diff options
author | John Johansen <john.johansen@canonical.com> | 2022-08-23 10:06:15 +0200 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2022-10-03 23:49:03 +0200 |
commit | a0792e2ceddc1bff8bda34a82b5ef7f00cbe7a9f (patch) | |
tree | 9a52aa1f2b63c9ec82be2cdd0f5ee69e678293dc /security/apparmor | |
parent | apparmor: add user mode flag (diff) | |
download | linux-a0792e2ceddc1bff8bda34a82b5ef7f00cbe7a9f.tar.xz linux-a0792e2ceddc1bff8bda34a82b5ef7f00cbe7a9f.zip |
apparmor: make transition table unpack generic so it can be reused
Currently the transition table is tied to the file dfa. Make it so
we can unpack a transition table against any dfa.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/policy_unpack.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 04e9fca250df..052e3b914c18 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -466,13 +466,14 @@ static struct aa_dfa *unpack_dfa(struct aa_ext *e) /** * unpack_trans_table - unpack a profile transition table * @e: serialized data extent information (NOT NULL) - * @profile: profile to add the accept table to (NOT NULL) + * @table: str table to unpack to (NOT NULL) * - * Returns: true if table successfully unpacked + * Returns: true if table successfully unpacked or not present */ -static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) +static bool unpack_trans_table(struct aa_ext *e, struct aa_str_table *strs) { void *saved_pos = e->pos; + char **table; /* exec table is optional */ if (unpack_nameX(e, AA_STRUCT, "xtable")) { @@ -482,12 +483,10 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) /* currently 2^24 bits entries 0-3 */ if (size > (1 << 24)) goto fail; - profile->file.trans.table = kcalloc(size, sizeof(char *), - GFP_KERNEL); - if (!profile->file.trans.table) + table = kcalloc(size, sizeof(char *), GFP_KERNEL); + if (!table) goto fail; - profile->file.trans.size = size; for (i = 0; i < size; i++) { char *str; int c, j, pos, size2 = unpack_strdup(e, &str, NULL); @@ -496,7 +495,7 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) */ if (!size2) goto fail; - profile->file.trans.table[i] = str; + table[i] = str; /* verify that name doesn't start with space */ if (isspace(*str)) goto fail; @@ -530,11 +529,14 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) goto fail; if (!unpack_nameX(e, AA_STRUCTEND, NULL)) goto fail; + + strs->table = table; + strs->size = size; } return true; fail: - aa_free_str_table(&profile->file.trans); + kfree_sensitive(table); e->pos = saved_pos; return false; } @@ -880,7 +882,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) info = "failed to remap file permission table"; goto fail; } - if (!unpack_trans_table(e, profile)) { + if (!unpack_trans_table(e, &profile->file.trans)) { info = "failed to unpack profile transition table"; goto fail; } |