Loading security/apparmor/apparmorfs.c +1 −1 Original line number Diff line number Diff line Loading @@ -750,7 +750,7 @@ static int seq_show_profile(struct seq_file *f, void *p) struct aa_ns *root = f->private; if (profile->ns != root) seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true)); seq_printf(f, "%s (%s)\n", profile->base.hname, aa_profile_mode_names[profile->mode]); Loading security/apparmor/include/policy_ns.h +2 −2 Original line number Diff line number Diff line Loading @@ -74,8 +74,8 @@ extern struct aa_ns *root_ns; extern const char *aa_hidden_ns_name; bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view); const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child); bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns); const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns); void aa_free_ns(struct aa_ns *ns); int aa_alloc_root_ns(void); void aa_free_root_ns(void); Loading security/apparmor/policy_ns.c +9 −3 Original line number Diff line number Diff line Loading @@ -33,18 +33,23 @@ const char *aa_hidden_ns_name = "---"; * aa_ns_visible - test if @view is visible from @curr * @curr: namespace to treat as the parent (NOT NULL) * @view: namespace to test if visible from @curr (NOT NULL) * @subns: whether view of a subns is allowed * * Returns: true if @view is visible from @curr else false */ bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view) bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns) { if (curr == view) return true; if (!subns) return false; for ( ; view; view = view->parent) { if (view->parent == curr) return true; } return false; } Loading @@ -52,16 +57,17 @@ bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view) * aa_na_name - Find the ns name to display for @view from @curr * @curr - current namespace (NOT NULL) * @view - namespace attempting to view (NOT NULL) * @subns - are subns visible * * Returns: name of @view visible from @curr */ const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view) const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view, bool subns) { /* if view == curr then the namespace name isn't displayed */ if (curr == view) return ""; if (aa_ns_visible(curr, view)) { if (aa_ns_visible(curr, view, subns)) { /* at this point if a ns is visible it is in a view ns * thus the curr ns.hname is a prefix of its name. * Only output the virtualized portion of the name Loading security/apparmor/procattr.c +2 −2 Original line number Diff line number Diff line Loading @@ -44,10 +44,10 @@ int aa_getprocattr(struct aa_profile *profile, char **string) struct aa_ns *current_ns = __aa_current_profile()->ns; char *s; if (!aa_ns_visible(current_ns, ns)) if (!aa_ns_visible(current_ns, ns, true)) return -EACCES; ns_name = aa_ns_name(current_ns, ns); ns_name = aa_ns_name(current_ns, ns, true); ns_len = strlen(ns_name); /* if the visible ns_name is > 0 increase size for : :// seperator */ Loading Loading
security/apparmor/apparmorfs.c +1 −1 Original line number Diff line number Diff line Loading @@ -750,7 +750,7 @@ static int seq_show_profile(struct seq_file *f, void *p) struct aa_ns *root = f->private; if (profile->ns != root) seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true)); seq_printf(f, "%s (%s)\n", profile->base.hname, aa_profile_mode_names[profile->mode]); Loading
security/apparmor/include/policy_ns.h +2 −2 Original line number Diff line number Diff line Loading @@ -74,8 +74,8 @@ extern struct aa_ns *root_ns; extern const char *aa_hidden_ns_name; bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view); const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child); bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns); const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns); void aa_free_ns(struct aa_ns *ns); int aa_alloc_root_ns(void); void aa_free_root_ns(void); Loading
security/apparmor/policy_ns.c +9 −3 Original line number Diff line number Diff line Loading @@ -33,18 +33,23 @@ const char *aa_hidden_ns_name = "---"; * aa_ns_visible - test if @view is visible from @curr * @curr: namespace to treat as the parent (NOT NULL) * @view: namespace to test if visible from @curr (NOT NULL) * @subns: whether view of a subns is allowed * * Returns: true if @view is visible from @curr else false */ bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view) bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns) { if (curr == view) return true; if (!subns) return false; for ( ; view; view = view->parent) { if (view->parent == curr) return true; } return false; } Loading @@ -52,16 +57,17 @@ bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view) * aa_na_name - Find the ns name to display for @view from @curr * @curr - current namespace (NOT NULL) * @view - namespace attempting to view (NOT NULL) * @subns - are subns visible * * Returns: name of @view visible from @curr */ const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view) const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view, bool subns) { /* if view == curr then the namespace name isn't displayed */ if (curr == view) return ""; if (aa_ns_visible(curr, view)) { if (aa_ns_visible(curr, view, subns)) { /* at this point if a ns is visible it is in a view ns * thus the curr ns.hname is a prefix of its name. * Only output the virtualized portion of the name Loading
security/apparmor/procattr.c +2 −2 Original line number Diff line number Diff line Loading @@ -44,10 +44,10 @@ int aa_getprocattr(struct aa_profile *profile, char **string) struct aa_ns *current_ns = __aa_current_profile()->ns; char *s; if (!aa_ns_visible(current_ns, ns)) if (!aa_ns_visible(current_ns, ns, true)) return -EACCES; ns_name = aa_ns_name(current_ns, ns); ns_name = aa_ns_name(current_ns, ns, true); ns_len = strlen(ns_name); /* if the visible ns_name is > 0 increase size for : :// seperator */ Loading
John Johansen <john.johansen@canonical.com>John Johansen <john.johansen@canonical.com>