diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/Kconfig | 6 | ||||
-rw-r--r-- | security/apparmor/apparmorfs.c | 12 | ||||
-rw-r--r-- | security/apparmor/audit.c | 4 | ||||
-rw-r--r-- | security/apparmor/capability.c | 2 | ||||
-rw-r--r-- | security/apparmor/context.c | 2 | ||||
-rw-r--r-- | security/apparmor/domain.c | 22 | ||||
-rw-r--r-- | security/apparmor/file.c | 2 | ||||
-rw-r--r-- | security/apparmor/include/apparmor.h | 9 | ||||
-rw-r--r-- | security/apparmor/include/apparmorfs.h | 2 | ||||
-rw-r--r-- | security/apparmor/include/file.h | 6 | ||||
-rw-r--r-- | security/apparmor/include/match.h | 2 | ||||
-rw-r--r-- | security/apparmor/include/policy.h | 32 | ||||
-rw-r--r-- | security/apparmor/include/procattr.h | 2 | ||||
-rw-r--r-- | security/apparmor/include/resource.h | 4 | ||||
-rw-r--r-- | security/apparmor/lib.c | 11 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
-rw-r--r-- | security/apparmor/match.c | 4 | ||||
-rw-r--r-- | security/apparmor/path.c | 6 | ||||
-rw-r--r-- | security/apparmor/policy.c | 24 | ||||
-rw-r--r-- | security/apparmor/policy_unpack.c | 17 | ||||
-rw-r--r-- | security/apparmor/procattr.c | 6 | ||||
-rw-r--r-- | security/apparmor/resource.c | 2 |
22 files changed, 95 insertions, 84 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index c054cf79f1c..72555b9ca7d 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -10,7 +10,7 @@ config SECURITY_APPARMOR This enables the AppArmor security module. Required userspace tools (if they are not included in your distribution) and further information may be found at - <http://forge.novell.com/modules/xfmod/project/?apparmor> + http://apparmor.wiki.kernel.org If you are unsure how to answer this question, answer N. @@ -24,8 +24,8 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE 'apparmor', which allows AppArmor to be enabled or disabled at boot. If this option is set to 0 (zero), the AppArmor kernel parameter will default to 0, disabling AppArmor at - bootup. If this option is set to 1 (one), the AppArmor + boot. If this option is set to 1 (one), the AppArmor kernel parameter will default to 1, enabling AppArmor at - bootup. + boot. If you are unsure how to answer this question, answer 1. diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index d8a27a4c84c..7320331b44a 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -139,9 +139,9 @@ static const struct file_operations aa_fs_profile_remove = { /** Base file system setup **/ -static struct dentry *aa_fs_dentry; +static struct dentry *aa_fs_dentry __initdata; -static void aafs_remove(const char *name) +static void __init aafs_remove(const char *name) { struct dentry *dentry; @@ -160,8 +160,8 @@ static void aafs_remove(const char *name) * * Used aafs_remove to remove entries created with this fn. */ -static int aafs_create(const char *name, int mask, - const struct file_operations *fops) +static int __init aafs_create(const char *name, int mask, + const struct file_operations *fops) { struct dentry *dentry; @@ -176,7 +176,7 @@ static int aafs_create(const char *name, int mask, * * releases dentries allocated by aa_create_aafs */ -void aa_destroy_aafs(void) +void __init aa_destroy_aafs(void) { if (aa_fs_dentry) { aafs_remove(".remove"); @@ -195,7 +195,7 @@ void aa_destroy_aafs(void) * * Returns: error on failure */ -int aa_create_aafs(void) +int __init aa_create_aafs(void) { int error; diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index d0311eb71a6..96502b22b26 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -197,10 +197,10 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, AUDIT_MODE(profile) == AUDIT_QUIET)) return sa->aad.error; - if (profile && KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) + if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) type = AUDIT_APPARMOR_KILL; - if (profile && !unconfined(profile)) + if (!unconfined(profile)) sa->aad.profile = profile; aa_audit_msg(type, sa, cb); diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 80f710fc2ca..9982c48def4 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -56,7 +56,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) * Do auditing of capability and handle, audit/complain/kill modes switching * and duplicate message elimination. * - * Returns: 0 or sa->error on succes, error code on failure + * Returns: 0 or sa->error on success, error code on failure */ static int audit_caps(struct aa_profile *profile, struct task_struct *task, int cap, int error) diff --git a/security/apparmor/context.c b/security/apparmor/context.c index deb4a30e0f3..8a9b5027c81 100644 --- a/security/apparmor/context.c +++ b/security/apparmor/context.c @@ -30,7 +30,7 @@ #include "include/policy.h" /** - * aa_alloc_task_context - allocat a new task_cxt + * aa_alloc_task_context - allocate a new task_cxt * @flags: gfp flags for allocation * * Returns: allocated buffer or NULL on failure diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 9efb5d91f22..08bbe6397a7 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -114,7 +114,7 @@ static struct file_perms change_profile_perms(struct aa_profile *profile, } else if (!profile->file.dfa) { return nullperms; } else if ((ns == profile->ns)) { - /* try matching against rules with out namespace prependend */ + /* try matching against rules with out namespace prepended */ aa_str_perms(profile->file.dfa, start, name, &cond, &perms); if (COMBINED_PERM_MASK(perms) & request) return perms; @@ -134,9 +134,9 @@ static struct file_perms change_profile_perms(struct aa_profile *profile, * @head - profile list to walk (NOT NULL) * * Do a linear search on the profiles in the list. There is a matching - * preference where an exact match is prefered over a name which uses + * preference where an exact match is preferred over a name which uses * expressions to match, and matching expressions with the greatest - * xmatch_len are prefered. + * xmatch_len are preferred. * * Requires: @head not be shared or have appropriate locks held * @@ -196,7 +196,7 @@ static struct aa_profile *find_attach(struct aa_namespace *ns, * This is the xtable equivalent routine of aa_split_fqname. It finds the * split in an xtable fqname which contains an embedded \0 instead of a : * if a namespace is specified. This is done so the xtable is constant and - * isn't resplit on every lookup. + * isn't re-split on every lookup. * * Either the profile or namespace name may be optional but if the namespace * is specified the profile name termination must be present. This results @@ -205,7 +205,7 @@ static struct aa_profile *find_attach(struct aa_namespace *ns, * :ns_name\0profile_name\0 * :ns_name\0\0 * - * NOTE: the xtable fqname is prevalidated at load time in unpack_trans_table + * NOTE: the xtable fqname is pre-validated at load time in unpack_trans_table * * Returns: profile name if it is specified else NULL */ @@ -214,6 +214,10 @@ static const char *separate_fqname(const char *fqname, const char **ns_name) const char *name; if (fqname[0] == ':') { + /* In this case there is guaranteed to be two \0 terminators + * in the string. They are verified at load time by + * by unpack_trans_table + */ *ns_name = fqname + 1; /* skip : */ name = *ns_name + strlen(*ns_name) + 1; if (!*name) @@ -246,7 +250,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex) int index = xindex & AA_X_INDEX_MASK; const char *name; - /* index is guarenteed to be in range, validated at load time */ + /* index is guaranteed to be in range, validated at load time */ for (name = profile->file.trans.table[index]; !new_profile && name; name = next_name(xtype, name)) { struct aa_namespace *new_ns; @@ -292,7 +296,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex) /** * x_to_profile - get target profile for a given xindex * @profile: current profile (NOT NULL) - * @name: to to lookup (NOT NULL) + * @name: name to lookup (NOT NULL) * @xindex: index into x transition table * * find profile for a transition index @@ -673,7 +677,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest) if (!permtest) { error = aa_set_current_hat(hat, token); if (error == -EACCES) - /* kill task incase of brute force attacks */ + /* kill task in case of brute force attacks */ perms.kill = AA_MAY_CHANGEHAT; else if (name && !error) /* reset error for learning of new hats */ @@ -782,7 +786,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec, error = -ENOENT; if (permtest || !COMPLAIN_MODE(profile)) goto audit; - /* release below */ + /* released below */ target = aa_new_null_profile(profile, 0); if (!target) { info = "failed null profile create"; diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 1b3c0a9edee..7312db74121 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -23,7 +23,7 @@ struct file_perms nullperms; /** - * audit_file_mask - convert mask to owner::other string + * audit_file_mask - convert mask to permission string * @buffer: buffer to write string to (NOT NULL) * @mask: permission mask to convert */ diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index c51e551ec1a..38ccaea0820 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -19,8 +19,7 @@ #include "match.h" -/* Control parameters settable thru module/boot flags or - * via /sys/kernel/security/apparmor/control */ +/* Control parameters settable through module/boot flags */ extern enum audit_mode aa_g_audit; extern int aa_g_audit_header; extern int aa_g_debug; @@ -47,7 +46,7 @@ extern unsigned int aa_g_path_max; } while (0) /* Flag indicating whether initialization completed */ -extern int apparmor_initialized; +extern int apparmor_initialized __initdata; /* fn's in lib */ char *aa_split_fqname(char *args, char **ns_name); @@ -76,12 +75,12 @@ static inline bool aa_strneq(const char *str, const char *sub, int len) * * aa_dfa_null_transition transitions to the next state after a null * character which is not used in standard matching and is only - * used to seperate pairs. + * used to separate pairs. */ static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa, unsigned int start) { - /* the null transition only needs a single null byte of the string */ + /* the null transition only needs the string's null terminator byte */ return aa_dfa_match_len(dfa, start, "", 1); } diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h index cfbae70b7cb..cb1e93a114d 100644 --- a/security/apparmor/include/apparmorfs.h +++ b/security/apparmor/include/apparmorfs.h @@ -15,6 +15,6 @@ #ifndef __AA_APPARMORFS_H #define __AA_APPARMORFS_H -extern void aa_destroy_aafs(void); +extern void __init aa_destroy_aafs(void); #endif /* __AA_APPARMORFS_H */ diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index bba5ced35bd..be36feabb16 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -37,7 +37,7 @@ struct aa_profile; #define AA_EXEC_MMAP 0x0800 #define AA_MAY_LINK 0x1000 -#define AA_LINK_SUBSET AA_MAY_LOCK /* overlayed */ +#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */ #define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */ #define AA_MAY_CHANGE_PROFILE 0x80000000 #define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */ @@ -70,13 +70,13 @@ struct aa_profile; /* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */ #define AA_SECURE_X_NEEDED 0x8000 -/* need to conditionalize which ones are being set */ +/* need to make conditional which ones are being set */ struct path_cond { uid_t uid; umode_t mode; }; -/* struct file_perms - file permission fo +/* struct file_perms - file permission * @allow: mask of permissions that are allowed * @audit: mask of permissions to force an audit message for * @quiet: mask of permissions to quiet audit messages for diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h index 3cd089f7536..734a6d35112 100644 --- a/security/apparmor/include/match.h +++ b/security/apparmor/include/match.h @@ -121,7 +121,7 @@ void aa_dfa_free_kref(struct kref *kref); * aa_put_dfa - put a dfa refcount * @dfa: dfa to put refcount (MAYBE NULL) * - * Requires: if @dfa != NULL that valid refcount be held + * Requires: if @dfa != NULL that a valid refcount be held */ static inline void aa_put_dfa(struct aa_dfa *dfa) { diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index 7d757b8f59d..aeda5cf5690 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h @@ -56,20 +56,18 @@ enum profile_mode { enum profile_flags { PFLAG_HAT = 1, /* profile is a hat */ - PFLAG_UNCONFINED = 2, /* profile is the unconfined profile */ + PFLAG_UNCONFINED = 2, /* profile is an unconfined profile */ PFLAG_NULL = 4, /* profile is null learning profile */ PFLAG_IX_ON_NAME_ERROR = 8, /* fallback to ix on name lookup fail */ PFLAG_IMMUTABLE = 0x10, /* don't allow changes/replacement */ - PFLAG_USER_DEFINED = 0x20, /* user based profile */ + PFLAG_USER_DEFINED = 0x20, /* user based profile - lower privs */ PFLAG_NO_LIST_REF = 0x40, /* list doesn't keep profile ref */ PFLAG_OLD_NULL_TRANS = 0x100, /* use // as the null transition */ - /* These flags must coorespond with PATH_flags */ + /* These flags must correspond with PATH_flags */ PFLAG_MEDIATE_DELETED = 0x10000, /* mediate instead delegate deleted */ }; -#define AA_NEW_SID 0 - struct aa_profile; /* struct aa_policy - common part of both namespaces and profiles @@ -110,8 +108,8 @@ struct aa_ns_acct { * * An aa_namespace defines the set profiles that are searched to determine * which profile to attach to a task. Profiles can not be shared between - * aa_namespaces and profile names within a namespace are guarenteed to be - * unique. When profiles in seperate namespaces have the same name they + * aa_namespaces and profile names within a namespace are guaranteed to be + * unique. When profiles in separate namespaces have the same name they * are NOT considered to be equivalent. * * Namespaces are hierarchical and only namespaces and profiles below the @@ -119,7 +117,8 @@ struct aa_ns_acct { * * Namespace names must be unique and can not contain the characters :/\0 * - * FIXME TODO: add vserver support so a vserer (can it all be done in userspace) + * FIXME TODO: add vserver support of namespaces (can it all be done in + * userspace?) */ struct aa_namespace { struct aa_policy base; @@ -131,10 +130,10 @@ struct aa_namespace { }; /* struct aa_profile - basic confinement data - * @base - base componets of the profile (name, refcount, lists, lock ...) + * @base - base components of the profile (name, refcount, lists, lock ...) * @parent: parent of profile * @ns: namespace the profile is in - * @replacedby: is set profile that replaced this profile + * @replacedby: is set to the profile that replaced this profile * @rename: optional profile name that this profile renamed * @xmatch: optional extended matching for unconfined executables names * @xmatch_len: xmatch prefix len, used to determine xmatch priority @@ -156,7 +155,7 @@ struct aa_namespace { * The @replacedby field is write protected by the profile lock. Reads * are assumed to be atomic, and are done without locking. * - * Profiles have a hierachy where hats and children profiles keep + * Profiles have a hierarchy where hats and children profiles keep * a reference to their parent. * * Profile names can not begin with a : and can not contain the \0 @@ -211,7 +210,7 @@ static inline struct aa_policy *aa_get_common(struct aa_policy *c) * aa_get_namespace - increment references count on @ns * @ns: namespace to increment reference count of (MAYBE NULL) * - * Returns: pointer to @ns if @ns is NULL returns NULL + * Returns: pointer to @ns, if @ns is NULL returns NULL * Requires: @ns must be held with valid refcount when called */ static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns) @@ -224,9 +223,9 @@ static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns) /** * aa_put_namespace - decrement refcount on @ns - * @ns: namespace to put reference to + * @ns: namespace to put reference of * - * Decrement reference count to @ns and if no longer in use free it + * Decrement reference count of @ns and if no longer in use free it */ static inline void aa_put_namespace(struct aa_namespace *ns) { @@ -262,9 +261,8 @@ ssize_t aa_remove_profiles(char *name, size_t size); */ static inline struct aa_profile *aa_newest_version(struct aa_profile *profile) { - if (unlikely(profile && profile->replacedby)) - for (; profile->replacedby; profile = profile->replacedby) - ; + while (profile->replacedby) + profile = profile->replacedby; return profile; } diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h index 88025222cd7..544aa6b766a 100644 --- a/security/apparmor/include/procattr.h +++ b/security/apparmor/include/procattr.h @@ -1,7 +1,7 @@ /* * AppArmor security module * - * This file contains AppArmor /proc/<pid>/attr/ interface function defintions. + * This file contains AppArmor /proc/<pid>/attr/ interface function definitions. * * Copyright (C) 1998-2008 Novell/SUSE * Copyright 2009-2010 Canonical Ltd. diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h index 1e009cef698..3c88be94649 100644 --- a/security/apparmor/include/resource.h +++ b/security/apparmor/include/resource.h @@ -1,7 +1,7 @@ /* * AppArmor security module * - * This file contains AppArmor resource limits function defintions. + * This file contains AppArmor resource limits function definitions. * * Copyright (C) 1998-2008 Novell/SUSE * Copyright 2009-2010 Canonical Ltd. @@ -20,7 +20,7 @@ struct aa_profile; -/* struct aa_rlimit - rlimits settings for the profile +/* struct aa_rlimit - rlimit settings for the profile * @mask: which hard limits to set * @limits: rlimit values that override task limits * diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 51837b5a10a..6e85cdb4303 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -30,7 +30,7 @@ * description). If a portion of the name is missing it returns NULL for * that portion. * - * NOTE: may modifiy the @fqname string. The pointers returned point + * NOTE: may modify the @fqname string. The pointers returned point * into the @fqname string. */ char *aa_split_fqname(char *fqname, char **ns_name) @@ -65,13 +65,13 @@ void aa_info_message(const char *str) struct common_audit_data sa; COMMON_AUDIT_DATA_INIT(&sa, NONE); sa.aad.info = str; - printk(KERN_INFO "AppArmor: %s\n", str); aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); } + printk(KERN_INFO "AppArmor: %s\n", str); } /** - * kvmalloc - do allocation prefering kmalloc but falling back to vmalloc + * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc * @size: size of allocation * * Return: allocated buffer or NULL if failed @@ -90,6 +90,9 @@ void *kvmalloc(size_t size) if (size <= (16*PAGE_SIZE)) buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN); if (!buffer) { + /* see kvfree for why size must be at least work_struct size + * when allocated via vmalloc + */ if (size < sizeof(struct work_struct)) size = sizeof(struct work_struct); buffer = vmalloc(size); @@ -101,7 +104,7 @@ void *kvmalloc(size_t size) * do_vfree - workqueue routine for freeing vmalloced memory * @work: data to be freed * - * The work_struct is overlayed to the data being freed, as at the point + * The work_struct is overlaid to the data being freed, as at the point * the work is scheduled the data is no longer valid, be its freeing * needs to be delayed until safe. */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index b4828d74a1d..7daf0d52803 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -36,7 +36,7 @@ #include "include/procattr.h" /* Flag indicating whether initialization completed */ -int apparmor_initialized; +int apparmor_initialized __initdata; /* * LSM hook functions diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 8e7523ab392..5cb4dc1f699 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -193,8 +193,8 @@ void aa_dfa_free_kref(struct kref *kref) * @size: size of data to unpack * @flags: flags controlling what type of accept tables are acceptable * - * Unpack a dfa that has been serialized. Dfa format and information in - * Documentation/AppArmor/dfa.txt + * Unpack a dfa that has been serialized. To find information on the dfa + * format look in Documentation/apparmor.txt * Assumes the dfa @blob stream has been aligned on a 8 byte boundry * * Returns: an unpacked dfa ready for matching or ERR_PTR on failure diff --git a/security/apparmor/path.c b/security/apparmor/path.c index a19ba058993..96bab9469d4 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -46,7 +46,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen) * @buf: buffer to store path to (NOT NULL) * @buflen: length of @buf * @name: Returns - pointer for start of path name with in @buf (NOT NULL) - * @flags: flags controling path lookup + * @flags: flags controlling path lookup * * Handle path name lookup. * @@ -110,7 +110,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, * * Remove the appended deleted text and return as string for * normal mediation, or auditing. The (deleted) string is - * guarenteed to be added in this case, so just strip it. + * guaranteed to be added in this case, so just strip it. */ buf[buflen - 11] = 0; /* - (len(" (deleted)") +\0) */ @@ -190,7 +190,7 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer, /** * aa_get_name - compute the pathname of a file * @path: path the file (NOT NULL) - * @flags: flags controling path name generation + * @flags: flags controlling path name generation * @buffer: buffer that aa_get_name() allocated (NOT NULL) * @name: Returns - the generated path name if !error (NOT NULL) * diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 7fecdf2d2df..3cdc1ad0787 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -13,7 +13,7 @@ * * * AppArmor policy is based around profiles, which contain the rules a - * task is confined by. Every task in the sytem has a profile attached + * task is confined by. Every task in the system has a profile attached * to it determined either by matching "unconfined" tasks against the * visible set of profiles or by following a profiles attachment rules. * @@ -31,21 +31,21 @@ * Reserved profile names * unconfined - special automatically generated unconfined profile * inherit - special name to indicate profile inheritance - * null-XXXX-YYYY - special automically generated learning profiles + * null-XXXX-YYYY - special automatically generated learning profiles * * Namespace names may not start with / or @ and may not contain \0 or : - * Reserved namespace namespace + * Reserved namespace names * user-XXXX - user defined profiles * - * a // in a profile or namespace name indicates a hierarcical name with the + * a // in a profile or namespace name indicates a hierarchical name with the * name before the // being the parent and the name after the child. * - * Profile and namespace hierachies serve two different but similar purposes. + * Profile and namespace hierarchies serve two different but similar purposes. * The namespace contains the set of visible profiles that are considered * for attachment. The hierarchy of namespaces allows for virtualizing * the namespace so that for example a chroot can have its own set of profiles * which may define some local user namespaces. - * The profile hierachy severs two distinct purposes, + * The profile hierarchy severs two distinct purposes, * - it allows for sub profiles or hats, which allows an application to run * subprograms under its own profile with different restriction than it * self, and not have it use the system profile. @@ -60,8 +60,8 @@ * eg. /bin/bash///bin/ls as a name would indicate /bin/ls was started * from /bin/bash * - * A profile or namespace name that can contain one or more // seperators - * is refered to as an hname (hierarchical). + * A profile or namespace name that can contain one or more // separators + * is referred to as an hname (hierarchical). * eg. /bin/bash//bin/ls * * An fqname is a name that may contain both namespace and profile hnames. @@ -191,7 +191,7 @@ static struct aa_policy *__policy_find(struct list_head *head, const char *name) } /** - * __policy_strn_find - find a policy thats name matches @len chars of @str + * __policy_strn_find - find a policy that's name matches @len chars of @str * @head: list to search (NOT NULL) * @str: string to search for (NOT NULL) * @len: length of match required @@ -257,7 +257,7 @@ const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view) /* at this point if a ns is visible it is in a view ns * thus the curr ns.hname is a prefix of its name. * Only output the virtualized portion of the name - * Add + 2 to skip over // seperating curr hname prefix + * Add + 2 to skip over // separating curr hname prefix * from the visible tail of the views hname */ return view->base.hname + strlen(curr->base.hname) + 2; @@ -477,7 +477,7 @@ static void __list_remove_profile(struct aa_profile *profile) * @old: profile to be replaced (NOT NULL) * @new: profile to replace @old with (NOT NULL) * - * Will duplicaticate and refcount elements that @new inherits from @old + * Will duplicate and refcount elements that @new inherits from @old * and will inherit @old children. * * refcount @new for list, put @old list refcount @@ -503,7 +503,7 @@ static void __replace_profile(struct aa_profile *old, struct aa_profile *new) list_for_each_entry_safe(child, tmp, &old->base.profiles, base.list) { aa_put_profile(child->parent); child->parent = aa_get_profile(new); - /* list refcount transfered to @new*/ + /* list refcount transferred to @new*/ list_move(&child->base.list, &new->base.profiles); } diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 5b5dacb9623..eb3700e9fd3 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -13,7 +13,7 @@ * License. * * AppArmor uses a serialized binary format for loading policy. - * The policy format is documented in Documentation/??? + * To find policy format documentation look in Documentation/apparmor.txt * All policy is validated before it is used. */ @@ -35,7 +35,7 @@ * which has a name (AA_NAME typecode followed by name string) followed by * the entries typecode and data. Named types allow for optional * elements and extensions to be added and tested for without breaking - * backwards compatability. + * backwards compatibility. */ enum aa_code { @@ -154,10 +154,11 @@ static bool unpack_X(struct aa_ext *e, enum aa_code code) * name @name. If @name is specified then there must be a matching * name element in the stream. If @name is NULL any name element will be * skipped and only the typecode will be tested. - * returns 1 on success (both type code and name tests match) and the read + * + * Returns 1 on success (both type code and name tests match) and the read * head is advanced past the headers * - * Returns: 0 if either match failes, the read head does not move + * Returns: 0 if either match fails, the read head does not move */ static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name) { @@ -381,6 +382,9 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) for (i = 0; i < size; i++) { char *str; int c, j, size = unpack_strdup(e, &str, NULL); + /* unpack_strdup verifies that the last character is + * null termination byte. + */ if (!size) goto fail; profile->file.trans.table[i] = str; @@ -394,7 +398,10 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) c++; } if (*str == ':') { - /* beginning with : requires an embedded \0 */ + /* beginning with : requires an embedded \0, + * verify that exactly 1 internal \0 exists + * trailing \0 already verified by unpack_strdup + */ if (c != 1) goto fail; /* first character after : must be valid */ diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index 8a2d22cbd4c..04a2cf8d1b6 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -57,13 +57,13 @@ int aa_getprocattr(struct aa_profile *profile, char **string) mode_len = strlen(mode_str) + 3; /* + 3 for _() */ name_len = strlen(profile->base.hname); - len = mode_len + ns_len + name_len + 1; /*+ 1 for \n */ + len = mode_len + ns_len + name_len + 1; /* + 1 for \n */ s = str = kmalloc(len + 1, GFP_KERNEL); /* + 1 \0 */ if (!str) return -ENOMEM; if (ns_len) { - /* skip over prefix current_ns->base.hname and seperating // */ + /* skip over prefix current_ns->base.hname and separating // */ sprintf(s, ":%s://", ns_name); s += ns_len; } @@ -127,7 +127,7 @@ int aa_setprocattr_changehat(char *args, size_t size, int test) } if (hat) { - /* set up hat name vector, args guarenteed null terminated + /* set up hat name vector, args guaranteed null terminated * at args[size] by setprocattr. * * If there are multiple hat names in the buffer each is diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index ad69bf3782b..4a368f1fd36 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -61,7 +61,7 @@ static int audit_resource(struct aa_profile *profile, unsigned int resource, * * Returns: resource # for the current architecture. * - * rlimit resource can vary based on architecture map the compiled policy + * rlimit resource can vary based on architecture, map the compiled policy * resource # to the internal representation for the architecture. */ int aa_map_resource(int resource) |