diff options
author | John Johansen <john.johansen@canonical.com> | 2021-02-05 13:56:02 +0100 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2022-07-10 00:13:59 +0200 |
commit | 482e8050aab4ad10bcd64241f1a9b540463b3274 (patch) | |
tree | 6e8586bf5d5d0d8a4e7aab2509d50c91b49c030b /security/apparmor | |
parent | apparmor: Enable tuning of policy paranoid load for embedded systems (diff) | |
download | linux-482e8050aab4ad10bcd64241f1a9b540463b3274.tar.xz linux-482e8050aab4ad10bcd64241f1a9b540463b3274.zip |
apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled
Currently if sha1 hashing of policy is disabled a sha1 hash symlink
to the non-existent file is created. There is now reason to create
the symlink in this case so don't do it.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/apparmorfs.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 3770dde50a47..15efe4076fc4 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1736,14 +1736,15 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY if (profile->rawdata) { - dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, - profile->label.proxy, NULL, NULL, - &rawdata_link_sha1_iops); - if (IS_ERR(dent)) - goto fail; - aa_get_proxy(profile->label.proxy); - profile->dents[AAFS_PROF_RAW_HASH] = dent; - + if (aa_g_hash_policy) { + dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, + profile->label.proxy, NULL, NULL, + &rawdata_link_sha1_iops); + if (IS_ERR(dent)) + goto fail; + aa_get_proxy(profile->label.proxy); + profile->dents[AAFS_PROF_RAW_HASH] = dent; + } dent = aafs_create("raw_abi", S_IFLNK | 0444, dir, profile->label.proxy, NULL, NULL, &rawdata_link_abi_iops); |