apparmor: switch getprocattr to using label_print fns()

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

apparmor: switch getprocattr to using label_print fns()

Signed-off-by: John Johansen <john.johansen@canonical.com>

John Johansen 8 years ago 76a1d263 637f688d

+31 -41

3 changed files

expand all

security

apparmor

include

procattr.h

lsm.c

procattr.c

+1 -1

security/apparmor/include/procattr.h

··· 15 15 #ifndef __AA_PROCATTR_H 16 16 #define __AA_PROCATTR_H 17 17 18 - int aa_getprocattr(struct aa_profile *profile, char **string); 18 + int aa_getprocattr(struct aa_label *label, char **string); 19 19 int aa_setprocattr_changehat(char *args, size_t size, int flags); 20 20 21 21 #endif /* __AA_PROCATTR_H */

+1 -1

security/apparmor/lsm.c

··· 522 522 error = -EINVAL; 523 523 524 524 if (label) 525 - error = aa_getprocattr(labels_profile(label), value); 525 + error = aa_getprocattr(label, value); 526 526 527 527 aa_put_label(label); 528 528 put_cred(cred);

+29 -39

security/apparmor/procattr.c

··· 34 34 * 35 35 * Returns: size of string placed in @string else error code on failure 36 36 */ 37 - int aa_getprocattr(struct aa_profile *profile, char **string) 37 + int aa_getprocattr(struct aa_label *label, char **string) 38 38 { 39 - char *str; 40 - int len = 0, mode_len = 0, ns_len = 0, name_len; 41 - const char *mode_str = aa_profile_mode_names[profile->mode]; 42 - const char *ns_name = NULL; 43 - struct aa_ns *ns = profile->ns; 39 + struct aa_ns *ns = labels_ns(label); 44 40 struct aa_ns *current_ns = aa_get_current_ns(); 45 - char *s; 41 + int len; 46 42 47 - if (!aa_ns_visible(current_ns, ns, true)) 43 + if (!aa_ns_visible(current_ns, ns, true)) { 44 + aa_put_ns(current_ns); 48 45 return -EACCES; 49 - 50 - ns_name = aa_ns_name(current_ns, ns, true); 51 - ns_len = strlen(ns_name); 52 - 53 - /* if the visible ns_name is > 0 increase size for : :// seperator */ 54 - if (ns_len) 55 - ns_len += 4; 56 - 57 - /* unconfined profiles don't have a mode string appended */ 58 - if (!profile_unconfined(profile)) 59 - mode_len = strlen(mode_str) + 3; /* + 3 for _() */ 60 - 61 - name_len = strlen(profile->base.hname); 62 - len = mode_len + ns_len + name_len + 1; /* + 1 for \n */ 63 - s = str = kmalloc(len + 1, GFP_KERNEL); /* + 1 \0 */ 64 - if (!str) 65 - return -ENOMEM; 66 - 67 - if (ns_len) { 68 - /* skip over prefix current_ns->base.hname and separating // */ 69 - sprintf(s, ":%s://", ns_name); 70 - s += ns_len; 71 46 } 72 - if (profile_unconfined(profile)) 73 - /* mode string not being appended */ 74 - sprintf(s, "%s\n", profile->base.hname); 75 - else 76 - sprintf(s, "%s (%s)\n", profile->base.hname, mode_str); 77 - *string = str; 78 - aa_put_ns(current_ns); 79 47 80 - /* NOTE: len does not include \0 of string, not saved as part of file */ 81 - return len; 48 + len = aa_label_snxprint(NULL, 0, current_ns, label, 49 + FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | 50 + FLAG_HIDDEN_UNCONFINED); 51 + AA_BUG(len < 0); 52 + 53 + *string = kmalloc(len + 2, GFP_KERNEL); 54 + if (!*string) { 55 + aa_put_ns(current_ns); 56 + return -ENOMEM; 57 + } 58 + 59 + len = aa_label_snxprint(*string, len + 2, current_ns, label, 60 + FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | 61 + FLAG_HIDDEN_UNCONFINED); 62 + if (len < 0) { 63 + aa_put_ns(current_ns); 64 + return len; 65 + } 66 + 67 + (*string)[len] = '\n'; 68 + (*string)[len + 1] = 0; 69 + 70 + aa_put_ns(current_ns); 71 + return len + 1; 82 72 } 83 73 84 74 /**