Revert "UBUNTU: SAUCE: apparmor: Fix: query label file permission"

BugLink: http://bugs.launchpad.net/bugs/1379535 This reverts commit 07e05b2781aa973f95f31d7cb7789a986ddc9583. Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

Revert "UBUNTU: SAUCE: apparmor: Fix: query label file permission"
BugLink: http://bugs.launchpad.net/bugs/1379535 This reverts commit 07e05b2781aa973f95f31d7cb7789a986ddc9583. Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
d918ada2 · John Johansen · Tim Gardner · 0640a0d9 · d918ada2 · d918ada2
Commit d918ada2 authored Mar 18, 2016 by John Johansen Committed by Tim Gardner Apr 06, 2016
Showing with 8 additions and 20 deletions

security/apparmor/apparmorfs.c security/apparmor/apparmorfs.c +4 -14

security/apparmor/file.c security/apparmor/file.c +4 -4

security/apparmor/include/file.h security/apparmor/include/file.h +0 -2

No files found.
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -250,27 +250,17 @@ static ssize_t query_label(char *buf, size_t buf_len,
 			dfa = profile->file.dfa;
 			state = aa_dfa_match_len(dfa, profile->file.start,
 						 match_str + 1, match_len - 1);
-			aa_perms_clear(&tmp);
-			if (state) {
-				struct file_perms fperms = { };
-				struct path_cond cond = { };
-				fperms = aa_compute_fperms(dfa, state, &cond);
-				tmp.allow = fperms.allow;
-				tmp.audit = fperms.audit;
-				tmp.quiet = fperms.quiet;
-				tmp.kill = fperms.kill;
-			}
 		} else if (profile->policy.dfa) {
 			if (!PROFILE_MEDIATES_SAFE(profile, *match_str))
 				continue;	/* no change to current perms */
 			dfa = profile->policy.dfa;
 			state = aa_dfa_match_len(dfa, profile->policy.start[0],
 						 match_str, match_len);
-			if (state)
-				aa_compute_perms(dfa, state, &tmp);
-			else
-				aa_perms_clear(&tmp);
 		}
+		if (state)
+			aa_compute_perms(dfa, state, &tmp);
+		else
+			aa_perms_clear(&tmp);
 		aa_apply_modes_to_perms(profile, &tmp);
 		aa_perms_accum_raw(&perms, &tmp);
 	}

--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -208,7 +208,7 @@ static u32 map_old_perms(u32 old)
 }
 /**
- * aa_compute_fperms - convert dfa compressed perms to internal perms
+ * compute_perms - convert dfa compressed perms to internal perms
 * @dfa: dfa to compute perms for   (NOT NULL)
 * @state: state in dfa
 * @cond:  conditions to consider  (NOT NULL)
@@ -218,8 +218,8 @@ static u32 map_old_perms(u32 old)
 *
 * Returns: computed permission set
 */
-struct file_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state,
+static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state,
-				    struct path_cond *cond)
+				       struct path_cond *cond)
 {
 	struct file_perms perms;
@@ -273,7 +273,7 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
 	}
 	state = aa_dfa_match(dfa, start, name);
-	*perms = aa_compute_fperms(dfa, state, cond);
+	*perms = compute_perms(dfa, state, cond);
 	return state;
 }

--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -204,8 +204,6 @@ struct aa_file_rules {
 	/* TODO: add delegate table */
 };
-struct file_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state,
-				    struct path_cond *cond);
 unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
 			  const char *name, struct path_cond *cond,
 			  struct file_perms *perms);