Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
1741e9eb
Commit
1741e9eb
authored
Jan 16, 2017
by
John Johansen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apparmor: add strn version of lookup_profile fn
Signed-off-by:
John Johansen
<
john.johansen@canonical.com
>
parent
8399588a
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
27 additions
and
11 deletions
+27
-11
security/apparmor/include/policy.h
security/apparmor/include/policy.h
+2
-0
security/apparmor/policy.c
security/apparmor/policy.c
+25
-11
No files found.
security/apparmor/include/policy.h
View file @
1741e9eb
...
@@ -177,6 +177,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
...
@@ -177,6 +177,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
void
aa_free_profile
(
struct
aa_profile
*
profile
);
void
aa_free_profile
(
struct
aa_profile
*
profile
);
void
aa_free_profile_kref
(
struct
kref
*
kref
);
void
aa_free_profile_kref
(
struct
kref
*
kref
);
struct
aa_profile
*
aa_find_child
(
struct
aa_profile
*
parent
,
const
char
*
name
);
struct
aa_profile
*
aa_find_child
(
struct
aa_profile
*
parent
,
const
char
*
name
);
struct
aa_profile
*
aa_lookupn_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
,
size_t
n
);
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
struct
aa_profile
*
aa_match_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
struct
aa_profile
*
aa_match_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
...
...
security/apparmor/policy.c
View file @
1741e9eb
...
@@ -427,9 +427,10 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
...
@@ -427,9 +427,10 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
}
}
/**
/**
* __lookup_profile - lookup the profile matching @hname
* __lookup
n
_profile - lookup the profile matching @hname
* @base: base list to start looking up profile name from (NOT NULL)
* @base: base list to start looking up profile name from (NOT NULL)
* @hname: hierarchical profile name (NOT NULL)
* @hname: hierarchical profile name (NOT NULL)
* @n: length of @hname
*
*
* Requires: rcu_read_lock be held
* Requires: rcu_read_lock be held
*
*
...
@@ -437,53 +438,66 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
...
@@ -437,53 +438,66 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
*
*
* Do a relative name lookup, recursing through profile tree.
* Do a relative name lookup, recursing through profile tree.
*/
*/
static
struct
aa_profile
*
__lookup_profile
(
struct
aa_policy
*
base
,
static
struct
aa_profile
*
__lookup
n
_profile
(
struct
aa_policy
*
base
,
const
char
*
hname
)
const
char
*
hname
,
size_t
n
)
{
{
struct
aa_profile
*
profile
=
NULL
;
struct
aa_profile
*
profile
=
NULL
;
char
*
split
;
c
onst
c
har
*
split
;
for
(
split
=
strstr
(
hname
,
"//"
);
split
;)
{
for
(
split
=
strnstr
(
hname
,
"//"
,
n
);
split
;
split
=
strnstr
(
hname
,
"//"
,
n
))
{
profile
=
__strn_find_child
(
&
base
->
profiles
,
hname
,
profile
=
__strn_find_child
(
&
base
->
profiles
,
hname
,
split
-
hname
);
split
-
hname
);
if
(
!
profile
)
if
(
!
profile
)
return
NULL
;
return
NULL
;
base
=
&
profile
->
base
;
base
=
&
profile
->
base
;
n
-=
split
+
2
-
hname
;
hname
=
split
+
2
;
hname
=
split
+
2
;
split
=
strstr
(
hname
,
"//"
);
}
}
profile
=
__find_child
(
&
base
->
profiles
,
hname
);
if
(
n
)
return
__strn_find_child
(
&
base
->
profiles
,
hname
,
n
);
return
NULL
;
}
return
profile
;
static
struct
aa_profile
*
__lookup_profile
(
struct
aa_policy
*
base
,
const
char
*
hname
)
{
return
__lookupn_profile
(
base
,
hname
,
strlen
(
hname
));
}
}
/**
/**
* aa_lookup_profile - find a profile by its full or partial name
* aa_lookup_profile - find a profile by its full or partial name
* @ns: the namespace to start from (NOT NULL)
* @ns: the namespace to start from (NOT NULL)
* @hname: name to do lookup on. Does not contain namespace prefix (NOT NULL)
* @hname: name to do lookup on. Does not contain namespace prefix (NOT NULL)
* @n: size of @hname
*
*
* Returns: refcounted profile or NULL if not found
* Returns: refcounted profile or NULL if not found
*/
*/
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
)
struct
aa_profile
*
aa_lookupn_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
,
size_t
n
)
{
{
struct
aa_profile
*
profile
;
struct
aa_profile
*
profile
;
rcu_read_lock
();
rcu_read_lock
();
do
{
do
{
profile
=
__lookup
_profile
(
&
ns
->
base
,
hname
);
profile
=
__lookup
n_profile
(
&
ns
->
base
,
hname
,
n
);
}
while
(
profile
&&
!
aa_get_profile_not0
(
profile
));
}
while
(
profile
&&
!
aa_get_profile_not0
(
profile
));
rcu_read_unlock
();
rcu_read_unlock
();
/* the unconfined profile is not in the regular profile list */
/* the unconfined profile is not in the regular profile list */
if
(
!
profile
&&
str
cmp
(
hname
,
"unconfined"
)
==
0
)
if
(
!
profile
&&
str
ncmp
(
hname
,
"unconfined"
,
n
)
==
0
)
profile
=
aa_get_newest_profile
(
ns
->
unconfined
);
profile
=
aa_get_newest_profile
(
ns
->
unconfined
);
/* refcount released by caller */
/* refcount released by caller */
return
profile
;
return
profile
;
}
}
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
)
{
return
aa_lookupn_profile
(
ns
,
hname
,
strlen
(
hname
));
}
/**
/**
* replacement_allowed - test to see if replacement is allowed
* replacement_allowed - test to see if replacement is allowed
* @profile: profile to test if it can be replaced (MAYBE NULL)
* @profile: profile to test if it can be replaced (MAYBE NULL)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment