[GIT PULL] apparmor updates for 5.8

From: John Johansen
Date: Sun Jun 07 2020 - 17:13:26 EST


Hi Linus,

Can you please pull the following changes for apparmor

Thanks!

- John

The following changes since commit c79f46a282390e0f5b306007bf7b11a46d529538:

Linux 5.5-rc5 (2020-01-05 14:23:27 -0800)

are available in the Git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2020-06-07

for you to fetch changes up to 3622ad25d4d68fcbdef3bc084b5916873e785344:

apparmor: Fix memory leak of profile proxy (2020-06-07 13:38:55 -0700)

----------------------------------------------------------------
Tag summary

+ Features
- Replace zero-length array with flexible-array
- add a valid state flags check
- add consistency check between state and dfa diff encode flags
- add apparmor subdir to proc attr interface
- fail unpack if profile mode is unknown
- add outofband transition and use it in xattr match
- ensure that dfa state tables have entries

+ Cleanups
- Use true and false for bool variable
- Remove semicolon
- Clean code by removing redundant instructions
- Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint()
- remove duplicate check of xattrs on profile attachment
- remove useless aafs_create_symlink

+ Bug fixes
- Fix memory leak of profile proxy
- fix introspection of of task mode for unconfined tasks
- fix nnp subset test for unconfined
- check/put label on apparmor_sk_clone_security()

----------------------------------------------------------------
Gustavo A. R. Silva (1):
apparmor: Replace zero-length array with flexible-array

John Johansen (11):
apparmor: add a valid state flags check
apparmor: add consistency check between state and dfa diff encode flags
apparmor: add proc subdir to attrs
apparmor: remove useless aafs_create_symlink
apparmor: fix nnp subset test for unconfined
apparmor: fail unpack if profile mode is unknown
apparmor: add outofband transition and use it in xattr match
apparmor: remove duplicate check of xattrs on profile attachment.
apparmor: ensure that dfa state tables have entries
apparmor: fix introspection of of task mode for unconfined tasks
apparmor: Fix memory leak of profile proxy

Markus Elfring (1):
apparmor: Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint()

Mateusz Nosek (1):
security/apparmor/label.c: Clean code by removing redundant instructions

Mauricio Faria de Oliveira (1):
apparmor: check/put label on apparmor_sk_clone_security()

Vasyl Gomonovych (1):
AppArmor: Remove semicolon

Zou Wei (1):
apparmor: Use true and false for bool variable

fs/proc/base.c | 13 +++++++++
security/apparmor/apparmorfs.c | 56 +++++++++---------------------------
security/apparmor/domain.c | 39 +++++++++----------------
security/apparmor/file.c | 12 ++++----
security/apparmor/include/label.h | 2 ++
security/apparmor/include/match.h | 11 +++++++
security/apparmor/label.c | 60 ++++++++++++++++++++++++++++-----------
security/apparmor/lsm.c | 5 ++++
security/apparmor/match.c | 58 ++++++++++++++++++++++++++++++++++++-
security/apparmor/path.c | 2 +-
security/apparmor/policy.c | 1 +
security/apparmor/policy_unpack.c | 58 +++++++++++++++++++------------------
12 files changed, 198 insertions(+), 119 deletions(-)