// SPDX-License-Identifier: GPL-2.0-only /* * AppArmor security module * * This file contains AppArmor functions for unpacking policy loaded * from userspace. * * Copyright (C) 1998-2008 Novell/SUSE * Copyright 2009-2022 Canonical Ltd. * * Code to provide backwards compatibility with older policy versions, * by converting/mapping older policy formats into the newer internal * formats. */ #include <linux/ctype.h> #include <linux/errno.h> #include "include/lib.h" #include "include/policy_unpack.h" #include "include/policy_compat.h" /* remap old accept table embedded permissions to separate permission table */ static u32 dfa_map_xindex(u16 mask) { … } /* * map old dfa inline permissions to new format */ #define dfa_user_allow(dfa, state) … #define dfa_user_xbits(dfa, state) … #define dfa_user_audit(dfa, state) … #define dfa_user_quiet(dfa, state) … #define dfa_user_xindex(dfa, state) … #define dfa_other_allow(dfa, state) … #define dfa_other_xbits(dfa, state) … #define dfa_other_audit(dfa, state) … #define dfa_other_quiet(dfa, state) … #define dfa_other_xindex(dfa, state) … /** * map_old_perms - map old file perms layout to the new layout * @old: permission set in old mapping * * Returns: new permission mapping */ static u32 map_old_perms(u32 old) { … } static void compute_fperms_allow(struct aa_perms *perms, struct aa_dfa *dfa, aa_state_t state) { … } static struct aa_perms compute_fperms_user(struct aa_dfa *dfa, aa_state_t state) { … } static struct aa_perms compute_fperms_other(struct aa_dfa *dfa, aa_state_t state) { … } /** * compute_fperms - convert dfa compressed perms to internal perms and store * them so they can be retrieved later. * @dfa: a dfa using fperms to remap to internal permissions * @size: Returns the permission table size * * Returns: remapped perm table */ static struct aa_perms *compute_fperms(struct aa_dfa *dfa, u32 *size) { … } static struct aa_perms *compute_xmatch_perms(struct aa_dfa *xmatch, u32 *size) { … } static u32 map_other(u32 x) { … } static u32 map_xbits(u32 x) { … } static struct aa_perms compute_perms_entry(struct aa_dfa *dfa, aa_state_t state, u32 version) { … } static struct aa_perms *compute_perms(struct aa_dfa *dfa, u32 version, u32 *size) { … } /** * remap_dfa_accept - remap old dfa accept table to be an index * @dfa: dfa to do the remapping on * @factor: scaling factor for the index conversion. * * Used in conjunction with compute_Xperms, it converts old style perms * that are encoded in the dfa accept tables to the new style where * there is a permission table and the accept table is an index into * the permission table. */ static void remap_dfa_accept(struct aa_dfa *dfa, unsigned int factor) { … } /* TODO: merge different dfa mappings into single map_policy fn */ int aa_compat_map_xmatch(struct aa_policydb *policy) { … } int aa_compat_map_policy(struct aa_policydb *policy, u32 version) { … } int aa_compat_map_file(struct aa_policydb *policy) { … }
Codebase Browser
linux