-static void apparmor_file_free_security(struct file *file)
-{
- struct aa_file_cxt *cxt = file->f_security;
-
- aa_free_file_context(cxt);
-}
-
-static int common_file_perm(int op, struct file *file, u32 mask)
-{
- struct aa_file_cxt *fcxt = file->f_security;
- struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred);
- int error = 0;
-
- BUG_ON(!fprofile);
-
- if (!file->f_path.mnt ||
- !mediated_filesystem(file->f_path.dentry->d_inode))
- return 0;
-
- profile = __aa_current_profile();
-
- /* revalidate access, if task is unconfined, or the cached cred
- * doesn't match or if the request is for more permissions than
- * was granted.
- *
- * Note: the test for !unconfined(fprofile) is to handle file
- * delegation from unconfined tasks
- */
- if (!unconfined(profile) && !unconfined(fprofile) &&
- ((fprofile != profile) || (mask & ~fcxt->allow)))
- error = aa_file_perm(op, profile, file, mask);
-
- return error;
-}
-
-static int apparmor_file_permission(struct file *file, int mask)
-{
- return common_file_perm(OP_FPERM, file, mask);
-}
-
-static int apparmor_file_lock(struct file *file, unsigned int cmd)
-{
- u32 mask = AA_MAY_LOCK;
-
- if (cmd == F_WRLCK)
- mask |= MAY_WRITE;
-
- return common_file_perm(OP_FLOCK, file, mask);
-}
-
-static int common_mmap(int op, struct file *file, unsigned long prot,
- unsigned long flags)
-{
- struct dentry *dentry;
- int mask = 0;
-
- if (!file || !file->f_security)
- return 0;
-
- if (prot & PROT_READ)
- mask |= MAY_READ;
- /*
- * Private mappings don't require write perms since they don't
- * write back to the files
- */
- if ((prot & PROT_WRITE) && !(flags & MAP_PRIVATE))
- mask |= MAY_WRITE;
- if (prot & PROT_EXEC)
- mask |= AA_EXEC_MMAP;
-
- dentry = file->f_path.dentry;
- return common_file_perm(op, file, mask);
-}
-
-static int apparmor_file_mmap(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags,
- unsigned long addr, unsigned long addr_only)
-{
- int rc = 0;
-
- /* do DAC check */
- rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
- if (rc || addr_only)
- return rc;
-
- return common_mmap(OP_FMMAP, file, prot, flags);
-}
-
-static int apparmor_file_mprotect(struct vm_area_struct *vma,
- unsigned long reqprot, unsigned long prot)
-{
- return common_mmap(OP_FMPROT, vma->vm_file, prot,
- !(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0);
-}
-
-static int apparmor_getprocattr(struct task_struct *task, char *name,
- char **value)
-{
- int error = -ENOENT;
- struct aa_profile *profile;
- /* released below */
- const struct cred *cred = get_task_cred(task);
- struct aa_task_cxt *cxt = cred->security;
- profile = aa_cred_profile(cred);
-
- if (strcmp(name, "current") == 0)
- error = aa_getprocattr(aa_newest_version(cxt->profile),
- value);
- else if (strcmp(name, "prev") == 0 && cxt->previous)
- error = aa_getprocattr(aa_newest_version(cxt->previous),
- value);
- else if (strcmp(name, "exec") == 0 && cxt->onexec)
- error = aa_getprocattr(aa_newest_version(cxt->onexec),
- value);
- else
- error = -EINVAL;
-
- put_cred(cred);
-
- return error;
-}
-
-static int apparmor_setprocattr(struct task_struct *task, char *name,
- void *value, size_t size)
-{
- char *command, *args = value;
- size_t arg_size;
- int error;
-
- if (size == 0)
- return -EINVAL;
- /* args points to a PAGE_SIZE buffer, AppArmor requires that
- * the buffer must be null terminated or have size <= PAGE_SIZE -1
- * so that AppArmor can null terminate them
- */
- if (args[size - 1] != '\0') {
- if (size == PAGE_SIZE)
- return -EINVAL;
- args[size] = '\0';
- }
-
- /* task can only write its own attributes */
- if (current != task)
- return -EACCES;
-
- args = value;
- args = strim(args);
- command = strsep(&args, " ");
- if (!args)
- return -EINVAL;
- args = skip_spaces(args);
- if (!*args)
- return -EINVAL;
-
- arg_size = size - (args - (char *) value);
- if (strcmp(name, "current") == 0) {
- if (strcmp(command, "changehat") == 0) {
- error = aa_setprocattr_changehat(args, arg_size,
- !AA_DO_TEST);
- } else if (strcmp(command, "permhat") == 0) {
- error = aa_setprocattr_changehat(args, arg_size,
- AA_DO_TEST);
- } else if (strcmp(command, "changeprofile") == 0) {
- error = aa_setprocattr_changeprofile(args, !AA_ONEXEC,
- !AA_DO_TEST);
- } else if (strcmp(command, "permprofile") == 0) {
- error = aa_setprocattr_changeprofile(args, !AA_ONEXEC,
- AA_DO_TEST);
- } else if (strcmp(command, "permipc") == 0) {
- error = aa_setprocattr_permipc(args);
- } else {
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad = &aad;
- aad.op = OP_SETPROCATTR;
- aad.info = name;
- aad.error = -EINVAL;
- return aa_audit(AUDIT_APPARMOR_DENIED,
- __aa_current_profile(), GFP_KERNEL,
- &sa, NULL);
- }
- } else if (strcmp(name, "exec") == 0) {
- error = aa_setprocattr_changeprofile(args, AA_ONEXEC,
- !AA_DO_TEST);
- } else {
- /* only support the "current" and "exec" process attributes */
- return -EINVAL;
- }
- if (!error)
- error = size;
- return error;
-}
-
-static int apparmor_task_setrlimit(struct task_struct *task,
- unsigned int resource, struct rlimit *new_rlim)
-{
- struct aa_profile *profile = __aa_current_profile();
- int error = 0;
-
- if (!unconfined(profile))
- error = aa_task_setrlimit(profile, task, resource, new_rlim);
-
- return error;
-}
-
-static struct security_operations apparmor_ops = {
- .name = "apparmor",
-
- .ptrace_access_check = apparmor_ptrace_access_check,
- .ptrace_traceme = apparmor_ptrace_traceme,
- .capget = apparmor_capget,
- .capable = apparmor_capable,
-
- .path_link = apparmor_path_link,
- .path_unlink = apparmor_path_unlink,
- .path_symlink = apparmor_path_symlink,
- .path_mkdir = apparmor_path_mkdir,
- .path_rmdir = apparmor_path_rmdir,
- .path_mknod = apparmor_path_mknod,
- .path_rename = apparmor_path_rename,
- .path_chmod = apparmor_path_chmod,
- .path_chown = apparmor_path_chown,
- .path_truncate = apparmor_path_truncate,
- .dentry_open = apparmor_dentry_open,
- .inode_getattr = apparmor_inode_getattr,
-
- .file_permission = apparmor_file_permission,
- .file_alloc_security = apparmor_file_alloc_security,
- .file_free_security = apparmor_file_free_security,
- .file_mmap = apparmor_file_mmap,
- .file_mprotect = apparmor_file_mprotect,
- .file_lock = apparmor_file_lock,
-
- .getprocattr = apparmor_getprocattr,
- .setprocattr = apparmor_setprocattr,
-
- .cred_alloc_blank = apparmor_cred_alloc_blank,
- .cred_free = apparmor_cred_free,
- .cred_prepare = apparmor_cred_prepare,
- .cred_transfer = apparmor_cred_transfer,
-
- .bprm_set_creds = apparmor_bprm_set_creds,
- .bprm_committing_creds = apparmor_bprm_committing_creds,
- .bprm_committed_creds = apparmor_bprm_committed_creds,
- .bprm_secureexec = apparmor_bprm_secureexec,
-
- .task_setrlimit = apparmor_task_setrlimit,
-};
-
-/*
- * AppArmor sysfs module parameters
- */
-
-static int param_set_aabool(const char *val, const struct kernel_param *kp);
-static int param_get_aabool(char *buffer, const struct kernel_param *kp);
-#define param_check_aabool param_check_bool
-static struct kernel_param_ops param_ops_aabool = {
- .set = param_set_aabool,
- .get = param_get_aabool
-};
-
-static int param_set_aauint(const char *val, const struct kernel_param *kp);
-static int param_get_aauint(char *buffer, const struct kernel_param *kp);
-#define param_check_aauint param_check_uint
-static struct kernel_param_ops param_ops_aauint = {
- .set = param_set_aauint,
- .get = param_get_aauint
-};
-
-static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
-static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
-#define param_check_aalockpolicy param_check_bool
-static struct kernel_param_ops param_ops_aalockpolicy = {
- .set = param_set_aalockpolicy,
- .get = param_get_aalockpolicy
-};
-
-static int param_set_audit(const char *val, struct kernel_param *kp);
-static int param_get_audit(char *buffer, struct kernel_param *kp);
-
-static int param_set_mode(const char *val, struct kernel_param *kp);
-static int param_get_mode(char *buffer, struct kernel_param *kp);
-
-/* Flag values, also controllable via /sys/module/apparmor/parameters
- * We define special types as we want to do additional mediation.
- */
-
-/* AppArmor global enforcement switch - complain, enforce, kill */
-enum profile_mode aa_g_profile_mode = APPARMOR_ENFORCE;
-module_param_call(mode, param_set_mode, param_get_mode,
- &aa_g_profile_mode, S_IRUSR | S_IWUSR);
-
-/* Debug mode */
-bool aa_g_debug;
-module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);
-
-/* Audit mode */
-enum audit_mode aa_g_audit;
-module_param_call(audit, param_set_audit, param_get_audit,
- &aa_g_audit, S_IRUSR | S_IWUSR);
-
-/* Determines if audit header is included in audited messages. This
- * provides more context if the audit daemon is not running
- */
-bool aa_g_audit_header = 1;
-module_param_named(audit_header, aa_g_audit_header, aabool,
- S_IRUSR | S_IWUSR);
-
-/* lock out loading/removal of policy
- * TODO: add in at boot loading of policy, which is the only way to
- * load policy, if lock_policy is set
- */
-bool aa_g_lock_policy;
-module_param_named(lock_policy, aa_g_lock_policy, aalockpolicy,
- S_IRUSR | S_IWUSR);
-
-/* Syscall logging mode */
-bool aa_g_logsyscall;
-module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR);
-
-/* Maximum pathname length before accesses will start getting rejected */
-unsigned int aa_g_path_max = 2 * PATH_MAX;
-module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR | S_IWUSR);
-
-/* Determines how paranoid loading of policy is and how much verification
- * on the loaded policy is done.
- */
-bool aa_g_paranoid_load = 1;
-module_param_named(paranoid_load, aa_g_paranoid_load, aabool,
- S_IRUSR | S_IWUSR);
-
-/* Boot time disable flag */
-static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
-module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR);
-
-static int __init apparmor_enabled_setup(char *str)
-{
- unsigned long enabled;
- int error = strict_strtoul(str, 0, &enabled);
- if (!error)
- apparmor_enabled = enabled ? 1 : 0;
- return 1;
-}
-
-__setup("apparmor=", apparmor_enabled_setup);
-
-/* set global flag turning off the ability to load policy */
-static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
- if (aa_g_lock_policy)
- return -EACCES;
- return param_set_bool(val, kp);
-}
-
-static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
- return param_get_bool(buffer, kp);
-}
-
-static int param_set_aabool(const char *val, const struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
- return param_set_bool(val, kp);
-}
-
-static int param_get_aabool(char *buffer, const struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
- return param_get_bool(buffer, kp);
-}
-
-static int param_set_aauint(const char *val, const struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
- return param_set_uint(val, kp);
-}
-
-static int param_get_aauint(char *buffer, const struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
- return param_get_uint(buffer, kp);
-}
-
-static int param_get_audit(char *buffer, struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
-
- if (!apparmor_enabled)
- return -EINVAL;
-
- return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]);
-}
-
-static int param_set_audit(const char *val, struct kernel_param *kp)
-{
- int i;
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
-
- if (!apparmor_enabled)
- return -EINVAL;
-
- if (!val)
- return -EINVAL;
-
- for (i = 0; i < AUDIT_MAX_INDEX; i++) {
- if (strcmp(val, audit_mode_names[i]) == 0) {
- aa_g_audit = i;
- return 0;
- }
- }
-
- return -EINVAL;
-}
-
-static int param_get_mode(char *buffer, struct kernel_param *kp)
-{
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
-
- if (!apparmor_enabled)
- return -EINVAL;
-
- return sprintf(buffer, "%s", profile_mode_names[aa_g_profile_mode]);
-}
-
-static int param_set_mode(const char *val, struct kernel_param *kp)
-{
- int i;
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
-
- if (!apparmor_enabled)
- return -EINVAL;
-
- if (!val)
- return -EINVAL;
-
- for (i = 0; i < APPARMOR_NAMES_MAX_INDEX; i++) {
- if (strcmp(val, profile_mode_names[i]) == 0) {
- aa_g_profile_mode = i;
- return 0;
- }
- }
-
- return -EINVAL;
-}
-
-/*
- * AppArmor init functions
- */
-
-/**
- * set_init_cxt - set a task context and profile on the first task.
- *
- * TODO: allow setting an alternate profile than unconfined
- */
-static int __init set_init_cxt(void)
-{
- struct cred *cred = (struct cred *)current->real_cred;
- struct aa_task_cxt *cxt;
-
- cxt = aa_alloc_task_context(GFP_KERNEL);
- if (!cxt)
- return -ENOMEM;
-
- cxt->profile = aa_get_profile(root_ns->unconfined);
- cred->security = cxt;
-
- return 0;
-}
-
-static int __init apparmor_init(void)
-{
- int error;
-
- if (!apparmor_enabled || !security_module_enable(&apparmor_ops)) {
- aa_info_message("AppArmor disabled by boot time parameter");
- apparmor_enabled = 0;
- return 0;
- }
-
- error = aa_alloc_root_ns();
- if (error) {
- AA_ERROR("Unable to allocate default profile namespace\n");
- goto alloc_out;
- }
-
- error = set_init_cxt();
- if (error) {
- AA_ERROR("Failed to set context on init task\n");
- goto register_security_out;
- }
-
- error = register_security(&apparmor_ops);
- if (error) {
- AA_ERROR("Unable to register AppArmor\n");
- goto set_init_cxt_out;
- }
-
- /* Report that AppArmor successfully initialized */
- apparmor_initialized = 1;
- if (aa_g_profile_mode == APPARMOR_COMPLAIN)
- aa_info_message("AppArmor initialized: complain mode enabled");
- else if (aa_g_profile_mode == APPARMOR_KILL)
- aa_info_message("AppArmor initialized: kill mode enabled");
- else
- aa_info_message("AppArmor initialized");
-
- return error;
-
-set_init_cxt_out:
- aa_free_task_context(current->real_cred->security);
-
-register_security_out:
- aa_free_root_ns();
-
-alloc_out:
- aa_destroy_aafs();
-
- apparmor_enabled = 0;
- return error;
-}
-
-security_initcall(apparmor_init);
diff --git a/ANDROID_3.4.5/security/apparmor/match.c b/ANDROID_3.4.5/security/apparmor/match.c
deleted file mode 100644
index 90971a8c..00000000
--- a/ANDROID_3.4.5/security/apparmor/match.c
+++ /dev/null
@@ -1,427 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor dfa based regular expression matching engine
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/match.h"
-
-/**
- * unpack_table - unpack a dfa table (one of accept, default, base, next check)
- * @blob: data to unpack (NOT NULL)
- * @bsize: size of blob
- *
- * Returns: pointer to table else NULL on failure
- *
- * NOTE: must be freed by kvfree (not kmalloc)
- */
-static struct table_header *unpack_table(char *blob, size_t bsize)
-{
- struct table_header *table = NULL;
- struct table_header th;
- size_t tsize;
-
- if (bsize < sizeof(struct table_header))
- goto out;
-
- /* loaded td_id's start at 1, subtract 1 now to avoid doing
- * it every time we use td_id as an index
- */
- th.td_id = be16_to_cpu(*(u16 *) (blob)) - 1;
- th.td_flags = be16_to_cpu(*(u16 *) (blob + 2));
- th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8));
- blob += sizeof(struct table_header);
-
- if (!(th.td_flags == YYTD_DATA16 || th.td_flags == YYTD_DATA32 ||
- th.td_flags == YYTD_DATA8))
- goto out;
-
- tsize = table_size(th.td_lolen, th.td_flags);
- if (bsize < tsize)
- goto out;
-
- table = kvmalloc(tsize);
- if (table) {
- *table = th;
- if (th.td_flags == YYTD_DATA8)
- UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
- u8, byte_to_byte);
- else if (th.td_flags == YYTD_DATA16)
- UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
- u16, be16_to_cpu);
- else if (th.td_flags == YYTD_DATA32)
- UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
- u32, be32_to_cpu);
- else
- goto fail;
- }
-
-out:
- /* if table was vmalloced make sure the page tables are synced
- * before it is used, as it goes live to all cpus.
- */
- if (is_vmalloc_addr(table))
- vm_unmap_aliases();
- return table;
-fail:
- kvfree(table);
- return NULL;
-}
-
-/**
- * verify_dfa - verify that transitions and states in the tables are in bounds.
- * @dfa: dfa to test (NOT NULL)
- * @flags: flags controlling what type of accept table are acceptable
- *
- * Assumes dfa has gone through the first pass verification done by unpacking
- * NOTE: this does not valid accept table values
- *
- * Returns: %0 else error code on failure to verify
- */
-static int verify_dfa(struct aa_dfa *dfa, int flags)
-{
- size_t i, state_count, trans_count;
- int error = -EPROTO;
-
- /* check that required tables exist */
- if (!(dfa->tables[YYTD_ID_DEF] &&
- dfa->tables[YYTD_ID_BASE] &&
- dfa->tables[YYTD_ID_NXT] && dfa->tables[YYTD_ID_CHK]))
- goto out;
-
- /* accept.size == default.size == base.size */
- state_count = dfa->tables[YYTD_ID_BASE]->td_lolen;
- if (ACCEPT1_FLAGS(flags)) {
- if (!dfa->tables[YYTD_ID_ACCEPT])
- goto out;
- if (state_count != dfa->tables[YYTD_ID_ACCEPT]->td_lolen)
- goto out;
- }
- if (ACCEPT2_FLAGS(flags)) {
- if (!dfa->tables[YYTD_ID_ACCEPT2])
- goto out;
- if (state_count != dfa->tables[YYTD_ID_ACCEPT2]->td_lolen)
- goto out;
- }
- if (state_count != dfa->tables[YYTD_ID_DEF]->td_lolen)
- goto out;
-
- /* next.size == chk.size */
- trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen;
- if (trans_count != dfa->tables[YYTD_ID_CHK]->td_lolen)
- goto out;
-
- /* if equivalence classes then its table size must be 256 */
- if (dfa->tables[YYTD_ID_EC] &&
- dfa->tables[YYTD_ID_EC]->td_lolen != 256)
- goto out;
-
- if (flags & DFA_FLAG_VERIFY_STATES) {
- for (i = 0; i < state_count; i++) {
- if (DEFAULT_TABLE(dfa)[i] >= state_count)
- goto out;
- /* TODO: do check that DEF state recursion terminates */
- if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {
- printk(KERN_ERR "AppArmor DFA next/check upper "
- "bounds error\n");
- goto out;
- }
- }
-
- for (i = 0; i < trans_count; i++) {
- if (NEXT_TABLE(dfa)[i] >= state_count)
- goto out;
- if (CHECK_TABLE(dfa)[i] >= state_count)
- goto out;
- }
- }
-
- error = 0;
-out:
- return error;
-}
-
-/**
- * dfa_free - free a dfa allocated by aa_dfa_unpack
- * @dfa: the dfa to free (MAYBE NULL)
- *
- * Requires: reference count to dfa == 0
- */
-static void dfa_free(struct aa_dfa *dfa)
-{
- if (dfa) {
- int i;
-
- for (i = 0; i < ARRAY_SIZE(dfa->tables); i++) {
- kvfree(dfa->tables[i]);
- dfa->tables[i] = NULL;
- }
- kfree(dfa);
- }
-}
-
-/**
- * aa_dfa_free_kref - free aa_dfa by kref (called by aa_put_dfa)
- * @kr: kref callback for freeing of a dfa (NOT NULL)
- */
-void aa_dfa_free_kref(struct kref *kref)
-{
- struct aa_dfa *dfa = container_of(kref, struct aa_dfa, count);
- dfa_free(dfa);
-}
-
-/**
- * aa_dfa_unpack - unpack the binary tables of a serialized dfa
- * @blob: aligned serialized stream of data to unpack (NOT NULL)
- * @size: size of data to unpack
- * @flags: flags controlling what type of accept tables are acceptable
- *
- * Unpack a dfa that has been serialized. To find information on the dfa
- * format look in Documentation/security/apparmor.txt
- * Assumes the dfa @blob stream has been aligned on a 8 byte boundary
- *
- * Returns: an unpacked dfa ready for matching or ERR_PTR on failure
- */
-struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags)
-{
- int hsize;
- int error = -ENOMEM;
- char *data = blob;
- struct table_header *table = NULL;
- struct aa_dfa *dfa = kzalloc(sizeof(struct aa_dfa), GFP_KERNEL);
- if (!dfa)
- goto fail;
-
- kref_init(&dfa->count);
-
- error = -EPROTO;
-
- /* get dfa table set header */
- if (size < sizeof(struct table_set_header))
- goto fail;
-
- if (ntohl(*(u32 *) data) != YYTH_MAGIC)
- goto fail;
-
- hsize = ntohl(*(u32 *) (data + 4));
- if (size < hsize)
- goto fail;
-
- dfa->flags = ntohs(*(u16 *) (data + 12));
- data += hsize;
- size -= hsize;
-
- while (size > 0) {
- table = unpack_table(data, size);
- if (!table)
- goto fail;
-
- switch (table->td_id) {
- case YYTD_ID_ACCEPT:
- if (!(table->td_flags & ACCEPT1_FLAGS(flags)))
- goto fail;
- break;
- case YYTD_ID_ACCEPT2:
- if (!(table->td_flags & ACCEPT2_FLAGS(flags)))
- goto fail;
- break;
- case YYTD_ID_BASE:
- if (table->td_flags != YYTD_DATA32)
- goto fail;
- break;
- case YYTD_ID_DEF:
- case YYTD_ID_NXT:
- case YYTD_ID_CHK:
- if (table->td_flags != YYTD_DATA16)
- goto fail;
- break;
- case YYTD_ID_EC:
- if (table->td_flags != YYTD_DATA8)
- goto fail;
- break;
- default:
- goto fail;
- }
- /* check for duplicate table entry */
- if (dfa->tables[table->td_id])
- goto fail;
- dfa->tables[table->td_id] = table;
- data += table_size(table->td_lolen, table->td_flags);
- size -= table_size(table->td_lolen, table->td_flags);
- table = NULL;
- }
-
- error = verify_dfa(dfa, flags);
- if (error)
- goto fail;
-
- return dfa;
-
-fail:
- kvfree(table);
- dfa_free(dfa);
- return ERR_PTR(error);
-}
-
-/**
- * aa_dfa_match_len - traverse @dfa to find state @str stops at
- * @dfa: the dfa to match @str against (NOT NULL)
- * @start: the state of the dfa to start matching in
- * @str: the string of bytes to match against the dfa (NOT NULL)
- * @len: length of the string of bytes to match
- *
- * aa_dfa_match_len will match @str against the dfa and return the state it
- * finished matching in. The final state can be used to look up the accepting
- * label, or as the start state of a continuing match.
- *
- * This function will happily match again the 0 byte and only finishes
- * when @len input is consumed.
- *
- * Returns: final state reached after input is consumed
- */
-unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
- const char *str, int len)
-{
- u16 *def = DEFAULT_TABLE(dfa);
- u32 *base = BASE_TABLE(dfa);
- u16 *next = NEXT_TABLE(dfa);
- u16 *check = CHECK_TABLE(dfa);
- unsigned int state = start, pos;
-
- if (state == 0)
- return 0;
-
- /* current state is , matching character *str */
- if (dfa->tables[YYTD_ID_EC]) {
- /* Equivalence class table defined */
- u8 *equiv = EQUIV_TABLE(dfa);
- /* default is direct to next state */
- for (; len; len--) {
- pos = base[state] + equiv[(u8) *str++];
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
- } else {
- /* default is direct to next state */
- for (; len; len--) {
- pos = base[state] + (u8) *str++;
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
- }
-
- return state;
-}
-
-/**
- * aa_dfa_match - traverse @dfa to find state @str stops at
- * @dfa: the dfa to match @str against (NOT NULL)
- * @start: the state of the dfa to start matching in
- * @str: the null terminated string of bytes to match against the dfa (NOT NULL)
- *
- * aa_dfa_match will match @str against the dfa and return the state it
- * finished matching in. The final state can be used to look up the accepting
- * label, or as the start state of a continuing match.
- *
- * Returns: final state reached after input is consumed
- */
-unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
- const char *str)
-{
- u16 *def = DEFAULT_TABLE(dfa);
- u32 *base = BASE_TABLE(dfa);
- u16 *next = NEXT_TABLE(dfa);
- u16 *check = CHECK_TABLE(dfa);
- unsigned int state = start, pos;
-
- if (state == 0)
- return 0;
-
- /* current state is , matching character *str */
- if (dfa->tables[YYTD_ID_EC]) {
- /* Equivalence class table defined */
- u8 *equiv = EQUIV_TABLE(dfa);
- /* default is direct to next state */
- while (*str) {
- pos = base[state] + equiv[(u8) *str++];
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
- } else {
- /* default is direct to next state */
- while (*str) {
- pos = base[state] + (u8) *str++;
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
- }
-
- return state;
-}
-
-/**
- * aa_dfa_next - step one character to the next state in the dfa
- * @dfa: the dfa to tranverse (NOT NULL)
- * @state: the state to start in
- * @c: the input character to transition on
- *
- * aa_dfa_match will step through the dfa by one input character @c
- *
- * Returns: state reach after input @c
- */
-unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
- const char c)
-{
- u16 *def = DEFAULT_TABLE(dfa);
- u32 *base = BASE_TABLE(dfa);
- u16 *next = NEXT_TABLE(dfa);
- u16 *check = CHECK_TABLE(dfa);
- unsigned int pos;
-
- /* current state is , matching character *str */
- if (dfa->tables[YYTD_ID_EC]) {
- /* Equivalence class table defined */
- u8 *equiv = EQUIV_TABLE(dfa);
- /* default is direct to next state */
-
- pos = base[state] + equiv[(u8) c];
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- } else {
- /* default is direct to next state */
- pos = base[state] + (u8) c;
- if (check[pos] == state)
- state = next[pos];
- else
- state = def[state];
- }
-
- return state;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/path.c b/ANDROID_3.4.5/security/apparmor/path.c
deleted file mode 100644
index 2daeea4f..00000000
--- a/ANDROID_3.4.5/security/apparmor/path.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor function for pathnames
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/path.h"
-#include "include/policy.h"
-
-
-/* modified from dcache.c */
-static int prepend(char **buffer, int buflen, const char *str, int namelen)
-{
- buflen -= namelen;
- if (buflen < 0)
- return -ENAMETOOLONG;
- *buffer -= namelen;
- memcpy(*buffer, str, namelen);
- return 0;
-}
-
-#define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
-
-/**
- * d_namespace_path - lookup a name associated with a given path
- * @path: path to lookup (NOT NULL)
- * @buf: buffer to store path to (NOT NULL)
- * @buflen: length of @buf
- * @name: Returns - pointer for start of path name with in @buf (NOT NULL)
- * @flags: flags controlling path lookup
- *
- * Handle path name lookup.
- *
- * Returns: %0 else error code if path lookup fails
- * When no error the path name is returned in @name which points to
- * to a position in @buf
- */
-static int d_namespace_path(struct path *path, char *buf, int buflen,
- char **name, int flags)
-{
- char *res;
- int error = 0;
- int connected = 1;
-
- if (path->mnt->mnt_flags & MNT_INTERNAL) {
- /* it's not mounted anywhere */
- res = dentry_path(path->dentry, buf, buflen);
- *name = res;
- if (IS_ERR(res)) {
- *name = buf;
- return PTR_ERR(res);
- }
- if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
- strncmp(*name, "/sys/", 5) == 0) {
- /* TODO: convert over to using a per namespace
- * control instead of hard coded /proc
- */
- return prepend(name, *name - buf, "/proc", 5);
- }
- return 0;
- }
-
- /* resolve paths relative to chroot?*/
- if (flags & PATH_CHROOT_REL) {
- struct path root;
- get_fs_root(current->fs, &root);
- res = __d_path(path, &root, buf, buflen);
- path_put(&root);
- } else {
- res = d_absolute_path(path, buf, buflen);
- if (!our_mnt(path->mnt))
- connected = 0;
- }
-
- /* handle error conditions - and still allow a partial path to
- * be returned.
- */
- if (!res || IS_ERR(res)) {
- connected = 0;
- res = dentry_path_raw(path->dentry, buf, buflen);
- if (IS_ERR(res)) {
- error = PTR_ERR(res);
- *name = buf;
- goto out;
- };
- } else if (!our_mnt(path->mnt))
- connected = 0;
-
- *name = res;
-
- /* Handle two cases:
- * 1. A deleted dentry && profile is not allowing mediation of deleted
- * 2. On some filesystems, newly allocated dentries appear to the
- * security_path hooks as a deleted dentry except without an inode
- * allocated.
- */
- if (d_unlinked(path->dentry) && path->dentry->d_inode &&
- !(flags & PATH_MEDIATE_DELETED)) {
- error = -ENOENT;
- goto out;
- }
-
- /* If the path is not connected to the expected root,
- * check if it is a sysctl and handle specially else remove any
- * leading / that __d_path may have returned.
- * Unless
- * specifically directed to connect the path,
- * OR
- * if in a chroot and doing chroot relative paths and the path
- * resolves to the namespace root (would be connected outside
- * of chroot) and specifically directed to connect paths to
- * namespace root.
- */
- if (!connected) {
- if (!(flags & PATH_CONNECT_PATH) &&
- !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
- our_mnt(path->mnt))) {
- /* disconnected path, don't return pathname starting
- * with '/'
- */
- error = -EACCES;
- if (*res == '/')
- *name = res + 1;
- }
- }
-
-out:
- return error;
-}
-
-/**
- * get_name_to_buffer - get the pathname to a buffer ensure dir / is appended
- * @path: path to get name for (NOT NULL)
- * @flags: flags controlling path lookup
- * @buffer: buffer to put name in (NOT NULL)
- * @size: size of buffer
- * @name: Returns - contains position of path name in @buffer (NOT NULL)
- *
- * Returns: %0 else error on failure
- */
-static int get_name_to_buffer(struct path *path, int flags, char *buffer,
- int size, char **name, const char **info)
-{
- int adjust = (flags & PATH_IS_DIR) ? 1 : 0;
- int error = d_namespace_path(path, buffer, size - adjust, name, flags);
-
- if (!error && (flags & PATH_IS_DIR) && (*name)[1] != '\0')
- /*
- * Append "/" to the pathname. The root directory is a special
- * case; it already ends in slash.
- */
- strcpy(&buffer[size - 2], "/");
-
- if (info && error) {
- if (error == -ENOENT)
- *info = "Failed name lookup - deleted entry";
- else if (error == -ESTALE)
- *info = "Failed name lookup - disconnected path";
- else if (error == -ENAMETOOLONG)
- *info = "Failed name lookup - name too long";
- else
- *info = "Failed name lookup";
- }
-
- return error;
-}
-
-/**
- * aa_path_name - compute the pathname of a file
- * @path: path the file (NOT NULL)
- * @flags: flags controlling path name generation
- * @buffer: buffer that aa_get_name() allocated (NOT NULL)
- * @name: Returns - the generated path name if !error (NOT NULL)
- * @info: Returns - information on why the path lookup failed (MAYBE NULL)
- *
- * @name is a pointer to the beginning of the pathname (which usually differs
- * from the beginning of the buffer), or NULL. If there is an error @name
- * may contain a partial or invalid name that can be used for audit purposes,
- * but it can not be used for mediation.
- *
- * We need PATH_IS_DIR to indicate whether the file is a directory or not
- * because the file may not yet exist, and so we cannot check the inode's
- * file type.
- *
- * Returns: %0 else error code if could retrieve name
- */
-int aa_path_name(struct path *path, int flags, char **buffer, const char **name,
- const char **info)
-{
- char *buf, *str = NULL;
- int size = 256;
- int error;
-
- *name = NULL;
- *buffer = NULL;
- for (;;) {
- /* freed by caller */
- buf = kmalloc(size, GFP_KERNEL);
- if (!buf)
- return -ENOMEM;
-
- error = get_name_to_buffer(path, flags, buf, size, &str, info);
- if (error != -ENAMETOOLONG)
- break;
-
- kfree(buf);
- size <<= 1;
- if (size > aa_g_path_max)
- return -ENAMETOOLONG;
- *info = NULL;
- }
- *buffer = buf;
- *name = str;
-
- return error;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/policy.c b/ANDROID_3.4.5/security/apparmor/policy.c
deleted file mode 100644
index f1f7506a..00000000
--- a/ANDROID_3.4.5/security/apparmor/policy.c
+++ /dev/null
@@ -1,1189 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor policy manipulation functions
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- *
- * AppArmor policy is based around profiles, which contain the rules a
- * task is confined by. Every task in the system has a profile attached
- * to it determined either by matching "unconfined" tasks against the
- * visible set of profiles or by following a profiles attachment rules.
- *
- * Each profile exists in a profile namespace which is a container of
- * visible profiles. Each namespace contains a special "unconfined" profile,
- * which doesn't enforce any confinement on a task beyond DAC.
- *
- * Namespace and profile names can be written together in either
- * of two syntaxes.
- * :namespace:profile - used by kernel interfaces for easy detection
- * namespace://profile - used by policy
- *
- * Profile names can not start with : or @ or ^ and may not contain \0
- *
- * Reserved profile names
- * unconfined - special automatically generated unconfined profile
- * inherit - special name to indicate profile inheritance
- * null-XXXX-YYYY - special automatically generated learning profiles
- *
- * Namespace names may not start with / or @ and may not contain \0 or :
- * Reserved namespace names
- * user-XXXX - user defined profiles
- *
- * a // in a profile or namespace name indicates a hierarchical name with the
- * name before the // being the parent and the name after the child.
- *
- * Profile and namespace hierarchies serve two different but similar purposes.
- * The namespace contains the set of visible profiles that are considered
- * for attachment. The hierarchy of namespaces allows for virtualizing
- * the namespace so that for example a chroot can have its own set of profiles
- * which may define some local user namespaces.
- * The profile hierarchy severs two distinct purposes,
- * - it allows for sub profiles or hats, which allows an application to run
- * subprograms under its own profile with different restriction than it
- * self, and not have it use the system profile.
- * eg. if a mail program starts an editor, the policy might make the
- * restrictions tighter on the editor tighter than the mail program,
- * and definitely different than general editor restrictions
- * - it allows for binary hierarchy of profiles, so that execution history
- * is preserved. This feature isn't exploited by AppArmor reference policy
- * but is allowed. NOTE: this is currently suboptimal because profile
- * aliasing is not currently implemented so that a profile for each
- * level must be defined.
- * eg. /bin/bash///bin/ls as a name would indicate /bin/ls was started
- * from /bin/bash
- *
- * A profile or namespace name that can contain one or more // separators
- * is referred to as an hname (hierarchical).
- * eg. /bin/bash//bin/ls
- *
- * An fqname is a name that may contain both namespace and profile hnames.
- * eg. :ns:/bin/bash//bin/ls
- *
- * NOTES:
- * - locking of profile lists is currently fairly coarse. All profile
- * lists within a namespace use the namespace lock.
- * FIXME: move profile lists to using rcu_lists
- */
-
-#include
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/capability.h"
-#include "include/context.h"
-#include "include/file.h"
-#include "include/ipc.h"
-#include "include/match.h"
-#include "include/path.h"
-#include "include/policy.h"
-#include "include/policy_unpack.h"
-#include "include/resource.h"
-#include "include/sid.h"
-
-
-/* root profile namespace */
-struct aa_namespace *root_ns;
-
-const char *const profile_mode_names[] = {
- "enforce",
- "complain",
- "kill",
-};
-
-/**
- * hname_tail - find the last component of an hname
- * @name: hname to find the base profile name component of (NOT NULL)
- *
- * Returns: the tail (base profile name) name component of an hname
- */
-static const char *hname_tail(const char *hname)
-{
- char *split;
- hname = strim((char *)hname);
- for (split = strstr(hname, "//"); split; split = strstr(hname, "//"))
- hname = split + 2;
-
- return hname;
-}
-
-/**
- * policy_init - initialize a policy structure
- * @policy: policy to initialize (NOT NULL)
- * @prefix: prefix name if any is required. (MAYBE NULL)
- * @name: name of the policy, init will make a copy of it (NOT NULL)
- *
- * Note: this fn creates a copy of strings passed in
- *
- * Returns: true if policy init successful
- */
-static bool policy_init(struct aa_policy *policy, const char *prefix,
- const char *name)
-{
- /* freed by policy_free */
- if (prefix) {
- policy->hname = kmalloc(strlen(prefix) + strlen(name) + 3,
- GFP_KERNEL);
- if (policy->hname)
- sprintf(policy->hname, "%s//%s", prefix, name);
- } else
- policy->hname = kstrdup(name, GFP_KERNEL);
- if (!policy->hname)
- return 0;
- /* base.name is a substring of fqname */
- policy->name = (char *)hname_tail(policy->hname);
- INIT_LIST_HEAD(&policy->list);
- INIT_LIST_HEAD(&policy->profiles);
- kref_init(&policy->count);
-
- return 1;
-}
-
-/**
- * policy_destroy - free the elements referenced by @policy
- * @policy: policy that is to have its elements freed (NOT NULL)
- */
-static void policy_destroy(struct aa_policy *policy)
-{
- /* still contains profiles -- invalid */
- if (!list_empty(&policy->profiles)) {
- AA_ERROR("%s: internal error, "
- "policy '%s' still contains profiles\n",
- __func__, policy->name);
- BUG();
- }
- if (!list_empty(&policy->list)) {
- AA_ERROR("%s: internal error, policy '%s' still on list\n",
- __func__, policy->name);
- BUG();
- }
-
- /* don't free name as its a subset of hname */
- kzfree(policy->hname);
-}
-
-/**
- * __policy_find - find a policy by @name on a policy list
- * @head: list to search (NOT NULL)
- * @name: name to search for (NOT NULL)
- *
- * Requires: correct locks for the @head list be held
- *
- * Returns: unrefcounted policy that match @name or NULL if not found
- */
-static struct aa_policy *__policy_find(struct list_head *head, const char *name)
-{
- struct aa_policy *policy;
-
- list_for_each_entry(policy, head, list) {
- if (!strcmp(policy->name, name))
- return policy;
- }
- return NULL;
-}
-
-/**
- * __policy_strn_find - find a policy that's name matches @len chars of @str
- * @head: list to search (NOT NULL)
- * @str: string to search for (NOT NULL)
- * @len: length of match required
- *
- * Requires: correct locks for the @head list be held
- *
- * Returns: unrefcounted policy that match @str or NULL if not found
- *
- * if @len == strlen(@strlen) then this is equiv to __policy_find
- * other wise it allows searching for policy by a partial match of name
- */
-static struct aa_policy *__policy_strn_find(struct list_head *head,
- const char *str, int len)
-{
- struct aa_policy *policy;
-
- list_for_each_entry(policy, head, list) {
- if (aa_strneq(policy->name, str, len))
- return policy;
- }
-
- return NULL;
-}
-
-/*
- * Routines for AppArmor namespaces
- */
-
-static const char *hidden_ns_name = "---";
-/**
- * aa_ns_visible - test if @view is visible from @curr
- * @curr: namespace to treat as the parent (NOT NULL)
- * @view: namespace to test if visible from @curr (NOT NULL)
- *
- * Returns: true if @view is visible from @curr else false
- */
-bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view)
-{
- if (curr == view)
- return true;
-
- for ( ; view; view = view->parent) {
- if (view->parent == curr)
- return true;
- }
- return false;
-}
-
-/**
- * aa_na_name - Find the ns name to display for @view from @curr
- * @curr - current namespace (NOT NULL)
- * @view - namespace attempting to view (NOT NULL)
- *
- * Returns: name of @view visible from @curr
- */
-const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
-{
- /* if view == curr then the namespace name isn't displayed */
- if (curr == view)
- return "";
-
- if (aa_ns_visible(curr, view)) {
- /* at this point if a ns is visible it is in a view ns
- * thus the curr ns.hname is a prefix of its name.
- * Only output the virtualized portion of the name
- * Add + 2 to skip over // separating curr hname prefix
- * from the visible tail of the views hname
- */
- return view->base.hname + strlen(curr->base.hname) + 2;
- } else
- return hidden_ns_name;
-}
-
-/**
- * alloc_namespace - allocate, initialize and return a new namespace
- * @prefix: parent namespace name (MAYBE NULL)
- * @name: a preallocated name (NOT NULL)
- *
- * Returns: refcounted namespace or NULL on failure.
- */
-static struct aa_namespace *alloc_namespace(const char *prefix,
- const char *name)
-{
- struct aa_namespace *ns;
-
- ns = kzalloc(sizeof(*ns), GFP_KERNEL);
- AA_DEBUG("%s(%p)\n", __func__, ns);
- if (!ns)
- return NULL;
- if (!policy_init(&ns->base, prefix, name))
- goto fail_ns;
-
- INIT_LIST_HEAD(&ns->sub_ns);
- rwlock_init(&ns->lock);
-
- /* released by free_namespace */
- ns->unconfined = aa_alloc_profile("unconfined");
- if (!ns->unconfined)
- goto fail_unconfined;
-
- ns->unconfined->sid = aa_alloc_sid();
- ns->unconfined->flags = PFLAG_UNCONFINED | PFLAG_IX_ON_NAME_ERROR |
- PFLAG_IMMUTABLE;
-
- /*
- * released by free_namespace, however __remove_namespace breaks
- * the cyclic references (ns->unconfined, and unconfined->ns) and
- * replaces with refs to parent namespace unconfined
- */
- ns->unconfined->ns = aa_get_namespace(ns);
-
- return ns;
-
-fail_unconfined:
- kzfree(ns->base.hname);
-fail_ns:
- kzfree(ns);
- return NULL;
-}
-
-/**
- * free_namespace - free a profile namespace
- * @ns: the namespace to free (MAYBE NULL)
- *
- * Requires: All references to the namespace must have been put, if the
- * namespace was referenced by a profile confining a task,
- */
-static void free_namespace(struct aa_namespace *ns)
-{
- if (!ns)
- return;
-
- policy_destroy(&ns->base);
- aa_put_namespace(ns->parent);
-
- if (ns->unconfined && ns->unconfined->ns == ns)
- ns->unconfined->ns = NULL;
-
- aa_put_profile(ns->unconfined);
- kzfree(ns);
-}
-
-/**
- * aa_free_namespace_kref - free aa_namespace by kref (see aa_put_namespace)
- * @kr: kref callback for freeing of a namespace (NOT NULL)
- */
-void aa_free_namespace_kref(struct kref *kref)
-{
- free_namespace(container_of(kref, struct aa_namespace, base.count));
-}
-
-/**
- * __aa_find_namespace - find a namespace on a list by @name
- * @head: list to search for namespace on (NOT NULL)
- * @name: name of namespace to look for (NOT NULL)
- *
- * Returns: unrefcounted namespace
- *
- * Requires: ns lock be held
- */
-static struct aa_namespace *__aa_find_namespace(struct list_head *head,
- const char *name)
-{
- return (struct aa_namespace *)__policy_find(head, name);
-}
-
-/**
- * aa_find_namespace - look up a profile namespace on the namespace list
- * @root: namespace to search in (NOT NULL)
- * @name: name of namespace to find (NOT NULL)
- *
- * Returns: a refcounted namespace on the list, or NULL if no namespace
- * called @name exists.
- *
- * refcount released by caller
- */
-struct aa_namespace *aa_find_namespace(struct aa_namespace *root,
- const char *name)
-{
- struct aa_namespace *ns = NULL;
-
- read_lock(&root->lock);
- ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
- read_unlock(&root->lock);
-
- return ns;
-}
-
-/**
- * aa_prepare_namespace - find an existing or create a new namespace of @name
- * @name: the namespace to find or add (MAYBE NULL)
- *
- * Returns: refcounted namespace or NULL if failed to create one
- */
-static struct aa_namespace *aa_prepare_namespace(const char *name)
-{
- struct aa_namespace *ns, *root;
-
- root = aa_current_profile()->ns;
-
- write_lock(&root->lock);
-
- /* if name isn't specified the profile is loaded to the current ns */
- if (!name) {
- /* released by caller */
- ns = aa_get_namespace(root);
- goto out;
- }
-
- /* try and find the specified ns and if it doesn't exist create it */
- /* released by caller */
- ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
- if (!ns) {
- /* namespace not found */
- struct aa_namespace *new_ns;
- write_unlock(&root->lock);
- new_ns = alloc_namespace(root->base.hname, name);
- if (!new_ns)
- return NULL;
- write_lock(&root->lock);
- /* test for race when new_ns was allocated */
- ns = __aa_find_namespace(&root->sub_ns, name);
- if (!ns) {
- /* add parent ref */
- new_ns->parent = aa_get_namespace(root);
-
- list_add(&new_ns->base.list, &root->sub_ns);
- /* add list ref */
- ns = aa_get_namespace(new_ns);
- } else {
- /* raced so free the new one */
- free_namespace(new_ns);
- /* get reference on namespace */
- aa_get_namespace(ns);
- }
- }
-out:
- write_unlock(&root->lock);
-
- /* return ref */
- return ns;
-}
-
-/**
- * __list_add_profile - add a profile to a list
- * @list: list to add it to (NOT NULL)
- * @profile: the profile to add (NOT NULL)
- *
- * refcount @profile, should be put by __list_remove_profile
- *
- * Requires: namespace lock be held, or list not be shared
- */
-static void __list_add_profile(struct list_head *list,
- struct aa_profile *profile)
-{
- list_add(&profile->base.list, list);
- /* get list reference */
- aa_get_profile(profile);
-}
-
-/**
- * __list_remove_profile - remove a profile from the list it is on
- * @profile: the profile to remove (NOT NULL)
- *
- * remove a profile from the list, warning generally removal should
- * be done with __replace_profile as most profile removals are
- * replacements to the unconfined profile.
- *
- * put @profile list refcount
- *
- * Requires: namespace lock be held, or list not have been live
- */
-static void __list_remove_profile(struct aa_profile *profile)
-{
- list_del_init(&profile->base.list);
- if (!(profile->flags & PFLAG_NO_LIST_REF))
- /* release list reference */
- aa_put_profile(profile);
-}
-
-/**
- * __replace_profile - replace @old with @new on a list
- * @old: profile to be replaced (NOT NULL)
- * @new: profile to replace @old with (NOT NULL)
- *
- * Will duplicate and refcount elements that @new inherits from @old
- * and will inherit @old children.
- *
- * refcount @new for list, put @old list refcount
- *
- * Requires: namespace list lock be held, or list not be shared
- */
-static void __replace_profile(struct aa_profile *old, struct aa_profile *new)
-{
- struct aa_policy *policy;
- struct aa_profile *child, *tmp;
-
- if (old->parent)
- policy = &old->parent->base;
- else
- policy = &old->ns->base;
-
- /* released when @new is freed */
- new->parent = aa_get_profile(old->parent);
- new->ns = aa_get_namespace(old->ns);
- new->sid = old->sid;
- __list_add_profile(&policy->profiles, new);
- /* inherit children */
- list_for_each_entry_safe(child, tmp, &old->base.profiles, base.list) {
- aa_put_profile(child->parent);
- child->parent = aa_get_profile(new);
- /* list refcount transferred to @new*/
- list_move(&child->base.list, &new->base.profiles);
- }
-
- /* released by free_profile */
- old->replacedby = aa_get_profile(new);
- __list_remove_profile(old);
-}
-
-static void __profile_list_release(struct list_head *head);
-
-/**
- * __remove_profile - remove old profile, and children
- * @profile: profile to be replaced (NOT NULL)
- *
- * Requires: namespace list lock be held, or list not be shared
- */
-static void __remove_profile(struct aa_profile *profile)
-{
- /* release any children lists first */
- __profile_list_release(&profile->base.profiles);
- /* released by free_profile */
- profile->replacedby = aa_get_profile(profile->ns->unconfined);
- __list_remove_profile(profile);
-}
-
-/**
- * __profile_list_release - remove all profiles on the list and put refs
- * @head: list of profiles (NOT NULL)
- *
- * Requires: namespace lock be held
- */
-static void __profile_list_release(struct list_head *head)
-{
- struct aa_profile *profile, *tmp;
- list_for_each_entry_safe(profile, tmp, head, base.list)
- __remove_profile(profile);
-}
-
-static void __ns_list_release(struct list_head *head);
-
-/**
- * destroy_namespace - remove everything contained by @ns
- * @ns: namespace to have it contents removed (NOT NULL)
- */
-static void destroy_namespace(struct aa_namespace *ns)
-{
- if (!ns)
- return;
-
- write_lock(&ns->lock);
- /* release all profiles in this namespace */
- __profile_list_release(&ns->base.profiles);
-
- /* release all sub namespaces */
- __ns_list_release(&ns->sub_ns);
-
- write_unlock(&ns->lock);
-}
-
-/**
- * __remove_namespace - remove a namespace and all its children
- * @ns: namespace to be removed (NOT NULL)
- *
- * Requires: ns->parent->lock be held and ns removed from parent.
- */
-static void __remove_namespace(struct aa_namespace *ns)
-{
- struct aa_profile *unconfined = ns->unconfined;
-
- /* remove ns from namespace list */
- list_del_init(&ns->base.list);
-
- /*
- * break the ns, unconfined profile cyclic reference and forward
- * all new unconfined profiles requests to the parent namespace
- * This will result in all confined tasks that have a profile
- * being removed, inheriting the parent->unconfined profile.
- */
- if (ns->parent)
- ns->unconfined = aa_get_profile(ns->parent->unconfined);
-
- destroy_namespace(ns);
-
- /* release original ns->unconfined ref */
- aa_put_profile(unconfined);
- /* release ns->base.list ref, from removal above */
- aa_put_namespace(ns);
-}
-
-/**
- * __ns_list_release - remove all profile namespaces on the list put refs
- * @head: list of profile namespaces (NOT NULL)
- *
- * Requires: namespace lock be held
- */
-static void __ns_list_release(struct list_head *head)
-{
- struct aa_namespace *ns, *tmp;
- list_for_each_entry_safe(ns, tmp, head, base.list)
- __remove_namespace(ns);
-
-}
-
-/**
- * aa_alloc_root_ns - allocate the root profile namespace
- *
- * Returns: %0 on success else error
- *
- */
-int __init aa_alloc_root_ns(void)
-{
- /* released by aa_free_root_ns - used as list ref*/
- root_ns = alloc_namespace(NULL, "root");
- if (!root_ns)
- return -ENOMEM;
-
- return 0;
-}
-
- /**
- * aa_free_root_ns - free the root profile namespace
- */
-void __init aa_free_root_ns(void)
- {
- struct aa_namespace *ns = root_ns;
- root_ns = NULL;
-
- destroy_namespace(ns);
- aa_put_namespace(ns);
-}
-
-/**
- * aa_alloc_profile - allocate, initialize and return a new profile
- * @hname: name of the profile (NOT NULL)
- *
- * Returns: refcount profile or NULL on failure
- */
-struct aa_profile *aa_alloc_profile(const char *hname)
-{
- struct aa_profile *profile;
-
- /* freed by free_profile - usually through aa_put_profile */
- profile = kzalloc(sizeof(*profile), GFP_KERNEL);
- if (!profile)
- return NULL;
-
- if (!policy_init(&profile->base, NULL, hname)) {
- kzfree(profile);
- return NULL;
- }
-
- /* refcount released by caller */
- return profile;
-}
-
-/**
- * aa_new_null_profile - create a new null-X learning profile
- * @parent: profile that caused this profile to be created (NOT NULL)
- * @hat: true if the null- learning profile is a hat
- *
- * Create a null- complain mode profile used in learning mode. The name of
- * the profile is unique and follows the format of parent//null-sid.
- *
- * null profiles are added to the profile list but the list does not
- * hold a count on them so that they are automatically released when
- * not in use.
- *
- * Returns: new refcounted profile else NULL on failure
- */
-struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
-{
- struct aa_profile *profile = NULL;
- char *name;
- u32 sid = aa_alloc_sid();
-
- /* freed below */
- name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL);
- if (!name)
- goto fail;
- sprintf(name, "%s//null-%x", parent->base.hname, sid);
-
- profile = aa_alloc_profile(name);
- kfree(name);
- if (!profile)
- goto fail;
-
- profile->sid = sid;
- profile->mode = APPARMOR_COMPLAIN;
- profile->flags = PFLAG_NULL;
- if (hat)
- profile->flags |= PFLAG_HAT;
-
- /* released on free_profile */
- profile->parent = aa_get_profile(parent);
- profile->ns = aa_get_namespace(parent->ns);
-
- write_lock(&profile->ns->lock);
- __list_add_profile(&parent->base.profiles, profile);
- write_unlock(&profile->ns->lock);
-
- /* refcount released by caller */
- return profile;
-
-fail:
- aa_free_sid(sid);
- return NULL;
-}
-
-/**
- * free_profile - free a profile
- * @profile: the profile to free (MAYBE NULL)
- *
- * Free a profile, its hats and null_profile. All references to the profile,
- * its hats and null_profile must have been put.
- *
- * If the profile was referenced from a task context, free_profile() will
- * be called from an rcu callback routine, so we must not sleep here.
- */
-static void free_profile(struct aa_profile *profile)
-{
- AA_DEBUG("%s(%p)\n", __func__, profile);
-
- if (!profile)
- return;
-
- if (!list_empty(&profile->base.list)) {
- AA_ERROR("%s: internal error, "
- "profile '%s' still on ns list\n",
- __func__, profile->base.name);
- BUG();
- }
-
- /* free children profiles */
- policy_destroy(&profile->base);
- aa_put_profile(profile->parent);
-
- aa_put_namespace(profile->ns);
- kzfree(profile->rename);
-
- aa_free_file_rules(&profile->file);
- aa_free_cap_rules(&profile->caps);
- aa_free_rlimit_rules(&profile->rlimits);
-
- aa_free_sid(profile->sid);
- aa_put_dfa(profile->xmatch);
- aa_put_dfa(profile->policy.dfa);
-
- aa_put_profile(profile->replacedby);
-
- kzfree(profile);
-}
-
-/**
- * aa_free_profile_kref - free aa_profile by kref (called by aa_put_profile)
- * @kr: kref callback for freeing of a profile (NOT NULL)
- */
-void aa_free_profile_kref(struct kref *kref)
-{
- struct aa_profile *p = container_of(kref, struct aa_profile,
- base.count);
-
- free_profile(p);
-}
-
-/* TODO: profile accounting - setup in remove */
-
-/**
- * __find_child - find a profile on @head list with a name matching @name
- * @head: list to search (NOT NULL)
- * @name: name of profile (NOT NULL)
- *
- * Requires: ns lock protecting list be held
- *
- * Returns: unrefcounted profile ptr, or NULL if not found
- */
-static struct aa_profile *__find_child(struct list_head *head, const char *name)
-{
- return (struct aa_profile *)__policy_find(head, name);
-}
-
-/**
- * __strn_find_child - find a profile on @head list using substring of @name
- * @head: list to search (NOT NULL)
- * @name: name of profile (NOT NULL)
- * @len: length of @name substring to match
- *
- * Requires: ns lock protecting list be held
- *
- * Returns: unrefcounted profile ptr, or NULL if not found
- */
-static struct aa_profile *__strn_find_child(struct list_head *head,
- const char *name, int len)
-{
- return (struct aa_profile *)__policy_strn_find(head, name, len);
-}
-
-/**
- * aa_find_child - find a profile by @name in @parent
- * @parent: profile to search (NOT NULL)
- * @name: profile name to search for (NOT NULL)
- *
- * Returns: a refcounted profile or NULL if not found
- */
-struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
-{
- struct aa_profile *profile;
-
- read_lock(&parent->ns->lock);
- profile = aa_get_profile(__find_child(&parent->base.profiles, name));
- read_unlock(&parent->ns->lock);
-
- /* refcount released by caller */
- return profile;
-}
-
-/**
- * __lookup_parent - lookup the parent of a profile of name @hname
- * @ns: namespace to lookup profile in (NOT NULL)
- * @hname: hierarchical profile name to find parent of (NOT NULL)
- *
- * Lookups up the parent of a fully qualified profile name, the profile
- * that matches hname does not need to exist, in general this
- * is used to load a new profile.
- *
- * Requires: ns->lock be held
- *
- * Returns: unrefcounted policy or NULL if not found
- */
-static struct aa_policy *__lookup_parent(struct aa_namespace *ns,
- const char *hname)
-{
- struct aa_policy *policy;
- struct aa_profile *profile = NULL;
- char *split;
-
- policy = &ns->base;
-
- for (split = strstr(hname, "//"); split;) {
- profile = __strn_find_child(&policy->profiles, hname,
- split - hname);
- if (!profile)
- return NULL;
- policy = &profile->base;
- hname = split + 2;
- split = strstr(hname, "//");
- }
- if (!profile)
- return &ns->base;
- return &profile->base;
-}
-
-/**
- * __lookup_profile - lookup the profile matching @hname
- * @base: base list to start looking up profile name from (NOT NULL)
- * @hname: hierarchical profile name (NOT NULL)
- *
- * Requires: ns->lock be held
- *
- * Returns: unrefcounted profile pointer or NULL if not found
- *
- * Do a relative name lookup, recursing through profile tree.
- */
-static struct aa_profile *__lookup_profile(struct aa_policy *base,
- const char *hname)
-{
- struct aa_profile *profile = NULL;
- char *split;
-
- for (split = strstr(hname, "//"); split;) {
- profile = __strn_find_child(&base->profiles, hname,
- split - hname);
- if (!profile)
- return NULL;
-
- base = &profile->base;
- hname = split + 2;
- split = strstr(hname, "//");
- }
-
- profile = __find_child(&base->profiles, hname);
-
- return profile;
-}
-
-/**
- * aa_lookup_profile - find a profile by its full or partial name
- * @ns: the namespace to start from (NOT NULL)
- * @hname: name to do lookup on. Does not contain namespace prefix (NOT NULL)
- *
- * Returns: refcounted profile or NULL if not found
- */
-struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *hname)
-{
- struct aa_profile *profile;
-
- read_lock(&ns->lock);
- profile = aa_get_profile(__lookup_profile(&ns->base, hname));
- read_unlock(&ns->lock);
-
- /* refcount released by caller */
- return profile;
-}
-
-/**
- * replacement_allowed - test to see if replacement is allowed
- * @profile: profile to test if it can be replaced (MAYBE NULL)
- * @noreplace: true if replacement shouldn't be allowed but addition is okay
- * @info: Returns - info about why replacement failed (NOT NULL)
- *
- * Returns: %0 if replacement allowed else error code
- */
-static int replacement_allowed(struct aa_profile *profile, int noreplace,
- const char **info)
-{
- if (profile) {
- if (profile->flags & PFLAG_IMMUTABLE) {
- *info = "cannot replace immutible profile";
- return -EPERM;
- } else if (noreplace) {
- *info = "profile already exists";
- return -EEXIST;
- }
- }
- return 0;
-}
-
-/**
- * __add_new_profile - simple wrapper around __list_add_profile
- * @ns: namespace that profile is being added to (NOT NULL)
- * @policy: the policy container to add the profile to (NOT NULL)
- * @profile: profile to add (NOT NULL)
- *
- * add a profile to a list and do other required basic allocations
- */
-static void __add_new_profile(struct aa_namespace *ns, struct aa_policy *policy,
- struct aa_profile *profile)
-{
- if (policy != &ns->base)
- /* released on profile replacement or free_profile */
- profile->parent = aa_get_profile((struct aa_profile *) policy);
- __list_add_profile(&policy->profiles, profile);
- /* released on free_profile */
- profile->sid = aa_alloc_sid();
- profile->ns = aa_get_namespace(ns);
-}
-
-/**
- * aa_audit_policy - Do auditing of policy changes
- * @op: policy operation being performed
- * @gfp: memory allocation flags
- * @name: name of profile being manipulated (NOT NULL)
- * @info: any extra information to be audited (MAYBE NULL)
- * @error: error code
- *
- * Returns: the error to be returned after audit is done
- */
-static int audit_policy(int op, gfp_t gfp, const char *name, const char *info,
- int error)
-{
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad = &aad;
- aad.op = op;
- aad.name = name;
- aad.info = info;
- aad.error = error;
-
- return aa_audit(AUDIT_APPARMOR_STATUS, __aa_current_profile(), gfp,
- &sa, NULL);
-}
-
-/**
- * aa_may_manage_policy - can the current task manage policy
- * @op: the policy manipulation operation being done
- *
- * Returns: true if the task is allowed to manipulate policy
- */
-bool aa_may_manage_policy(int op)
-{
- /* check if loading policy is locked out */
- if (aa_g_lock_policy) {
- audit_policy(op, GFP_KERNEL, NULL, "policy_locked", -EACCES);
- return 0;
- }
-
- if (!capable(CAP_MAC_ADMIN)) {
- audit_policy(op, GFP_KERNEL, NULL, "not policy admin", -EACCES);
- return 0;
- }
-
- return 1;
-}
-
-/**
- * aa_replace_profiles - replace profile(s) on the profile list
- * @udata: serialized data stream (NOT NULL)
- * @size: size of the serialized data stream
- * @noreplace: true if only doing addition, no replacement allowed
- *
- * unpack and replace a profile on the profile list and uses of that profile
- * by any aa_task_cxt. If the profile does not exist on the profile list
- * it is added.
- *
- * Returns: size of data consumed else error code on failure.
- */
-ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
-{
- struct aa_policy *policy;
- struct aa_profile *old_profile = NULL, *new_profile = NULL;
- struct aa_profile *rename_profile = NULL;
- struct aa_namespace *ns = NULL;
- const char *ns_name, *name = NULL, *info = NULL;
- int op = OP_PROF_REPL;
- ssize_t error;
-
- /* released below */
- new_profile = aa_unpack(udata, size, &ns_name);
- if (IS_ERR(new_profile)) {
- error = PTR_ERR(new_profile);
- new_profile = NULL;
- goto fail;
- }
-
- /* released below */
- ns = aa_prepare_namespace(ns_name);
- if (!ns) {
- info = "failed to prepare namespace";
- error = -ENOMEM;
- name = ns_name;
- goto fail;
- }
-
- name = new_profile->base.hname;
-
- write_lock(&ns->lock);
- /* no ref on policy only use inside lock */
- policy = __lookup_parent(ns, new_profile->base.hname);
-
- if (!policy) {
- info = "parent does not exist";
- error = -ENOENT;
- goto audit;
- }
-
- old_profile = __find_child(&policy->profiles, new_profile->base.name);
- /* released below */
- aa_get_profile(old_profile);
-
- if (new_profile->rename) {
- rename_profile = __lookup_profile(&ns->base,
- new_profile->rename);
- /* released below */
- aa_get_profile(rename_profile);
-
- if (!rename_profile) {
- info = "profile to rename does not exist";
- name = new_profile->rename;
- error = -ENOENT;
- goto audit;
- }
- }
-
- error = replacement_allowed(old_profile, noreplace, &info);
- if (error)
- goto audit;
-
- error = replacement_allowed(rename_profile, noreplace, &info);
- if (error)
- goto audit;
-
-audit:
- if (!old_profile && !rename_profile)
- op = OP_PROF_LOAD;
-
- error = audit_policy(op, GFP_ATOMIC, name, info, error);
-
- if (!error) {
- if (rename_profile)
- __replace_profile(rename_profile, new_profile);
- if (old_profile) {
- /* when there are both rename and old profiles
- * inherit old profiles sid
- */
- if (rename_profile)
- aa_free_sid(new_profile->sid);
- __replace_profile(old_profile, new_profile);
- }
- if (!(old_profile || rename_profile))
- __add_new_profile(ns, policy, new_profile);
- }
- write_unlock(&ns->lock);
-
-out:
- aa_put_namespace(ns);
- aa_put_profile(rename_profile);
- aa_put_profile(old_profile);
- aa_put_profile(new_profile);
- if (error)
- return error;
- return size;
-
-fail:
- error = audit_policy(op, GFP_KERNEL, name, info, error);
- goto out;
-}
-
-/**
- * aa_remove_profiles - remove profile(s) from the system
- * @fqname: name of the profile or namespace to remove (NOT NULL)
- * @size: size of the name
- *
- * Remove a profile or sub namespace from the current namespace, so that
- * they can not be found anymore and mark them as replaced by unconfined
- *
- * NOTE: removing confinement does not restore rlimits to preconfinemnet values
- *
- * Returns: size of data consume else error code if fails
- */
-ssize_t aa_remove_profiles(char *fqname, size_t size)
-{
- struct aa_namespace *root, *ns = NULL;
- struct aa_profile *profile = NULL;
- const char *name = fqname, *info = NULL;
- ssize_t error = 0;
-
- if (*fqname == 0) {
- info = "no profile specified";
- error = -ENOENT;
- goto fail;
- }
-
- root = aa_current_profile()->ns;
-
- if (fqname[0] == ':') {
- char *ns_name;
- name = aa_split_fqname(fqname, &ns_name);
- if (ns_name) {
- /* released below */
- ns = aa_find_namespace(root, ns_name);
- if (!ns) {
- info = "namespace does not exist";
- error = -ENOENT;
- goto fail;
- }
- }
- } else
- /* released below */
- ns = aa_get_namespace(root);
-
- if (!name) {
- /* remove namespace - can only happen if fqname[0] == ':' */
- write_lock(&ns->parent->lock);
- __remove_namespace(ns);
- write_unlock(&ns->parent->lock);
- } else {
- /* remove profile */
- write_lock(&ns->lock);
- profile = aa_get_profile(__lookup_profile(&ns->base, name));
- if (!profile) {
- error = -ENOENT;
- info = "profile does not exist";
- goto fail_ns_lock;
- }
- name = profile->base.hname;
- __remove_profile(profile);
- write_unlock(&ns->lock);
- }
-
- /* don't fail removal if audit fails */
- (void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
- aa_put_namespace(ns);
- aa_put_profile(profile);
- return size;
-
-fail_ns_lock:
- write_unlock(&ns->lock);
- aa_put_namespace(ns);
-
-fail:
- (void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
- return error;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/policy_unpack.c b/ANDROID_3.4.5/security/apparmor/policy_unpack.c
deleted file mode 100644
index deab7c7e..00000000
--- a/ANDROID_3.4.5/security/apparmor/policy_unpack.c
+++ /dev/null
@@ -1,730 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor functions for unpacking policy loaded from
- * userspace.
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * AppArmor uses a serialized binary format for loading policy. To find
- * policy format documentation look in Documentation/security/apparmor.txt
- * All policy is validated before it is used.
- */
-
-#include
-#include
-#include
-
-#include "include/apparmor.h"
-#include "include/audit.h"
-#include "include/context.h"
-#include "include/match.h"
-#include "include/policy.h"
-#include "include/policy_unpack.h"
-#include "include/sid.h"
-
-/*
- * The AppArmor interface treats data as a type byte followed by the
- * actual data. The interface has the notion of a a named entry
- * which has a name (AA_NAME typecode followed by name string) followed by
- * the entries typecode and data. Named types allow for optional
- * elements and extensions to be added and tested for without breaking
- * backwards compatibility.
- */
-
-enum aa_code {
- AA_U8,
- AA_U16,
- AA_U32,
- AA_U64,
- AA_NAME, /* same as string except it is items name */
- AA_STRING,
- AA_BLOB,
- AA_STRUCT,
- AA_STRUCTEND,
- AA_LIST,
- AA_LISTEND,
- AA_ARRAY,
- AA_ARRAYEND,
-};
-
-/*
- * aa_ext is the read of the buffer containing the serialized profile. The
- * data is copied into a kernel buffer in apparmorfs and then handed off to
- * the unpack routines.
- */
-struct aa_ext {
- void *start;
- void *end;
- void *pos; /* pointer to current position in the buffer */
- u32 version;
-};
-
-/* audit callback for unpack fields */
-static void audit_cb(struct audit_buffer *ab, void *va)
-{
- struct common_audit_data *sa = va;
- if (sa->aad->iface.target) {
- struct aa_profile *name = sa->aad->iface.target;
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, name->base.hname);
- }
- if (sa->aad->iface.pos)
- audit_log_format(ab, " offset=%ld", sa->aad->iface.pos);
-}
-
-/**
- * audit_iface - do audit message for policy unpacking/load/replace/remove
- * @new: profile if it has been allocated (MAYBE NULL)
- * @name: name of the profile being manipulated (MAYBE NULL)
- * @info: any extra info about the failure (MAYBE NULL)
- * @e: buffer position info
- * @error: error code
- *
- * Returns: %0 or error
- */
-static int audit_iface(struct aa_profile *new, const char *name,
- const char *info, struct aa_ext *e, int error)
-{
- struct aa_profile *profile = __aa_current_profile();
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
- COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad = &aad;
- if (e)
- aad.iface.pos = e->pos - e->start;
- aad.iface.target = new;
- aad.name = name;
- aad.info = info;
- aad.error = error;
-
- return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa,
- audit_cb);
-}
-
-/* test if read will be in packed data bounds */
-static bool inbounds(struct aa_ext *e, size_t size)
-{
- return (size <= e->end - e->pos);
-}
-
-/**
- * aa_u16_chunck - test and do bounds checking for a u16 size based chunk
- * @e: serialized data read head (NOT NULL)
- * @chunk: start address for chunk of data (NOT NULL)
- *
- * Returns: the size of chunk found with the read head at the end of the chunk.
- */
-static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk)
-{
- size_t size = 0;
-
- if (!inbounds(e, sizeof(u16)))
- return 0;
- size = le16_to_cpu(get_unaligned((u16 *) e->pos));
- e->pos += sizeof(u16);
- if (!inbounds(e, size))
- return 0;
- *chunk = e->pos;
- e->pos += size;
- return size;
-}
-
-/* unpack control byte */
-static bool unpack_X(struct aa_ext *e, enum aa_code code)
-{
- if (!inbounds(e, 1))
- return 0;
- if (*(u8 *) e->pos != code)
- return 0;
- e->pos++;
- return 1;
-}
-
-/**
- * unpack_nameX - check is the next element is of type X with a name of @name
- * @e: serialized data extent information (NOT NULL)
- * @code: type code
- * @name: name to match to the serialized element. (MAYBE NULL)
- *
- * check that the next serialized data element is of type X and has a tag
- * name @name. If @name is specified then there must be a matching
- * name element in the stream. If @name is NULL any name element will be
- * skipped and only the typecode will be tested.
- *
- * Returns 1 on success (both type code and name tests match) and the read
- * head is advanced past the headers
- *
- * Returns: 0 if either match fails, the read head does not move
- */
-static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
-{
- /*
- * May need to reset pos if name or type doesn't match
- */
- void *pos = e->pos;
- /*
- * Check for presence of a tagname, and if present name size
- * AA_NAME tag value is a u16.
- */
- if (unpack_X(e, AA_NAME)) {
- char *tag = NULL;
- size_t size = unpack_u16_chunk(e, &tag);
- /* if a name is specified it must match. otherwise skip tag */
- if (name && (!size || strcmp(name, tag)))
- goto fail;
- } else if (name) {
- /* if a name is specified and there is no name tag fail */
- goto fail;
- }
-
- /* now check if type code matches */
- if (unpack_X(e, code))
- return 1;
-
-fail:
- e->pos = pos;
- return 0;
-}
-
-static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
-{
- if (unpack_nameX(e, AA_U32, name)) {
- if (!inbounds(e, sizeof(u32)))
- return 0;
- if (data)
- *data = le32_to_cpu(get_unaligned((u32 *) e->pos));
- e->pos += sizeof(u32);
- return 1;
- }
- return 0;
-}
-
-static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name)
-{
- if (unpack_nameX(e, AA_U64, name)) {
- if (!inbounds(e, sizeof(u64)))
- return 0;
- if (data)
- *data = le64_to_cpu(get_unaligned((u64 *) e->pos));
- e->pos += sizeof(u64);
- return 1;
- }
- return 0;
-}
-
-static size_t unpack_array(struct aa_ext *e, const char *name)
-{
- if (unpack_nameX(e, AA_ARRAY, name)) {
- int size;
- if (!inbounds(e, sizeof(u16)))
- return 0;
- size = (int)le16_to_cpu(get_unaligned((u16 *) e->pos));
- e->pos += sizeof(u16);
- return size;
- }
- return 0;
-}
-
-static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name)
-{
- if (unpack_nameX(e, AA_BLOB, name)) {
- u32 size;
- if (!inbounds(e, sizeof(u32)))
- return 0;
- size = le32_to_cpu(get_unaligned((u32 *) e->pos));
- e->pos += sizeof(u32);
- if (inbounds(e, (size_t) size)) {
- *blob = e->pos;
- e->pos += size;
- return size;
- }
- }
- return 0;
-}
-
-static int unpack_str(struct aa_ext *e, const char **string, const char *name)
-{
- char *src_str;
- size_t size = 0;
- void *pos = e->pos;
- *string = NULL;
- if (unpack_nameX(e, AA_STRING, name)) {
- size = unpack_u16_chunk(e, &src_str);
- if (size) {
- /* strings are null terminated, length is size - 1 */
- if (src_str[size - 1] != 0)
- goto fail;
- *string = src_str;
- }
- }
- return size;
-
-fail:
- e->pos = pos;
- return 0;
-}
-
-static int unpack_strdup(struct aa_ext *e, char **string, const char *name)
-{
- const char *tmp;
- void *pos = e->pos;
- int res = unpack_str(e, &tmp, name);
- *string = NULL;
-
- if (!res)
- return 0;
-
- *string = kmemdup(tmp, res, GFP_KERNEL);
- if (!*string) {
- e->pos = pos;
- return 0;
- }
-
- return res;
-}
-
-/**
- * verify_accept - verify the accept tables of a dfa
- * @dfa: dfa to verify accept tables of (NOT NULL)
- * @flags: flags governing dfa
- *
- * Returns: 1 if valid accept tables else 0 if error
- */
-static bool verify_accept(struct aa_dfa *dfa, int flags)
-{
- int i;
-
- /* verify accept permissions */
- for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
- int mode = ACCEPT_TABLE(dfa)[i];
-
- if (mode & ~DFA_VALID_PERM_MASK)
- return 0;
-
- if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK)
- return 0;
- }
- return 1;
-}
-
-/**
- * unpack_dfa - unpack a file rule dfa
- * @e: serialized data extent information (NOT NULL)
- *
- * returns dfa or ERR_PTR or NULL if no dfa
- */
-static struct aa_dfa *unpack_dfa(struct aa_ext *e)
-{
- char *blob = NULL;
- size_t size;
- struct aa_dfa *dfa = NULL;
-
- size = unpack_blob(e, &blob, "aadfa");
- if (size) {
- /*
- * The dfa is aligned with in the blob to 8 bytes
- * from the beginning of the stream.
- */
- size_t sz = blob - (char *)e->start;
- size_t pad = ALIGN(sz, 8) - sz;
- int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) |
- TO_ACCEPT2_FLAG(YYTD_DATA32);
-
-
- if (aa_g_paranoid_load)
- flags |= DFA_FLAG_VERIFY_STATES;
-
- dfa = aa_dfa_unpack(blob + pad, size - pad, flags);
-
- if (IS_ERR(dfa))
- return dfa;
-
- if (!verify_accept(dfa, flags))
- goto fail;
- }
-
- return dfa;
-
-fail:
- aa_put_dfa(dfa);
- return ERR_PTR(-EPROTO);
-}
-
-/**
- * unpack_trans_table - unpack a profile transition table
- * @e: serialized data extent information (NOT NULL)
- * @profile: profile to add the accept table to (NOT NULL)
- *
- * Returns: 1 if table successfully unpacked
- */
-static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
-{
- void *pos = e->pos;
-
- /* exec table is optional */
- if (unpack_nameX(e, AA_STRUCT, "xtable")) {
- int i, size;
-
- size = unpack_array(e, NULL);
- /* currently 4 exec bits and entries 0-3 are reserved iupcx */
- if (size > 16 - 4)
- goto fail;
- profile->file.trans.table = kzalloc(sizeof(char *) * size,
- GFP_KERNEL);
- if (!profile->file.trans.table)
- goto fail;
-
- profile->file.trans.size = size;
- for (i = 0; i < size; i++) {
- char *str;
- int c, j, size2 = unpack_strdup(e, &str, NULL);
- /* unpack_strdup verifies that the last character is
- * null termination byte.
- */
- if (!size2)
- goto fail;
- profile->file.trans.table[i] = str;
- /* verify that name doesn't start with space */
- if (isspace(*str))
- goto fail;
-
- /* count internal # of internal \0 */
- for (c = j = 0; j < size2 - 2; j++) {
- if (!str[j])
- c++;
- }
- if (*str == ':') {
- /* beginning with : requires an embedded \0,
- * verify that exactly 1 internal \0 exists
- * trailing \0 already verified by unpack_strdup
- */
- if (c != 1)
- goto fail;
- /* first character after : must be valid */
- if (!str[1])
- goto fail;
- } else if (c)
- /* fail - all other cases with embedded \0 */
- goto fail;
- }
- if (!unpack_nameX(e, AA_ARRAYEND, NULL))
- goto fail;
- if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- goto fail;
- }
- return 1;
-
-fail:
- aa_free_domain_entries(&profile->file.trans);
- e->pos = pos;
- return 0;
-}
-
-static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
-{
- void *pos = e->pos;
-
- /* rlimits are optional */
- if (unpack_nameX(e, AA_STRUCT, "rlimits")) {
- int i, size;
- u32 tmp = 0;
- if (!unpack_u32(e, &tmp, NULL))
- goto fail;
- profile->rlimits.mask = tmp;
-
- size = unpack_array(e, NULL);
- if (size > RLIM_NLIMITS)
- goto fail;
- for (i = 0; i < size; i++) {
- u64 tmp2 = 0;
- int a = aa_map_resource(i);
- if (!unpack_u64(e, &tmp2, NULL))
- goto fail;
- profile->rlimits.limits[a].rlim_max = tmp2;
- }
- if (!unpack_nameX(e, AA_ARRAYEND, NULL))
- goto fail;
- if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- goto fail;
- }
- return 1;
-
-fail:
- e->pos = pos;
- return 0;
-}
-
-/**
- * unpack_profile - unpack a serialized profile
- * @e: serialized data extent information (NOT NULL)
- *
- * NOTE: unpack profile sets audit struct if there is a failure
- */
-static struct aa_profile *unpack_profile(struct aa_ext *e)
-{
- struct aa_profile *profile = NULL;
- const char *name = NULL;
- int i, error = -EPROTO;
- kernel_cap_t tmpcap;
- u32 tmp;
-
- /* check that we have the right struct being passed */
- if (!unpack_nameX(e, AA_STRUCT, "profile"))
- goto fail;
- if (!unpack_str(e, &name, NULL))
- goto fail;
-
- profile = aa_alloc_profile(name);
- if (!profile)
- return ERR_PTR(-ENOMEM);
-
- /* profile renaming is optional */
- (void) unpack_str(e, &profile->rename, "rename");
-
- /* xmatch is optional and may be NULL */
- profile->xmatch = unpack_dfa(e);
- if (IS_ERR(profile->xmatch)) {
- error = PTR_ERR(profile->xmatch);
- profile->xmatch = NULL;
- goto fail;
- }
- /* xmatch_len is not optional if xmatch is set */
- if (profile->xmatch) {
- if (!unpack_u32(e, &tmp, NULL))
- goto fail;
- profile->xmatch_len = tmp;
- }
-
- /* per profile debug flags (complain, audit) */
- if (!unpack_nameX(e, AA_STRUCT, "flags"))
- goto fail;
- if (!unpack_u32(e, &tmp, NULL))
- goto fail;
- if (tmp)
- profile->flags |= PFLAG_HAT;
- if (!unpack_u32(e, &tmp, NULL))
- goto fail;
- if (tmp)
- profile->mode = APPARMOR_COMPLAIN;
- if (!unpack_u32(e, &tmp, NULL))
- goto fail;
- if (tmp)
- profile->audit = AUDIT_ALL;
-
- if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- goto fail;
-
- /* path_flags is optional */
- if (unpack_u32(e, &profile->path_flags, "path_flags"))
- profile->path_flags |= profile->flags & PFLAG_MEDIATE_DELETED;
- else
- /* set a default value if path_flags field is not present */
- profile->path_flags = PFLAG_MEDIATE_DELETED;
-
- if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL))
- goto fail;
- if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL))
- goto fail;
- if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL))
- goto fail;
- if (!unpack_u32(e, &tmpcap.cap[0], NULL))
- goto fail;
-
- if (unpack_nameX(e, AA_STRUCT, "caps64")) {
- /* optional upper half of 64 bit caps */
- if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL))
- goto fail;
- if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL))
- goto fail;
- if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL))
- goto fail;
- if (!unpack_u32(e, &(tmpcap.cap[1]), NULL))
- goto fail;
- if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- goto fail;
- }
-
- if (unpack_nameX(e, AA_STRUCT, "capsx")) {
- /* optional extended caps mediation mask */
- if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL))
- goto fail;
- if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
- goto fail;
- if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- goto fail;
- }
-
- if (!unpack_rlimits(e, profile))
- goto fail;
-
- if (unpack_nameX(e, AA_STRUCT, "policydb")) {
- /* generic policy dfa - optional and may be NULL */
- profile->policy.dfa = unpack_dfa(e);
- if (IS_ERR(profile->policy.dfa)) {
- error = PTR_ERR(profile->policy.dfa);
- profile->policy.dfa = NULL;
- goto fail;
- }
- if (!unpack_u32(e, &profile->policy.start[0], "start"))
- /* default start state */
- profile->policy.start[0] = DFA_START;
- /* setup class index */
- for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) {
- profile->policy.start[i] =
- aa_dfa_next(profile->policy.dfa,
- profile->policy.start[0],
- i);
- }
- if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- goto fail;
- }
-
- /* get file rules */
- profile->file.dfa = unpack_dfa(e);
- if (IS_ERR(profile->file.dfa)) {
- error = PTR_ERR(profile->file.dfa);
- profile->file.dfa = NULL;
- goto fail;
- }
-
- if (!unpack_u32(e, &profile->file.start, "dfa_start"))
- /* default start state */
- profile->file.start = DFA_START;
-
- if (!unpack_trans_table(e, profile))
- goto fail;
-
- if (!unpack_nameX(e, AA_STRUCTEND, NULL))
- goto fail;
-
- return profile;
-
-fail:
- if (profile)
- name = NULL;
- else if (!name)
- name = "unknown";
- audit_iface(profile, name, "failed to unpack profile", e, error);
- aa_put_profile(profile);
-
- return ERR_PTR(error);
-}
-
-/**
- * verify_head - unpack serialized stream header
- * @e: serialized data read head (NOT NULL)
- * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
- *
- * Returns: error or 0 if header is good
- */
-static int verify_header(struct aa_ext *e, const char **ns)
-{
- int error = -EPROTONOSUPPORT;
- /* get the interface version */
- if (!unpack_u32(e, &e->version, "version")) {
- audit_iface(NULL, NULL, "invalid profile format", e, error);
- return error;
- }
-
- /* check that the interface version is currently supported */
- if (e->version != 5) {
- audit_iface(NULL, NULL, "unsupported interface version", e,
- error);
- return error;
- }
-
- /* read the namespace if present */
- if (!unpack_str(e, ns, "namespace"))
- *ns = NULL;
-
- return 0;
-}
-
-static bool verify_xindex(int xindex, int table_size)
-{
- int index, xtype;
- xtype = xindex & AA_X_TYPE_MASK;
- index = xindex & AA_X_INDEX_MASK;
- if (xtype == AA_X_TABLE && index > table_size)
- return 0;
- return 1;
-}
-
-/* verify dfa xindexes are in range of transition tables */
-static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size)
-{
- int i;
- for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
- if (!verify_xindex(dfa_user_xindex(dfa, i), table_size))
- return 0;
- if (!verify_xindex(dfa_other_xindex(dfa, i), table_size))
- return 0;
- }
- return 1;
-}
-
-/**
- * verify_profile - Do post unpack analysis to verify profile consistency
- * @profile: profile to verify (NOT NULL)
- *
- * Returns: 0 if passes verification else error
- */
-static int verify_profile(struct aa_profile *profile)
-{
- if (aa_g_paranoid_load) {
- if (profile->file.dfa &&
- !verify_dfa_xindex(profile->file.dfa,
- profile->file.trans.size)) {
- audit_iface(profile, NULL, "Invalid named transition",
- NULL, -EPROTO);
- return -EPROTO;
- }
- }
-
- return 0;
-}
-
-/**
- * aa_unpack - unpack packed binary profile data loaded from user space
- * @udata: user data copied to kmem (NOT NULL)
- * @size: the size of the user data
- * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
- *
- * Unpack user data and return refcounted allocated profile or ERR_PTR
- *
- * Returns: profile else error pointer if fails to unpack
- */
-struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns)
-{
- struct aa_profile *profile = NULL;
- int error;
- struct aa_ext e = {
- .start = udata,
- .end = udata + size,
- .pos = udata,
- };
-
- error = verify_header(&e, ns);
- if (error)
- return ERR_PTR(error);
-
- profile = unpack_profile(&e);
- if (IS_ERR(profile))
- return profile;
-
- error = verify_profile(profile);
- if (error) {
- aa_put_profile(profile);
- profile = ERR_PTR(error);
- }
-
- /* return refcount */
- return profile;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/procattr.c b/ANDROID_3.4.5/security/apparmor/procattr.c
deleted file mode 100644
index 1b41c542..00000000
--- a/ANDROID_3.4.5/security/apparmor/procattr.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor /proc//attr/ interface functions
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include "include/apparmor.h"
-#include "include/context.h"
-#include "include/policy.h"
-#include "include/domain.h"
-#include "include/procattr.h"
-
-
-/**
- * aa_getprocattr - Return the profile information for @profile
- * @profile: the profile to print profile info about (NOT NULL)
- * @string: Returns - string containing the profile info (NOT NULL)
- *
- * Returns: length of @string on success else error on failure
- *
- * Requires: profile != NULL
- *
- * Creates a string containing the namespace_name://profile_name for
- * @profile.
- *
- * Returns: size of string placed in @string else error code on failure
- */
-int aa_getprocattr(struct aa_profile *profile, char **string)
-{
- char *str;
- int len = 0, mode_len = 0, ns_len = 0, name_len;
- const char *mode_str = profile_mode_names[profile->mode];
- const char *ns_name = NULL;
- struct aa_namespace *ns = profile->ns;
- struct aa_namespace *current_ns = __aa_current_profile()->ns;
- char *s;
-
- if (!aa_ns_visible(current_ns, ns))
- return -EACCES;
-
- ns_name = aa_ns_name(current_ns, ns);
- ns_len = strlen(ns_name);
-
- /* if the visible ns_name is > 0 increase size for : :// seperator */
- if (ns_len)
- ns_len += 4;
-
- /* unconfined profiles don't have a mode string appended */
- if (!unconfined(profile))
- mode_len = strlen(mode_str) + 3; /* + 3 for _() */
-
- name_len = strlen(profile->base.hname);
- len = mode_len + ns_len + name_len + 1; /* + 1 for \n */
- s = str = kmalloc(len + 1, GFP_KERNEL); /* + 1 \0 */
- if (!str)
- return -ENOMEM;
-
- if (ns_len) {
- /* skip over prefix current_ns->base.hname and separating // */
- sprintf(s, ":%s://", ns_name);
- s += ns_len;
- }
- if (unconfined(profile))
- /* mode string not being appended */
- sprintf(s, "%s\n", profile->base.hname);
- else
- sprintf(s, "%s (%s)\n", profile->base.hname, mode_str);
- *string = str;
-
- /* NOTE: len does not include \0 of string, not saved as part of file */
- return len;
-}
-
-/**
- * split_token_from_name - separate a string of form ^
- * @op: operation being checked
- * @args: string to parse (NOT NULL)
- * @token: stores returned parsed token value (NOT NULL)
- *
- * Returns: start position of name after token else NULL on failure
- */
-static char *split_token_from_name(int op, char *args, u64 * token)
-{
- char *name;
-
- *token = simple_strtoull(args, &name, 16);
- if ((name == args) || *name != '^') {
- AA_ERROR("%s: Invalid input '%s'", op_table[op], args);
- return ERR_PTR(-EINVAL);
- }
-
- name++; /* skip ^ */
- if (!*name)
- name = NULL;
- return name;
-}
-
-/**
- * aa_setprocattr_chagnehat - handle procattr interface to change_hat
- * @args: args received from writing to /proc//attr/current (NOT NULL)
- * @size: size of the args
- * @test: true if this is a test of change_hat permissions
- *
- * Returns: %0 or error code if change_hat fails
- */
-int aa_setprocattr_changehat(char *args, size_t size, int test)
-{
- char *hat;
- u64 token;
- const char *hats[16]; /* current hard limit on # of names */
- int count = 0;
-
- hat = split_token_from_name(OP_CHANGE_HAT, args, &token);
- if (IS_ERR(hat))
- return PTR_ERR(hat);
-
- if (!hat && !token) {
- AA_ERROR("change_hat: Invalid input, NULL hat and NULL magic");
- return -EINVAL;
- }
-
- if (hat) {
- /* set up hat name vector, args guaranteed null terminated
- * at args[size] by setprocattr.
- *
- * If there are multiple hat names in the buffer each is
- * separated by a \0. Ie. userspace writes them pre tokenized
- */
- char *end = args + size;
- for (count = 0; (hat < end) && count < 16; ++count) {
- char *next = hat + strlen(hat) + 1;
- hats[count] = hat;
- hat = next;
- }
- }
-
- AA_DEBUG("%s: Magic 0x%llx Hat '%s'\n",
- __func__, token, hat ? hat : NULL);
-
- return aa_change_hat(hats, count, token, test);
-}
-
-/**
- * aa_setprocattr_changeprofile - handle procattr interface to changeprofile
- * @fqname: args received from writting to /proc//attr/current (NOT NULL)
- * @onexec: true if change_profile should be delayed until exec
- * @test: true if this is a test of change_profile permissions
- *
- * Returns: %0 or error code if change_profile fails
- */
-int aa_setprocattr_changeprofile(char *fqname, bool onexec, int test)
-{
- char *name, *ns_name;
-
- name = aa_split_fqname(fqname, &ns_name);
- return aa_change_profile(ns_name, name, onexec, test);
-}
-
-int aa_setprocattr_permipc(char *fqname)
-{
- /* TODO: add ipc permission querying */
- return -ENOTSUPP;
-}
diff --git a/ANDROID_3.4.5/security/apparmor/resource.c b/ANDROID_3.4.5/security/apparmor/resource.c
deleted file mode 100644
index 2fe8613e..00000000
--- a/ANDROID_3.4.5/security/apparmor/resource.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor resource mediation and attachment
- *
- * Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- */
-
-#include
-
-#include "include/audit.h"
-#include "include/resource.h"
-#include "include/policy.h"
-
-/*
- * Table of rlimit names: we generate it from resource.h.
- */
-#include "rlim_names.h"
-
-struct aa_fs_entry aa_fs_entry_rlimit[] = {
- AA_FS_FILE_STRING("mask", AA_FS_RLIMIT_MASK),
- { }
-};
-
-/* audit callback for resource specific fields */
-static void audit_cb(struct audit_buffer *ab, void *va)
-{
- struct common_audit_data *sa = va;
-
- audit_log_format(ab, " rlimit=%s value=%lu",
- rlim_names[sa->aad->rlim.rlim], sa->aad->rlim.max);
-}
-
-/**
- * audit_resource - audit setting resource limit
- * @profile: profile being enforced (NOT NULL)
- * @resoure: rlimit being auditing
- * @value: value being set
- * @error: error value
- *
- * Returns: 0 or sa->error else other error code on failure
- */
-static int audit_resource(struct aa_profile *profile, unsigned int resource,
- unsigned long value, int error)
-{
- struct common_audit_data sa;
- struct apparmor_audit_data aad = {0,};
-
- COMMON_AUDIT_DATA_INIT(&sa, NONE);
- sa.aad = &aad;
- aad.op = OP_SETRLIMIT,
- aad.rlim.rlim = resource;
- aad.rlim.max = value;
- aad.error = error;
- return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_KERNEL, &sa,
- audit_cb);
-}
-
-/**
- * aa_map_resouce - map compiled policy resource to internal #
- * @resource: flattened policy resource number
- *
- * Returns: resource # for the current architecture.
- *
- * rlimit resource can vary based on architecture, map the compiled policy
- * resource # to the internal representation for the architecture.
- */
-int aa_map_resource(int resource)
-{
- return rlim_map[resource];
-}
-
-/**
- * aa_task_setrlimit - test permission to set an rlimit
- * @profile - profile confining the task (NOT NULL)
- * @task - task the resource is being set on
- * @resource - the resource being set
- * @new_rlim - the new resource limit (NOT NULL)
- *
- * Control raising the processes hard limit.
- *
- * Returns: 0 or error code if setting resource failed
- */
-int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
- unsigned int resource, struct rlimit *new_rlim)
-{
- int error = 0;
-
- /* TODO: extend resource control to handle other (non current)
- * processes. AppArmor rules currently have the implicit assumption
- * that the task is setting the resource of the current process
- */
- if ((task != current->group_leader) ||
- (profile->rlimits.mask & (1 << resource) &&
- new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
- error = -EACCES;
-
- return audit_resource(profile, resource, new_rlim->rlim_max, error);
-}
-
-/**
- * __aa_transition_rlimits - apply new profile rlimits
- * @old: old profile on task (NOT NULL)
- * @new: new profile with rlimits to apply (NOT NULL)
- */
-void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new)
-{
- unsigned int mask = 0;
- struct rlimit *rlim, *initrlim;
- int i;
-
- /* for any rlimits the profile controlled reset the soft limit
- * to the less of the tasks hard limit and the init tasks soft limit
- */
- if (old->rlimits.mask) {
- for (i = 0, mask = 1; i < RLIM_NLIMITS; i++, mask <<= 1) {
- if (old->rlimits.mask & mask) {
- rlim = current->signal->rlim + i;
- initrlim = init_task.signal->rlim + i;
- rlim->rlim_cur = min(rlim->rlim_max,
- initrlim->rlim_cur);
- }
- }
- }
-
- /* set any new hard limits as dictated by the new profile */
- if (!new->rlimits.mask)
- return;
- for (i = 0, mask = 1; i < RLIM_NLIMITS; i++, mask <<= 1) {
- if (!(new->rlimits.mask & mask))
- continue;
-
- rlim = current->signal->rlim + i;
- rlim->rlim_max = min(rlim->rlim_max,
- new->rlimits.limits[i].rlim_max);
- /* soft limit should not exceed hard limit */
- rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max);
- }
-}
diff --git a/ANDROID_3.4.5/security/apparmor/sid.c b/ANDROID_3.4.5/security/apparmor/sid.c
deleted file mode 100644
index f0b34f76..00000000
--- a/ANDROID_3.4.5/security/apparmor/sid.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * AppArmor security module
- *
- * This file contains AppArmor security identifier (sid) manipulation fns
- *
- * Copyright 2009-2010 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- *
- * AppArmor allocates a unique sid for every profile loaded. If a profile
- * is replaced it receives the sid of the profile it is replacing.
- *
- * The sid value of 0 is invalid.
- */
-
-#include
-#include
-#include
-
-#include "include/sid.h"
-
-/* global counter from which sids are allocated */
-static u32 global_sid;
-static DEFINE_SPINLOCK(sid_lock);
-
-/* TODO FIXME: add sid to profile mapping, and sid recycling */
-
-/**
- * aa_alloc_sid - allocate a new sid for a profile
- */
-u32 aa_alloc_sid(void)
-{
- u32 sid;
-
- /*
- * TODO FIXME: sid recycling - part of profile mapping table
- */
- spin_lock(&sid_lock);
- sid = (++global_sid);
- spin_unlock(&sid_lock);
- return sid;
-}
-
-/**
- * aa_free_sid - free a sid
- * @sid: sid to free
- */
-void aa_free_sid(u32 sid)
-{
- ; /* NOP ATM */
-}
diff --git a/ANDROID_3.4.5/security/capability.c b/ANDROID_3.4.5/security/capability.c
deleted file mode 100644
index 5bb21b1c..00000000
--- a/ANDROID_3.4.5/security/capability.c
+++ /dev/null
@@ -1,1074 +0,0 @@
-/*
- * Capabilities Linux Security Module
- *
- * This is the default security module in case no other module is loaded.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- */
-
-#include
-
-static int cap_syslog(int type)
-{
- return 0;
-}
-
-static int cap_quotactl(int cmds, int type, int id, struct super_block *sb)
-{
- return 0;
-}
-
-static int cap_quota_on(struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_bprm_check_security(struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static void cap_bprm_committing_creds(struct linux_binprm *bprm)
-{
-}
-
-static void cap_bprm_committed_creds(struct linux_binprm *bprm)
-{
-}
-
-static int cap_sb_alloc_security(struct super_block *sb)
-{
- return 0;
-}
-
-static void cap_sb_free_security(struct super_block *sb)
-{
-}
-
-static int cap_sb_copy_data(char *orig, char *copy)
-{
- return 0;
-}
-
-static int cap_sb_remount(struct super_block *sb, void *data)
-{
- return 0;
-}
-
-static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
-{
- return 0;
-}
-
-static int cap_sb_show_options(struct seq_file *m, struct super_block *sb)
-{
- return 0;
-}
-
-static int cap_sb_statfs(struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_sb_mount(char *dev_name, struct path *path, char *type,
- unsigned long flags, void *data)
-{
- return 0;
-}
-
-static int cap_sb_umount(struct vfsmount *mnt, int flags)
-{
- return 0;
-}
-
-static int cap_sb_pivotroot(struct path *old_path, struct path *new_path)
-{
- return 0;
-}
-
-static int cap_sb_set_mnt_opts(struct super_block *sb,
- struct security_mnt_opts *opts)
-{
- if (unlikely(opts->num_mnt_opts))
- return -EOPNOTSUPP;
- return 0;
-}
-
-static void cap_sb_clone_mnt_opts(const struct super_block *oldsb,
- struct super_block *newsb)
-{
-}
-
-static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
-{
- return 0;
-}
-
-static int cap_inode_alloc_security(struct inode *inode)
-{
- return 0;
-}
-
-static void cap_inode_free_security(struct inode *inode)
-{
-}
-
-static int cap_inode_init_security(struct inode *inode, struct inode *dir,
- const struct qstr *qstr, char **name,
- void **value, size_t *len)
-{
- return -EOPNOTSUPP;
-}
-
-static int cap_inode_create(struct inode *inode, struct dentry *dentry,
- umode_t mask)
-{
- return 0;
-}
-
-static int cap_inode_link(struct dentry *old_dentry, struct inode *inode,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static int cap_inode_unlink(struct inode *inode, struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
- const char *name)
-{
- return 0;
-}
-
-static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry,
- umode_t mask)
-{
- return 0;
-}
-
-static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
- umode_t mode, dev_t dev)
-{
- return 0;
-}
-
-static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
- struct inode *new_inode, struct dentry *new_dentry)
-{
- return 0;
-}
-
-static int cap_inode_readlink(struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_follow_link(struct dentry *dentry,
- struct nameidata *nameidata)
-{
- return 0;
-}
-
-static int cap_inode_permission(struct inode *inode, int mask)
-{
- return 0;
-}
-
-static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr)
-{
- return 0;
-}
-
-static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
-{
- return 0;
-}
-
-static void cap_inode_post_setxattr(struct dentry *dentry, const char *name,
- const void *value, size_t size, int flags)
-{
-}
-
-static int cap_inode_getxattr(struct dentry *dentry, const char *name)
-{
- return 0;
-}
-
-static int cap_inode_listxattr(struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_getsecurity(const struct inode *inode, const char *name,
- void **buffer, bool alloc)
-{
- return -EOPNOTSUPP;
-}
-
-static int cap_inode_setsecurity(struct inode *inode, const char *name,
- const void *value, size_t size, int flags)
-{
- return -EOPNOTSUPP;
-}
-
-static int cap_inode_listsecurity(struct inode *inode, char *buffer,
- size_t buffer_size)
-{
- return 0;
-}
-
-static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
-{
- *secid = 0;
-}
-
-#ifdef CONFIG_SECURITY_PATH
-static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
- unsigned int dev)
-{
- return 0;
-}
-
-static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
-{
- return 0;
-}
-
-static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_path_unlink(struct path *dir, struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_path_symlink(struct path *dir, struct dentry *dentry,
- const char *old_name)
-{
- return 0;
-}
-
-static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
- struct path *new_path, struct dentry *new_dentry)
-{
- return 0;
-}
-
-static int cap_path_truncate(struct path *path)
-{
- return 0;
-}
-
-static int cap_path_chmod(struct path *path, umode_t mode)
-{
- return 0;
-}
-
-static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
-{
- return 0;
-}
-
-static int cap_path_chroot(struct path *root)
-{
- return 0;
-}
-#endif
-
-static int cap_file_permission(struct file *file, int mask)
-{
- return 0;
-}
-
-static int cap_file_alloc_security(struct file *file)
-{
- return 0;
-}
-
-static void cap_file_free_security(struct file *file)
-{
-}
-
-static int cap_file_ioctl(struct file *file, unsigned int command,
- unsigned long arg)
-{
- return 0;
-}
-
-static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
- unsigned long prot)
-{
- return 0;
-}
-
-static int cap_file_lock(struct file *file, unsigned int cmd)
-{
- return 0;
-}
-
-static int cap_file_fcntl(struct file *file, unsigned int cmd,
- unsigned long arg)
-{
- return 0;
-}
-
-static int cap_file_set_fowner(struct file *file)
-{
- return 0;
-}
-
-static int cap_file_send_sigiotask(struct task_struct *tsk,
- struct fown_struct *fown, int sig)
-{
- return 0;
-}
-
-static int cap_file_receive(struct file *file)
-{
- return 0;
-}
-
-static int cap_dentry_open(struct file *file, const struct cred *cred)
-{
- return 0;
-}
-
-static int cap_task_create(unsigned long clone_flags)
-{
- return 0;
-}
-
-static void cap_task_free(struct task_struct *task)
-{
-}
-
-static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
-{
- return 0;
-}
-
-static void cap_cred_free(struct cred *cred)
-{
-}
-
-static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
-{
- return 0;
-}
-
-static void cap_cred_transfer(struct cred *new, const struct cred *old)
-{
-}
-
-static int cap_kernel_act_as(struct cred *new, u32 secid)
-{
- return 0;
-}
-
-static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
-{
- return 0;
-}
-
-static int cap_kernel_module_request(char *kmod_name)
-{
- return 0;
-}
-
-static int cap_task_setpgid(struct task_struct *p, pid_t pgid)
-{
- return 0;
-}
-
-static int cap_task_getpgid(struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_getsid(struct task_struct *p)
-{
- return 0;
-}
-
-static void cap_task_getsecid(struct task_struct *p, u32 *secid)
-{
- *secid = 0;
-}
-
-static int cap_task_getioprio(struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_setrlimit(struct task_struct *p, unsigned int resource,
- struct rlimit *new_rlim)
-{
- return 0;
-}
-
-static int cap_task_getscheduler(struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_movememory(struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_wait(struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_kill(struct task_struct *p, struct siginfo *info,
- int sig, u32 secid)
-{
- return 0;
-}
-
-static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
-{
-}
-
-static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
-{
- return 0;
-}
-
-static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
-{
- *secid = 0;
-}
-
-static int cap_msg_msg_alloc_security(struct msg_msg *msg)
-{
- return 0;
-}
-
-static void cap_msg_msg_free_security(struct msg_msg *msg)
-{
-}
-
-static int cap_msg_queue_alloc_security(struct msg_queue *msq)
-{
- return 0;
-}
-
-static void cap_msg_queue_free_security(struct msg_queue *msq)
-{
-}
-
-static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg)
-{
- return 0;
-}
-
-static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd)
-{
- return 0;
-}
-
-static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
- int msgflg)
-{
- return 0;
-}
-
-static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
- struct task_struct *target, long type, int mode)
-{
- return 0;
-}
-
-static int cap_shm_alloc_security(struct shmid_kernel *shp)
-{
- return 0;
-}
-
-static void cap_shm_free_security(struct shmid_kernel *shp)
-{
-}
-
-static int cap_shm_associate(struct shmid_kernel *shp, int shmflg)
-{
- return 0;
-}
-
-static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd)
-{
- return 0;
-}
-
-static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
- int shmflg)
-{
- return 0;
-}
-
-static int cap_sem_alloc_security(struct sem_array *sma)
-{
- return 0;
-}
-
-static void cap_sem_free_security(struct sem_array *sma)
-{
-}
-
-static int cap_sem_associate(struct sem_array *sma, int semflg)
-{
- return 0;
-}
-
-static int cap_sem_semctl(struct sem_array *sma, int cmd)
-{
- return 0;
-}
-
-static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
- unsigned nsops, int alter)
-{
- return 0;
-}
-
-#ifdef CONFIG_SECURITY_NETWORK
-static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
- struct sock *newsk)
-{
- return 0;
-}
-
-static int cap_unix_may_send(struct socket *sock, struct socket *other)
-{
- return 0;
-}
-
-static int cap_socket_create(int family, int type, int protocol, int kern)
-{
- return 0;
-}
-
-static int cap_socket_post_create(struct socket *sock, int family, int type,
- int protocol, int kern)
-{
- return 0;
-}
-
-static int cap_socket_bind(struct socket *sock, struct sockaddr *address,
- int addrlen)
-{
- return 0;
-}
-
-static int cap_socket_connect(struct socket *sock, struct sockaddr *address,
- int addrlen)
-{
- return 0;
-}
-
-static int cap_socket_listen(struct socket *sock, int backlog)
-{
- return 0;
-}
-
-static int cap_socket_accept(struct socket *sock, struct socket *newsock)
-{
- return 0;
-}
-
-static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
-{
- return 0;
-}
-
-static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg,
- int size, int flags)
-{
- return 0;
-}
-
-static int cap_socket_getsockname(struct socket *sock)
-{
- return 0;
-}
-
-static int cap_socket_getpeername(struct socket *sock)
-{
- return 0;
-}
-
-static int cap_socket_setsockopt(struct socket *sock, int level, int optname)
-{
- return 0;
-}
-
-static int cap_socket_getsockopt(struct socket *sock, int level, int optname)
-{
- return 0;
-}
-
-static int cap_socket_shutdown(struct socket *sock, int how)
-{
- return 0;
-}
-
-static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
-{
- return 0;
-}
-
-static int cap_socket_getpeersec_stream(struct socket *sock,
- char __user *optval,
- int __user *optlen, unsigned len)
-{
- return -ENOPROTOOPT;
-}
-
-static int cap_socket_getpeersec_dgram(struct socket *sock,
- struct sk_buff *skb, u32 *secid)
-{
- return -ENOPROTOOPT;
-}
-
-static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
-{
- return 0;
-}
-
-static void cap_sk_free_security(struct sock *sk)
-{
-}
-
-static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk)
-{
-}
-
-static void cap_sk_getsecid(struct sock *sk, u32 *secid)
-{
-}
-
-static void cap_sock_graft(struct sock *sk, struct socket *parent)
-{
-}
-
-static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb,
- struct request_sock *req)
-{
- return 0;
-}
-
-static void cap_inet_csk_clone(struct sock *newsk,
- const struct request_sock *req)
-{
-}
-
-static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
-{
-}
-
-static int cap_secmark_relabel_packet(u32 secid)
-{
- return 0;
-}
-
-static void cap_secmark_refcount_inc(void)
-{
-}
-
-static void cap_secmark_refcount_dec(void)
-{
-}
-
-static void cap_req_classify_flow(const struct request_sock *req,
- struct flowi *fl)
-{
-}
-
-static int cap_tun_dev_create(void)
-{
- return 0;
-}
-
-static void cap_tun_dev_post_create(struct sock *sk)
-{
-}
-
-static int cap_tun_dev_attach(struct sock *sk)
-{
- return 0;
-}
-#endif /* CONFIG_SECURITY_NETWORK */
-
-#ifdef CONFIG_SECURITY_NETWORK_XFRM
-static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
- struct xfrm_user_sec_ctx *sec_ctx)
-{
- return 0;
-}
-
-static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
- struct xfrm_sec_ctx **new_ctxp)
-{
- return 0;
-}
-
-static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
-{
-}
-
-static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
-{
- return 0;
-}
-
-static int cap_xfrm_state_alloc_security(struct xfrm_state *x,
- struct xfrm_user_sec_ctx *sec_ctx,
- u32 secid)
-{
- return 0;
-}
-
-static void cap_xfrm_state_free_security(struct xfrm_state *x)
-{
-}
-
-static int cap_xfrm_state_delete_security(struct xfrm_state *x)
-{
- return 0;
-}
-
-static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir)
-{
- return 0;
-}
-
-static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x,
- struct xfrm_policy *xp,
- const struct flowi *fl)
-{
- return 1;
-}
-
-static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
-{
- return 0;
-}
-
-#endif /* CONFIG_SECURITY_NETWORK_XFRM */
-static void cap_d_instantiate(struct dentry *dentry, struct inode *inode)
-{
-}
-
-static int cap_getprocattr(struct task_struct *p, char *name, char **value)
-{
- return -EINVAL;
-}
-
-static int cap_setprocattr(struct task_struct *p, char *name, void *value,
- size_t size)
-{
- return -EINVAL;
-}
-
-static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
-{
- return -EOPNOTSUPP;
-}
-
-static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
-{
- *secid = 0;
- return 0;
-}
-
-static void cap_release_secctx(char *secdata, u32 seclen)
-{
-}
-
-static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
-{
- return 0;
-}
-
-static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
-{
- return 0;
-}
-
-static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
-{
- return 0;
-}
-#ifdef CONFIG_KEYS
-static int cap_key_alloc(struct key *key, const struct cred *cred,
- unsigned long flags)
-{
- return 0;
-}
-
-static void cap_key_free(struct key *key)
-{
-}
-
-static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
- key_perm_t perm)
-{
- return 0;
-}
-
-static int cap_key_getsecurity(struct key *key, char **_buffer)
-{
- *_buffer = NULL;
- return 0;
-}
-
-#endif /* CONFIG_KEYS */
-
-#ifdef CONFIG_AUDIT
-static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
-{
- return 0;
-}
-
-static int cap_audit_rule_known(struct audit_krule *krule)
-{
- return 0;
-}
-
-static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
- struct audit_context *actx)
-{
- return 0;
-}
-
-static void cap_audit_rule_free(void *lsmrule)
-{
-}
-#endif /* CONFIG_AUDIT */
-
-#define set_to_cap_if_null(ops, function) \
- do { \
- if (!ops->function) { \
- ops->function = cap_##function; \
- pr_debug("Had to override the " #function \
- " security operation with the default.\n");\
- } \
- } while (0)
-
-void __init security_fixup_ops(struct security_operations *ops)
-{
- set_to_cap_if_null(ops, ptrace_access_check);
- set_to_cap_if_null(ops, ptrace_traceme);
- set_to_cap_if_null(ops, capget);
- set_to_cap_if_null(ops, capset);
- set_to_cap_if_null(ops, capable);
- set_to_cap_if_null(ops, quotactl);
- set_to_cap_if_null(ops, quota_on);
- set_to_cap_if_null(ops, syslog);
- set_to_cap_if_null(ops, settime);
- set_to_cap_if_null(ops, vm_enough_memory);
- set_to_cap_if_null(ops, bprm_set_creds);
- set_to_cap_if_null(ops, bprm_committing_creds);
- set_to_cap_if_null(ops, bprm_committed_creds);
- set_to_cap_if_null(ops, bprm_check_security);
- set_to_cap_if_null(ops, bprm_secureexec);
- set_to_cap_if_null(ops, sb_alloc_security);
- set_to_cap_if_null(ops, sb_free_security);
- set_to_cap_if_null(ops, sb_copy_data);
- set_to_cap_if_null(ops, sb_remount);
- set_to_cap_if_null(ops, sb_kern_mount);
- set_to_cap_if_null(ops, sb_show_options);
- set_to_cap_if_null(ops, sb_statfs);
- set_to_cap_if_null(ops, sb_mount);
- set_to_cap_if_null(ops, sb_umount);
- set_to_cap_if_null(ops, sb_pivotroot);
- set_to_cap_if_null(ops, sb_set_mnt_opts);
- set_to_cap_if_null(ops, sb_clone_mnt_opts);
- set_to_cap_if_null(ops, sb_parse_opts_str);
- set_to_cap_if_null(ops, inode_alloc_security);
- set_to_cap_if_null(ops, inode_free_security);
- set_to_cap_if_null(ops, inode_init_security);
- set_to_cap_if_null(ops, inode_create);
- set_to_cap_if_null(ops, inode_link);
- set_to_cap_if_null(ops, inode_unlink);
- set_to_cap_if_null(ops, inode_symlink);
- set_to_cap_if_null(ops, inode_mkdir);
- set_to_cap_if_null(ops, inode_rmdir);
- set_to_cap_if_null(ops, inode_mknod);
- set_to_cap_if_null(ops, inode_rename);
- set_to_cap_if_null(ops, inode_readlink);
- set_to_cap_if_null(ops, inode_follow_link);
- set_to_cap_if_null(ops, inode_permission);
- set_to_cap_if_null(ops, inode_setattr);
- set_to_cap_if_null(ops, inode_getattr);
- set_to_cap_if_null(ops, inode_setxattr);
- set_to_cap_if_null(ops, inode_post_setxattr);
- set_to_cap_if_null(ops, inode_getxattr);
- set_to_cap_if_null(ops, inode_listxattr);
- set_to_cap_if_null(ops, inode_removexattr);
- set_to_cap_if_null(ops, inode_need_killpriv);
- set_to_cap_if_null(ops, inode_killpriv);
- set_to_cap_if_null(ops, inode_getsecurity);
- set_to_cap_if_null(ops, inode_setsecurity);
- set_to_cap_if_null(ops, inode_listsecurity);
- set_to_cap_if_null(ops, inode_getsecid);
-#ifdef CONFIG_SECURITY_PATH
- set_to_cap_if_null(ops, path_mknod);
- set_to_cap_if_null(ops, path_mkdir);
- set_to_cap_if_null(ops, path_rmdir);
- set_to_cap_if_null(ops, path_unlink);
- set_to_cap_if_null(ops, path_symlink);
- set_to_cap_if_null(ops, path_link);
- set_to_cap_if_null(ops, path_rename);
- set_to_cap_if_null(ops, path_truncate);
- set_to_cap_if_null(ops, path_chmod);
- set_to_cap_if_null(ops, path_chown);
- set_to_cap_if_null(ops, path_chroot);
-#endif
- set_to_cap_if_null(ops, file_permission);
- set_to_cap_if_null(ops, file_alloc_security);
- set_to_cap_if_null(ops, file_free_security);
- set_to_cap_if_null(ops, file_ioctl);
- set_to_cap_if_null(ops, file_mmap);
- set_to_cap_if_null(ops, file_mprotect);
- set_to_cap_if_null(ops, file_lock);
- set_to_cap_if_null(ops, file_fcntl);
- set_to_cap_if_null(ops, file_set_fowner);
- set_to_cap_if_null(ops, file_send_sigiotask);
- set_to_cap_if_null(ops, file_receive);
- set_to_cap_if_null(ops, dentry_open);
- set_to_cap_if_null(ops, task_create);
- set_to_cap_if_null(ops, task_free);
- set_to_cap_if_null(ops, cred_alloc_blank);
- set_to_cap_if_null(ops, cred_free);
- set_to_cap_if_null(ops, cred_prepare);
- set_to_cap_if_null(ops, cred_transfer);
- set_to_cap_if_null(ops, kernel_act_as);
- set_to_cap_if_null(ops, kernel_create_files_as);
- set_to_cap_if_null(ops, kernel_module_request);
- set_to_cap_if_null(ops, task_fix_setuid);
- set_to_cap_if_null(ops, task_setpgid);
- set_to_cap_if_null(ops, task_getpgid);
- set_to_cap_if_null(ops, task_getsid);
- set_to_cap_if_null(ops, task_getsecid);
- set_to_cap_if_null(ops, task_setnice);
- set_to_cap_if_null(ops, task_setioprio);
- set_to_cap_if_null(ops, task_getioprio);
- set_to_cap_if_null(ops, task_setrlimit);
- set_to_cap_if_null(ops, task_setscheduler);
- set_to_cap_if_null(ops, task_getscheduler);
- set_to_cap_if_null(ops, task_movememory);
- set_to_cap_if_null(ops, task_wait);
- set_to_cap_if_null(ops, task_kill);
- set_to_cap_if_null(ops, task_prctl);
- set_to_cap_if_null(ops, task_to_inode);
- set_to_cap_if_null(ops, ipc_permission);
- set_to_cap_if_null(ops, ipc_getsecid);
- set_to_cap_if_null(ops, msg_msg_alloc_security);
- set_to_cap_if_null(ops, msg_msg_free_security);
- set_to_cap_if_null(ops, msg_queue_alloc_security);
- set_to_cap_if_null(ops, msg_queue_free_security);
- set_to_cap_if_null(ops, msg_queue_associate);
- set_to_cap_if_null(ops, msg_queue_msgctl);
- set_to_cap_if_null(ops, msg_queue_msgsnd);
- set_to_cap_if_null(ops, msg_queue_msgrcv);
- set_to_cap_if_null(ops, shm_alloc_security);
- set_to_cap_if_null(ops, shm_free_security);
- set_to_cap_if_null(ops, shm_associate);
- set_to_cap_if_null(ops, shm_shmctl);
- set_to_cap_if_null(ops, shm_shmat);
- set_to_cap_if_null(ops, sem_alloc_security);
- set_to_cap_if_null(ops, sem_free_security);
- set_to_cap_if_null(ops, sem_associate);
- set_to_cap_if_null(ops, sem_semctl);
- set_to_cap_if_null(ops, sem_semop);
- set_to_cap_if_null(ops, netlink_send);
- set_to_cap_if_null(ops, d_instantiate);
- set_to_cap_if_null(ops, getprocattr);
- set_to_cap_if_null(ops, setprocattr);
- set_to_cap_if_null(ops, secid_to_secctx);
- set_to_cap_if_null(ops, secctx_to_secid);
- set_to_cap_if_null(ops, release_secctx);
- set_to_cap_if_null(ops, inode_notifysecctx);
- set_to_cap_if_null(ops, inode_setsecctx);
- set_to_cap_if_null(ops, inode_getsecctx);
-#ifdef CONFIG_SECURITY_NETWORK
- set_to_cap_if_null(ops, unix_stream_connect);
- set_to_cap_if_null(ops, unix_may_send);
- set_to_cap_if_null(ops, socket_create);
- set_to_cap_if_null(ops, socket_post_create);
- set_to_cap_if_null(ops, socket_bind);
- set_to_cap_if_null(ops, socket_connect);
- set_to_cap_if_null(ops, socket_listen);
- set_to_cap_if_null(ops, socket_accept);
- set_to_cap_if_null(ops, socket_sendmsg);
- set_to_cap_if_null(ops, socket_recvmsg);
- set_to_cap_if_null(ops, socket_getsockname);
- set_to_cap_if_null(ops, socket_getpeername);
- set_to_cap_if_null(ops, socket_setsockopt);
- set_to_cap_if_null(ops, socket_getsockopt);
- set_to_cap_if_null(ops, socket_shutdown);
- set_to_cap_if_null(ops, socket_sock_rcv_skb);
- set_to_cap_if_null(ops, socket_getpeersec_stream);
- set_to_cap_if_null(ops, socket_getpeersec_dgram);
- set_to_cap_if_null(ops, sk_alloc_security);
- set_to_cap_if_null(ops, sk_free_security);
- set_to_cap_if_null(ops, sk_clone_security);
- set_to_cap_if_null(ops, sk_getsecid);
- set_to_cap_if_null(ops, sock_graft);
- set_to_cap_if_null(ops, inet_conn_request);
- set_to_cap_if_null(ops, inet_csk_clone);
- set_to_cap_if_null(ops, inet_conn_established);
- set_to_cap_if_null(ops, secmark_relabel_packet);
- set_to_cap_if_null(ops, secmark_refcount_inc);
- set_to_cap_if_null(ops, secmark_refcount_dec);
- set_to_cap_if_null(ops, req_classify_flow);
- set_to_cap_if_null(ops, tun_dev_create);
- set_to_cap_if_null(ops, tun_dev_post_create);
- set_to_cap_if_null(ops, tun_dev_attach);
-#endif /* CONFIG_SECURITY_NETWORK */
-#ifdef CONFIG_SECURITY_NETWORK_XFRM
- set_to_cap_if_null(ops, xfrm_policy_alloc_security);
- set_to_cap_if_null(ops, xfrm_policy_clone_security);
- set_to_cap_if_null(ops, xfrm_policy_free_security);
- set_to_cap_if_null(ops, xfrm_policy_delete_security);
- set_to_cap_if_null(ops, xfrm_state_alloc_security);
- set_to_cap_if_null(ops, xfrm_state_free_security);
- set_to_cap_if_null(ops, xfrm_state_delete_security);
- set_to_cap_if_null(ops, xfrm_policy_lookup);
- set_to_cap_if_null(ops, xfrm_state_pol_flow_match);
- set_to_cap_if_null(ops, xfrm_decode_session);
-#endif /* CONFIG_SECURITY_NETWORK_XFRM */
-#ifdef CONFIG_KEYS
- set_to_cap_if_null(ops, key_alloc);
- set_to_cap_if_null(ops, key_free);
- set_to_cap_if_null(ops, key_permission);
- set_to_cap_if_null(ops, key_getsecurity);
-#endif /* CONFIG_KEYS */
-#ifdef CONFIG_AUDIT
- set_to_cap_if_null(ops, audit_rule_init);
- set_to_cap_if_null(ops, audit_rule_known);
- set_to_cap_if_null(ops, audit_rule_match);
- set_to_cap_if_null(ops, audit_rule_free);
-#endif
-}
diff --git a/ANDROID_3.4.5/security/commoncap.c b/ANDROID_3.4.5/security/commoncap.c
deleted file mode 100644
index 0051ac2d..00000000
--- a/ANDROID_3.4.5/security/commoncap.c
+++ /dev/null
@@ -1,985 +0,0 @@
-/* Common capabilities, needed by capability.o.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
-#include
-#endif
-
-/*
- * If a non-root user executes a setuid-root binary in
- * !secure(SECURE_NOROOT) mode, then we raise capabilities.
- * However if fE is also set, then the intent is for only
- * the file capabilities to be applied, and the setuid-root
- * bit is left on either to change the uid (plausible) or
- * to get full privilege on a kernel without file capabilities
- * support. So in that case we do not raise capabilities.
- *
- * Warn if that happens, once per boot.
- */
-static void warn_setuid_and_fcaps_mixed(const char *fname)
-{
- static int warned;
- if (!warned) {
- printk(KERN_INFO "warning: `%s' has both setuid-root and"
- " effective capabilities. Therefore not raising all"
- " capabilities.\n", fname);
- warned = 1;
- }
-}
-
-int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-{
- return 0;
-}
-
-/**
- * cap_capable - Determine whether a task has a particular effective capability
- * @cred: The credentials to use
- * @ns: The user namespace in which we need the capability
- * @cap: The capability to check for
- * @audit: Whether to write an audit message or not
- *
- * Determine whether the nominated task has the specified capability amongst
- * its effective set, returning 0 if it does, -ve if it does not.
- *
- * NOTE WELL: cap_has_capability() cannot be used like the kernel's capable()
- * and has_capability() functions. That is, it has the reverse semantics:
- * cap_has_capability() returns 0 when a task has a capability, but the
- * kernel's capable() and has_capability() returns 1 for this case.
- */
-int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
- int cap, int audit)
-{
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
- if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
- return 0;
- if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
- return 0;
-#endif
-
- for (;;) {
- /* The creator of the user namespace has all caps. */
- if (targ_ns != &init_user_ns && targ_ns->creator == cred->user)
- return 0;
-
- /* Do we have the necessary capabilities? */
- if (targ_ns == cred->user->user_ns)
- return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
-
- /* Have we tried all of the parent namespaces? */
- if (targ_ns == &init_user_ns)
- return -EPERM;
-
- /*
- *If you have a capability in a parent user ns, then you have
- * it over all children user namespaces as well.
- */
- targ_ns = targ_ns->creator->user_ns;
- }
-
- /* We never get here */
-}
-
-/**
- * cap_settime - Determine whether the current process may set the system clock
- * @ts: The time to set
- * @tz: The timezone to set
- *
- * Determine whether the current process may set the system clock and timezone
- * information, returning 0 if permission granted, -ve if denied.
- */
-int cap_settime(const struct timespec *ts, const struct timezone *tz)
-{
- if (!capable(CAP_SYS_TIME))
- return -EPERM;
- return 0;
-}
-
-/**
- * cap_ptrace_access_check - Determine whether the current process may access
- * another
- * @child: The process to be accessed
- * @mode: The mode of attachment.
- *
- * If we are in the same or an ancestor user_ns and have all the target
- * task's capabilities, then ptrace access is allowed.
- * If we have the ptrace capability to the target user_ns, then ptrace
- * access is allowed.
- * Else denied.
- *
- * Determine whether a process may access another, returning 0 if permission
- * granted, -ve if denied.
- */
-int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
-{
- int ret = 0;
- const struct cred *cred, *child_cred;
-
- rcu_read_lock();
- cred = current_cred();
- child_cred = __task_cred(child);
- if (cred->user->user_ns == child_cred->user->user_ns &&
- cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
- goto out;
- if (ns_capable(child_cred->user->user_ns, CAP_SYS_PTRACE))
- goto out;
- ret = -EPERM;
-out:
- rcu_read_unlock();
- return ret;
-}
-
-/**
- * cap_ptrace_traceme - Determine whether another process may trace the current
- * @parent: The task proposed to be the tracer
- *
- * If parent is in the same or an ancestor user_ns and has all current's
- * capabilities, then ptrace access is allowed.
- * If parent has the ptrace capability to current's user_ns, then ptrace
- * access is allowed.
- * Else denied.
- *
- * Determine whether the nominated task is permitted to trace the current
- * process, returning 0 if permission is granted, -ve if denied.
- */
-int cap_ptrace_traceme(struct task_struct *parent)
-{
- int ret = 0;
- const struct cred *cred, *child_cred;
-
- rcu_read_lock();
- cred = __task_cred(parent);
- child_cred = current_cred();
- if (cred->user->user_ns == child_cred->user->user_ns &&
- cap_issubset(child_cred->cap_permitted, cred->cap_permitted))
- goto out;
- if (has_ns_capability(parent, child_cred->user->user_ns, CAP_SYS_PTRACE))
- goto out;
- ret = -EPERM;
-out:
- rcu_read_unlock();
- return ret;
-}
-
-/**
- * cap_capget - Retrieve a task's capability sets
- * @target: The task from which to retrieve the capability sets
- * @effective: The place to record the effective set
- * @inheritable: The place to record the inheritable set
- * @permitted: The place to record the permitted set
- *
- * This function retrieves the capabilities of the nominated task and returns
- * them to the caller.
- */
-int cap_capget(struct task_struct *target, kernel_cap_t *effective,
- kernel_cap_t *inheritable, kernel_cap_t *permitted)
-{
- const struct cred *cred;
-
- /* Derived from kernel/capability.c:sys_capget. */
- rcu_read_lock();
- cred = __task_cred(target);
- *effective = cred->cap_effective;
- *inheritable = cred->cap_inheritable;
- *permitted = cred->cap_permitted;
- rcu_read_unlock();
- return 0;
-}
-
-/*
- * Determine whether the inheritable capabilities are limited to the old
- * permitted set. Returns 1 if they are limited, 0 if they are not.
- */
-static inline int cap_inh_is_capped(void)
-{
-
- /* they are so limited unless the current task has the CAP_SETPCAP
- * capability
- */
- if (cap_capable(current_cred(), current_cred()->user->user_ns,
- CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0)
- return 0;
- return 1;
-}
-
-/**
- * cap_capset - Validate and apply proposed changes to current's capabilities
- * @new: The proposed new credentials; alterations should be made here
- * @old: The current task's current credentials
- * @effective: A pointer to the proposed new effective capabilities set
- * @inheritable: A pointer to the proposed new inheritable capabilities set
- * @permitted: A pointer to the proposed new permitted capabilities set
- *
- * This function validates and applies a proposed mass change to the current
- * process's capability sets. The changes are made to the proposed new
- * credentials, and assuming no error, will be committed by the caller of LSM.
- */
-int cap_capset(struct cred *new,
- const struct cred *old,
- const kernel_cap_t *effective,
- const kernel_cap_t *inheritable,
- const kernel_cap_t *permitted)
-{
- if (cap_inh_is_capped() &&
- !cap_issubset(*inheritable,
- cap_combine(old->cap_inheritable,
- old->cap_permitted)))
- /* incapable of using this inheritable set */
- return -EPERM;
-
- if (!cap_issubset(*inheritable,
- cap_combine(old->cap_inheritable,
- old->cap_bset)))
- /* no new pI capabilities outside bounding set */
- return -EPERM;
-
- /* verify restrictions on target's new Permitted set */
- if (!cap_issubset(*permitted, old->cap_permitted))
- return -EPERM;
-
- /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
- if (!cap_issubset(*effective, *permitted))
- return -EPERM;
-
- new->cap_effective = *effective;
- new->cap_inheritable = *inheritable;
- new->cap_permitted = *permitted;
- return 0;
-}
-
-/*
- * Clear proposed capability sets for execve().
- */
-static inline void bprm_clear_caps(struct linux_binprm *bprm)
-{
- cap_clear(bprm->cred->cap_permitted);
- bprm->cap_effective = false;
-}
-
-/**
- * cap_inode_need_killpriv - Determine if inode change affects privileges
- * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV
- *
- * Determine if an inode having a change applied that's marked ATTR_KILL_PRIV
- * affects the security markings on that inode, and if it is, should
- * inode_killpriv() be invoked or the change rejected?
- *
- * Returns 0 if granted; +ve if granted, but inode_killpriv() is required; and
- * -ve to deny the change.
- */
-int cap_inode_need_killpriv(struct dentry *dentry)
-{
- struct inode *inode = dentry->d_inode;
- int error;
-
- if (!inode->i_op->getxattr)
- return 0;
-
- error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0);
- if (error <= 0)
- return 0;
- return 1;
-}
-
-/**
- * cap_inode_killpriv - Erase the security markings on an inode
- * @dentry: The inode/dentry to alter
- *
- * Erase the privilege-enhancing security markings on an inode.
- *
- * Returns 0 if successful, -ve on error.
- */
-int cap_inode_killpriv(struct dentry *dentry)
-{
- struct inode *inode = dentry->d_inode;
-
- if (!inode->i_op->removexattr)
- return 0;
-
- return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS);
-}
-
-/*
- * Calculate the new process capability sets from the capability sets attached
- * to a file.
- */
-static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
- struct linux_binprm *bprm,
- bool *effective,
- bool *has_cap)
-{
- struct cred *new = bprm->cred;
- unsigned i;
- int ret = 0;
-
- if (caps->magic_etc & VFS_CAP_FLAGS_EFFECTIVE)
- *effective = true;
-
- if (caps->magic_etc & VFS_CAP_REVISION_MASK)
- *has_cap = true;
-
- CAP_FOR_EACH_U32(i) {
- __u32 permitted = caps->permitted.cap[i];
- __u32 inheritable = caps->inheritable.cap[i];
-
- /*
- * pP' = (X & fP) | (pI & fI)
- */
- new->cap_permitted.cap[i] =
- (new->cap_bset.cap[i] & permitted) |
- (new->cap_inheritable.cap[i] & inheritable);
-
- if (permitted & ~new->cap_permitted.cap[i])
- /* insufficient to execute correctly */
- ret = -EPERM;
- }
-
- /*
- * For legacy apps, with no internal support for recognizing they
- * do not have enough capabilities, we return an error if they are
- * missing some "forced" (aka file-permitted) capabilities.
- */
- return *effective ? ret : 0;
-}
-
-/*
- * Extract the on-exec-apply capability sets for an executable file.
- */
-int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
-{
- struct inode *inode = dentry->d_inode;
- __u32 magic_etc;
- unsigned tocopy, i;
- int size;
- struct vfs_cap_data caps;
-
- memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
-
- if (!inode || !inode->i_op->getxattr)
- return -ENODATA;
-
- size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps,
- XATTR_CAPS_SZ);
- if (size == -ENODATA || size == -EOPNOTSUPP)
- /* no data, that's ok */
- return -ENODATA;
- if (size < 0)
- return size;
-
- if (size < sizeof(magic_etc))
- return -EINVAL;
-
- cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps.magic_etc);
-
- switch (magic_etc & VFS_CAP_REVISION_MASK) {
- case VFS_CAP_REVISION_1:
- if (size != XATTR_CAPS_SZ_1)
- return -EINVAL;
- tocopy = VFS_CAP_U32_1;
- break;
- case VFS_CAP_REVISION_2:
- if (size != XATTR_CAPS_SZ_2)
- return -EINVAL;
- tocopy = VFS_CAP_U32_2;
- break;
- default:
- return -EINVAL;
- }
-
- CAP_FOR_EACH_U32(i) {
- if (i >= tocopy)
- break;
- cpu_caps->permitted.cap[i] = le32_to_cpu(caps.data[i].permitted);
- cpu_caps->inheritable.cap[i] = le32_to_cpu(caps.data[i].inheritable);
- }
-
- return 0;
-}
-
-/*
- * Attempt to get the on-exec apply capability sets for an executable file from
- * its xattrs and, if present, apply them to the proposed credentials being
- * constructed by execve().
- */
-static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_cap)
-{
- struct dentry *dentry;
- int rc = 0;
- struct cpu_vfs_cap_data vcaps;
-
- bprm_clear_caps(bprm);
-
- if (!file_caps_enabled)
- return 0;
-
- if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
- return 0;
-
- dentry = dget(bprm->file->f_dentry);
-
- rc = get_vfs_caps_from_disk(dentry, &vcaps);
- if (rc < 0) {
- if (rc == -EINVAL)
- printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n",
- __func__, rc, bprm->filename);
- else if (rc == -ENODATA)
- rc = 0;
- goto out;
- }
-
- rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap);
- if (rc == -EINVAL)
- printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
- __func__, rc, bprm->filename);
-
-out:
- dput(dentry);
- if (rc)
- bprm_clear_caps(bprm);
-
- return rc;
-}
-
-/**
- * cap_bprm_set_creds - Set up the proposed credentials for execve().
- * @bprm: The execution parameters, including the proposed creds
- *
- * Set up the proposed credentials for a new execution context being
- * constructed by execve(). The proposed creds in @bprm->cred is altered,
- * which won't take effect immediately. Returns 0 if successful, -ve on error.
- */
-int cap_bprm_set_creds(struct linux_binprm *bprm)
-{
- const struct cred *old = current_cred();
- struct cred *new = bprm->cred;
- bool effective, has_cap = false;
- int ret;
-
- effective = false;
- ret = get_file_caps(bprm, &effective, &has_cap);
- if (ret < 0)
- return ret;
-
- if (!issecure(SECURE_NOROOT)) {
- /*
- * If the legacy file capability is set, then don't set privs
- * for a setuid root binary run by a non-root user. Do set it
- * for a root user just to cause least surprise to an admin.
- */
- if (has_cap && new->uid != 0 && new->euid == 0) {
- warn_setuid_and_fcaps_mixed(bprm->filename);
- goto skip;
- }
- /*
- * To support inheritance of root-permissions and suid-root
- * executables under compatibility mode, we override the
- * capability sets for the file.
- *
- * If only the real uid is 0, we do not set the effective bit.
- */
- if (new->euid == 0 || new->uid == 0) {
- /* pP' = (cap_bset & ~0) | (pI & ~0) */
- new->cap_permitted = cap_combine(old->cap_bset,
- old->cap_inheritable);
- }
- if (new->euid == 0)
- effective = true;
- }
-skip:
-
- /* if we have fs caps, clear dangerous personality flags */
- if (!cap_issubset(new->cap_permitted, old->cap_permitted))
- bprm->per_clear |= PER_CLEAR_ON_SETID;
-
-
- /* Don't let someone trace a set[ug]id/setpcap binary with the revised
- * credentials unless they have the appropriate permit
- */
- if ((new->euid != old->uid ||
- new->egid != old->gid ||
- !cap_issubset(new->cap_permitted, old->cap_permitted)) &&
- bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
- /* downgrade; they get no more than they had, and maybe less */
- if (!capable(CAP_SETUID)) {
- new->euid = new->uid;
- new->egid = new->gid;
- }
- new->cap_permitted = cap_intersect(new->cap_permitted,
- old->cap_permitted);
- }
-
- new->suid = new->fsuid = new->euid;
- new->sgid = new->fsgid = new->egid;
-
- if (effective)
- new->cap_effective = new->cap_permitted;
- else
- cap_clear(new->cap_effective);
- bprm->cap_effective = effective;
-
- /*
- * Audit candidate if current->cap_effective is set
- *
- * We do not bother to audit if 3 things are true:
- * 1) cap_effective has all caps
- * 2) we are root
- * 3) root is supposed to have all caps (SECURE_NOROOT)
- * Since this is just a normal root execing a process.
- *
- * Number 1 above might fail if you don't have a full bset, but I think
- * that is interesting information to audit.
- */
- if (!cap_isclear(new->cap_effective)) {
- if (!cap_issubset(CAP_FULL_SET, new->cap_effective) ||
- new->euid != 0 || new->uid != 0 ||
- issecure(SECURE_NOROOT)) {
- ret = audit_log_bprm_fcaps(bprm, new, old);
- if (ret < 0)
- return ret;
- }
- }
-
- new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
- return 0;
-}
-
-/**
- * cap_bprm_secureexec - Determine whether a secure execution is required
- * @bprm: The execution parameters
- *
- * Determine whether a secure execution is required, return 1 if it is, and 0
- * if it is not.
- *
- * The credentials have been committed by this point, and so are no longer
- * available through @bprm->cred.
- */
-int cap_bprm_secureexec(struct linux_binprm *bprm)
-{
- const struct cred *cred = current_cred();
-
- if (cred->uid != 0) {
- if (bprm->cap_effective)
- return 1;
- if (!cap_isclear(cred->cap_permitted))
- return 1;
- }
-
- return (cred->euid != cred->uid ||
- cred->egid != cred->gid);
-}
-
-/**
- * cap_inode_setxattr - Determine whether an xattr may be altered
- * @dentry: The inode/dentry being altered
- * @name: The name of the xattr to be changed
- * @value: The value that the xattr will be changed to
- * @size: The size of value
- * @flags: The replacement flag
- *
- * Determine whether an xattr may be altered or set on an inode, returning 0 if
- * permission is granted, -ve if denied.
- *
- * This is used to make sure security xattrs don't get updated or set by those
- * who aren't privileged to do so.
- */
-int cap_inode_setxattr(struct dentry *dentry, const char *name,
- const void *value, size_t size, int flags)
-{
- if (!strcmp(name, XATTR_NAME_CAPS)) {
- if (!capable(CAP_SETFCAP))
- return -EPERM;
- return 0;
- }
-
- if (!strncmp(name, XATTR_SECURITY_PREFIX,
- sizeof(XATTR_SECURITY_PREFIX) - 1) &&
- !capable(CAP_SYS_ADMIN))
- return -EPERM;
- return 0;
-}
-
-/**
- * cap_inode_removexattr - Determine whether an xattr may be removed
- * @dentry: The inode/dentry being altered
- * @name: The name of the xattr to be changed
- *
- * Determine whether an xattr may be removed from an inode, returning 0 if
- * permission is granted, -ve if denied.
- *
- * This is used to make sure security xattrs don't get removed by those who
- * aren't privileged to remove them.
- */
-int cap_inode_removexattr(struct dentry *dentry, const char *name)
-{
- if (!strcmp(name, XATTR_NAME_CAPS)) {
- if (!capable(CAP_SETFCAP))
- return -EPERM;
- return 0;
- }
-
- if (!strncmp(name, XATTR_SECURITY_PREFIX,
- sizeof(XATTR_SECURITY_PREFIX) - 1) &&
- !capable(CAP_SYS_ADMIN))
- return -EPERM;
- return 0;
-}
-
-/*
- * cap_emulate_setxuid() fixes the effective / permitted capabilities of
- * a process after a call to setuid, setreuid, or setresuid.
- *
- * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
- * {r,e,s}uid != 0, the permitted and effective capabilities are
- * cleared.
- *
- * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
- * capabilities of the process are cleared.
- *
- * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
- * capabilities are set to the permitted capabilities.
- *
- * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
- * never happen.
- *
- * -astor
- *
- * cevans - New behaviour, Oct '99
- * A process may, via prctl(), elect to keep its capabilities when it
- * calls setuid() and switches away from uid==0. Both permitted and
- * effective sets will be retained.
- * Without this change, it was impossible for a daemon to drop only some
- * of its privilege. The call to setuid(!=0) would drop all privileges!
- * Keeping uid 0 is not an option because uid 0 owns too many vital
- * files..
- * Thanks to Olaf Kirch and Peter Benie for spotting this.
- */
-static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old)
-{
- if ((old->uid == 0 || old->euid == 0 || old->suid == 0) &&
- (new->uid != 0 && new->euid != 0 && new->suid != 0) &&
- !issecure(SECURE_KEEP_CAPS)) {
- cap_clear(new->cap_permitted);
- cap_clear(new->cap_effective);
- }
- if (old->euid == 0 && new->euid != 0)
- cap_clear(new->cap_effective);
- if (old->euid != 0 && new->euid == 0)
- new->cap_effective = new->cap_permitted;
-}
-
-/**
- * cap_task_fix_setuid - Fix up the results of setuid() call
- * @new: The proposed credentials
- * @old: The current task's current credentials
- * @flags: Indications of what has changed
- *
- * Fix up the results of setuid() call before the credential changes are
- * actually applied, returning 0 to grant the changes, -ve to deny them.
- */
-int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)
-{
- switch (flags) {
- case LSM_SETID_RE:
- case LSM_SETID_ID:
- case LSM_SETID_RES:
- /* juggle the capabilities to follow [RES]UID changes unless
- * otherwise suppressed */
- if (!issecure(SECURE_NO_SETUID_FIXUP))
- cap_emulate_setxuid(new, old);
- break;
-
- case LSM_SETID_FS:
- /* juggle the capabilties to follow FSUID changes, unless
- * otherwise suppressed
- *
- * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
- * if not, we might be a bit too harsh here.
- */
- if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- if (old->fsuid == 0 && new->fsuid != 0)
- new->cap_effective =
- cap_drop_fs_set(new->cap_effective);
-
- if (old->fsuid != 0 && new->fsuid == 0)
- new->cap_effective =
- cap_raise_fs_set(new->cap_effective,
- new->cap_permitted);
- }
- break;
-
- default:
- return -EINVAL;
- }
-
- return 0;
-}
-
-/*
- * Rationale: code calling task_setscheduler, task_setioprio, and
- * task_setnice, assumes that
- * . if capable(cap_sys_nice), then those actions should be allowed
- * . if not capable(cap_sys_nice), but acting on your own processes,
- * then those actions should be allowed
- * This is insufficient now since you can call code without suid, but
- * yet with increased caps.
- * So we check for increased caps on the target process.
- */
-static int cap_safe_nice(struct task_struct *p)
-{
- int is_subset;
-
- rcu_read_lock();
- is_subset = cap_issubset(__task_cred(p)->cap_permitted,
- current_cred()->cap_permitted);
- rcu_read_unlock();
-
- if (!is_subset && !capable(CAP_SYS_NICE))
- return -EPERM;
- return 0;
-}
-
-/**
- * cap_task_setscheduler - Detemine if scheduler policy change is permitted
- * @p: The task to affect
- *
- * Detemine if the requested scheduler policy change is permitted for the
- * specified task, returning 0 if permission is granted, -ve if denied.
- */
-int cap_task_setscheduler(struct task_struct *p)
-{
- return cap_safe_nice(p);
-}
-
-/**
- * cap_task_ioprio - Detemine if I/O priority change is permitted
- * @p: The task to affect
- * @ioprio: The I/O priority to set
- *
- * Detemine if the requested I/O priority change is permitted for the specified
- * task, returning 0 if permission is granted, -ve if denied.
- */
-int cap_task_setioprio(struct task_struct *p, int ioprio)
-{
- return cap_safe_nice(p);
-}
-
-/**
- * cap_task_ioprio - Detemine if task priority change is permitted
- * @p: The task to affect
- * @nice: The nice value to set
- *
- * Detemine if the requested task priority change is permitted for the
- * specified task, returning 0 if permission is granted, -ve if denied.
- */
-int cap_task_setnice(struct task_struct *p, int nice)
-{
- return cap_safe_nice(p);
-}
-
-/*
- * Implement PR_CAPBSET_DROP. Attempt to remove the specified capability from
- * the current task's bounding set. Returns 0 on success, -ve on error.
- */
-static long cap_prctl_drop(struct cred *new, unsigned long cap)
-{
- if (!capable(CAP_SETPCAP))
- return -EPERM;
- if (!cap_valid(cap))
- return -EINVAL;
-
- cap_lower(new->cap_bset, cap);
- return 0;
-}
-
-/**
- * cap_task_prctl - Implement process control functions for this security module
- * @option: The process control function requested
- * @arg2, @arg3, @arg4, @arg5: The argument data for this function
- *
- * Allow process control functions (sys_prctl()) to alter capabilities; may
- * also deny access to other functions not otherwise implemented here.
- *
- * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
- * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
- * modules will consider performing the function.
- */
-int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
- unsigned long arg4, unsigned long arg5)
-{
- struct cred *new;
- long error = 0;
-
- new = prepare_creds();
- if (!new)
- return -ENOMEM;
-
- switch (option) {
- case PR_CAPBSET_READ:
- error = -EINVAL;
- if (!cap_valid(arg2))
- goto error;
- error = !!cap_raised(new->cap_bset, arg2);
- goto no_change;
-
- case PR_CAPBSET_DROP:
- error = cap_prctl_drop(new, arg2);
- if (error < 0)
- goto error;
- goto changed;
-
- /*
- * The next four prctl's remain to assist with transitioning a
- * system from legacy UID=0 based privilege (when filesystem
- * capabilities are not in use) to a system using filesystem
- * capabilities only - as the POSIX.1e draft intended.
- *
- * Note:
- *
- * PR_SET_SECUREBITS =
- * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
- * | issecure_mask(SECURE_NOROOT)
- * | issecure_mask(SECURE_NOROOT_LOCKED)
- * | issecure_mask(SECURE_NO_SETUID_FIXUP)
- * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
- *
- * will ensure that the current process and all of its
- * children will be locked into a pure
- * capability-based-privilege environment.
- */
- case PR_SET_SECUREBITS:
- error = -EPERM;
- if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
- & (new->securebits ^ arg2)) /*[1]*/
- || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
- || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
- || (cap_capable(current_cred(),
- current_cred()->user->user_ns, CAP_SETPCAP,
- SECURITY_CAP_AUDIT) != 0) /*[4]*/
- /*
- * [1] no changing of bits that are locked
- * [2] no unlocking of locks
- * [3] no setting of unsupported bits
- * [4] doing anything requires privilege (go read about
- * the "sendmail capabilities bug")
- */
- )
- /* cannot change a locked bit */
- goto error;
- new->securebits = arg2;
- goto changed;
-
- case PR_GET_SECUREBITS:
- error = new->securebits;
- goto no_change;
-
- case PR_GET_KEEPCAPS:
- if (issecure(SECURE_KEEP_CAPS))
- error = 1;
- goto no_change;
-
- case PR_SET_KEEPCAPS:
- error = -EINVAL;
- if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
- goto error;
- error = -EPERM;
- if (issecure(SECURE_KEEP_CAPS_LOCKED))
- goto error;
- if (arg2)
- new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
- else
- new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
- goto changed;
-
- default:
- /* No functionality available - continue with default */
- error = -ENOSYS;
- goto error;
- }
-
- /* Functionality provided */
-changed:
- return commit_creds(new);
-
-no_change:
-error:
- abort_creds(new);
- return error;
-}
-
-/**
- * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted
- * @mm: The VM space in which the new mapping is to be made
- * @pages: The size of the mapping
- *
- * Determine whether the allocation of a new virtual mapping by the current
- * task is permitted, returning 0 if permission is granted, -ve if not.
- */
-int cap_vm_enough_memory(struct mm_struct *mm, long pages)
-{
- int cap_sys_admin = 0;
-
- if (cap_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
- SECURITY_CAP_NOAUDIT) == 0)
- cap_sys_admin = 1;
- return __vm_enough_memory(mm, pages, cap_sys_admin);
-}
-
-/*
- * cap_file_mmap - check if able to map given addr
- * @file: unused
- * @reqprot: unused
- * @prot: unused
- * @flags: unused
- * @addr: address attempting to be mapped
- * @addr_only: unused
- *
- * If the process is attempting to map memory below dac_mmap_min_addr they need
- * CAP_SYS_RAWIO. The other parameters to this function are unused by the
- * capability security module. Returns 0 if this mapping should be allowed
- * -EPERM if not.
- */
-int cap_file_mmap(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags,
- unsigned long addr, unsigned long addr_only)
-{
- int ret = 0;
-
- if (addr < dac_mmap_min_addr) {
- ret = cap_capable(current_cred(), &init_user_ns, CAP_SYS_RAWIO,
- SECURITY_CAP_AUDIT);
- /* set PF_SUPERPRIV if it turns out we allow the low mmap */
- if (ret == 0)
- current->flags |= PF_SUPERPRIV;
- }
- return ret;
-}
diff --git a/ANDROID_3.4.5/security/device_cgroup.c b/ANDROID_3.4.5/security/device_cgroup.c
deleted file mode 100644
index c43a3323..00000000
--- a/ANDROID_3.4.5/security/device_cgroup.c
+++ /dev/null
@@ -1,537 +0,0 @@
-/*
- * device_cgroup.c - device cgroup subsystem
- *
- * Copyright 2007 IBM Corp
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#define ACC_MKNOD 1
-#define ACC_READ 2
-#define ACC_WRITE 4
-#define ACC_MASK (ACC_MKNOD | ACC_READ | ACC_WRITE)
-
-#define DEV_BLOCK 1
-#define DEV_CHAR 2
-#define DEV_ALL 4 /* this represents all devices */
-
-static DEFINE_MUTEX(devcgroup_mutex);
-
-/*
- * whitelist locking rules:
- * hold devcgroup_mutex for update/read.
- * hold rcu_read_lock() for read.
- */
-
-struct dev_whitelist_item {
- u32 major, minor;
- short type;
- short access;
- struct list_head list;
- struct rcu_head rcu;
-};
-
-struct dev_cgroup {
- struct cgroup_subsys_state css;
- struct list_head whitelist;
-};
-
-static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s)
-{
- return container_of(s, struct dev_cgroup, css);
-}
-
-static inline struct dev_cgroup *cgroup_to_devcgroup(struct cgroup *cgroup)
-{
- return css_to_devcgroup(cgroup_subsys_state(cgroup, devices_subsys_id));
-}
-
-static inline struct dev_cgroup *task_devcgroup(struct task_struct *task)
-{
- return css_to_devcgroup(task_subsys_state(task, devices_subsys_id));
-}
-
-struct cgroup_subsys devices_subsys;
-
-static int devcgroup_can_attach(struct cgroup *new_cgrp,
- struct cgroup_taskset *set)
-{
- struct task_struct *task = cgroup_taskset_first(set);
-
- if (current != task && !capable(CAP_SYS_ADMIN))
- return -EPERM;
- return 0;
-}
-
-/*
- * called under devcgroup_mutex
- */
-static int dev_whitelist_copy(struct list_head *dest, struct list_head *orig)
-{
- struct dev_whitelist_item *wh, *tmp, *new;
-
- list_for_each_entry(wh, orig, list) {
- new = kmemdup(wh, sizeof(*wh), GFP_KERNEL);
- if (!new)
- goto free_and_exit;
- list_add_tail(&new->list, dest);
- }
-
- return 0;
-
-free_and_exit:
- list_for_each_entry_safe(wh, tmp, dest, list) {
- list_del(&wh->list);
- kfree(wh);
- }
- return -ENOMEM;
-}
-
-/* Stupid prototype - don't bother combining existing entries */
-/*
- * called under devcgroup_mutex
- */
-static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
- struct dev_whitelist_item *wh)
-{
- struct dev_whitelist_item *whcopy, *walk;
-
- whcopy = kmemdup(wh, sizeof(*wh), GFP_KERNEL);
- if (!whcopy)
- return -ENOMEM;
-
- list_for_each_entry(walk, &dev_cgroup->whitelist, list) {
- if (walk->type != wh->type)
- continue;
- if (walk->major != wh->major)
- continue;
- if (walk->minor != wh->minor)
- continue;
-
- walk->access |= wh->access;
- kfree(whcopy);
- whcopy = NULL;
- }
-
- if (whcopy != NULL)
- list_add_tail_rcu(&whcopy->list, &dev_cgroup->whitelist);
- return 0;
-}
-
-/*
- * called under devcgroup_mutex
- */
-static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup,
- struct dev_whitelist_item *wh)
-{
- struct dev_whitelist_item *walk, *tmp;
-
- list_for_each_entry_safe(walk, tmp, &dev_cgroup->whitelist, list) {
- if (walk->type == DEV_ALL)
- goto remove;
- if (walk->type != wh->type)
- continue;
- if (walk->major != ~0 && walk->major != wh->major)
- continue;
- if (walk->minor != ~0 && walk->minor != wh->minor)
- continue;
-
-remove:
- walk->access &= ~wh->access;
- if (!walk->access) {
- list_del_rcu(&walk->list);
- kfree_rcu(walk, rcu);
- }
- }
-}
-
-/*
- * called from kernel/cgroup.c with cgroup_lock() held.
- */
-static struct cgroup_subsys_state *devcgroup_create(struct cgroup *cgroup)
-{
- struct dev_cgroup *dev_cgroup, *parent_dev_cgroup;
- struct cgroup *parent_cgroup;
- int ret;
-
- dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL);
- if (!dev_cgroup)
- return ERR_PTR(-ENOMEM);
- INIT_LIST_HEAD(&dev_cgroup->whitelist);
- parent_cgroup = cgroup->parent;
-
- if (parent_cgroup == NULL) {
- struct dev_whitelist_item *wh;
- wh = kmalloc(sizeof(*wh), GFP_KERNEL);
- if (!wh) {
- kfree(dev_cgroup);
- return ERR_PTR(-ENOMEM);
- }
- wh->minor = wh->major = ~0;
- wh->type = DEV_ALL;
- wh->access = ACC_MASK;
- list_add(&wh->list, &dev_cgroup->whitelist);
- } else {
- parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
- mutex_lock(&devcgroup_mutex);
- ret = dev_whitelist_copy(&dev_cgroup->whitelist,
- &parent_dev_cgroup->whitelist);
- mutex_unlock(&devcgroup_mutex);
- if (ret) {
- kfree(dev_cgroup);
- return ERR_PTR(ret);
- }
- }
-
- return &dev_cgroup->css;
-}
-
-static void devcgroup_destroy(struct cgroup *cgroup)
-{
- struct dev_cgroup *dev_cgroup;
- struct dev_whitelist_item *wh, *tmp;
-
- dev_cgroup = cgroup_to_devcgroup(cgroup);
- list_for_each_entry_safe(wh, tmp, &dev_cgroup->whitelist, list) {
- list_del(&wh->list);
- kfree(wh);
- }
- kfree(dev_cgroup);
-}
-
-#define DEVCG_ALLOW 1
-#define DEVCG_DENY 2
-#define DEVCG_LIST 3
-
-#define MAJMINLEN 13
-#define ACCLEN 4
-
-static void set_access(char *acc, short access)
-{
- int idx = 0;
- memset(acc, 0, ACCLEN);
- if (access & ACC_READ)
- acc[idx++] = 'r';
- if (access & ACC_WRITE)
- acc[idx++] = 'w';
- if (access & ACC_MKNOD)
- acc[idx++] = 'm';
-}
-
-static char type_to_char(short type)
-{
- if (type == DEV_ALL)
- return 'a';
- if (type == DEV_CHAR)
- return 'c';
- if (type == DEV_BLOCK)
- return 'b';
- return 'X';
-}
-
-static void set_majmin(char *str, unsigned m)
-{
- if (m == ~0)
- strcpy(str, "*");
- else
- sprintf(str, "%u", m);
-}
-
-static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft,
- struct seq_file *m)
-{
- struct dev_cgroup *devcgroup = cgroup_to_devcgroup(cgroup);
- struct dev_whitelist_item *wh;
- char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
-
- rcu_read_lock();
- list_for_each_entry_rcu(wh, &devcgroup->whitelist, list) {
- set_access(acc, wh->access);
- set_majmin(maj, wh->major);
- set_majmin(min, wh->minor);
- seq_printf(m, "%c %s:%s %s\n", type_to_char(wh->type),
- maj, min, acc);
- }
- rcu_read_unlock();
-
- return 0;
-}
-
-/*
- * may_access_whitelist:
- * does the access granted to dev_cgroup c contain the access
- * requested in whitelist item refwh.
- * return 1 if yes, 0 if no.
- * call with devcgroup_mutex held
- */
-static int may_access_whitelist(struct dev_cgroup *c,
- struct dev_whitelist_item *refwh)
-{
- struct dev_whitelist_item *whitem;
-
- list_for_each_entry(whitem, &c->whitelist, list) {
- if (whitem->type & DEV_ALL)
- return 1;
- if ((refwh->type & DEV_BLOCK) && !(whitem->type & DEV_BLOCK))
- continue;
- if ((refwh->type & DEV_CHAR) && !(whitem->type & DEV_CHAR))
- continue;
- if (whitem->major != ~0 && whitem->major != refwh->major)
- continue;
- if (whitem->minor != ~0 && whitem->minor != refwh->minor)
- continue;
- if (refwh->access & (~whitem->access))
- continue;
- return 1;
- }
- return 0;
-}
-
-/*
- * parent_has_perm:
- * when adding a new allow rule to a device whitelist, the rule
- * must be allowed in the parent device
- */
-static int parent_has_perm(struct dev_cgroup *childcg,
- struct dev_whitelist_item *wh)
-{
- struct cgroup *pcg = childcg->css.cgroup->parent;
- struct dev_cgroup *parent;
-
- if (!pcg)
- return 1;
- parent = cgroup_to_devcgroup(pcg);
- return may_access_whitelist(parent, wh);
-}
-
-/*
- * Modify the whitelist using allow/deny rules.
- * CAP_SYS_ADMIN is needed for this. It's at least separate from CAP_MKNOD
- * so we can give a container CAP_MKNOD to let it create devices but not
- * modify the whitelist.
- * It seems likely we'll want to add a CAP_CONTAINER capability to allow
- * us to also grant CAP_SYS_ADMIN to containers without giving away the
- * device whitelist controls, but for now we'll stick with CAP_SYS_ADMIN
- *
- * Taking rules away is always allowed (given CAP_SYS_ADMIN). Granting
- * new access is only allowed if you're in the top-level cgroup, or your
- * parent cgroup has the access you're asking for.
- */
-static int devcgroup_update_access(struct dev_cgroup *devcgroup,
- int filetype, const char *buffer)
-{
- const char *b;
- char *endp;
- int count;
- struct dev_whitelist_item wh;
-
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
-
- memset(&wh, 0, sizeof(wh));
- b = buffer;
-
- switch (*b) {
- case 'a':
- wh.type = DEV_ALL;
- wh.access = ACC_MASK;
- wh.major = ~0;
- wh.minor = ~0;
- goto handle;
- case 'b':
- wh.type = DEV_BLOCK;
- break;
- case 'c':
- wh.type = DEV_CHAR;
- break;
- default:
- return -EINVAL;
- }
- b++;
- if (!isspace(*b))
- return -EINVAL;
- b++;
- if (*b == '*') {
- wh.major = ~0;
- b++;
- } else if (isdigit(*b)) {
- wh.major = simple_strtoul(b, &endp, 10);
- b = endp;
- } else {
- return -EINVAL;
- }
- if (*b != ':')
- return -EINVAL;
- b++;
-
- /* read minor */
- if (*b == '*') {
- wh.minor = ~0;
- b++;
- } else if (isdigit(*b)) {
- wh.minor = simple_strtoul(b, &endp, 10);
- b = endp;
- } else {
- return -EINVAL;
- }
- if (!isspace(*b))
- return -EINVAL;
- for (b++, count = 0; count < 3; count++, b++) {
- switch (*b) {
- case 'r':
- wh.access |= ACC_READ;
- break;
- case 'w':
- wh.access |= ACC_WRITE;
- break;
- case 'm':
- wh.access |= ACC_MKNOD;
- break;
- case '\n':
- case '\0':
- count = 3;
- break;
- default:
- return -EINVAL;
- }
- }
-
-handle:
- switch (filetype) {
- case DEVCG_ALLOW:
- if (!parent_has_perm(devcgroup, &wh))
- return -EPERM;
- return dev_whitelist_add(devcgroup, &wh);
- case DEVCG_DENY:
- dev_whitelist_rm(devcgroup, &wh);
- break;
- default:
- return -EINVAL;
- }
- return 0;
-}
-
-static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft,
- const char *buffer)
-{
- int retval;
-
- mutex_lock(&devcgroup_mutex);
- retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp),
- cft->private, buffer);
- mutex_unlock(&devcgroup_mutex);
- return retval;
-}
-
-static struct cftype dev_cgroup_files[] = {
- {
- .name = "allow",
- .write_string = devcgroup_access_write,
- .private = DEVCG_ALLOW,
- },
- {
- .name = "deny",
- .write_string = devcgroup_access_write,
- .private = DEVCG_DENY,
- },
- {
- .name = "list",
- .read_seq_string = devcgroup_seq_read,
- .private = DEVCG_LIST,
- },
-};
-
-static int devcgroup_populate(struct cgroup_subsys *ss,
- struct cgroup *cgroup)
-{
- return cgroup_add_files(cgroup, ss, dev_cgroup_files,
- ARRAY_SIZE(dev_cgroup_files));
-}
-
-struct cgroup_subsys devices_subsys = {
- .name = "devices",
- .can_attach = devcgroup_can_attach,
- .create = devcgroup_create,
- .destroy = devcgroup_destroy,
- .populate = devcgroup_populate,
- .subsys_id = devices_subsys_id,
-};
-
-int __devcgroup_inode_permission(struct inode *inode, int mask)
-{
- struct dev_cgroup *dev_cgroup;
- struct dev_whitelist_item *wh;
-
- rcu_read_lock();
-
- dev_cgroup = task_devcgroup(current);
-
- list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
- if (wh->type & DEV_ALL)
- goto found;
- if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
- continue;
- if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
- continue;
- if (wh->major != ~0 && wh->major != imajor(inode))
- continue;
- if (wh->minor != ~0 && wh->minor != iminor(inode))
- continue;
-
- if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
- continue;
- if ((mask & MAY_READ) && !(wh->access & ACC_READ))
- continue;
-found:
- rcu_read_unlock();
- return 0;
- }
-
- rcu_read_unlock();
-
- return -EPERM;
-}
-
-int devcgroup_inode_mknod(int mode, dev_t dev)
-{
- struct dev_cgroup *dev_cgroup;
- struct dev_whitelist_item *wh;
-
- if (!S_ISBLK(mode) && !S_ISCHR(mode))
- return 0;
-
- rcu_read_lock();
-
- dev_cgroup = task_devcgroup(current);
-
- list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
- if (wh->type & DEV_ALL)
- goto found;
- if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
- continue;
- if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
- continue;
- if (wh->major != ~0 && wh->major != MAJOR(dev))
- continue;
- if (wh->minor != ~0 && wh->minor != MINOR(dev))
- continue;
-
- if (!(wh->access & ACC_MKNOD))
- continue;
-found:
- rcu_read_unlock();
- return 0;
- }
-
- rcu_read_unlock();
-
- return -EPERM;
-}
diff --git a/ANDROID_3.4.5/security/inode.c b/ANDROID_3.4.5/security/inode.c
deleted file mode 100644
index 43ce6e19..00000000
--- a/ANDROID_3.4.5/security/inode.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * inode.c - securityfs
- *
- * Copyright (C) 2005 Greg Kroah-Hartman
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License version
- * 2 as published by the Free Software Foundation.
- *
- * Based on fs/debugfs/inode.c which had the following copyright notice:
- * Copyright (C) 2004 Greg Kroah-Hartman
- * Copyright (C) 2004 IBM Inc.
- */
-
-/* #define DEBUG */
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-static struct vfsmount *mount;
-static int mount_count;
-
-static inline int positive(struct dentry *dentry)
-{
- return dentry->d_inode && !d_unhashed(dentry);
-}
-
-static int fill_super(struct super_block *sb, void *data, int silent)
-{
- static struct tree_descr files[] = {{""}};
-
- return simple_fill_super(sb, SECURITYFS_MAGIC, files);
-}
-
-static struct dentry *get_sb(struct file_system_type *fs_type,
- int flags, const char *dev_name,
- void *data)
-{
- return mount_single(fs_type, flags, data, fill_super);
-}
-
-static struct file_system_type fs_type = {
- .owner = THIS_MODULE,
- .name = "securityfs",
- .mount = get_sb,
- .kill_sb = kill_litter_super,
-};
-
-/**
- * securityfs_create_file - create a file in the securityfs filesystem
- *
- * @name: a pointer to a string containing the name of the file to create.
- * @mode: the permission that the file should have
- * @parent: a pointer to the parent dentry for this file. This should be a
- * directory dentry if set. If this parameter is %NULL, then the
- * file will be created in the root of the securityfs filesystem.
- * @data: a pointer to something that the caller will want to get to later
- * on. The inode.i_private pointer will point to this value on
- * the open() call.
- * @fops: a pointer to a struct file_operations that should be used for
- * this file.
- *
- * This is the basic "create a file" function for securityfs. It allows for a
- * wide range of flexibility in creating a file, or a directory (if you
- * want to create a directory, the securityfs_create_dir() function is
- * recommended to be used instead).
- *
- * This function returns a pointer to a dentry if it succeeds. This
- * pointer must be passed to the securityfs_remove() function when the file is
- * to be removed (no automatic cleanup happens if your module is unloaded,
- * you are responsible here). If an error occurs, the function will return
- * the erorr value (via ERR_PTR).
- *
- * If securityfs is not enabled in the kernel, the value %-ENODEV is
- * returned.
- */
-struct dentry *securityfs_create_file(const char *name, umode_t mode,
- struct dentry *parent, void *data,
- const struct file_operations *fops)
-{
- struct dentry *dentry;
- int is_dir = S_ISDIR(mode);
- struct inode *dir, *inode;
- int error;
-
- if (!is_dir) {
- BUG_ON(!fops);
- mode = (mode & S_IALLUGO) | S_IFREG;
- }
-
- pr_debug("securityfs: creating file '%s'\n",name);
-
- error = simple_pin_fs(&fs_type, &mount, &mount_count);
- if (error)
- return ERR_PTR(error);
-
- if (!parent)
- parent = mount->mnt_root;
-
- dir = parent->d_inode;
-
- mutex_lock(&dir->i_mutex);
- dentry = lookup_one_len(name, parent, strlen(name));
- if (IS_ERR(dentry))
- goto out;
-
- if (dentry->d_inode) {
- error = -EEXIST;
- goto out1;
- }
-
- inode = new_inode(dir->i_sb);
- if (!inode) {
- error = -ENOMEM;
- goto out1;
- }
-
- inode->i_ino = get_next_ino();
- inode->i_mode = mode;
- inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
- inode->i_private = data;
- if (is_dir) {
- inode->i_op = &simple_dir_inode_operations;
- inode->i_fop = &simple_dir_operations;
- inc_nlink(inode);
- inc_nlink(dir);
- } else {
- inode->i_fop = fops;
- }
- d_instantiate(dentry, inode);
- dget(dentry);
- mutex_unlock(&dir->i_mutex);
- return dentry;
-
-out1:
- dput(dentry);
- dentry = ERR_PTR(error);
-out:
- mutex_unlock(&dir->i_mutex);
- simple_release_fs(&mount, &mount_count);
- return dentry;
-}
-EXPORT_SYMBOL_GPL(securityfs_create_file);
-
-/**
- * securityfs_create_dir - create a directory in the securityfs filesystem
- *
- * @name: a pointer to a string containing the name of the directory to
- * create.
- * @parent: a pointer to the parent dentry for this file. This should be a
- * directory dentry if set. If this parameter is %NULL, then the
- * directory will be created in the root of the securityfs filesystem.
- *
- * This function creates a directory in securityfs with the given @name.
- *
- * This function returns a pointer to a dentry if it succeeds. This
- * pointer must be passed to the securityfs_remove() function when the file is
- * to be removed (no automatic cleanup happens if your module is unloaded,
- * you are responsible here). If an error occurs, %NULL will be returned.
- *
- * If securityfs is not enabled in the kernel, the value %-ENODEV is
- * returned. It is not wise to check for this value, but rather, check for
- * %NULL or !%NULL instead as to eliminate the need for #ifdef in the calling
- * code.
- */
-struct dentry *securityfs_create_dir(const char *name, struct dentry *parent)
-{
- return securityfs_create_file(name,
- S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO,
- parent, NULL, NULL);
-}
-EXPORT_SYMBOL_GPL(securityfs_create_dir);
-
-/**
- * securityfs_remove - removes a file or directory from the securityfs filesystem
- *
- * @dentry: a pointer to a the dentry of the file or directory to be removed.
- *
- * This function removes a file or directory in securityfs that was previously
- * created with a call to another securityfs function (like
- * securityfs_create_file() or variants thereof.)
- *
- * This function is required to be called in order for the file to be
- * removed. No automatic cleanup of files will happen when a module is
- * removed; you are responsible here.
- */
-void securityfs_remove(struct dentry *dentry)
-{
- struct dentry *parent;
-
- if (!dentry || IS_ERR(dentry))
- return;
-
- parent = dentry->d_parent;
- if (!parent || !parent->d_inode)
- return;
-
- mutex_lock(&parent->d_inode->i_mutex);
- if (positive(dentry)) {
- if (dentry->d_inode) {
- if (S_ISDIR(dentry->d_inode->i_mode))
- simple_rmdir(parent->d_inode, dentry);
- else
- simple_unlink(parent->d_inode, dentry);
- dput(dentry);
- }
- }
- mutex_unlock(&parent->d_inode->i_mutex);
- simple_release_fs(&mount, &mount_count);
-}
-EXPORT_SYMBOL_GPL(securityfs_remove);
-
-static struct kobject *security_kobj;
-
-static int __init securityfs_init(void)
-{
- int retval;
-
- security_kobj = kobject_create_and_add("security", kernel_kobj);
- if (!security_kobj)
- return -EINVAL;
-
- retval = register_filesystem(&fs_type);
- if (retval)
- kobject_put(security_kobj);
- return retval;
-}
-
-core_initcall(securityfs_init);
-MODULE_LICENSE("GPL");
-
diff --git a/ANDROID_3.4.5/security/integrity/Kconfig b/ANDROID_3.4.5/security/integrity/Kconfig
deleted file mode 100644
index 5bd1cc1b..00000000
--- a/ANDROID_3.4.5/security/integrity/Kconfig
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-config INTEGRITY
- def_bool y
- depends on IMA || EVM
-
-config INTEGRITY_SIGNATURE
- boolean "Digital signature verification using multiple keyrings"
- depends on INTEGRITY && KEYS
- default n
- select SIGNATURE
- help
- This option enables digital signature verification support
- using multiple keyrings. It defines separate keyrings for each
- of the different use cases - evm, ima, and modules.
- Different keyrings improves search performance, but also allow
- to "lock" certain keyring to prevent adding new keys.
- This is useful for evm and module keyrings, when keys are
- usually only added from initramfs.
-
-source security/integrity/ima/Kconfig
-source security/integrity/evm/Kconfig
diff --git a/ANDROID_3.4.5/security/integrity/Makefile b/ANDROID_3.4.5/security/integrity/Makefile
deleted file mode 100644
index d43799cc..00000000
--- a/ANDROID_3.4.5/security/integrity/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# Makefile for caching inode integrity data (iint)
-#
-
-obj-$(CONFIG_INTEGRITY) += integrity.o
-obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
-
-integrity-y := iint.o
-
-subdir-$(CONFIG_IMA) += ima
-obj-$(CONFIG_IMA) += ima/built-in.o
-subdir-$(CONFIG_EVM) += evm
-obj-$(CONFIG_EVM) += evm/built-in.o
diff --git a/ANDROID_3.4.5/security/integrity/digsig.c b/ANDROID_3.4.5/security/integrity/digsig.c
deleted file mode 100644
index 2dc167d7..00000000
--- a/ANDROID_3.4.5/security/integrity/digsig.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (C) 2011 Intel Corporation
- *
- * Author:
- * Dmitry Kasatkin
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- */
-
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
-#include
-#include
-#include
-#include
-
-#include "integrity.h"
-
-static struct key *keyring[INTEGRITY_KEYRING_MAX];
-
-static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
- "_evm",
- "_module",
- "_ima",
-};
-
-int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
- const char *digest, int digestlen)
-{
- if (id >= INTEGRITY_KEYRING_MAX)
- return -EINVAL;
-
- if (!keyring[id]) {
- keyring[id] =
- request_key(&key_type_keyring, keyring_name[id], NULL);
- if (IS_ERR(keyring[id])) {
- int err = PTR_ERR(keyring[id]);
- pr_err("no %s keyring: %d\n", keyring_name[id], err);
- keyring[id] = NULL;
- return err;
- }
- }
-
- return digsig_verify(keyring[id], sig, siglen, digest, digestlen);
-}
diff --git a/ANDROID_3.4.5/security/integrity/evm/Kconfig b/ANDROID_3.4.5/security/integrity/evm/Kconfig
deleted file mode 100644
index afbb59dd..00000000
--- a/ANDROID_3.4.5/security/integrity/evm/Kconfig
+++ /dev/null
@@ -1,13 +0,0 @@
-config EVM
- boolean "EVM support"
- depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n)
- select CRYPTO_HMAC
- select CRYPTO_MD5
- select CRYPTO_SHA1
- select ENCRYPTED_KEYS
- default n
- help
- EVM protects a file's security extended attributes against
- integrity attacks.
-
- If you are unsure how to answer this question, answer N.
diff --git a/ANDROID_3.4.5/security/integrity/evm/Makefile b/ANDROID_3.4.5/security/integrity/evm/Makefile
deleted file mode 100644
index 7393c415..00000000
--- a/ANDROID_3.4.5/security/integrity/evm/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# Makefile for building the Extended Verification Module(EVM)
-#
-obj-$(CONFIG_EVM) += evm.o
-
-evm-y := evm_main.o evm_crypto.o evm_secfs.o
-evm-$(CONFIG_FS_POSIX_ACL) += evm_posix_acl.o
diff --git a/ANDROID_3.4.5/security/integrity/evm/evm.h b/ANDROID_3.4.5/security/integrity/evm/evm.h
deleted file mode 100644
index c885247e..00000000
--- a/ANDROID_3.4.5/security/integrity/evm/evm.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2005-2010 IBM Corporation
- *
- * Authors:
- * Mimi Zohar
- * Kylene Hall
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- * File: evm.h
- *
- */
-
-#ifndef __INTEGRITY_EVM_H
-#define __INTEGRITY_EVM_H
-
-#include
-#include
-
-#include "../integrity.h"
-
-extern int evm_initialized;
-extern char *evm_hmac;
-extern char *evm_hash;
-
-extern struct crypto_shash *hmac_tfm;
-extern struct crypto_shash *hash_tfm;
-
-/* List of EVM protected security xattrs */
-extern char *evm_config_xattrnames[];
-
-extern int evm_init_key(void);
-extern int evm_update_evmxattr(struct dentry *dentry,
- const char *req_xattr_name,
- const char *req_xattr_value,
- size_t req_xattr_value_len);
-extern int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
- const char *req_xattr_value,
- size_t req_xattr_value_len, char *digest);
-extern int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
- const char *req_xattr_value,
- size_t req_xattr_value_len, char *digest);
-extern int evm_init_hmac(struct inode *inode, const struct xattr *xattr,
- char *hmac_val);
-extern int evm_init_secfs(void);
-extern void evm_cleanup_secfs(void);
-
-#endif
diff --git a/ANDROID_3.4.5/security/integrity/evm/evm_crypto.c b/ANDROID_3.4.5/security/integrity/evm/evm_crypto.c
deleted file mode 100644
index 49a464f5..00000000
--- a/ANDROID_3.4.5/security/integrity/evm/evm_crypto.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright (C) 2005-2010 IBM Corporation
- *
- * Authors:
- * Mimi Zohar
- * Kylene Hall
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- * File: evm_crypto.c
- * Using root's kernel master key (kmk), calculate the HMAC
- */
-
-#include
-#include
-#include
-#include
-#include
-#include "evm.h"
-
-#define EVMKEY "evm-key"
-#define MAX_KEY_SIZE 128
-static unsigned char evmkey[MAX_KEY_SIZE];
-static int evmkey_len = MAX_KEY_SIZE;
-
-struct crypto_shash *hmac_tfm;
-struct crypto_shash *hash_tfm;
-
-static DEFINE_MUTEX(mutex);
-
-static struct shash_desc *init_desc(char type)
-{
- long rc;
- char *algo;
- struct crypto_shash **tfm;
- struct shash_desc *desc;
-
- if (type == EVM_XATTR_HMAC) {
- tfm = &hmac_tfm;
- algo = evm_hmac;
- } else {
- tfm = &hash_tfm;
- algo = evm_hash;
- }
-
- if (*tfm == NULL) {
- mutex_lock(&mutex);
- if (*tfm)
- goto out;
- *tfm = crypto_alloc_shash(algo, 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(*tfm)) {
- rc = PTR_ERR(*tfm);
- pr_err("Can not allocate %s (reason: %ld)\n", algo, rc);
- *tfm = NULL;
- mutex_unlock(&mutex);
- return ERR_PTR(rc);
- }
- if (type == EVM_XATTR_HMAC) {
- rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
- if (rc) {
- crypto_free_shash(*tfm);
- *tfm = NULL;
- mutex_unlock(&mutex);
- return ERR_PTR(rc);
- }
- }
-out:
- mutex_unlock(&mutex);
- }
-
- desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
- GFP_KERNEL);
- if (!desc)
- return ERR_PTR(-ENOMEM);
-
- desc->tfm = *tfm;
- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-
- rc = crypto_shash_init(desc);
- if (rc) {
- kfree(desc);
- return ERR_PTR(rc);
- }
- return desc;
-}
-
-/* Protect against 'cutting & pasting' security.evm xattr, include inode
- * specific info.
- *
- * (Additional directory/file metadata needs to be added for more complete
- * protection.)
- */
-static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
- char *digest)
-{
- struct h_misc {
- unsigned long ino;
- __u32 generation;
- uid_t uid;
- gid_t gid;
- umode_t mode;
- } hmac_misc;
-
- memset(&hmac_misc, 0, sizeof hmac_misc);
- hmac_misc.ino = inode->i_ino;
- hmac_misc.generation = inode->i_generation;
- hmac_misc.uid = inode->i_uid;
- hmac_misc.gid = inode->i_gid;
- hmac_misc.mode = inode->i_mode;
- crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof hmac_misc);
- crypto_shash_final(desc, digest);
-}
-
-/*
- * Calculate the HMAC value across the set of protected security xattrs.
- *
- * Instead of retrieving the requested xattr, for performance, calculate
- * the hmac using the requested xattr value. Don't alloc/free memory for
- * each xattr, but attempt to re-use the previously allocated memory.
- */
-static int evm_calc_hmac_or_hash(struct dentry *dentry,
- const char *req_xattr_name,
- const char *req_xattr_value,
- size_t req_xattr_value_len,
- char type, char *digest)
-{
- struct inode *inode = dentry->d_inode;
- struct shash_desc *desc;
- char **xattrname;
- size_t xattr_size = 0;
- char *xattr_value = NULL;
- int error;
- int size;
-
- if (!inode->i_op || !inode->i_op->getxattr)
- return -EOPNOTSUPP;
- desc = init_desc(type);
- if (IS_ERR(desc))
- return PTR_ERR(desc);
-
- error = -ENODATA;
- for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
- if ((req_xattr_name && req_xattr_value)
- && !strcmp(*xattrname, req_xattr_name)) {
- error = 0;
- crypto_shash_update(desc, (const u8 *)req_xattr_value,
- req_xattr_value_len);
- continue;
- }
- size = vfs_getxattr_alloc(dentry, *xattrname,
- &xattr_value, xattr_size, GFP_NOFS);
- if (size == -ENOMEM) {
- error = -ENOMEM;
- goto out;
- }
- if (size < 0)
- continue;
-
- error = 0;
- xattr_size = size;
- crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
- }
- hmac_add_misc(desc, inode, digest);
-
-out:
- kfree(xattr_value);
- kfree(desc);
- return error;
-}
-
-int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
- const char *req_xattr_value, size_t req_xattr_value_len,
- char *digest)
-{
- return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
- req_xattr_value_len, EVM_XATTR_HMAC, digest);
-}
-
-int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
- const char *req_xattr_value, size_t req_xattr_value_len,
- char *digest)
-{
- return evm_calc_hmac_or_hash(dentry, req_xattr_name, req_xattr_value,
- req_xattr_value_len, IMA_XATTR_DIGEST, digest);
-}
-
-/*
- * Calculate the hmac and update security.evm xattr
- *
- * Expects to be called with i_mutex locked.
- */
-int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name,
- const char *xattr_value, size_t xattr_value_len)
-{
- struct inode *inode = dentry->d_inode;
- struct evm_ima_xattr_data xattr_data;
- int rc = 0;
-
- rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
- xattr_value_len, xattr_data.digest);
- if (rc == 0) {
- xattr_data.type = EVM_XATTR_HMAC;
- rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM,
- &xattr_data,
- sizeof(xattr_data), 0);
- }
- else if (rc == -ENODATA)
- rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM);
- return rc;
-}
-
-int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
- char *hmac_val)
-{
- struct shash_desc *desc;
-
- desc = init_desc(EVM_XATTR_HMAC);
- if (IS_ERR(desc)) {
- printk(KERN_INFO "init_desc failed\n");
- return PTR_ERR(desc);
- }
-
- crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len);
- hmac_add_misc(desc, inode, hmac_val);
- kfree(desc);
- return 0;
-}
-
-/*
- * Get the key from the TPM for the SHA1-HMAC
- */
-int evm_init_key(void)
-{
- struct key *evm_key;
- struct encrypted_key_payload *ekp;
- int rc = 0;
-
- evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
- if (IS_ERR(evm_key))
- return -ENOENT;
-
- down_read(&evm_key->sem);
- ekp = evm_key->payload.data;
- if (ekp->decrypted_datalen > MAX_KEY_SIZE) {
- rc = -EINVAL;
- goto out;
- }
- memcpy(evmkey, ekp->decrypted_data, ekp->decrypted_datalen);
-out:
- /* burn the original key contents */
- memset(ekp->decrypted_data, 0, ekp->decrypted_datalen);
- up_read(&evm_key->sem);
- key_put(evm_key);
- return rc;
-}
diff --git a/ANDROID_3.4.5/security/integrity/evm/evm_main.c b/ANDROID_3.4.5/security/integrity/evm/evm_main.c
deleted file mode 100644
index 89015014..00000000
--- a/ANDROID_3.4.5/security/integrity/evm/evm_main.c
+++ /dev/null
@@ -1,452 +0,0 @@
-/*
- * Copyright (C) 2005-2010 IBM Corporation
- *
- * Author:
- * Mimi Zohar
- * Kylene Hall
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- * File: evm_main.c
- * implements evm_inode_setxattr, evm_inode_post_setxattr,
- * evm_inode_removexattr, and evm_verifyxattr
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include "evm.h"
-
-int evm_initialized;
-
-char *evm_hmac = "hmac(sha1)";
-char *evm_hash = "sha1";
-
-char *evm_config_xattrnames[] = {
-#ifdef CONFIG_SECURITY_SELINUX
- XATTR_NAME_SELINUX,
-#endif
-#ifdef CONFIG_SECURITY_SMACK
- XATTR_NAME_SMACK,
-#endif
- XATTR_NAME_CAPS,
- NULL
-};
-
-static int evm_fixmode;
-static int __init evm_set_fixmode(char *str)
-{
- if (strncmp(str, "fix", 3) == 0)
- evm_fixmode = 1;
- return 0;
-}
-__setup("evm=", evm_set_fixmode);
-
-static int evm_find_protected_xattrs(struct dentry *dentry)
-{
- struct inode *inode = dentry->d_inode;
- char **xattr;
- int error;
- int count = 0;
-
- if (!inode->i_op || !inode->i_op->getxattr)
- return -EOPNOTSUPP;
-
- for (xattr = evm_config_xattrnames; *xattr != NULL; xattr++) {
- error = inode->i_op->getxattr(dentry, *xattr, NULL, 0);
- if (error < 0) {
- if (error == -ENODATA)
- continue;
- return error;
- }
- count++;
- }
-
- return count;
-}
-
-/*
- * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
- *
- * Compute the HMAC on the dentry's protected set of extended attributes
- * and compare it against the stored security.evm xattr.
- *
- * For performance:
- * - use the previoulsy retrieved xattr value and length to calculate the
- * HMAC.)
- * - cache the verification result in the iint, when available.
- *
- * Returns integrity status
- */
-static enum integrity_status evm_verify_hmac(struct dentry *dentry,
- const char *xattr_name,
- char *xattr_value,
- size_t xattr_value_len,
- struct integrity_iint_cache *iint)
-{
- struct evm_ima_xattr_data *xattr_data = NULL;
- struct evm_ima_xattr_data calc;
- enum integrity_status evm_status = INTEGRITY_PASS;
- int rc, xattr_len;
-
- if (iint && iint->evm_status == INTEGRITY_PASS)
- return iint->evm_status;
-
- /* if status is not PASS, try to check again - against -ENOMEM */
-
- /* first need to know the sig type */
- rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
- GFP_NOFS);
- if (rc <= 0) {
- if (rc == 0)
- evm_status = INTEGRITY_FAIL; /* empty */
- else if (rc == -ENODATA) {
- rc = evm_find_protected_xattrs(dentry);
- if (rc > 0)
- evm_status = INTEGRITY_NOLABEL;
- else if (rc == 0)
- evm_status = INTEGRITY_NOXATTRS; /* new file */
- }
- goto out;
- }
-
- xattr_len = rc - 1;
-
- /* check value type */
- switch (xattr_data->type) {
- case EVM_XATTR_HMAC:
- rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
- xattr_value_len, calc.digest);
- if (rc)
- break;
- rc = memcmp(xattr_data->digest, calc.digest,
- sizeof(calc.digest));
- if (rc)
- rc = -EINVAL;
- break;
- case EVM_IMA_XATTR_DIGSIG:
- rc = evm_calc_hash(dentry, xattr_name, xattr_value,
- xattr_value_len, calc.digest);
- if (rc)
- break;
- rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
- xattr_data->digest, xattr_len,
- calc.digest, sizeof(calc.digest));
- if (!rc) {
- /* we probably want to replace rsa with hmac here */
- evm_update_evmxattr(dentry, xattr_name, xattr_value,
- xattr_value_len);
- }
- break;
- default:
- rc = -EINVAL;
- break;
- }
-
- if (rc)
- evm_status = (rc == -ENODATA) ?
- INTEGRITY_NOXATTRS : INTEGRITY_FAIL;
-out:
- if (iint)
- iint->evm_status = evm_status;
- kfree(xattr_data);
- return evm_status;
-}
-
-static int evm_protected_xattr(const char *req_xattr_name)
-{
- char **xattrname;
- int namelen;
- int found = 0;
-
- namelen = strlen(req_xattr_name);
- for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
- if ((strlen(*xattrname) == namelen)
- && (strncmp(req_xattr_name, *xattrname, namelen) == 0)) {
- found = 1;
- break;
- }
- if (strncmp(req_xattr_name,
- *xattrname + XATTR_SECURITY_PREFIX_LEN,
- strlen(req_xattr_name)) == 0) {
- found = 1;
- break;
- }
- }
- return found;
-}
-
-/**
- * evm_verifyxattr - verify the integrity of the requested xattr
- * @dentry: object of the verify xattr
- * @xattr_name: requested xattr
- * @xattr_value: requested xattr value
- * @xattr_value_len: requested xattr value length
- *
- * Calculate the HMAC for the given dentry and verify it against the stored
- * security.evm xattr. For performance, use the xattr value and length
- * previously retrieved to calculate the HMAC.
- *
- * Returns the xattr integrity status.
- *
- * This function requires the caller to lock the inode's i_mutex before it
- * is executed.
- */
-enum integrity_status evm_verifyxattr(struct dentry *dentry,
- const char *xattr_name,
- void *xattr_value, size_t xattr_value_len,
- struct integrity_iint_cache *iint)
-{
- if (!evm_initialized || !evm_protected_xattr(xattr_name))
- return INTEGRITY_UNKNOWN;
-
- if (!iint) {
- iint = integrity_iint_find(dentry->d_inode);
- if (!iint)
- return INTEGRITY_UNKNOWN;
- }
- return evm_verify_hmac(dentry, xattr_name, xattr_value,
- xattr_value_len, iint);
-}
-EXPORT_SYMBOL_GPL(evm_verifyxattr);
-
-/*
- * evm_verify_current_integrity - verify the dentry's metadata integrity
- * @dentry: pointer to the affected dentry
- *
- * Verify and return the dentry's metadata integrity. The exceptions are
- * before EVM is initialized or in 'fix' mode.
- */
-static enum integrity_status evm_verify_current_integrity(struct dentry *dentry)
-{
- struct inode *inode = dentry->d_inode;
-
- if (!evm_initialized || !S_ISREG(inode->i_mode) || evm_fixmode)
- return 0;
- return evm_verify_hmac(dentry, NULL, NULL, 0, NULL);
-}
-
-/*
- * evm_protect_xattr - protect the EVM extended attribute
- *
- * Prevent security.evm from being modified or removed without the
- * necessary permissions or when the existing value is invalid.
- *
- * The posix xattr acls are 'system' prefixed, which normally would not
- * affect security.evm. An interesting side affect of writing posix xattr
- * acls is their modifying of the i_mode, which is included in security.evm.
- * For posix xattr acls only, permit security.evm, even if it currently
- * doesn't exist, to be updated.
- */
-static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
- const void *xattr_value, size_t xattr_value_len)
-{
- enum integrity_status evm_status;
-
- if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
- } else if (!evm_protected_xattr(xattr_name)) {
- if (!posix_xattr_acl(xattr_name))
- return 0;
- evm_status = evm_verify_current_integrity(dentry);
- if ((evm_status == INTEGRITY_PASS) ||
- (evm_status == INTEGRITY_NOXATTRS))
- return 0;
- return -EPERM;
- }
- evm_status = evm_verify_current_integrity(dentry);
- return evm_status == INTEGRITY_PASS ? 0 : -EPERM;
-}
-
-/**
- * evm_inode_setxattr - protect the EVM extended attribute
- * @dentry: pointer to the affected dentry
- * @xattr_name: pointer to the affected extended attribute name
- * @xattr_value: pointer to the new extended attribute value
- * @xattr_value_len: pointer to the new extended attribute value length
- *
- * Updating 'security.evm' requires CAP_SYS_ADMIN privileges and that
- * the current value is valid.
- */
-int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name,
- const void *xattr_value, size_t xattr_value_len)
-{
- return evm_protect_xattr(dentry, xattr_name, xattr_value,
- xattr_value_len);
-}
-
-/**
- * evm_inode_removexattr - protect the EVM extended attribute
- * @dentry: pointer to the affected dentry
- * @xattr_name: pointer to the affected extended attribute name
- *
- * Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that
- * the current value is valid.
- */
-int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name)
-{
- return evm_protect_xattr(dentry, xattr_name, NULL, 0);
-}
-
-/**
- * evm_inode_post_setxattr - update 'security.evm' to reflect the changes
- * @dentry: pointer to the affected dentry
- * @xattr_name: pointer to the affected extended attribute name
- * @xattr_value: pointer to the new extended attribute value
- * @xattr_value_len: pointer to the new extended attribute value length
- *
- * Update the HMAC stored in 'security.evm' to reflect the change.
- *
- * No need to take the i_mutex lock here, as this function is called from
- * __vfs_setxattr_noperm(). The caller of which has taken the inode's
- * i_mutex lock.
- */
-void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name,
- const void *xattr_value, size_t xattr_value_len)
-{
- if (!evm_initialized || (!evm_protected_xattr(xattr_name)
- && !posix_xattr_acl(xattr_name)))
- return;
-
- evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len);
- return;
-}
-
-/**
- * evm_inode_post_removexattr - update 'security.evm' after removing the xattr
- * @dentry: pointer to the affected dentry
- * @xattr_name: pointer to the affected extended attribute name
- *
- * Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
- */
-void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
-{
- struct inode *inode = dentry->d_inode;
-
- if (!evm_initialized || !evm_protected_xattr(xattr_name))
- return;
-
- mutex_lock(&inode->i_mutex);
- evm_update_evmxattr(dentry, xattr_name, NULL, 0);
- mutex_unlock(&inode->i_mutex);
- return;
-}
-
-/**
- * evm_inode_setattr - prevent updating an invalid EVM extended attribute
- * @dentry: pointer to the affected dentry
- */
-int evm_inode_setattr(struct dentry *dentry, struct iattr *attr)
-{
- unsigned int ia_valid = attr->ia_valid;
- enum integrity_status evm_status;
-
- if (!(ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)))
- return 0;
- evm_status = evm_verify_current_integrity(dentry);
- if ((evm_status == INTEGRITY_PASS) ||
- (evm_status == INTEGRITY_NOXATTRS))
- return 0;
- return -EPERM;
-}
-
-/**
- * evm_inode_post_setattr - update 'security.evm' after modifying metadata
- * @dentry: pointer to the affected dentry
- * @ia_valid: for the UID and GID status
- *
- * For now, update the HMAC stored in 'security.evm' to reflect UID/GID
- * changes.
- *
- * This function is called from notify_change(), which expects the caller
- * to lock the inode's i_mutex.
- */
-void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
-{
- if (!evm_initialized)
- return;
-
- if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
- evm_update_evmxattr(dentry, NULL, NULL, 0);
- return;
-}
-
-/*
- * evm_inode_init_security - initializes security.evm
- */
-int evm_inode_init_security(struct inode *inode,
- const struct xattr *lsm_xattr,
- struct xattr *evm_xattr)
-{
- struct evm_ima_xattr_data *xattr_data;
- int rc;
-
- if (!evm_initialized || !evm_protected_xattr(lsm_xattr->name))
- return 0;
-
- xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);
- if (!xattr_data)
- return -ENOMEM;
-
- xattr_data->type = EVM_XATTR_HMAC;
- rc = evm_init_hmac(inode, lsm_xattr, xattr_data->digest);
- if (rc < 0)
- goto out;
-
- evm_xattr->value = xattr_data;
- evm_xattr->value_len = sizeof(*xattr_data);
- evm_xattr->name = kstrdup(XATTR_EVM_SUFFIX, GFP_NOFS);
- return 0;
-out:
- kfree(xattr_data);
- return rc;
-}
-EXPORT_SYMBOL_GPL(evm_inode_init_security);
-
-static int __init init_evm(void)
-{
- int error;
-
- error = evm_init_secfs();
- if (error < 0) {
- printk(KERN_INFO "EVM: Error registering secfs\n");
- goto err;
- }
-
- return 0;
-err:
- return error;
-}
-
-static void __exit cleanup_evm(void)
-{
- evm_cleanup_secfs();
- if (hmac_tfm)
- crypto_free_shash(hmac_tfm);
- if (hash_tfm)
- crypto_free_shash(hash_tfm);
-}
-
-/*
- * evm_display_config - list the EVM protected security extended attributes
- */
-static int __init evm_display_config(void)
-{
- char **xattrname;
-
- for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++)
- printk(KERN_INFO "EVM: %s\n", *xattrname);
- return 0;
-}
-
-pure_initcall(evm_display_config);
-late_initcall(init_evm);
-
-MODULE_DESCRIPTION("Extended Verification Module");
-MODULE_LICENSE("GPL");
diff --git a/ANDROID_3.4.5/security/integrity/evm/evm_posix_acl.c b/ANDROID_3.4.5/security/integrity/evm/evm_posix_acl.c
deleted file mode 100644
index b1753e98..00000000
--- a/ANDROID_3.4.5/security/integrity/evm/evm_posix_acl.c
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright (C) 2011 IBM Corporation
- *
- * Author:
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- */
-
-#include
-#include
-
-int posix_xattr_acl(char *xattr)
-{
- int xattr_len = strlen(xattr);
-
- if ((strlen(XATTR_NAME_POSIX_ACL_ACCESS) == xattr_len)
- && (strncmp(XATTR_NAME_POSIX_ACL_ACCESS, xattr, xattr_len) == 0))
- return 1;
- if ((strlen(XATTR_NAME_POSIX_ACL_DEFAULT) == xattr_len)
- && (strncmp(XATTR_NAME_POSIX_ACL_DEFAULT, xattr, xattr_len) == 0))
- return 1;
- return 0;
-}
diff --git a/ANDROID_3.4.5/security/integrity/evm/evm_secfs.c b/ANDROID_3.4.5/security/integrity/evm/evm_secfs.c
deleted file mode 100644
index ac762995..00000000
--- a/ANDROID_3.4.5/security/integrity/evm/evm_secfs.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (C) 2010 IBM Corporation
- *
- * Authors:
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- * File: evm_secfs.c
- * - Used to signal when key is on keyring
- * - Get the key and enable EVM
- */
-
-#include
-#include
-#include "evm.h"
-
-static struct dentry *evm_init_tpm;
-
-/**
- * evm_read_key - read() for /evm
- *
- * @filp: file pointer, not actually used
- * @buf: where to put the result
- * @count: maximum to send along
- * @ppos: where to start
- *
- * Returns number of bytes read or error code, as appropriate
- */
-static ssize_t evm_read_key(struct file *filp, char __user *buf,
- size_t count, loff_t *ppos)
-{
- char temp[80];
- ssize_t rc;
-
- if (*ppos != 0)
- return 0;
-
- sprintf(temp, "%d", evm_initialized);
- rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
-
- return rc;
-}
-
-/**
- * evm_write_key - write() for /evm
- * @file: file pointer, not actually used
- * @buf: where to get the data from
- * @count: bytes sent
- * @ppos: where to start
- *
- * Used to signal that key is on the kernel key ring.
- * - get the integrity hmac key from the kernel key ring
- * - create list of hmac protected extended attributes
- * Returns number of bytes written or error code, as appropriate
- */
-static ssize_t evm_write_key(struct file *file, const char __user *buf,
- size_t count, loff_t *ppos)
-{
- char temp[80];
- int i, error;
-
- if (!capable(CAP_SYS_ADMIN) || evm_initialized)
- return -EPERM;
-
- if (count >= sizeof(temp) || count == 0)
- return -EINVAL;
-
- if (copy_from_user(temp, buf, count) != 0)
- return -EFAULT;
-
- temp[count] = '\0';
-
- if ((sscanf(temp, "%d", &i) != 1) || (i != 1))
- return -EINVAL;
-
- error = evm_init_key();
- if (!error) {
- evm_initialized = 1;
- pr_info("EVM: initialized\n");
- } else
- pr_err("EVM: initialization failed\n");
- return count;
-}
-
-static const struct file_operations evm_key_ops = {
- .read = evm_read_key,
- .write = evm_write_key,
-};
-
-int __init evm_init_secfs(void)
-{
- int error = 0;
-
- evm_init_tpm = securityfs_create_file("evm", S_IRUSR | S_IRGRP,
- NULL, NULL, &evm_key_ops);
- if (!evm_init_tpm || IS_ERR(evm_init_tpm))
- error = -EFAULT;
- return error;
-}
-
-void __exit evm_cleanup_secfs(void)
-{
- if (evm_init_tpm)
- securityfs_remove(evm_init_tpm);
-}
diff --git a/ANDROID_3.4.5/security/integrity/iint.c b/ANDROID_3.4.5/security/integrity/iint.c
deleted file mode 100644
index 399641c3..00000000
--- a/ANDROID_3.4.5/security/integrity/iint.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (C) 2008 IBM Corporation
- *
- * Authors:
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * File: integrity_iint.c
- * - implements the integrity hooks: integrity_inode_alloc,
- * integrity_inode_free
- * - cache integrity information associated with an inode
- * using a rbtree tree.
- */
-#include
-#include
-#include
-#include
-#include "integrity.h"
-
-static struct rb_root integrity_iint_tree = RB_ROOT;
-static DEFINE_SPINLOCK(integrity_iint_lock);
-static struct kmem_cache *iint_cache __read_mostly;
-
-int iint_initialized;
-
-/*
- * __integrity_iint_find - return the iint associated with an inode
- */
-static struct integrity_iint_cache *__integrity_iint_find(struct inode *inode)
-{
- struct integrity_iint_cache *iint;
- struct rb_node *n = integrity_iint_tree.rb_node;
-
- assert_spin_locked(&integrity_iint_lock);
-
- while (n) {
- iint = rb_entry(n, struct integrity_iint_cache, rb_node);
-
- if (inode < iint->inode)
- n = n->rb_left;
- else if (inode > iint->inode)
- n = n->rb_right;
- else
- break;
- }
- if (!n)
- return NULL;
-
- return iint;
-}
-
-/*
- * integrity_iint_find - return the iint associated with an inode
- */
-struct integrity_iint_cache *integrity_iint_find(struct inode *inode)
-{
- struct integrity_iint_cache *iint;
-
- if (!IS_IMA(inode))
- return NULL;
-
- spin_lock(&integrity_iint_lock);
- iint = __integrity_iint_find(inode);
- spin_unlock(&integrity_iint_lock);
-
- return iint;
-}
-
-static void iint_free(struct integrity_iint_cache *iint)
-{
- iint->version = 0;
- iint->flags = 0UL;
- iint->evm_status = INTEGRITY_UNKNOWN;
- kmem_cache_free(iint_cache, iint);
-}
-
-/**
- * integrity_inode_alloc - allocate an iint associated with an inode
- * @inode: pointer to the inode
- */
-int integrity_inode_alloc(struct inode *inode)
-{
- struct rb_node **p;
- struct rb_node *new_node, *parent = NULL;
- struct integrity_iint_cache *new_iint, *test_iint;
- int rc;
-
- new_iint = kmem_cache_alloc(iint_cache, GFP_NOFS);
- if (!new_iint)
- return -ENOMEM;
-
- new_iint->inode = inode;
- new_node = &new_iint->rb_node;
-
- mutex_lock(&inode->i_mutex); /* i_flags */
- spin_lock(&integrity_iint_lock);
-
- p = &integrity_iint_tree.rb_node;
- while (*p) {
- parent = *p;
- test_iint = rb_entry(parent, struct integrity_iint_cache,
- rb_node);
- rc = -EEXIST;
- if (inode < test_iint->inode)
- p = &(*p)->rb_left;
- else if (inode > test_iint->inode)
- p = &(*p)->rb_right;
- else
- goto out_err;
- }
-
- inode->i_flags |= S_IMA;
- rb_link_node(new_node, parent, p);
- rb_insert_color(new_node, &integrity_iint_tree);
-
- spin_unlock(&integrity_iint_lock);
- mutex_unlock(&inode->i_mutex); /* i_flags */
-
- return 0;
-out_err:
- spin_unlock(&integrity_iint_lock);
- mutex_unlock(&inode->i_mutex); /* i_flags */
- iint_free(new_iint);
-
- return rc;
-}
-
-/**
- * integrity_inode_free - called on security_inode_free
- * @inode: pointer to the inode
- *
- * Free the integrity information(iint) associated with an inode.
- */
-void integrity_inode_free(struct inode *inode)
-{
- struct integrity_iint_cache *iint;
-
- if (!IS_IMA(inode))
- return;
-
- spin_lock(&integrity_iint_lock);
- iint = __integrity_iint_find(inode);
- rb_erase(&iint->rb_node, &integrity_iint_tree);
- spin_unlock(&integrity_iint_lock);
-
- iint_free(iint);
-}
-
-static void init_once(void *foo)
-{
- struct integrity_iint_cache *iint = foo;
-
- memset(iint, 0, sizeof *iint);
- iint->version = 0;
- iint->flags = 0UL;
- mutex_init(&iint->mutex);
- iint->evm_status = INTEGRITY_UNKNOWN;
-}
-
-static int __init integrity_iintcache_init(void)
-{
- iint_cache =
- kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache),
- 0, SLAB_PANIC, init_once);
- iint_initialized = 1;
- return 0;
-}
-security_initcall(integrity_iintcache_init);
diff --git a/ANDROID_3.4.5/security/integrity/ima/Kconfig b/ANDROID_3.4.5/security/integrity/ima/Kconfig
deleted file mode 100644
index 35664fe6..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/Kconfig
+++ /dev/null
@@ -1,56 +0,0 @@
-# IBM Integrity Measurement Architecture
-#
-config IMA
- bool "Integrity Measurement Architecture(IMA)"
- depends on SECURITY
- select INTEGRITY
- select SECURITYFS
- select CRYPTO
- select CRYPTO_HMAC
- select CRYPTO_MD5
- select CRYPTO_SHA1
- select TCG_TPM if HAS_IOMEM && !UML
- select TCG_TIS if TCG_TPM && X86
- help
- The Trusted Computing Group(TCG) runtime Integrity
- Measurement Architecture(IMA) maintains a list of hash
- values of executables and other sensitive system files,
- as they are read or executed. If an attacker manages
- to change the contents of an important system file
- being measured, we can tell.
-
- If your system has a TPM chip, then IMA also maintains
- an aggregate integrity value over this list inside the
- TPM hardware, so that the TPM can prove to a third party
- whether or not critical system files have been modified.
- Read
- to learn more about IMA.
- If unsure, say N.
-
-config IMA_MEASURE_PCR_IDX
- int
- depends on IMA
- range 8 14
- default 10
- help
- IMA_MEASURE_PCR_IDX determines the TPM PCR register index
- that IMA uses to maintain the integrity aggregate of the
- measurement list. If unsure, use the default 10.
-
-config IMA_AUDIT
- bool
- depends on IMA
- default y
- help
- This option adds a kernel parameter 'ima_audit', which
- allows informational auditing messages to be enabled
- at boot. If this option is selected, informational integrity
- auditing messages can be enabled with 'ima_audit=1' on
- the kernel command line.
-
-config IMA_LSM_RULES
- bool
- depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
- default y
- help
- Disabling this option will disregard LSM based policy rules.
diff --git a/ANDROID_3.4.5/security/integrity/ima/Makefile b/ANDROID_3.4.5/security/integrity/ima/Makefile
deleted file mode 100644
index 5690c021..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-#
-# Makefile for building Trusted Computing Group's(TCG) runtime Integrity
-# Measurement Architecture(IMA).
-#
-
-obj-$(CONFIG_IMA) += ima.o
-
-ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
- ima_policy.o ima_audit.o
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima.h b/ANDROID_3.4.5/security/integrity/ima/ima.h
deleted file mode 100644
index 3ccf7aca..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (C) 2005,2006,2007,2008 IBM Corporation
- *
- * Authors:
- * Reiner Sailer
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * File: ima.h
- * internal Integrity Measurement Architecture (IMA) definitions
- */
-
-#ifndef __LINUX_IMA_H
-#define __LINUX_IMA_H
-
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "../integrity.h"
-
-enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII };
-enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
-
-/* digest size for IMA, fits SHA1 or MD5 */
-#define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE
-#define IMA_EVENT_NAME_LEN_MAX 255
-
-#define IMA_HASH_BITS 9
-#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
-
-/* set during initialization */
-extern int ima_initialized;
-extern int ima_used_chip;
-extern char *ima_hash;
-
-/* IMA inode template definition */
-struct ima_template_data {
- u8 digest[IMA_DIGEST_SIZE]; /* sha1/md5 measurement hash */
- char file_name[IMA_EVENT_NAME_LEN_MAX + 1]; /* name + \0 */
-};
-
-struct ima_template_entry {
- u8 digest[IMA_DIGEST_SIZE]; /* sha1 or md5 measurement hash */
- const char *template_name;
- int template_len;
- struct ima_template_data template;
-};
-
-struct ima_queue_entry {
- struct hlist_node hnext; /* place in hash collision list */
- struct list_head later; /* place in ima_measurements list */
- struct ima_template_entry *entry;
-};
-extern struct list_head ima_measurements; /* list of all measurements */
-
-/* declarations */
-void integrity_audit_msg(int audit_msgno, struct inode *inode,
- const unsigned char *fname, const char *op,
- const char *cause, int result, int info);
-
-/* Internal IMA function definitions */
-int ima_init(void);
-void ima_cleanup(void);
-int ima_fs_init(void);
-void ima_fs_cleanup(void);
-int ima_inode_alloc(struct inode *inode);
-int ima_add_template_entry(struct ima_template_entry *entry, int violation,
- const char *op, struct inode *inode);
-int ima_calc_hash(struct file *file, char *digest);
-int ima_calc_template_hash(int template_len, void *template, char *digest);
-int ima_calc_boot_aggregate(char *digest);
-void ima_add_violation(struct inode *inode, const unsigned char *filename,
- const char *op, const char *cause);
-
-/*
- * used to protect h_table and sha_table
- */
-extern spinlock_t ima_queue_lock;
-
-struct ima_h_table {
- atomic_long_t len; /* number of stored measurements in the list */
- atomic_long_t violations;
- struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
-};
-extern struct ima_h_table ima_htable;
-
-static inline unsigned long ima_hash_key(u8 *digest)
-{
- return hash_long(*digest, IMA_HASH_BITS);
-}
-
-/* LIM API function definitions */
-int ima_must_measure(struct inode *inode, int mask, int function);
-int ima_collect_measurement(struct integrity_iint_cache *iint,
- struct file *file);
-void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
- const unsigned char *filename);
-int ima_store_template(struct ima_template_entry *entry, int violation,
- struct inode *inode);
-void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show);
-
-/* rbtree tree calls to lookup, insert, delete
- * integrity data associated with an inode.
- */
-struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
-struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
-
-/* IMA policy related functions */
-enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK };
-
-int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask);
-void ima_init_policy(void);
-void ima_update_policy(void);
-ssize_t ima_parse_add_rule(char *);
-void ima_delete_rules(void);
-
-/* LSM based policy rules require audit */
-#ifdef CONFIG_IMA_LSM_RULES
-
-#define security_filter_rule_init security_audit_rule_init
-#define security_filter_rule_match security_audit_rule_match
-
-#else
-
-static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr,
- void **lsmrule)
-{
- return -EINVAL;
-}
-
-static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
- void *lsmrule,
- struct audit_context *actx)
-{
- return -EINVAL;
-}
-#endif /* CONFIG_IMA_LSM_RULES */
-#endif
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_api.c b/ANDROID_3.4.5/security/integrity/ima/ima_api.c
deleted file mode 100644
index 88a2788b..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_api.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (C) 2008 IBM Corporation
- *
- * Author: Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * File: ima_api.c
- * Implements must_measure, collect_measurement, store_measurement,
- * and store_template.
- */
-#include
-#include
-
-#include "ima.h"
-static const char *IMA_TEMPLATE_NAME = "ima";
-
-/*
- * ima_store_template - store ima template measurements
- *
- * Calculate the hash of a template entry, add the template entry
- * to an ordered list of measurement entries maintained inside the kernel,
- * and also update the aggregate integrity value (maintained inside the
- * configured TPM PCR) over the hashes of the current list of measurement
- * entries.
- *
- * Applications retrieve the current kernel-held measurement list through
- * the securityfs entries in /sys/kernel/security/ima. The signed aggregate
- * TPM PCR (called quote) can be retrieved using a TPM user space library
- * and is used to validate the measurement list.
- *
- * Returns 0 on success, error code otherwise
- */
-int ima_store_template(struct ima_template_entry *entry,
- int violation, struct inode *inode)
-{
- const char *op = "add_template_measure";
- const char *audit_cause = "hashing_error";
- int result;
-
- memset(entry->digest, 0, sizeof(entry->digest));
- entry->template_name = IMA_TEMPLATE_NAME;
- entry->template_len = sizeof(entry->template);
-
- if (!violation) {
- result = ima_calc_template_hash(entry->template_len,
- &entry->template,
- entry->digest);
- if (result < 0) {
- integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
- entry->template_name, op,
- audit_cause, result, 0);
- return result;
- }
- }
- result = ima_add_template_entry(entry, violation, op, inode);
- return result;
-}
-
-/*
- * ima_add_violation - add violation to measurement list.
- *
- * Violations are flagged in the measurement list with zero hash values.
- * By extending the PCR with 0xFF's instead of with zeroes, the PCR
- * value is invalidated.
- */
-void ima_add_violation(struct inode *inode, const unsigned char *filename,
- const char *op, const char *cause)
-{
- struct ima_template_entry *entry;
- int violation = 1;
- int result;
-
- /* can overflow, only indicator */
- atomic_long_inc(&ima_htable.violations);
-
- entry = kmalloc(sizeof(*entry), GFP_KERNEL);
- if (!entry) {
- result = -ENOMEM;
- goto err_out;
- }
- memset(&entry->template, 0, sizeof(entry->template));
- strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
- result = ima_store_template(entry, violation, inode);
- if (result < 0)
- kfree(entry);
-err_out:
- integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
- op, cause, result, 0);
-}
-
-/**
- * ima_must_measure - measure decision based on policy.
- * @inode: pointer to inode to measure
- * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
- * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP)
- *
- * The policy is defined in terms of keypairs:
- * subj=, obj=, type=, func=, mask=, fsmagic=
- * subj,obj, and type: are LSM specific.
- * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP
- * mask: contains the permission mask
- * fsmagic: hex value
- *
- * Return 0 to measure. For matching a DONT_MEASURE policy, no policy,
- * or other error, return an error code.
-*/
-int ima_must_measure(struct inode *inode, int mask, int function)
-{
- int must_measure;
-
- must_measure = ima_match_policy(inode, function, mask);
- return must_measure ? 0 : -EACCES;
-}
-
-/*
- * ima_collect_measurement - collect file measurement
- *
- * Calculate the file hash, if it doesn't already exist,
- * storing the measurement and i_version in the iint.
- *
- * Must be called with iint->mutex held.
- *
- * Return 0 on success, error code otherwise
- */
-int ima_collect_measurement(struct integrity_iint_cache *iint,
- struct file *file)
-{
- int result = -EEXIST;
-
- if (!(iint->flags & IMA_MEASURED)) {
- u64 i_version = file->f_dentry->d_inode->i_version;
-
- memset(iint->digest, 0, IMA_DIGEST_SIZE);
- result = ima_calc_hash(file, iint->digest);
- if (!result)
- iint->version = i_version;
- }
- return result;
-}
-
-/*
- * ima_store_measurement - store file measurement
- *
- * Create an "ima" template and then store the template by calling
- * ima_store_template.
- *
- * We only get here if the inode has not already been measured,
- * but the measurement could already exist:
- * - multiple copies of the same file on either the same or
- * different filesystems.
- * - the inode was previously flushed as well as the iint info,
- * containing the hashing info.
- *
- * Must be called with iint->mutex held.
- */
-void ima_store_measurement(struct integrity_iint_cache *iint,
- struct file *file, const unsigned char *filename)
-{
- const char *op = "add_template_measure";
- const char *audit_cause = "ENOMEM";
- int result = -ENOMEM;
- struct inode *inode = file->f_dentry->d_inode;
- struct ima_template_entry *entry;
- int violation = 0;
-
- entry = kmalloc(sizeof(*entry), GFP_KERNEL);
- if (!entry) {
- integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
- op, audit_cause, result, 0);
- return;
- }
- memset(&entry->template, 0, sizeof(entry->template));
- memcpy(entry->template.digest, iint->digest, IMA_DIGEST_SIZE);
- strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
-
- result = ima_store_template(entry, violation, inode);
- if (!result || result == -EEXIST)
- iint->flags |= IMA_MEASURED;
- if (result < 0)
- kfree(entry);
-}
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_audit.c b/ANDROID_3.4.5/security/integrity/ima/ima_audit.c
deleted file mode 100644
index 21e96bf1..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_audit.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (C) 2008 IBM Corporation
- * Author: Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- * File: integrity_audit.c
- * Audit calls for the integrity subsystem
- */
-
-#include
-#include
-#include
-#include "ima.h"
-
-static int ima_audit;
-
-#ifdef CONFIG_IMA_AUDIT
-
-/* ima_audit_setup - enable informational auditing messages */
-static int __init ima_audit_setup(char *str)
-{
- unsigned long audit;
-
- if (!strict_strtoul(str, 0, &audit))
- ima_audit = audit ? 1 : 0;
- return 1;
-}
-__setup("ima_audit=", ima_audit_setup);
-#endif
-
-void integrity_audit_msg(int audit_msgno, struct inode *inode,
- const unsigned char *fname, const char *op,
- const char *cause, int result, int audit_info)
-{
- struct audit_buffer *ab;
-
- if (!ima_audit && audit_info == 1) /* Skip informational messages */
- return;
-
- ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
- audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
- current->pid, current_cred()->uid,
- audit_get_loginuid(current),
- audit_get_sessionid(current));
- audit_log_task_context(ab);
- audit_log_format(ab, " op=");
- audit_log_string(ab, op);
- audit_log_format(ab, " cause=");
- audit_log_string(ab, cause);
- audit_log_format(ab, " comm=");
- audit_log_untrustedstring(ab, current->comm);
- if (fname) {
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, fname);
- }
- if (inode) {
- audit_log_format(ab, " dev=");
- audit_log_untrustedstring(ab, inode->i_sb->s_id);
- audit_log_format(ab, " ino=%lu", inode->i_ino);
- }
- audit_log_format(ab, " res=%d", !result);
- audit_log_end(ab);
-}
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_crypto.c b/ANDROID_3.4.5/security/integrity/ima/ima_crypto.c
deleted file mode 100644
index 9b3ade74..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_crypto.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (C) 2005,2006,2007,2008 IBM Corporation
- *
- * Authors:
- * Mimi Zohar
- * Kylene Hall
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- * File: ima_crypto.c
- * Calculates md5/sha1 file hash, template hash, boot-aggreate hash
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include "ima.h"
-
-static int init_desc(struct hash_desc *desc)
-{
- int rc;
-
- desc->tfm = crypto_alloc_hash(ima_hash, 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(desc->tfm)) {
- pr_info("IMA: failed to load %s transform: %ld\n",
- ima_hash, PTR_ERR(desc->tfm));
- rc = PTR_ERR(desc->tfm);
- return rc;
- }
- desc->flags = 0;
- rc = crypto_hash_init(desc);
- if (rc)
- crypto_free_hash(desc->tfm);
- return rc;
-}
-
-/*
- * Calculate the MD5/SHA1 file digest
- */
-int ima_calc_hash(struct file *file, char *digest)
-{
- struct hash_desc desc;
- struct scatterlist sg[1];
- loff_t i_size, offset = 0;
- char *rbuf;
- int rc;
-
- rc = init_desc(&desc);
- if (rc != 0)
- return rc;
-
- rbuf = kzalloc(PAGE_SIZE, GFP_KERNEL);
- if (!rbuf) {
- rc = -ENOMEM;
- goto out;
- }
- i_size = i_size_read(file->f_dentry->d_inode);
- while (offset < i_size) {
- int rbuf_len;
-
- rbuf_len = kernel_read(file, offset, rbuf, PAGE_SIZE);
- if (rbuf_len < 0) {
- rc = rbuf_len;
- break;
- }
- if (rbuf_len == 0)
- break;
- offset += rbuf_len;
- sg_init_one(sg, rbuf, rbuf_len);
-
- rc = crypto_hash_update(&desc, sg, rbuf_len);
- if (rc)
- break;
- }
- kfree(rbuf);
- if (!rc)
- rc = crypto_hash_final(&desc, digest);
-out:
- crypto_free_hash(desc.tfm);
- return rc;
-}
-
-/*
- * Calculate the hash of a given template
- */
-int ima_calc_template_hash(int template_len, void *template, char *digest)
-{
- struct hash_desc desc;
- struct scatterlist sg[1];
- int rc;
-
- rc = init_desc(&desc);
- if (rc != 0)
- return rc;
-
- sg_init_one(sg, template, template_len);
- rc = crypto_hash_update(&desc, sg, template_len);
- if (!rc)
- rc = crypto_hash_final(&desc, digest);
- crypto_free_hash(desc.tfm);
- return rc;
-}
-
-static void __init ima_pcrread(int idx, u8 *pcr)
-{
- if (!ima_used_chip)
- return;
-
- if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0)
- pr_err("IMA: Error Communicating to TPM chip\n");
-}
-
-/*
- * Calculate the boot aggregate hash
- */
-int __init ima_calc_boot_aggregate(char *digest)
-{
- struct hash_desc desc;
- struct scatterlist sg;
- u8 pcr_i[IMA_DIGEST_SIZE];
- int rc, i;
-
- rc = init_desc(&desc);
- if (rc != 0)
- return rc;
-
- /* cumulative sha1 over tpm registers 0-7 */
- for (i = TPM_PCR0; i < TPM_PCR8; i++) {
- ima_pcrread(i, pcr_i);
- /* now accumulate with current aggregate */
- sg_init_one(&sg, pcr_i, IMA_DIGEST_SIZE);
- rc = crypto_hash_update(&desc, &sg, IMA_DIGEST_SIZE);
- }
- if (!rc)
- crypto_hash_final(&desc, digest);
- crypto_free_hash(desc.tfm);
- return rc;
-}
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_fs.c b/ANDROID_3.4.5/security/integrity/ima/ima_fs.c
deleted file mode 100644
index e1aa2b48..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_fs.c
+++ /dev/null
@@ -1,386 +0,0 @@
-/*
- * Copyright (C) 2005,2006,2007,2008 IBM Corporation
- *
- * Authors:
- * Kylene Hall
- * Reiner Sailer
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * File: ima_fs.c
- * implemenents security file system for reporting
- * current measurement list and IMA statistics
- */
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "ima.h"
-
-static int valid_policy = 1;
-#define TMPBUFLEN 12
-static ssize_t ima_show_htable_value(char __user *buf, size_t count,
- loff_t *ppos, atomic_long_t *val)
-{
- char tmpbuf[TMPBUFLEN];
- ssize_t len;
-
- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
- return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
-}
-
-static ssize_t ima_show_htable_violations(struct file *filp,
- char __user *buf,
- size_t count, loff_t *ppos)
-{
- return ima_show_htable_value(buf, count, ppos, &ima_htable.violations);
-}
-
-static const struct file_operations ima_htable_violations_ops = {
- .read = ima_show_htable_violations,
- .llseek = generic_file_llseek,
-};
-
-static ssize_t ima_show_measurements_count(struct file *filp,
- char __user *buf,
- size_t count, loff_t *ppos)
-{
- return ima_show_htable_value(buf, count, ppos, &ima_htable.len);
-
-}
-
-static const struct file_operations ima_measurements_count_ops = {
- .read = ima_show_measurements_count,
- .llseek = generic_file_llseek,
-};
-
-/* returns pointer to hlist_node */
-static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
-{
- loff_t l = *pos;
- struct ima_queue_entry *qe;
-
- /* we need a lock since pos could point beyond last element */
- rcu_read_lock();
- list_for_each_entry_rcu(qe, &ima_measurements, later) {
- if (!l--) {
- rcu_read_unlock();
- return qe;
- }
- }
- rcu_read_unlock();
- return NULL;
-}
-
-static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
-{
- struct ima_queue_entry *qe = v;
-
- /* lock protects when reading beyond last element
- * against concurrent list-extension
- */
- rcu_read_lock();
- qe = list_entry_rcu(qe->later.next,
- struct ima_queue_entry, later);
- rcu_read_unlock();
- (*pos)++;
-
- return (&qe->later == &ima_measurements) ? NULL : qe;
-}
-
-static void ima_measurements_stop(struct seq_file *m, void *v)
-{
-}
-
-static void ima_putc(struct seq_file *m, void *data, int datalen)
-{
- while (datalen--)
- seq_putc(m, *(char *)data++);
-}
-
-/* print format:
- * 32bit-le=pcr#
- * char[20]=template digest
- * 32bit-le=template name size
- * char[n]=template name
- * eventdata[n]=template specific data
- */
-static int ima_measurements_show(struct seq_file *m, void *v)
-{
- /* the list never shrinks, so we don't need a lock here */
- struct ima_queue_entry *qe = v;
- struct ima_template_entry *e;
- int namelen;
- u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX;
-
- /* get entry */
- e = qe->entry;
- if (e == NULL)
- return -1;
-
- /*
- * 1st: PCRIndex
- * PCR used is always the same (config option) in
- * little-endian format
- */
- ima_putc(m, &pcr, sizeof pcr);
-
- /* 2nd: template digest */
- ima_putc(m, e->digest, IMA_DIGEST_SIZE);
-
- /* 3rd: template name size */
- namelen = strlen(e->template_name);
- ima_putc(m, &namelen, sizeof namelen);
-
- /* 4th: template name */
- ima_putc(m, (void *)e->template_name, namelen);
-
- /* 5th: template specific data */
- ima_template_show(m, (struct ima_template_data *)&e->template,
- IMA_SHOW_BINARY);
- return 0;
-}
-
-static const struct seq_operations ima_measurments_seqops = {
- .start = ima_measurements_start,
- .next = ima_measurements_next,
- .stop = ima_measurements_stop,
- .show = ima_measurements_show
-};
-
-static int ima_measurements_open(struct inode *inode, struct file *file)
-{
- return seq_open(file, &ima_measurments_seqops);
-}
-
-static const struct file_operations ima_measurements_ops = {
- .open = ima_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = seq_release,
-};
-
-static void ima_print_digest(struct seq_file *m, u8 *digest)
-{
- int i;
-
- for (i = 0; i < IMA_DIGEST_SIZE; i++)
- seq_printf(m, "%02x", *(digest + i));
-}
-
-void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show)
-{
- struct ima_template_data *entry = e;
- int namelen;
-
- switch (show) {
- case IMA_SHOW_ASCII:
- ima_print_digest(m, entry->digest);
- seq_printf(m, " %s\n", entry->file_name);
- break;
- case IMA_SHOW_BINARY:
- ima_putc(m, entry->digest, IMA_DIGEST_SIZE);
-
- namelen = strlen(entry->file_name);
- ima_putc(m, &namelen, sizeof namelen);
- ima_putc(m, entry->file_name, namelen);
- default:
- break;
- }
-}
-
-/* print in ascii */
-static int ima_ascii_measurements_show(struct seq_file *m, void *v)
-{
- /* the list never shrinks, so we don't need a lock here */
- struct ima_queue_entry *qe = v;
- struct ima_template_entry *e;
-
- /* get entry */
- e = qe->entry;
- if (e == NULL)
- return -1;
-
- /* 1st: PCR used (config option) */
- seq_printf(m, "%2d ", CONFIG_IMA_MEASURE_PCR_IDX);
-
- /* 2nd: SHA1 template hash */
- ima_print_digest(m, e->digest);
-
- /* 3th: template name */
- seq_printf(m, " %s ", e->template_name);
-
- /* 4th: template specific data */
- ima_template_show(m, (struct ima_template_data *)&e->template,
- IMA_SHOW_ASCII);
- return 0;
-}
-
-static const struct seq_operations ima_ascii_measurements_seqops = {
- .start = ima_measurements_start,
- .next = ima_measurements_next,
- .stop = ima_measurements_stop,
- .show = ima_ascii_measurements_show
-};
-
-static int ima_ascii_measurements_open(struct inode *inode, struct file *file)
-{
- return seq_open(file, &ima_ascii_measurements_seqops);
-}
-
-static const struct file_operations ima_ascii_measurements_ops = {
- .open = ima_ascii_measurements_open,
- .read = seq_read,
- .llseek = seq_lseek,
- .release = seq_release,
-};
-
-static ssize_t ima_write_policy(struct file *file, const char __user *buf,
- size_t datalen, loff_t *ppos)
-{
- char *data = NULL;
- ssize_t result;
-
- if (datalen >= PAGE_SIZE)
- datalen = PAGE_SIZE - 1;
-
- /* No partial writes. */
- result = -EINVAL;
- if (*ppos != 0)
- goto out;
-
- result = -ENOMEM;
- data = kmalloc(datalen + 1, GFP_KERNEL);
- if (!data)
- goto out;
-
- *(data + datalen) = '\0';
-
- result = -EFAULT;
- if (copy_from_user(data, buf, datalen))
- goto out;
-
- result = ima_parse_add_rule(data);
-out:
- if (result < 0)
- valid_policy = 0;
- kfree(data);
- return result;
-}
-
-static struct dentry *ima_dir;
-static struct dentry *binary_runtime_measurements;
-static struct dentry *ascii_runtime_measurements;
-static struct dentry *runtime_measurements_count;
-static struct dentry *violations;
-static struct dentry *ima_policy;
-
-static atomic_t policy_opencount = ATOMIC_INIT(1);
-/*
- * ima_open_policy: sequentialize access to the policy file
- */
-static int ima_open_policy(struct inode * inode, struct file * filp)
-{
- /* No point in being allowed to open it if you aren't going to write */
- if (!(filp->f_flags & O_WRONLY))
- return -EACCES;
- if (atomic_dec_and_test(&policy_opencount))
- return 0;
- return -EBUSY;
-}
-
-/*
- * ima_release_policy - start using the new measure policy rules.
- *
- * Initially, ima_measure points to the default policy rules, now
- * point to the new policy rules, and remove the securityfs policy file,
- * assuming a valid policy.
- */
-static int ima_release_policy(struct inode *inode, struct file *file)
-{
- if (!valid_policy) {
- ima_delete_rules();
- valid_policy = 1;
- atomic_set(&policy_opencount, 1);
- return 0;
- }
- ima_update_policy();
- securityfs_remove(ima_policy);
- ima_policy = NULL;
- return 0;
-}
-
-static const struct file_operations ima_measure_policy_ops = {
- .open = ima_open_policy,
- .write = ima_write_policy,
- .release = ima_release_policy,
- .llseek = generic_file_llseek,
-};
-
-int __init ima_fs_init(void)
-{
- ima_dir = securityfs_create_dir("ima", NULL);
- if (IS_ERR(ima_dir))
- return -1;
-
- binary_runtime_measurements =
- securityfs_create_file("binary_runtime_measurements",
- S_IRUSR | S_IRGRP, ima_dir, NULL,
- &ima_measurements_ops);
- if (IS_ERR(binary_runtime_measurements))
- goto out;
-
- ascii_runtime_measurements =
- securityfs_create_file("ascii_runtime_measurements",
- S_IRUSR | S_IRGRP, ima_dir, NULL,
- &ima_ascii_measurements_ops);
- if (IS_ERR(ascii_runtime_measurements))
- goto out;
-
- runtime_measurements_count =
- securityfs_create_file("runtime_measurements_count",
- S_IRUSR | S_IRGRP, ima_dir, NULL,
- &ima_measurements_count_ops);
- if (IS_ERR(runtime_measurements_count))
- goto out;
-
- violations =
- securityfs_create_file("violations", S_IRUSR | S_IRGRP,
- ima_dir, NULL, &ima_htable_violations_ops);
- if (IS_ERR(violations))
- goto out;
-
- ima_policy = securityfs_create_file("policy",
- S_IWUSR,
- ima_dir, NULL,
- &ima_measure_policy_ops);
- if (IS_ERR(ima_policy))
- goto out;
-
- return 0;
-out:
- securityfs_remove(runtime_measurements_count);
- securityfs_remove(ascii_runtime_measurements);
- securityfs_remove(binary_runtime_measurements);
- securityfs_remove(ima_dir);
- securityfs_remove(ima_policy);
- return -1;
-}
-
-void __exit ima_fs_cleanup(void)
-{
- securityfs_remove(violations);
- securityfs_remove(runtime_measurements_count);
- securityfs_remove(ascii_runtime_measurements);
- securityfs_remove(binary_runtime_measurements);
- securityfs_remove(ima_dir);
- securityfs_remove(ima_policy);
-}
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_init.c b/ANDROID_3.4.5/security/integrity/ima/ima_init.c
deleted file mode 100644
index 17f1f060..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_init.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (C) 2005,2006,2007,2008 IBM Corporation
- *
- * Authors:
- * Reiner Sailer
- * Leendert van Doorn
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * File: ima_init.c
- * initialization and cleanup functions
- */
-#include
-#include
-#include
-#include
-#include "ima.h"
-
-/* name for boot aggregate entry */
-static const char *boot_aggregate_name = "boot_aggregate";
-int ima_used_chip;
-
-/* Add the boot aggregate to the IMA measurement list and extend
- * the PCR register.
- *
- * Calculate the boot aggregate, a SHA1 over tpm registers 0-7,
- * assuming a TPM chip exists, and zeroes if the TPM chip does not
- * exist. Add the boot aggregate measurement to the measurement
- * list and extend the PCR register.
- *
- * If a tpm chip does not exist, indicate the core root of trust is
- * not hardware based by invalidating the aggregate PCR value.
- * (The aggregate PCR value is invalidated by adding one value to
- * the measurement list and extending the aggregate PCR value with
- * a different value.) Violations add a zero entry to the measurement
- * list and extend the aggregate PCR value with ff...ff's.
- */
-static void __init ima_add_boot_aggregate(void)
-{
- struct ima_template_entry *entry;
- const char *op = "add_boot_aggregate";
- const char *audit_cause = "ENOMEM";
- int result = -ENOMEM;
- int violation = 1;
-
- entry = kmalloc(sizeof(*entry), GFP_KERNEL);
- if (!entry)
- goto err_out;
-
- memset(&entry->template, 0, sizeof(entry->template));
- strncpy(entry->template.file_name, boot_aggregate_name,
- IMA_EVENT_NAME_LEN_MAX);
- if (ima_used_chip) {
- violation = 0;
- result = ima_calc_boot_aggregate(entry->template.digest);
- if (result < 0) {
- audit_cause = "hashing_error";
- kfree(entry);
- goto err_out;
- }
- }
- result = ima_store_template(entry, violation, NULL);
- if (result < 0)
- kfree(entry);
- return;
-err_out:
- integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
- audit_cause, result, 0);
-}
-
-int __init ima_init(void)
-{
- u8 pcr_i[IMA_DIGEST_SIZE];
- int rc;
-
- ima_used_chip = 0;
- rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i);
- if (rc == 0)
- ima_used_chip = 1;
-
- if (!ima_used_chip)
- pr_info("IMA: No TPM chip found, activating TPM-bypass!\n");
-
- ima_add_boot_aggregate(); /* boot aggregate must be first entry */
- ima_init_policy();
-
- return ima_fs_init();
-}
-
-void __exit ima_cleanup(void)
-{
- ima_fs_cleanup();
-}
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_main.c b/ANDROID_3.4.5/security/integrity/ima/ima_main.c
deleted file mode 100644
index 1eff5cb0..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_main.c
+++ /dev/null
@@ -1,241 +0,0 @@
-/*
- * Copyright (C) 2005,2006,2007,2008 IBM Corporation
- *
- * Authors:
- * Reiner Sailer
- * Serge Hallyn
- * Kylene Hall
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * File: ima_main.c
- * implements the IMA hooks: ima_bprm_check, ima_file_mmap,
- * and ima_file_check.
- */
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "ima.h"
-
-int ima_initialized;
-
-char *ima_hash = "sha1";
-static int __init hash_setup(char *str)
-{
- if (strncmp(str, "md5", 3) == 0)
- ima_hash = "md5";
- return 1;
-}
-__setup("ima_hash=", hash_setup);
-
-/*
- * ima_rdwr_violation_check
- *
- * Only invalidate the PCR for measured files:
- * - Opening a file for write when already open for read,
- * results in a time of measure, time of use (ToMToU) error.
- * - Opening a file for read when already open for write,
- * could result in a file measurement error.
- *
- */
-static void ima_rdwr_violation_check(struct file *file)
-{
- struct dentry *dentry = file->f_path.dentry;
- struct inode *inode = dentry->d_inode;
- fmode_t mode = file->f_mode;
- int rc;
- bool send_tomtou = false, send_writers = false;
-
- if (!S_ISREG(inode->i_mode) || !ima_initialized)
- return;
-
- mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */
-
- if (mode & FMODE_WRITE) {
- if (atomic_read(&inode->i_readcount) && IS_IMA(inode))
- send_tomtou = true;
- goto out;
- }
-
- rc = ima_must_measure(inode, MAY_READ, FILE_CHECK);
- if (rc < 0)
- goto out;
-
- if (atomic_read(&inode->i_writecount) > 0)
- send_writers = true;
-out:
- mutex_unlock(&inode->i_mutex);
-
- if (send_tomtou)
- ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
- "ToMToU");
- if (send_writers)
- ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
- "open_writers");
-}
-
-static void ima_check_last_writer(struct integrity_iint_cache *iint,
- struct inode *inode,
- struct file *file)
-{
- fmode_t mode = file->f_mode;
-
- mutex_lock(&iint->mutex);
- if (mode & FMODE_WRITE &&
- atomic_read(&inode->i_writecount) == 1 &&
- iint->version != inode->i_version)
- iint->flags &= ~IMA_MEASURED;
- mutex_unlock(&iint->mutex);
-}
-
-/**
- * ima_file_free - called on __fput()
- * @file: pointer to file structure being freed
- *
- * Flag files that changed, based on i_version
- */
-void ima_file_free(struct file *file)
-{
- struct inode *inode = file->f_dentry->d_inode;
- struct integrity_iint_cache *iint;
-
- if (!iint_initialized || !S_ISREG(inode->i_mode))
- return;
-
- iint = integrity_iint_find(inode);
- if (!iint)
- return;
-
- ima_check_last_writer(iint, inode, file);
-}
-
-static int process_measurement(struct file *file, const unsigned char *filename,
- int mask, int function)
-{
- struct inode *inode = file->f_dentry->d_inode;
- struct integrity_iint_cache *iint;
- int rc = 0;
-
- if (!ima_initialized || !S_ISREG(inode->i_mode))
- return 0;
-
- rc = ima_must_measure(inode, mask, function);
- if (rc != 0)
- return rc;
-retry:
- iint = integrity_iint_find(inode);
- if (!iint) {
- rc = integrity_inode_alloc(inode);
- if (!rc || rc == -EEXIST)
- goto retry;
- return rc;
- }
-
- mutex_lock(&iint->mutex);
-
- rc = iint->flags & IMA_MEASURED ? 1 : 0;
- if (rc != 0)
- goto out;
-
- rc = ima_collect_measurement(iint, file);
- if (!rc)
- ima_store_measurement(iint, file, filename);
-out:
- mutex_unlock(&iint->mutex);
- return rc;
-}
-
-/**
- * ima_file_mmap - based on policy, collect/store measurement.
- * @file: pointer to the file to be measured (May be NULL)
- * @prot: contains the protection that will be applied by the kernel.
- *
- * Measure files being mmapped executable based on the ima_must_measure()
- * policy decision.
- *
- * Return 0 on success, an error code on failure.
- * (Based on the results of appraise_measurement().)
- */
-int ima_file_mmap(struct file *file, unsigned long prot)
-{
- int rc;
-
- if (!file)
- return 0;
- if (prot & PROT_EXEC)
- rc = process_measurement(file, file->f_dentry->d_name.name,
- MAY_EXEC, FILE_MMAP);
- return 0;
-}
-
-/**
- * ima_bprm_check - based on policy, collect/store measurement.
- * @bprm: contains the linux_binprm structure
- *
- * The OS protects against an executable file, already open for write,
- * from being executed in deny_write_access() and an executable file,
- * already open for execute, from being modified in get_write_access().
- * So we can be certain that what we verify and measure here is actually
- * what is being executed.
- *
- * Return 0 on success, an error code on failure.
- * (Based on the results of appraise_measurement().)
- */
-int ima_bprm_check(struct linux_binprm *bprm)
-{
- int rc;
-
- rc = process_measurement(bprm->file, bprm->filename,
- MAY_EXEC, BPRM_CHECK);
- return 0;
-}
-
-/**
- * ima_path_check - based on policy, collect/store measurement.
- * @file: pointer to the file to be measured
- * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE
- *
- * Measure files based on the ima_must_measure() policy decision.
- *
- * Always return 0 and audit dentry_open failures.
- * (Return code will be based upon measurement appraisal.)
- */
-int ima_file_check(struct file *file, int mask)
-{
- int rc;
-
- ima_rdwr_violation_check(file);
- rc = process_measurement(file, file->f_dentry->d_name.name,
- mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
- FILE_CHECK);
- return 0;
-}
-EXPORT_SYMBOL_GPL(ima_file_check);
-
-static int __init init_ima(void)
-{
- int error;
-
- error = ima_init();
- ima_initialized = 1;
- return error;
-}
-
-static void __exit cleanup_ima(void)
-{
- ima_cleanup();
-}
-
-late_initcall(init_ima); /* Start IMA after the TPM is available */
-
-MODULE_DESCRIPTION("Integrity Measurement Architecture");
-MODULE_LICENSE("GPL");
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_policy.c b/ANDROID_3.4.5/security/integrity/ima/ima_policy.c
deleted file mode 100644
index d8edff20..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_policy.c
+++ /dev/null
@@ -1,493 +0,0 @@
-/*
- * Copyright (C) 2008 IBM Corporation
- * Author: Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- *
- * ima_policy.c
- * - initialize default measure policy rules
- *
- */
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include "ima.h"
-
-/* flags definitions */
-#define IMA_FUNC 0x0001
-#define IMA_MASK 0x0002
-#define IMA_FSMAGIC 0x0004
-#define IMA_UID 0x0008
-
-enum ima_action { UNKNOWN = -1, DONT_MEASURE = 0, MEASURE };
-
-#define MAX_LSM_RULES 6
-enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
- LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE
-};
-
-struct ima_measure_rule_entry {
- struct list_head list;
- enum ima_action action;
- unsigned int flags;
- enum ima_hooks func;
- int mask;
- unsigned long fsmagic;
- uid_t uid;
- struct {
- void *rule; /* LSM file metadata specific */
- int type; /* audit type */
- } lsm[MAX_LSM_RULES];
-};
-
-/*
- * Without LSM specific knowledge, the default policy can only be
- * written in terms of .action, .func, .mask, .fsmagic, and .uid
- */
-
-/*
- * The minimum rule set to allow for full TCB coverage. Measures all files
- * opened or mmap for exec and everything read by root. Dangerous because
- * normal users can easily run the machine out of memory simply building
- * and running executables.
- */
-static struct ima_measure_rule_entry default_rules[] = {
- {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC},
- {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
- {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
- {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
- {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
- {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
- {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
- {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,
- .flags = IMA_FUNC | IMA_MASK},
- {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
- .flags = IMA_FUNC | IMA_MASK},
- {.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = 0,
- .flags = IMA_FUNC | IMA_MASK | IMA_UID},
-};
-
-static LIST_HEAD(measure_default_rules);
-static LIST_HEAD(measure_policy_rules);
-static struct list_head *ima_measure;
-
-static DEFINE_MUTEX(ima_measure_mutex);
-
-static bool ima_use_tcb __initdata;
-static int __init default_policy_setup(char *str)
-{
- ima_use_tcb = 1;
- return 1;
-}
-__setup("ima_tcb", default_policy_setup);
-
-/**
- * ima_match_rules - determine whether an inode matches the measure rule.
- * @rule: a pointer to a rule
- * @inode: a pointer to an inode
- * @func: LIM hook identifier
- * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
- *
- * Returns true on rule match, false on failure.
- */
-static bool ima_match_rules(struct ima_measure_rule_entry *rule,
- struct inode *inode, enum ima_hooks func, int mask)
-{
- struct task_struct *tsk = current;
- const struct cred *cred = current_cred();
- int i;
-
- if ((rule->flags & IMA_FUNC) && rule->func != func)
- return false;
- if ((rule->flags & IMA_MASK) && rule->mask != mask)
- return false;
- if ((rule->flags & IMA_FSMAGIC)
- && rule->fsmagic != inode->i_sb->s_magic)
- return false;
- if ((rule->flags & IMA_UID) && rule->uid != cred->uid)
- return false;
- for (i = 0; i < MAX_LSM_RULES; i++) {
- int rc = 0;
- u32 osid, sid;
-
- if (!rule->lsm[i].rule)
- continue;
-
- switch (i) {
- case LSM_OBJ_USER:
- case LSM_OBJ_ROLE:
- case LSM_OBJ_TYPE:
- security_inode_getsecid(inode, &osid);
- rc = security_filter_rule_match(osid,
- rule->lsm[i].type,
- Audit_equal,
- rule->lsm[i].rule,
- NULL);
- break;
- case LSM_SUBJ_USER:
- case LSM_SUBJ_ROLE:
- case LSM_SUBJ_TYPE:
- security_task_getsecid(tsk, &sid);
- rc = security_filter_rule_match(sid,
- rule->lsm[i].type,
- Audit_equal,
- rule->lsm[i].rule,
- NULL);
- default:
- break;
- }
- if (!rc)
- return false;
- }
- return true;
-}
-
-/**
- * ima_match_policy - decision based on LSM and other conditions
- * @inode: pointer to an inode for which the policy decision is being made
- * @func: IMA hook identifier
- * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
- *
- * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
- * conditions.
- *
- * (There is no need for locking when walking the policy list,
- * as elements in the list are never deleted, nor does the list
- * change.)
- */
-int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask)
-{
- struct ima_measure_rule_entry *entry;
-
- list_for_each_entry(entry, ima_measure, list) {
- bool rc;
-
- rc = ima_match_rules(entry, inode, func, mask);
- if (rc)
- return entry->action;
- }
- return 0;
-}
-
-/**
- * ima_init_policy - initialize the default measure rules.
- *
- * ima_measure points to either the measure_default_rules or the
- * the new measure_policy_rules.
- */
-void __init ima_init_policy(void)
-{
- int i, entries;
-
- /* if !ima_use_tcb set entries = 0 so we load NO default rules */
- if (ima_use_tcb)
- entries = ARRAY_SIZE(default_rules);
- else
- entries = 0;
-
- for (i = 0; i < entries; i++)
- list_add_tail(&default_rules[i].list, &measure_default_rules);
- ima_measure = &measure_default_rules;
-}
-
-/**
- * ima_update_policy - update default_rules with new measure rules
- *
- * Called on file .release to update the default rules with a complete new
- * policy. Once updated, the policy is locked, no additional rules can be
- * added to the policy.
- */
-void ima_update_policy(void)
-{
- const char *op = "policy_update";
- const char *cause = "already exists";
- int result = 1;
- int audit_info = 0;
-
- if (ima_measure == &measure_default_rules) {
- ima_measure = &measure_policy_rules;
- cause = "complete";
- result = 0;
- }
- integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, cause, result, audit_info);
-}
-
-enum {
- Opt_err = -1,
- Opt_measure = 1, Opt_dont_measure,
- Opt_obj_user, Opt_obj_role, Opt_obj_type,
- Opt_subj_user, Opt_subj_role, Opt_subj_type,
- Opt_func, Opt_mask, Opt_fsmagic, Opt_uid
-};
-
-static match_table_t policy_tokens = {
- {Opt_measure, "measure"},
- {Opt_dont_measure, "dont_measure"},
- {Opt_obj_user, "obj_user=%s"},
- {Opt_obj_role, "obj_role=%s"},
- {Opt_obj_type, "obj_type=%s"},
- {Opt_subj_user, "subj_user=%s"},
- {Opt_subj_role, "subj_role=%s"},
- {Opt_subj_type, "subj_type=%s"},
- {Opt_func, "func=%s"},
- {Opt_mask, "mask=%s"},
- {Opt_fsmagic, "fsmagic=%s"},
- {Opt_uid, "uid=%s"},
- {Opt_err, NULL}
-};
-
-static int ima_lsm_rule_init(struct ima_measure_rule_entry *entry,
- char *args, int lsm_rule, int audit_type)
-{
- int result;
-
- if (entry->lsm[lsm_rule].rule)
- return -EINVAL;
-
- entry->lsm[lsm_rule].type = audit_type;
- result = security_filter_rule_init(entry->lsm[lsm_rule].type,
- Audit_equal, args,
- &entry->lsm[lsm_rule].rule);
- if (!entry->lsm[lsm_rule].rule)
- return -EINVAL;
- return result;
-}
-
-static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
-{
- audit_log_format(ab, "%s=", key);
- audit_log_untrustedstring(ab, value);
- audit_log_format(ab, " ");
-}
-
-static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
-{
- struct audit_buffer *ab;
- char *p;
- int result = 0;
-
- ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
-
- entry->uid = -1;
- entry->action = UNKNOWN;
- while ((p = strsep(&rule, " \t")) != NULL) {
- substring_t args[MAX_OPT_ARGS];
- int token;
- unsigned long lnum;
-
- if (result < 0)
- break;
- if ((*p == '\0') || (*p == ' ') || (*p == '\t'))
- continue;
- token = match_token(p, policy_tokens, args);
- switch (token) {
- case Opt_measure:
- ima_log_string(ab, "action", "measure");
-
- if (entry->action != UNKNOWN)
- result = -EINVAL;
-
- entry->action = MEASURE;
- break;
- case Opt_dont_measure:
- ima_log_string(ab, "action", "dont_measure");
-
- if (entry->action != UNKNOWN)
- result = -EINVAL;
-
- entry->action = DONT_MEASURE;
- break;
- case Opt_func:
- ima_log_string(ab, "func", args[0].from);
-
- if (entry->func)
- result = -EINVAL;
-
- if (strcmp(args[0].from, "FILE_CHECK") == 0)
- entry->func = FILE_CHECK;
- /* PATH_CHECK is for backwards compat */
- else if (strcmp(args[0].from, "PATH_CHECK") == 0)
- entry->func = FILE_CHECK;
- else if (strcmp(args[0].from, "FILE_MMAP") == 0)
- entry->func = FILE_MMAP;
- else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
- entry->func = BPRM_CHECK;
- else
- result = -EINVAL;
- if (!result)
- entry->flags |= IMA_FUNC;
- break;
- case Opt_mask:
- ima_log_string(ab, "mask", args[0].from);
-
- if (entry->mask)
- result = -EINVAL;
-
- if ((strcmp(args[0].from, "MAY_EXEC")) == 0)
- entry->mask = MAY_EXEC;
- else if (strcmp(args[0].from, "MAY_WRITE") == 0)
- entry->mask = MAY_WRITE;
- else if (strcmp(args[0].from, "MAY_READ") == 0)
- entry->mask = MAY_READ;
- else if (strcmp(args[0].from, "MAY_APPEND") == 0)
- entry->mask = MAY_APPEND;
- else
- result = -EINVAL;
- if (!result)
- entry->flags |= IMA_MASK;
- break;
- case Opt_fsmagic:
- ima_log_string(ab, "fsmagic", args[0].from);
-
- if (entry->fsmagic) {
- result = -EINVAL;
- break;
- }
-
- result = strict_strtoul(args[0].from, 16,
- &entry->fsmagic);
- if (!result)
- entry->flags |= IMA_FSMAGIC;
- break;
- case Opt_uid:
- ima_log_string(ab, "uid", args[0].from);
-
- if (entry->uid != -1) {
- result = -EINVAL;
- break;
- }
-
- result = strict_strtoul(args[0].from, 10, &lnum);
- if (!result) {
- entry->uid = (uid_t) lnum;
- if (entry->uid != lnum)
- result = -EINVAL;
- else
- entry->flags |= IMA_UID;
- }
- break;
- case Opt_obj_user:
- ima_log_string(ab, "obj_user", args[0].from);
- result = ima_lsm_rule_init(entry, args[0].from,
- LSM_OBJ_USER,
- AUDIT_OBJ_USER);
- break;
- case Opt_obj_role:
- ima_log_string(ab, "obj_role", args[0].from);
- result = ima_lsm_rule_init(entry, args[0].from,
- LSM_OBJ_ROLE,
- AUDIT_OBJ_ROLE);
- break;
- case Opt_obj_type:
- ima_log_string(ab, "obj_type", args[0].from);
- result = ima_lsm_rule_init(entry, args[0].from,
- LSM_OBJ_TYPE,
- AUDIT_OBJ_TYPE);
- break;
- case Opt_subj_user:
- ima_log_string(ab, "subj_user", args[0].from);
- result = ima_lsm_rule_init(entry, args[0].from,
- LSM_SUBJ_USER,
- AUDIT_SUBJ_USER);
- break;
- case Opt_subj_role:
- ima_log_string(ab, "subj_role", args[0].from);
- result = ima_lsm_rule_init(entry, args[0].from,
- LSM_SUBJ_ROLE,
- AUDIT_SUBJ_ROLE);
- break;
- case Opt_subj_type:
- ima_log_string(ab, "subj_type", args[0].from);
- result = ima_lsm_rule_init(entry, args[0].from,
- LSM_SUBJ_TYPE,
- AUDIT_SUBJ_TYPE);
- break;
- case Opt_err:
- ima_log_string(ab, "UNKNOWN", p);
- result = -EINVAL;
- break;
- }
- }
- if (!result && (entry->action == UNKNOWN))
- result = -EINVAL;
-
- audit_log_format(ab, "res=%d", !result);
- audit_log_end(ab);
- return result;
-}
-
-/**
- * ima_parse_add_rule - add a rule to measure_policy_rules
- * @rule - ima measurement policy rule
- *
- * Uses a mutex to protect the policy list from multiple concurrent writers.
- * Returns the length of the rule parsed, an error code on failure
- */
-ssize_t ima_parse_add_rule(char *rule)
-{
- const char *op = "update_policy";
- char *p;
- struct ima_measure_rule_entry *entry;
- ssize_t result, len;
- int audit_info = 0;
-
- /* Prevent installed policy from changing */
- if (ima_measure != &measure_default_rules) {
- integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, "already exists",
- -EACCES, audit_info);
- return -EACCES;
- }
-
- entry = kzalloc(sizeof(*entry), GFP_KERNEL);
- if (!entry) {
- integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, "-ENOMEM", -ENOMEM, audit_info);
- return -ENOMEM;
- }
-
- INIT_LIST_HEAD(&entry->list);
-
- p = strsep(&rule, "\n");
- len = strlen(p) + 1;
-
- if (*p == '#') {
- kfree(entry);
- return len;
- }
-
- result = ima_parse_rule(p, entry);
- if (result) {
- kfree(entry);
- integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, "invalid policy", result,
- audit_info);
- return result;
- }
-
- mutex_lock(&ima_measure_mutex);
- list_add_tail(&entry->list, &measure_policy_rules);
- mutex_unlock(&ima_measure_mutex);
-
- return len;
-}
-
-/* ima_delete_rules called to cleanup invalid policy */
-void ima_delete_rules(void)
-{
- struct ima_measure_rule_entry *entry, *tmp;
-
- mutex_lock(&ima_measure_mutex);
- list_for_each_entry_safe(entry, tmp, &measure_policy_rules, list) {
- list_del(&entry->list);
- kfree(entry);
- }
- mutex_unlock(&ima_measure_mutex);
-}
diff --git a/ANDROID_3.4.5/security/integrity/ima/ima_queue.c b/ANDROID_3.4.5/security/integrity/ima/ima_queue.c
deleted file mode 100644
index 55a6271b..00000000
--- a/ANDROID_3.4.5/security/integrity/ima/ima_queue.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Copyright (C) 2005,2006,2007,2008 IBM Corporation
- *
- * Authors:
- * Serge Hallyn
- * Reiner Sailer
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * File: ima_queue.c
- * Implements queues that store template measurements and
- * maintains aggregate over the stored measurements
- * in the pre-configured TPM PCR (if available).
- * The measurement list is append-only. No entry is
- * ever removed or changed during the boot-cycle.
- */
-#include
-#include
-#include
-#include "ima.h"
-
-#define AUDIT_CAUSE_LEN_MAX 32
-
-LIST_HEAD(ima_measurements); /* list of all measurements */
-
-/* key: inode (before secure-hashing a file) */
-struct ima_h_table ima_htable = {
- .len = ATOMIC_LONG_INIT(0),
- .violations = ATOMIC_LONG_INIT(0),
- .queue[0 ... IMA_MEASURE_HTABLE_SIZE - 1] = HLIST_HEAD_INIT
-};
-
-/* mutex protects atomicity of extending measurement list
- * and extending the TPM PCR aggregate. Since tpm_extend can take
- * long (and the tpm driver uses a mutex), we can't use the spinlock.
- */
-static DEFINE_MUTEX(ima_extend_list_mutex);
-
-/* lookup up the digest value in the hash table, and return the entry */
-static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value)
-{
- struct ima_queue_entry *qe, *ret = NULL;
- unsigned int key;
- struct hlist_node *pos;
- int rc;
-
- key = ima_hash_key(digest_value);
- rcu_read_lock();
- hlist_for_each_entry_rcu(qe, pos, &ima_htable.queue[key], hnext) {
- rc = memcmp(qe->entry->digest, digest_value, IMA_DIGEST_SIZE);
- if (rc == 0) {
- ret = qe;
- break;
- }
- }
- rcu_read_unlock();
- return ret;
-}
-
-/* ima_add_template_entry helper function:
- * - Add template entry to measurement list and hash table.
- *
- * (Called with ima_extend_list_mutex held.)
- */
-static int ima_add_digest_entry(struct ima_template_entry *entry)
-{
- struct ima_queue_entry *qe;
- unsigned int key;
-
- qe = kmalloc(sizeof(*qe), GFP_KERNEL);
- if (qe == NULL) {
- pr_err("IMA: OUT OF MEMORY ERROR creating queue entry.\n");
- return -ENOMEM;
- }
- qe->entry = entry;
-
- INIT_LIST_HEAD(&qe->later);
- list_add_tail_rcu(&qe->later, &ima_measurements);
-
- atomic_long_inc(&ima_htable.len);
- key = ima_hash_key(entry->digest);
- hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
- return 0;
-}
-
-static int ima_pcr_extend(const u8 *hash)
-{
- int result = 0;
-
- if (!ima_used_chip)
- return result;
-
- result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
- if (result != 0)
- pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
- result);
- return result;
-}
-
-/* Add template entry to the measurement list and hash table,
- * and extend the pcr.
- */
-int ima_add_template_entry(struct ima_template_entry *entry, int violation,
- const char *op, struct inode *inode)
-{
- u8 digest[IMA_DIGEST_SIZE];
- const char *audit_cause = "hash_added";
- char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
- int audit_info = 1;
- int result = 0, tpmresult = 0;
-
- mutex_lock(&ima_extend_list_mutex);
- if (!violation) {
- memcpy(digest, entry->digest, sizeof digest);
- if (ima_lookup_digest_entry(digest)) {
- audit_cause = "hash_exists";
- result = -EEXIST;
- goto out;
- }
- }
-
- result = ima_add_digest_entry(entry);
- if (result < 0) {
- audit_cause = "ENOMEM";
- audit_info = 0;
- goto out;
- }
-
- if (violation) /* invalidate pcr */
- memset(digest, 0xff, sizeof digest);
-
- tpmresult = ima_pcr_extend(digest);
- if (tpmresult != 0) {
- snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
- tpmresult);
- audit_cause = tpm_audit_cause;
- audit_info = 0;
- }
-out:
- mutex_unlock(&ima_extend_list_mutex);
- integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
- entry->template.file_name,
- op, audit_cause, result, audit_info);
- return result;
-}
diff --git a/ANDROID_3.4.5/security/integrity/integrity.h b/ANDROID_3.4.5/security/integrity/integrity.h
deleted file mode 100644
index 7a25ecec..00000000
--- a/ANDROID_3.4.5/security/integrity/integrity.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2009-2010 IBM Corporation
- *
- * Authors:
- * Mimi Zohar
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- */
-
-#include
-#include
-#include
-
-/* iint cache flags */
-#define IMA_MEASURED 0x01
-
-enum evm_ima_xattr_type {
- IMA_XATTR_DIGEST = 0x01,
- EVM_XATTR_HMAC,
- EVM_IMA_XATTR_DIGSIG,
-};
-
-struct evm_ima_xattr_data {
- u8 type;
- u8 digest[SHA1_DIGEST_SIZE];
-} __attribute__((packed));
-
-/* integrity data associated with an inode */
-struct integrity_iint_cache {
- struct rb_node rb_node; /* rooted in integrity_iint_tree */
- struct inode *inode; /* back pointer to inode in question */
- u64 version; /* track inode changes */
- unsigned char flags;
- u8 digest[SHA1_DIGEST_SIZE];
- struct mutex mutex; /* protects: version, flags, digest */
- enum integrity_status evm_status;
-};
-
-/* rbtree tree calls to lookup, insert, delete
- * integrity data associated with an inode.
- */
-struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
-struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
-
-#define INTEGRITY_KEYRING_EVM 0
-#define INTEGRITY_KEYRING_MODULE 1
-#define INTEGRITY_KEYRING_IMA 2
-#define INTEGRITY_KEYRING_MAX 3
-
-#ifdef CONFIG_INTEGRITY_SIGNATURE
-
-int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
- const char *digest, int digestlen);
-
-#else
-
-static inline int integrity_digsig_verify(const unsigned int id,
- const char *sig, int siglen,
- const char *digest, int digestlen)
-{
- return -EOPNOTSUPP;
-}
-
-#endif /* CONFIG_INTEGRITY_SIGNATURE */
-
-/* set during initialization */
-extern int iint_initialized;
diff --git a/ANDROID_3.4.5/security/keys/Makefile b/ANDROID_3.4.5/security/keys/Makefile
deleted file mode 100644
index a56f1ffd..00000000
--- a/ANDROID_3.4.5/security/keys/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Makefile for key management
-#
-
-obj-y := \
- gc.o \
- key.o \
- keyring.o \
- keyctl.o \
- permission.o \
- process_keys.o \
- request_key.o \
- request_key_auth.o \
- user_defined.o
-
-obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
-obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
-obj-$(CONFIG_KEYS_COMPAT) += compat.o
-obj-$(CONFIG_PROC_FS) += proc.o
-obj-$(CONFIG_SYSCTL) += sysctl.o
diff --git a/ANDROID_3.4.5/security/keys/compat.c b/ANDROID_3.4.5/security/keys/compat.c
deleted file mode 100644
index 4c48e134..00000000
--- a/ANDROID_3.4.5/security/keys/compat.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/* 32-bit compatibility syscall for 64-bit systems
- *
- * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-
-#include
-#include
-#include
-#include
-#include "internal.h"
-
-/*
- * Instantiate a key with the specified compatibility multipart payload and
- * link the key into the destination keyring if one is given.
- *
- * The caller must have the appropriate instantiation permit set for this to
- * work (see keyctl_assume_authority). No other permissions are required.
- *
- * If successful, 0 will be returned.
- */
-long compat_keyctl_instantiate_key_iov(
- key_serial_t id,
- const struct compat_iovec __user *_payload_iov,
- unsigned ioc,
- key_serial_t ringid)
-{
- struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
- long ret;
-
- if (_payload_iov == 0 || ioc == 0)
- goto no_payload;
-
- ret = compat_rw_copy_check_uvector(WRITE, _payload_iov, ioc,
- ARRAY_SIZE(iovstack),
- iovstack, &iov, 1);
- if (ret < 0)
- return ret;
- if (ret == 0)
- goto no_payload_free;
-
- ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
-
- if (iov != iovstack)
- kfree(iov);
- return ret;
-
-no_payload_free:
- if (iov != iovstack)
- kfree(iov);
-no_payload:
- return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
-}
-
-/*
- * The key control system call, 32-bit compatibility version for 64-bit archs
- *
- * This should only be called if the 64-bit arch uses weird pointers in 32-bit
- * mode or doesn't guarantee that the top 32-bits of the argument registers on
- * taking a 32-bit syscall are zero. If you can, you should call sys_keyctl()
- * directly.
- */
-asmlinkage long compat_sys_keyctl(u32 option,
- u32 arg2, u32 arg3, u32 arg4, u32 arg5)
-{
- switch (option) {
- case KEYCTL_GET_KEYRING_ID:
- return keyctl_get_keyring_ID(arg2, arg3);
-
- case KEYCTL_JOIN_SESSION_KEYRING:
- return keyctl_join_session_keyring(compat_ptr(arg2));
-
- case KEYCTL_UPDATE:
- return keyctl_update_key(arg2, compat_ptr(arg3), arg4);
-
- case KEYCTL_REVOKE:
- return keyctl_revoke_key(arg2);
-
- case KEYCTL_DESCRIBE:
- return keyctl_describe_key(arg2, compat_ptr(arg3), arg4);
-
- case KEYCTL_CLEAR:
- return keyctl_keyring_clear(arg2);
-
- case KEYCTL_LINK:
- return keyctl_keyring_link(arg2, arg3);
-
- case KEYCTL_UNLINK:
- return keyctl_keyring_unlink(arg2, arg3);
-
- case KEYCTL_SEARCH:
- return keyctl_keyring_search(arg2, compat_ptr(arg3),
- compat_ptr(arg4), arg5);
-
- case KEYCTL_READ:
- return keyctl_read_key(arg2, compat_ptr(arg3), arg4);
-
- case KEYCTL_CHOWN:
- return keyctl_chown_key(arg2, arg3, arg4);
-
- case KEYCTL_SETPERM:
- return keyctl_setperm_key(arg2, arg3);
-
- case KEYCTL_INSTANTIATE:
- return keyctl_instantiate_key(arg2, compat_ptr(arg3), arg4,
- arg5);
-
- case KEYCTL_NEGATE:
- return keyctl_negate_key(arg2, arg3, arg4);
-
- case KEYCTL_SET_REQKEY_KEYRING:
- return keyctl_set_reqkey_keyring(arg2);
-
- case KEYCTL_SET_TIMEOUT:
- return keyctl_set_timeout(arg2, arg3);
-
- case KEYCTL_ASSUME_AUTHORITY:
- return keyctl_assume_authority(arg2);
-
- case KEYCTL_GET_SECURITY:
- return keyctl_get_security(arg2, compat_ptr(arg3), arg4);
-
- case KEYCTL_SESSION_TO_PARENT:
- return keyctl_session_to_parent();
-
- case KEYCTL_REJECT:
- return keyctl_reject_key(arg2, arg3, arg4, arg5);
-
- case KEYCTL_INSTANTIATE_IOV:
- return compat_keyctl_instantiate_key_iov(
- arg2, compat_ptr(arg3), arg4, arg5);
-
- default:
- return -EOPNOTSUPP;
- }
-}
diff --git a/ANDROID_3.4.5/security/keys/encrypted-keys/Makefile b/ANDROID_3.4.5/security/keys/encrypted-keys/Makefile
deleted file mode 100644
index d6f84332..00000000
--- a/ANDROID_3.4.5/security/keys/encrypted-keys/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# Makefile for encrypted keys
-#
-
-obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
-
-encrypted-keys-y := encrypted.o ecryptfs_format.o
-masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o
-masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o
-encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
diff --git a/ANDROID_3.4.5/security/keys/encrypted-keys/ecryptfs_format.c b/ANDROID_3.4.5/security/keys/encrypted-keys/ecryptfs_format.c
deleted file mode 100644
index 6daa3b6f..00000000
--- a/ANDROID_3.4.5/security/keys/encrypted-keys/ecryptfs_format.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * ecryptfs_format.c: helper functions for the encrypted key type
- *
- * Copyright (C) 2006 International Business Machines Corp.
- * Copyright (C) 2010 Politecnico di Torino, Italy
- * TORSEC group -- http://security.polito.it
- *
- * Authors:
- * Michael A. Halcrow
- * Tyler Hicks
- * Roberto Sassu
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- */
-
-#include