UBUNTU: SAUCE: apparmor: fix parameters so that the permission test is bypassed at...

Boot parameters are written before apparmor is ready to answer the
whether the user is policy_view_capable(). Setting the parameters at
boot results in an oops and failure to boot.

but if the user is in control of boot they obviously are

BugLink: http://bugs.launchpad.net/bugs/1678048
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h
index f44561b6075b5ffcf9818d6a3359129c77a37098..95f4e7340e864e9459bc5dd827350fc378b11c5b 100644 (file)
--- a/security/apparmor/include/lib.h
+++ b/security/apparmor/include/lib.h
@@ -56,7 +56,7 @@
        } while (0)
 
 /* Flag indicating whether initialization completed */
-extern int apparmor_initialized __initdata;
+extern int apparmor_initialized;
 
 /* fn's in lib */
 const char *skipn_spaces(const char *str, size_t n);

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index a93b7013fbe98b82dbc9f05986b81c5d90960997..36d8cedf1d1cd146104e5db3a09dec0312eff287 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -41,7 +41,7 @@
 #include "include/mount.h"
 
 /* Flag indicating whether initialization completed */
-int apparmor_initialized __initdata;
+int apparmor_initialized;
 
 DEFINE_PER_CPU(struct aa_buffers, aa_buffers);
 
@@ -1337,74 +1337,76 @@ __setup("apparmor=", apparmor_enabled_setup);
 /* set global flag turning off the ability to load policy */
 static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
 {
-       if (!policy_admin_capable(NULL))
+       if (!apparmor_enabled)
+               return -EINVAL;
+       if (apparmor_initialized && !policy_admin_capable(NULL))
                return -EPERM;
        return param_set_bool(val, kp);
 }
 
 static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
 {
-       if (!policy_view_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
+       if (apparmor_initialized && !policy_view_capable(NULL))
+               return -EPERM;
        return param_get_bool(buffer, kp);
 }
 
 static int param_set_aabool(const char *val, const struct kernel_param *kp)
 {
-       if (!policy_admin_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
+       if (apparmor_initialized && !policy_admin_capable(NULL))
+               return -EPERM;
        return param_set_bool(val, kp);
 }
 
 static int param_get_aabool(char *buffer, const struct kernel_param *kp)
 {
-       if (!policy_view_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
+       if (apparmor_initialized && !policy_view_capable(NULL))
+               return -EPERM;
        return param_get_bool(buffer, kp);
 }
 
 static int param_set_aauint(const char *val, const struct kernel_param *kp)
 {
-       if (!policy_admin_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
+       if (apparmor_initialized && !policy_admin_capable(NULL))
+               return -EPERM;
        return param_set_uint(val, kp);
 }
 
 static int param_get_aauint(char *buffer, const struct kernel_param *kp)
 {
-       if (!policy_view_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
+       if (apparmor_initialized && !policy_view_capable(NULL))
+               return -EPERM;
        return param_get_uint(buffer, kp);
 }
 
 static int param_get_audit(char *buffer, struct kernel_param *kp)
 {
-       if (!policy_view_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
+       if (apparmor_initialized && !policy_view_capable(NULL))
+               return -EPERM;
        return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]);
 }
 
 static int param_set_audit(const char *val, struct kernel_param *kp)
 {
        int i;
-       if (!policy_admin_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
        if (!val)
                return -EINVAL;
+       if (apparmor_initialized && !policy_admin_capable(NULL))
+               return -EPERM;
 
        for (i = 0; i < AUDIT_MAX_INDEX; i++) {
                if (strcmp(val, audit_mode_names[i]) == 0) {
@@ -1418,10 +1420,10 @@ static int param_set_audit(const char *val, struct kernel_param *kp)
 
 static int param_get_mode(char *buffer, struct kernel_param *kp)
 {
-       if (!policy_view_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
+       if (apparmor_initialized && !policy_view_capable(NULL))
+               return -EPERM;
 
        return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
 }
@@ -1429,12 +1431,12 @@ static int param_get_mode(char *buffer, struct kernel_param *kp)
 static int param_set_mode(const char *val, struct kernel_param *kp)
 {
        int i;
-       if (!policy_admin_capable(NULL))
-               return -EPERM;
        if (!apparmor_enabled)
                return -EINVAL;
        if (!val)
                return -EINVAL;
+       if (apparmor_initialized && !policy_admin_capable(NULL))
+               return -EPERM;
 
        for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) {
                if (strcmp(val, aa_profile_mode_names[i]) == 0) {