Loading security/apparmor/include/procattr.h +1 −1 Original line number Original line Diff line number Diff line Loading @@ -15,7 +15,7 @@ #ifndef __AA_PROCATTR_H #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H #define __AA_PROCATTR_H int aa_getprocattr(struct aa_profile *profile, char **string); int aa_getprocattr(struct aa_label *label, char **string); int aa_setprocattr_changehat(char *args, size_t size, int flags); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ #endif /* __AA_PROCATTR_H */ security/apparmor/lsm.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -522,7 +522,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, error = -EINVAL; error = -EINVAL; if (label) if (label) error = aa_getprocattr(labels_profile(label), value); error = aa_getprocattr(label, value); aa_put_label(label); aa_put_label(label); put_cred(cred); put_cred(cred); Loading security/apparmor/procattr.c +25 −35 Original line number Original line Diff line number Diff line Loading @@ -34,53 +34,43 @@ * * * Returns: size of string placed in @string else error code on failure * Returns: size of string placed in @string else error code on failure */ */ int aa_getprocattr(struct aa_profile *profile, char **string) int aa_getprocattr(struct aa_label *label, char **string) { { char *str; struct aa_ns *ns = labels_ns(label); int len = 0, mode_len = 0, ns_len = 0, name_len; const char *mode_str = aa_profile_mode_names[profile->mode]; const char *ns_name = NULL; struct aa_ns *ns = profile->ns; struct aa_ns *current_ns = aa_get_current_ns(); struct aa_ns *current_ns = aa_get_current_ns(); char *s; int len; if (!aa_ns_visible(current_ns, ns, true)) if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; return -EACCES; } ns_name = aa_ns_name(current_ns, ns, true); len = aa_label_snxprint(NULL, 0, current_ns, label, ns_len = strlen(ns_name); FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED); /* if the visible ns_name is > 0 increase size for : :// seperator */ AA_BUG(len < 0); if (ns_len) ns_len += 4; /* unconfined profiles don't have a mode string appended */ if (!profile_unconfined(profile)) mode_len = strlen(mode_str) + 3; /* + 3 for _() */ name_len = strlen(profile->base.hname); *string = kmalloc(len + 2, GFP_KERNEL); len = mode_len + ns_len + name_len + 1; /* + 1 for \n */ if (!*string) { s = str = kmalloc(len + 1, GFP_KERNEL); /* + 1 \0 */ aa_put_ns(current_ns); if (!str) return -ENOMEM; return -ENOMEM; if (ns_len) { /* skip over prefix current_ns->base.hname and separating // */ sprintf(s, ":%s://", ns_name); s += ns_len; } } if (profile_unconfined(profile)) /* mode string not being appended */ sprintf(s, "%s\n", profile->base.hname); else sprintf(s, "%s (%s)\n", profile->base.hname, mode_str); *string = str; aa_put_ns(current_ns); /* NOTE: len does not include \0 of string, not saved as part of file */ len = aa_label_snxprint(*string, len + 2, current_ns, label, FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED); if (len < 0) { aa_put_ns(current_ns); return len; return len; } } (*string)[len] = '\n'; (*string)[len + 1] = 0; aa_put_ns(current_ns); return len + 1; } /** /** * split_token_from_name - separate a string of form <token>^<name> * split_token_from_name - separate a string of form <token>^<name> * @op: operation being checked * @op: operation being checked Loading Loading
security/apparmor/include/procattr.h +1 −1 Original line number Original line Diff line number Diff line Loading @@ -15,7 +15,7 @@ #ifndef __AA_PROCATTR_H #ifndef __AA_PROCATTR_H #define __AA_PROCATTR_H #define __AA_PROCATTR_H int aa_getprocattr(struct aa_profile *profile, char **string); int aa_getprocattr(struct aa_label *label, char **string); int aa_setprocattr_changehat(char *args, size_t size, int flags); int aa_setprocattr_changehat(char *args, size_t size, int flags); #endif /* __AA_PROCATTR_H */ #endif /* __AA_PROCATTR_H */
security/apparmor/lsm.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -522,7 +522,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, error = -EINVAL; error = -EINVAL; if (label) if (label) error = aa_getprocattr(labels_profile(label), value); error = aa_getprocattr(label, value); aa_put_label(label); aa_put_label(label); put_cred(cred); put_cred(cred); Loading
security/apparmor/procattr.c +25 −35 Original line number Original line Diff line number Diff line Loading @@ -34,53 +34,43 @@ * * * Returns: size of string placed in @string else error code on failure * Returns: size of string placed in @string else error code on failure */ */ int aa_getprocattr(struct aa_profile *profile, char **string) int aa_getprocattr(struct aa_label *label, char **string) { { char *str; struct aa_ns *ns = labels_ns(label); int len = 0, mode_len = 0, ns_len = 0, name_len; const char *mode_str = aa_profile_mode_names[profile->mode]; const char *ns_name = NULL; struct aa_ns *ns = profile->ns; struct aa_ns *current_ns = aa_get_current_ns(); struct aa_ns *current_ns = aa_get_current_ns(); char *s; int len; if (!aa_ns_visible(current_ns, ns, true)) if (!aa_ns_visible(current_ns, ns, true)) { aa_put_ns(current_ns); return -EACCES; return -EACCES; } ns_name = aa_ns_name(current_ns, ns, true); len = aa_label_snxprint(NULL, 0, current_ns, label, ns_len = strlen(ns_name); FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED); /* if the visible ns_name is > 0 increase size for : :// seperator */ AA_BUG(len < 0); if (ns_len) ns_len += 4; /* unconfined profiles don't have a mode string appended */ if (!profile_unconfined(profile)) mode_len = strlen(mode_str) + 3; /* + 3 for _() */ name_len = strlen(profile->base.hname); *string = kmalloc(len + 2, GFP_KERNEL); len = mode_len + ns_len + name_len + 1; /* + 1 for \n */ if (!*string) { s = str = kmalloc(len + 1, GFP_KERNEL); /* + 1 \0 */ aa_put_ns(current_ns); if (!str) return -ENOMEM; return -ENOMEM; if (ns_len) { /* skip over prefix current_ns->base.hname and separating // */ sprintf(s, ":%s://", ns_name); s += ns_len; } } if (profile_unconfined(profile)) /* mode string not being appended */ sprintf(s, "%s\n", profile->base.hname); else sprintf(s, "%s (%s)\n", profile->base.hname, mode_str); *string = str; aa_put_ns(current_ns); /* NOTE: len does not include \0 of string, not saved as part of file */ len = aa_label_snxprint(*string, len + 2, current_ns, label, FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED); if (len < 0) { aa_put_ns(current_ns); return len; return len; } } (*string)[len] = '\n'; (*string)[len + 1] = 0; aa_put_ns(current_ns); return len + 1; } /** /** * split_token_from_name - separate a string of form <token>^<name> * split_token_from_name - separate a string of form <token>^<name> * @op: operation being checked * @op: operation being checked Loading
John Johansen <john.johansen@canonical.com>John Johansen <john.johansen@canonical.com>