summaryrefslogtreecommitdiffstats
path: root/security/apparmor/policy.c
diff options
context:
space:
mode:
authorWilliam Hua <william.hua@canonical.com>2017-01-16 01:49:28 +0100
committerJohn Johansen <john.johansen@canonical.com>2017-01-16 10:18:51 +0100
commite025be0f26d5597b0a2bdfa65145a0171e77b614 (patch)
tree0f9300ae3893d6af776466d12fe22a739d01d75d /security/apparmor/policy.c
parentapparmor: update cap audit to check SECURITY_CAP_NOAUDIT (diff)
downloadlinux-e025be0f26d5597b0a2bdfa65145a0171e77b614.tar.xz
linux-e025be0f26d5597b0a2bdfa65145a0171e77b614.zip
apparmor: support querying extended trusted helper extra data
Allow a profile to carry extra data that can be queried via userspace. This provides a means to store extra data in a profile that a trusted helper can extract and use from live policy. Signed-off-by: William Hua <william.hua@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy.c')
-rw-r--r--security/apparmor/policy.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index bc63cf7b606a..f2c4bb26b060 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -195,6 +195,20 @@ void aa_free_proxy_kref(struct kref *kref)
}
/**
+ * aa_free_data - free a data blob
+ * @ptr: data to free
+ * @arg: unused
+ */
+static void aa_free_data(void *ptr, void *arg)
+{
+ struct aa_data *data = ptr;
+
+ kzfree(data->data);
+ kzfree(data->key);
+ kzfree(data);
+}
+
+/**
* aa_free_profile - free a profile
* @profile: the profile to free (MAYBE NULL)
*
@@ -206,6 +220,8 @@ void aa_free_proxy_kref(struct kref *kref)
*/
void aa_free_profile(struct aa_profile *profile)
{
+ struct rhashtable *rht;
+
AA_DEBUG("%s(%p)\n", __func__, profile);
if (!profile)
@@ -227,6 +243,13 @@ void aa_free_profile(struct aa_profile *profile)
aa_put_dfa(profile->policy.dfa);
aa_put_proxy(profile->proxy);
+ if (profile->data) {
+ rht = profile->data;
+ profile->data = NULL;
+ rhashtable_free_and_destroy(rht, aa_free_data, NULL);
+ kzfree(rht);
+ }
+
kzfree(profile->hash);
aa_put_loaddata(profile->rawdata);
kzfree(profile);