300  * @bprm: binprm struct for the process to validate
306 static int aa_xattrs_match(const struct linux_binprm *bprm,
315 	if (!bprm || !attach->xattr_count)
321 	d = bprm->file->f_path.dentry;
370  * @bprm: binprm structure of transitioning task
385 static struct aa_label *find_attach(const struct linux_binprm *bprm,
433 				if (bprm && attach->xattr_count) {
439 					ret = aa_xattrs_match(bprm, profile,
552  * @bprm: binprm structure of transitioning task
563 				   const struct linux_binprm *bprm,
593 			new = find_attach(bprm, ns, &profile->base.profiles,
597 			new = find_attach(bprm, ns, &ns->base.profiles,
633 					   const struct linux_binprm *bprm,
647 	AA_BUG(!bprm);
650 	error = aa_path_name(&bprm->file->f_path, profile->path_flags, buffer,
659 		name = bprm->filename;
664 		new = find_attach(bprm, profile->ns,
678 		new = x_to_label(profile, bprm, name, perms.xindex, &target,
735 			  bool stack, const struct linux_binprm *bprm,
748 	AA_BUG(!bprm);
761 	error = aa_path_name(&bprm->file->f_path, profile->path_flags, buffer,
769 		xname = bprm->filename;
812 				      const struct linux_binprm *bprm,
822 	AA_BUG(!bprm);
828 					       bprm, buffer, cond, unsafe));
833 				profile_transition(subj_cred, profile, bprm,
840 				profile_onexec(subj_cred, profile, onexec, stack, bprm,
847 				profile_transition(subj_cred, profile, bprm,
859 				      AA_MAY_ONEXEC, bprm->filename, NULL,
866  * apparmor_bprm_creds_for_exec - Update the new creds on the bprm struct
867  * @bprm: binprm for the exec  (NOT NULL)
873 int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
883 	vfsuid_t vfsuid = i_uid_into_vfsuid(file_mnt_idmap(bprm->file),
884 					    file_inode(bprm->file));
887 		file_inode(bprm->file)->i_mode
892 	AA_BUG(!cred_label(bprm->cred));
895 	label = aa_get_newest_label(cred_label(bprm->cred));
904 	if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) && !unconfined(label) &&
918 				    bprm, buffer, &cond, &unsafe);
921 				profile_transition(subj_cred, profile, bprm,
942 	if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) &&
950 	if (bprm->unsafe & LSM_UNSAFE_SHARE) {
955 	if (bprm->unsafe & (LSM_UNSAFE_PTRACE)) {
957 		error = may_change_ptraced_domain(bprm->cred, new, &info);
965 				   "label=", bprm->filename);
969 		bprm->secureexec = 1;
976 				   "bits. %s label=", bprm->filename);
980 		bprm->per_clear |= PER_CLEAR_ON_SETID;
982 	aa_put_label(cred_label(bprm->cred));
984 	set_cred_label(bprm->cred, new);
996 				      bprm->filename, NULL, new,

Indexes created Fri May 10 11:38:11 MDT 2024