diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-02-21 12:49:56 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-02-21 12:49:56 -0800 |
| commit | c9341ee0af4df0af8b727873ef851227345defed (patch) | |
| tree | 81a48ed068936afd58a1cb9b6cb65f6e16dcb343 /security/apparmor/secid.c | |
| parent | 7a771ceac771d009f7203c40b256b0608d7ea2f8 (diff) | |
| parent | 61841be6358c03e864ad4c386c9a102edbba9cb8 (diff) | |
| download | linux-c9341ee0af4df0af8b727873ef851227345defed.tar.bz2 | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris:
"Highlights:
- major AppArmor update: policy namespaces & lots of fixes
- add /sys/kernel/security/lsm node for easy detection of loaded LSMs
- SELinux cgroupfs labeling support
- SELinux context mounts on tmpfs, ramfs, devpts within user
namespaces
- improved TPM 2.0 support"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (117 commits)
tpm: declare tpm2_get_pcr_allocation() as static
tpm: Fix expected number of response bytes of TPM1.2 PCR Extend
tpm xen: drop unneeded chip variable
tpm: fix misspelled "facilitate" in module parameter description
tpm_tis: fix the error handling of init_tis()
KEYS: Use memzero_explicit() for secret data
KEYS: Fix an error code in request_master_key()
sign-file: fix build error in sign-file.c with libressl
selinux: allow changing labels for cgroupfs
selinux: fix off-by-one in setprocattr
tpm: silence an array overflow warning
tpm: fix the type of owned field in cap_t
tpm: add securityfs support for TPM 2.0 firmware event log
tpm: enhance read_log_of() to support Physical TPM event log
tpm: enhance TPM 2.0 PCR extend to support multiple banks
tpm: implement TPM 2.0 capability to get active PCR banks
tpm: fix RC value check in tpm2_seal_trusted
tpm_tis: fix iTPM probe via probe_itpm() function
tpm: Begin the process to deprecate user_read_timer
tpm: remove tpm_read_index and tpm_write_index from tpm.h
...
Diffstat (limited to 'security/apparmor/secid.c')
| -rw-r--r-- | security/apparmor/secid.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c new file mode 100644 index 000000000000..3a3edbad0b21 --- /dev/null +++ b/security/apparmor/secid.c @@ -0,0 +1,55 @@ +/* + * AppArmor security module + * + * This file contains AppArmor security identifier (secid) manipulation fns + * + * Copyright 2009-2010 Canonical Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + * + * AppArmor allocates a unique secid for every profile loaded. If a profile + * is replaced it receives the secid of the profile it is replacing. + * + * The secid value of 0 is invalid. + */ + +#include <linux/spinlock.h> +#include <linux/errno.h> +#include <linux/err.h> + +#include "include/secid.h" + +/* global counter from which secids are allocated */ +static u32 global_secid; +static DEFINE_SPINLOCK(secid_lock); + +/* TODO FIXME: add secid to profile mapping, and secid recycling */ + +/** + * aa_alloc_secid - allocate a new secid for a profile + */ +u32 aa_alloc_secid(void) +{ + u32 secid; + + /* + * TODO FIXME: secid recycling - part of profile mapping table + */ + spin_lock(&secid_lock); + secid = (++global_secid); + spin_unlock(&secid_lock); + return secid; +} + +/** + * aa_free_secid - free a secid + * @secid: secid to free + */ +void aa_free_secid(u32 secid) +{ + ; /* NOP ATM */ +} |