summaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2022-08-23 10:06:15 +0200
committerJohn Johansen <john.johansen@canonical.com>2022-10-03 23:49:03 +0200
commita0792e2ceddc1bff8bda34a82b5ef7f00cbe7a9f (patch)
tree9a52aa1f2b63c9ec82be2cdd0f5ee69e678293dc /security/apparmor
parentapparmor: add user mode flag (diff)
downloadlinux-a0792e2ceddc1bff8bda34a82b5ef7f00cbe7a9f.tar.xz
linux-a0792e2ceddc1bff8bda34a82b5ef7f00cbe7a9f.zip
apparmor: make transition table unpack generic so it can be reused
Currently the transition table is tied to the file dfa. Make it so we can unpack a transition table against any dfa. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/policy_unpack.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 04e9fca250df..052e3b914c18 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -466,13 +466,14 @@ static struct aa_dfa *unpack_dfa(struct aa_ext *e)
/**
* unpack_trans_table - unpack a profile transition table
* @e: serialized data extent information (NOT NULL)
- * @profile: profile to add the accept table to (NOT NULL)
+ * @table: str table to unpack to (NOT NULL)
*
- * Returns: true if table successfully unpacked
+ * Returns: true if table successfully unpacked or not present
*/
-static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
+static bool unpack_trans_table(struct aa_ext *e, struct aa_str_table *strs)
{
void *saved_pos = e->pos;
+ char **table;
/* exec table is optional */
if (unpack_nameX(e, AA_STRUCT, "xtable")) {
@@ -482,12 +483,10 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
/* currently 2^24 bits entries 0-3 */
if (size > (1 << 24))
goto fail;
- profile->file.trans.table = kcalloc(size, sizeof(char *),
- GFP_KERNEL);
- if (!profile->file.trans.table)
+ table = kcalloc(size, sizeof(char *), GFP_KERNEL);
+ if (!table)
goto fail;
- profile->file.trans.size = size;
for (i = 0; i < size; i++) {
char *str;
int c, j, pos, size2 = unpack_strdup(e, &str, NULL);
@@ -496,7 +495,7 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
*/
if (!size2)
goto fail;
- profile->file.trans.table[i] = str;
+ table[i] = str;
/* verify that name doesn't start with space */
if (isspace(*str))
goto fail;
@@ -530,11 +529,14 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
goto fail;
if (!unpack_nameX(e, AA_STRUCTEND, NULL))
goto fail;
+
+ strs->table = table;
+ strs->size = size;
}
return true;
fail:
- aa_free_str_table(&profile->file.trans);
+ kfree_sensitive(table);
e->pos = saved_pos;
return false;
}
@@ -880,7 +882,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
info = "failed to remap file permission table";
goto fail;
}
- if (!unpack_trans_table(e, profile)) {
+ if (!unpack_trans_table(e, &profile->file.trans)) {
info = "failed to unpack profile transition table";
goto fail;
}