android_kernel_google_msm/security/apparmor
John Johansen 0ed3b28ab8 AppArmor: mediation of non file objects
ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests.  Improved mediation is a wip.

rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level.  Only resources specified in a profile are controled
or set.  AppArmor rules set the hard limit to a value <= to the current
hard limit (ie. they can not currently raise hard limits), and if
necessary will lower the soft limit to the new hard limit value.

AppArmor does not track resource limits to reset them when a profile
is left so that children processes inherit the limits set by the
parent even if they are not confined by the same profile.

Capabilities:  AppArmor provides a per profile mask of capabilities,
that will further restrict.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02 15:38:35 +10:00
..
include AppArmor: mediation of non file objects 2010-08-02 15:38:35 +10:00
apparmorfs.c AppArmor: userspace interfaces 2010-08-02 15:35:13 +10:00
audit.c
capability.c AppArmor: mediation of non file objects 2010-08-02 15:38:35 +10:00
context.c AppArmor: contexts used in attaching policy to system objects 2010-08-02 15:35:12 +10:00
domain.c AppArmor: functions for domain transitions 2010-08-02 15:35:14 +10:00
file.c AppArmor: file enforcement routines 2010-08-02 15:35:14 +10:00
ipc.c AppArmor: mediation of non file objects 2010-08-02 15:38:35 +10:00
lib.c
lsm.c AppArmor: LSM interface, and security module initialization 2010-08-02 15:38:35 +10:00
match.c AppArmor: dfa match engine 2010-08-02 15:35:13 +10:00
path.c
procattr.c AppArmor: userspace interfaces 2010-08-02 15:35:13 +10:00
resource.c AppArmor: mediation of non file objects 2010-08-02 15:38:35 +10:00