xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apparmor: allow specifying an already created dir to create ns entries in

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
John Johansen
2017-05-25 06:31:46 -07:00
parent c97204baf8
commit 98407f0a0d
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
security/apparmor/apparmorfs.c
View File

@@ -1339,11 +1339,12 @@ static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
/* /*
* Requires: @ns->lock held * Requires: @ns->lock held
*/ */
int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name) int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
struct dentry *dent)
{ {
struct aa_ns *sub; struct aa_ns *sub;
struct aa_profile *child; struct aa_profile *child;
struct dentry *dent, *dir; struct dentry *dir;
int error; int error;
AA_BUG(!ns); AA_BUG(!ns);
@@ -1373,7 +1374,7 @@ int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name)
/* subnamespaces */ /* subnamespaces */
list_for_each_entry(sub, &ns->sub_ns, base.list) { list_for_each_entry(sub, &ns->sub_ns, base.list) {
mutex_lock(&sub->lock); mutex_lock(&sub->lock);
error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL); error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
mutex_unlock(&sub->lock); mutex_unlock(&sub->lock);
if (error) if (error)
goto fail2; goto fail2;
@@ -1929,7 +1930,7 @@ static int __init aa_create_aafs(void)
ns_subremove(root_ns) = dent; ns_subremove(root_ns) = dent;
mutex_lock(&root_ns->lock); mutex_lock(&root_ns->lock);
error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy"); error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy", NULL);
mutex_unlock(&root_ns->lock); mutex_unlock(&root_ns->lock);
if (error) if (error)

4
security/apparmor/include/apparmorfs.h
View File

@@ -112,8 +112,8 @@ void __aafs_profile_migrate_dents(struct aa_profile *old,
struct aa_profile *new); struct aa_profile *new);
int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent); int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
void __aafs_ns_rmdir(struct aa_ns *ns); void __aafs_ns_rmdir(struct aa_ns *ns);
int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
const char *name); struct dentry *dent);
struct aa_loaddata; struct aa_loaddata;
void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata); void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata);

2
security/apparmor/policy_ns.c
View File

@@ -196,7 +196,7 @@ static struct aa_ns *__aa_create_ns(struct aa_ns *parent, const char *name,
if (!ns) if (!ns)
return NULL; return NULL;
mutex_lock(&ns->lock); mutex_lock(&ns->lock);
error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name); error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name, dir);
if (error) { if (error) {
AA_ERROR("Failed to create interface for ns %s\n", AA_ERROR("Failed to create interface for ns %s\n",
ns->base.name); ns->base.name);