summaryrefslogtreecommitdiffstats
path: root/security/apparmor/policy_unpack.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-08-14 20:27:36 +0200
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 20:42:08 +0200
commitf8eb8a1324e81927b2c64823b2fc38386efd3fef (patch)
tree78ef80523807aeb5b084b29f8b698601c71292b2 /security/apparmor/policy_unpack.c
parentapparmor: export set of capabilities supported by the apparmor module (diff)
downloadlinux-f8eb8a1324e81927b2c64823b2fc38386efd3fef.tar.xz
linux-f8eb8a1324e81927b2c64823b2fc38386efd3fef.zip
apparmor: add the ability to report a sha1 hash of loaded policy
Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r--security/apparmor/policy_unpack.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index bdaef2e1b2a0..a689f10930b5 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -24,6 +24,7 @@
#include "include/apparmor.h"
#include "include/audit.h"
#include "include/context.h"
+#include "include/crypto.h"
#include "include/match.h"
#include "include/policy.h"
#include "include/policy_unpack.h"
@@ -758,10 +759,12 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
*ns = NULL;
while (e.pos < e.end) {
+ void *start;
error = verify_header(&e, e.pos == e.start, ns);
if (error)
goto fail;
+ start = e.pos;
profile = unpack_profile(&e);
if (IS_ERR(profile)) {
error = PTR_ERR(profile);
@@ -769,16 +772,18 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
}
error = verify_profile(profile);
- if (error) {
- aa_free_profile(profile);
- goto fail;
- }
+ if (error)
+ goto fail_profile;
+
+ error = aa_calc_profile_hash(profile, e.version, start,
+ e.pos - start);
+ if (error)
+ goto fail_profile;
ent = aa_load_ent_alloc();
if (!ent) {
error = -ENOMEM;
- aa_put_profile(profile);
- goto fail;
+ goto fail_profile;
}
ent->new = profile;
@@ -787,6 +792,9 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
return 0;
+fail_profile:
+ aa_put_profile(profile);
+
fail:
list_for_each_entry_safe(ent, tmp, lh, list) {
list_del_init(&ent->list);