Pandora Sourcecodes - pandora-kernel.git/commit

author	John Johansen <john.johansen@canonical.com>
	Thu, 29 Jul 2010 21:48:04 +0000 (14:48 -0700)
committer	James Morris <jmorris@namei.org>
	Mon, 2 Aug 2010 05:35:14 +0000 (15:35 +1000)
commit	6380bd8ddf613b29f478396308b591867d401de4
tree	6d8fc9356a652f8452ccf49e7f79cc700cc2768d	tree \| snapshot
parent	63e2b423771ab0bc7ad4d407f3f6517c6d05cdc0	commit \| diff

AppArmor: file enforcement routines

AppArmor does files enforcement via pathname matching.  Matching is done
at file open using a dfa match engine.  Permission is against the final
file object not parent directories, ie. the traversal of directories
as part of the file match is implicitly allowed.  In the case of nonexistant
files (creation) permissions are checked against the target file not the
directory.  eg. In case of creating the file /dir/new, permissions are
checked against the match /dir/new not against /dir/.

The permissions for matches are currently stored in the dfa accept table,
but this will change to allow for dfa reuse and also to allow for sharing
of wider accept states.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>

security/apparmor/file.c	[new file with mode: 0644]	blob
security/apparmor/include/file.h	[new file with mode: 0644]	blob