add wifi6 8852be driver

hc

2024-12-19 9370bb92b2d16684ee45cf24e879c93c509162da

 kernel/security/apparmor/net.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * AppArmor security module
3
4
  *
..
..
@@ -5,11 +6,6 @@
5
6
  *
6
7
  * Copyright (C) 1998-2008 Novell/SUSE
7
8
  * Copyright 2009-2017 Canonical Ltd.
8
- *
9
- * This program is free software; you can redistribute it and/or
10
- * modify it under the terms of the GNU General Public License as
11
- * published by the Free Software Foundation, version 2 of the
12
- * License.
13
9
  */
14
10
 
15
11
 #include "include/apparmor.h"
..
..
@@ -18,6 +14,7 @@
18
14
 #include "include/label.h"
19
15
 #include "include/net.h"
20
16
 #include "include/policy.h"
17
+#include "include/secid.h"
21
18
 
22
19
 #include "net_names.h"
23
20
 
..
..
@@ -75,16 +72,18 @@
75
72
 {
76
73
 	struct common_audit_data *sa = va;
77
74
 
78
-	audit_log_format(ab, " family=");
79
75
 	if (address_family_names[sa->u.net->family])
80
-		audit_log_string(ab, address_family_names[sa->u.net->family]);
76
+		audit_log_format(ab, " family=\"%s\"",
77
+				 address_family_names[sa->u.net->family]);
81
78
 	else
82
-		audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family);
83
-	audit_log_format(ab, " sock_type=");
79
+		audit_log_format(ab, " family=\"unknown(%d)\"",
80
+				 sa->u.net->family);
84
81
 	if (sock_type_names[aad(sa)->net.type])
85
-		audit_log_string(ab, sock_type_names[aad(sa)->net.type]);
82
+		audit_log_format(ab, " sock_type=\"%s\"",
83
+				 sock_type_names[aad(sa)->net.type]);
86
84
 	else
87
-		audit_log_format(ab, "\"unknown(%d)\"", aad(sa)->net.type);
85
+		audit_log_format(ab, " sock_type=\"unknown(%d)\"",
86
+				 aad(sa)->net.type);
88
87
 	audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol);
89
88
 
90
89
 	if (aad(sa)->request & NET_PERMS_MASK) {
..
..
@@ -188,3 +187,70 @@
188
187
 
189
188
 	return aa_label_sk_perm(label, op, request, sock->sk);
190
189
 }
190
+
191
+#ifdef CONFIG_NETWORK_SECMARK
192
+static int apparmor_secmark_init(struct aa_secmark *secmark)
193
+{
194
+	struct aa_label *label;
195
+
196
+	if (secmark->label[0] == '*') {
197
+		secmark->secid = AA_SECID_WILDCARD;
198
+		return 0;
199
+	}
200
+
201
+	label = aa_label_strn_parse(&root_ns->unconfined->label,
202
+				    secmark->label, strlen(secmark->label),
203
+				    GFP_ATOMIC, false, false);
204
+
205
+	if (IS_ERR(label))
206
+		return PTR_ERR(label);
207
+
208
+	secmark->secid = label->secid;
209
+
210
+	return 0;
211
+}
212
+
213
+static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid,
214
+			   struct common_audit_data *sa, struct sock *sk)
215
+{
216
+	int i, ret;
217
+	struct aa_perms perms = { };
218
+
219
+	if (profile->secmark_count == 0)
220
+		return 0;
221
+
222
+	for (i = 0; i < profile->secmark_count; i++) {
223
+		if (!profile->secmark[i].secid) {
224
+			ret = apparmor_secmark_init(&profile->secmark[i]);
225
+			if (ret)
226
+				return ret;
227
+		}
228
+
229
+		if (profile->secmark[i].secid == secid ||
230
+		    profile->secmark[i].secid == AA_SECID_WILDCARD) {
231
+			if (profile->secmark[i].deny)
232
+				perms.deny = ALL_PERMS_MASK;
233
+			else
234
+				perms.allow = ALL_PERMS_MASK;
235
+
236
+			if (profile->secmark[i].audit)
237
+				perms.audit = ALL_PERMS_MASK;
238
+		}
239
+	}
240
+
241
+	aa_apply_modes_to_perms(profile, &perms);
242
+
243
+	return aa_check_perms(profile, &perms, request, sa, audit_net_cb);
244
+}
245
+
246
+int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
247
+			   u32 secid, struct sock *sk)
248
+{
249
+	struct aa_profile *profile;
250
+	DEFINE_AUDIT_SK(sa, op, sk);
251
+
252
+	return fn_for_each_confined(label, profile,
253
+				    aa_secmark_perm(profile, request, secid,
254
+						    &sa, sk));
255
+}
256
+#endif