Commit f76c7250 authored by John Johansen's avatar John Johansen Committed by Thadeu Lima de Souza Cascardo

UBUNTU: SAUCE: apparmor: fix replacement race in reading rawdata

The reading of rawdata is subject to a replacement race when the
rawdata is read in chunks smaller than the data size.

For each read the profile proxy is rechecked for the newest profile;
Which means if a profile is replaced between reads later chunks will
contain data from the new version of the profile while the earlier
reads will contain data from the previous version. This can result in
data that is inconsistent and corrupt.

Instead of rechecking for the current profile at each read. Get the
current profile at the time of the open and use the rawdata of the
profile for the lifetime that the file handle is open.

BugLink: http://bugs.launchpad.net/bugs/1638996Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarTim Gardner <tim.gardner@canonical.com>
Acked-by: default avatarBrad Figg <brad.figg@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
parent e6a5ccb5
...@@ -766,7 +766,7 @@ static const struct file_operations aa_fs_ns_name = { ...@@ -766,7 +766,7 @@ static const struct file_operations aa_fs_ns_name = {
static int rawdata_release(struct inode *inode, struct file *file) static int rawdata_release(struct inode *inode, struct file *file)
{ {
/* TODO: switch to loaddata when profile switched to symlink */ /* TODO: switch to loaddata when profile switched to symlink */
aa_put_proxy(file->private_data); aa_put_loaddata(file->private_data);
return 0; return 0;
} }
...@@ -832,22 +832,24 @@ static const struct file_operations aa_fs_seq_raw_hash_fops = { ...@@ -832,22 +832,24 @@ static const struct file_operations aa_fs_seq_raw_hash_fops = {
static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size, static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
loff_t *ppos) loff_t *ppos)
{ {
struct aa_proxy *proxy = file->private_data; struct aa_loaddata *rawdata = file->private_data;
struct aa_label *label = aa_get_label_rcu(&proxy->label);
struct aa_profile *profile = labels_profile(label);
ssize_t ret = simple_read_from_buffer(buf, size, ppos, profile->rawdata->data, profile->rawdata->size); return simple_read_from_buffer(buf, size, ppos, rawdata->data,
aa_put_label(label); rawdata->size);
return ret;
} }
static int rawdata_open(struct inode *inode, struct file *file) static int rawdata_open(struct inode *inode, struct file *file)
{ {
struct aa_proxy *proxy = inode->i_private;
struct aa_label *label;
struct aa_profile *profile;
if (!policy_view_capable(NULL)) if (!policy_view_capable(NULL))
return -EACCES; return -EACCES;
label = aa_get_label_rcu(&proxy->label);
file->private_data = aa_get_proxy(inode->i_private); profile = labels_profile(label);
file->private_data = aa_get_loaddata(profile->rawdata);
aa_put_label(label);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment