diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-12-13 00:28:05 +0100 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2018-02-09 20:30:02 +0100 |
| commit | 73f488cd903938e78979d50e081a0314ad142351 (patch) | |
| tree | e50e4e5198006f8c6d43a369a45f08dfd3b7a4ba /security/apparmor/policy_unpack.c | |
| parent | apparmor: Add support for attaching profiles via xattr, presence and value (diff) | |
| download | linux-73f488cd903938e78979d50e081a0314ad142351.tar.xz linux-73f488cd903938e78979d50e081a0314ad142351.zip | |
apparmor: convert attaching profiles via xattrs to use dfa matching
This converts profile attachment based on xattrs to a fixed extended
conditional using dfa matching.
This has a couple of advantages
- pattern matching can be used for the xattr match
- xattrs can be optional for an attachment or marked as required
- the xattr attachment conditional will be able to be combined with
other extended conditionals when the flexible extended conditional
work lands.
The xattr fixed extended conditional is appended to the xmatch
conditional. If an xattr attachment is specified the profile xmatch
will be generated regardless of whether there is a pattern match on
the executable name.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
| -rw-r--r-- | security/apparmor/policy_unpack.c | 35 |
1 files changed, 1 insertions, 34 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 98d019185e57..8a31ddd474d7 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -540,8 +540,7 @@ static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile) size = unpack_array(e, NULL); profile->xattr_count = size; - profile->xattrs = kcalloc(size, sizeof(char *), - GFP_KERNEL); + profile->xattrs = kcalloc(size, sizeof(char *), GFP_KERNEL); if (!profile->xattrs) goto fail; for (i = 0; i < size; i++) { @@ -554,38 +553,6 @@ static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile) goto fail; } - if (unpack_nameX(e, AA_STRUCT, "xattr_values")) { - int i, size; - - size = unpack_array(e, NULL); - - /* Must be the same number of xattr values as xattrs */ - if (size != profile->xattr_count) - goto fail; - - profile->xattr_lens = kcalloc(size, sizeof(size_t), - GFP_KERNEL); - if (!profile->xattr_lens) - goto fail; - - profile->xattr_values = kcalloc(size, sizeof(char *), - GFP_KERNEL); - if (!profile->xattr_values) - goto fail; - - for (i = 0; i < size; i++) { - profile->xattr_lens[i] = unpack_blob(e, - &profile->xattr_values[i], NULL); - profile->xattr_values[i] = - kvmemdup(profile->xattr_values[i], - profile->xattr_lens[i]); - } - - if (!unpack_nameX(e, AA_ARRAYEND, NULL)) - goto fail; - if (!unpack_nameX(e, AA_STRUCTEND, NULL)) - goto fail; - } return 1; fail: |