projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34d31f2) | patch
apparmor: carry mediation check on label
authorJohn Johansen <john.johansen@canonical.com>
Fri, 27 Oct 2023 17:31:06 +0000 (10:31 -0700)
committerJohn Johansen <john.johansen@canonical.com>
Sat, 18 Jan 2025 14:47:12 +0000 (06:47 -0800)
commitde4754c801f4ceefc6ce0d13480c506e0a91b449
treebb89e754c051b6d2991df843bbd5b165fffa9c1ctree
parent34d31f23385b018890295414acaee31d786cf73dcommit | diff
apparmor: carry mediation check on label

In order to speed up the mediated check, precompute and store the
result as a bit per class type. This will not only allow us to
speed up the mediation check but is also a step to removing the
unconfined special cases as the unconfined check can be replaced
with the generic label_mediates() check.

Note: label check does not currently work for capabilities and resources
      which need to have their mediation updated first.

Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/include/apparmor.h diff | blob | blame | history
security/apparmor/include/label.h diff | blob | blame | history
security/apparmor/include/policy.h diff | blob | blame | history
security/apparmor/label.c diff | blob | blame | history
security/apparmor/policy.c diff | blob | blame | history
security/apparmor/policy_unpack.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)