tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

apparmor: move the free_profile fn ahead of aa_alloc_profile

Move the free_profile fn ahead of aa_alloc_profile so it can be used
in aa_alloc_profile without a forward declaration.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>

John Johansen 4da05cc0 a4987857

+75 -75
+75 -75
security/apparmor/policy.c
··· 635 635 } 636 636 637 637 /** 638 - * aa_alloc_profile - allocate, initialize and return a new profile 639 - * @hname: name of the profile (NOT NULL) 640 - * 641 - * Returns: refcount profile or NULL on failure 642 - */ 643 - struct aa_profile *aa_alloc_profile(const char *hname) 644 - { 645 - struct aa_profile *profile; 646 - 647 - /* freed by free_profile - usually through aa_put_profile */ 648 - profile = kzalloc(sizeof(*profile), GFP_KERNEL); 649 - if (!profile) 650 - return NULL; 651 - 652 - if (!policy_init(&profile->base, NULL, hname)) { 653 - kzfree(profile); 654 - return NULL; 655 - } 656 - 657 - /* refcount released by caller */ 658 - return profile; 659 - } 660 - 661 - /** 662 - * aa_new_null_profile - create a new null-X learning profile 663 - * @parent: profile that caused this profile to be created (NOT NULL) 664 - * @hat: true if the null- learning profile is a hat 665 - * 666 - * Create a null- complain mode profile used in learning mode. The name of 667 - * the profile is unique and follows the format of parent//null-<uniq>. 668 - * 669 - * null profiles are added to the profile list but the list does not 670 - * hold a count on them so that they are automatically released when 671 - * not in use. 672 - * 673 - * Returns: new refcounted profile else NULL on failure 674 - */ 675 - struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat) 676 - { 677 - struct aa_profile *profile = NULL; 678 - char *name; 679 - int uniq = atomic_inc_return(&parent->ns->uniq_null); 680 - 681 - /* freed below */ 682 - name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL); 683 - if (!name) 684 - goto fail; 685 - sprintf(name, "%s//null-%x", parent->base.hname, uniq); 686 - 687 - profile = aa_alloc_profile(name); 688 - kfree(name); 689 - if (!profile) 690 - goto fail; 691 - 692 - profile->mode = APPARMOR_COMPLAIN; 693 - profile->flags = PFLAG_NULL; 694 - if (hat) 695 - profile->flags |= PFLAG_HAT; 696 - 697 - /* released on free_profile */ 698 - profile->parent = aa_get_profile(parent); 699 - profile->ns = aa_get_namespace(parent->ns); 700 - 701 - write_lock(&profile->ns->lock); 702 - __list_add_profile(&parent->base.profiles, profile); 703 - write_unlock(&profile->ns->lock); 704 - 705 - /* refcount released by caller */ 706 - return profile; 707 - 708 - fail: 709 - return NULL; 710 - } 711 - 712 - /** 713 638 * free_profile - free a profile 714 639 * @profile: the profile to free (MAYBE NULL) 715 640 * ··· 709 784 base.count); 710 785 711 786 free_profile(p); 787 + } 788 + 789 + /** 790 + * aa_alloc_profile - allocate, initialize and return a new profile 791 + * @hname: name of the profile (NOT NULL) 792 + * 793 + * Returns: refcount profile or NULL on failure 794 + */ 795 + struct aa_profile *aa_alloc_profile(const char *hname) 796 + { 797 + struct aa_profile *profile; 798 + 799 + /* freed by free_profile - usually through aa_put_profile */ 800 + profile = kzalloc(sizeof(*profile), GFP_KERNEL); 801 + if (!profile) 802 + return NULL; 803 + 804 + if (!policy_init(&profile->base, NULL, hname)) { 805 + kzfree(profile); 806 + return NULL; 807 + } 808 + 809 + /* refcount released by caller */ 810 + return profile; 811 + } 812 + 813 + /** 814 + * aa_new_null_profile - create a new null-X learning profile 815 + * @parent: profile that caused this profile to be created (NOT NULL) 816 + * @hat: true if the null- learning profile is a hat 817 + * 818 + * Create a null- complain mode profile used in learning mode. The name of 819 + * the profile is unique and follows the format of parent//null-<uniq>. 820 + * 821 + * null profiles are added to the profile list but the list does not 822 + * hold a count on them so that they are automatically released when 823 + * not in use. 824 + * 825 + * Returns: new refcounted profile else NULL on failure 826 + */ 827 + struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat) 828 + { 829 + struct aa_profile *profile = NULL; 830 + char *name; 831 + int uniq = atomic_inc_return(&parent->ns->uniq_null); 832 + 833 + /* freed below */ 834 + name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL); 835 + if (!name) 836 + goto fail; 837 + sprintf(name, "%s//null-%x", parent->base.hname, uniq); 838 + 839 + profile = aa_alloc_profile(name); 840 + kfree(name); 841 + if (!profile) 842 + goto fail; 843 + 844 + profile->mode = APPARMOR_COMPLAIN; 845 + profile->flags = PFLAG_NULL; 846 + if (hat) 847 + profile->flags |= PFLAG_HAT; 848 + 849 + /* released on free_profile */ 850 + profile->parent = aa_get_profile(parent); 851 + profile->ns = aa_get_namespace(parent->ns); 852 + 853 + write_lock(&profile->ns->lock); 854 + __list_add_profile(&parent->base.profiles, profile); 855 + write_unlock(&profile->ns->lock); 856 + 857 + /* refcount released by caller */ 858 + return profile; 859 + 860 + fail: 861 + return NULL; 712 862 } 713 863 714 864 /* TODO: profile accounting - setup in remove */