mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-14 11:11:22 -04:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: cleanup: attachment perm lookup to use lookup_perms()

Browse Source 
Remove another case of code duplications. Switch to using the generic
routine instead of the current custom checks.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2022-11-16 22:17:09 -08:00
parent 71e6cff3e0
commit 280799f724
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
security/apparmor/domain.c
View File

@@ -323,7 +323,7 @@ static int aa_xattrs_match(const struct linux_binprm *bprm,
size = vfs_getxattr_alloc(&nop_mnt_idmap, d, attach->xattrs[i],
&value, value_size, GFP_KERNEL);
if (size >= 0) {
u32 index, perm;
struct aa_perms *perms;
/*
* Check the xattr presence before value. This ensure
@@ -335,9 +335,8 @@ static int aa_xattrs_match(const struct linux_binprm *bprm,
/* Check xattr value */
state = aa_dfa_match_len(attach->xmatch->dfa, state,
value, size);
index = ACCEPT_TABLE(attach->xmatch->dfa)[state];
perm = attach->xmatch->perms[index].allow;
if (!(perm & MAY_EXEC)) {
perms = aa_lookup_perms(attach->xmatch, state);
if (!(perms->allow & MAY_EXEC)) {
ret = -EINVAL;
goto out;
}
@@ -415,15 +414,14 @@ static struct aa_label *find_attach(const struct linux_binprm *bprm,
if (attach->xmatch->dfa) {
unsigned int count;
aa_state_t state;
u32 index, perm;
struct aa_perms *perms;
state = aa_dfa_leftmatch(attach->xmatch->dfa,
attach->xmatch->start[AA_CLASS_XMATCH],
name, &count);
index = ACCEPT_TABLE(attach->xmatch->dfa)[state];
perm = attach->xmatch->perms[index].allow;
perms = aa_lookup_perms(attach->xmatch, state);
/* any accepting state means a valid match. */
if (perm & MAY_EXEC) {
if (perms->allow & MAY_EXEC) {
int ret = 0;
if (count < candidate_len)