apparmor: fix setprocattr arg processing for onexec (3eea57c2) · Commits · e / devices / android_kernel_fairphone_FP4

security/apparmor/lsm.c

+21 −16

Original line number	Diff line number	Diff line
		@@ -529,6 +529,8 @@ static int apparmor_getprocattr(struct task_struct task, char name,
		static int apparmor_setprocattr(struct task_struct task, char name,
		void *value, size_t size)
		{
		struct common_audit_data sa;
		struct apparmor_audit_data aad = {0,};
		char command, args = value;
		size_t arg_size;
		int error;
		@@ -572,28 +574,31 @@ static int apparmor_setprocattr(struct task_struct task, char name,
		} else if (strcmp(command, "permprofile") == 0) {
		error = aa_setprocattr_changeprofile(args, !AA_ONEXEC,
		AA_DO_TEST);
		} else {
		struct common_audit_data sa;
		struct apparmor_audit_data aad = {0,};
		sa.type = LSM_AUDIT_DATA_NONE;
		sa.aad = &aad;
		aad.op = OP_SETPROCATTR;
		aad.info = name;
		aad.error = -EINVAL;
		return aa_audit(AUDIT_APPARMOR_DENIED,
		__aa_current_profile(), GFP_KERNEL,
		&sa, NULL);
		}
		} else
		goto fail;
		} else if (strcmp(name, "exec") == 0) {
		if (strcmp(command, "exec") == 0)
		error = aa_setprocattr_changeprofile(args, AA_ONEXEC,
		!AA_DO_TEST);
		} else {
		else
		goto fail;
		} else
		/* only support the "current" and "exec" process attributes */
		return -EINVAL;
		}

		if (!error)
		error = size;
		return error;

		fail:
		sa.type = LSM_AUDIT_DATA_NONE;
		sa.aad = &aad;
		aad.profile = aa_current_profile();
		aad.op = OP_SETPROCATTR;
		aad.info = name;
		aad.error = -EINVAL;
		aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
		return -EINVAL;
		}

		static int apparmor_task_setrlimit(struct task_struct *task,