tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'apparmor-pr-2020-06-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor

Pull apparmor updates from John Johansen:
"Features:
- Replace zero-length array with flexible-array
- add a valid state flags check
- add consistency check between state and dfa diff encode flags
- add apparmor subdir to proc attr interface
- fail unpack if profile mode is unknown
- add outofband transition and use it in xattr match
- ensure that dfa state tables have entries

Cleanups:
- Use true and false for bool variable
- Remove semicolon
- Clean code by removing redundant instructions
- Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint()
- remove duplicate check of xattrs on profile attachment
- remove useless aafs_create_symlink

Bug fixes:
- Fix memory leak of profile proxy
- fix introspection of of task mode for unconfined tasks
- fix nnp subset test for unconfined
- check/put label on apparmor_sk_clone_security()"

* tag 'apparmor-pr-2020-06-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: Fix memory leak of profile proxy
apparmor: fix introspection of of task mode for unconfined tasks
apparmor: check/put label on apparmor_sk_clone_security()
apparmor: Use true and false for bool variable
security/apparmor/label.c: Clean code by removing redundant instructions
apparmor: Replace zero-length array with flexible-array
apparmor: ensure that dfa state tables have entries
apparmor: remove duplicate check of xattrs on profile attachment.
apparmor: add outofband transition and use it in xattr match
apparmor: fail unpack if profile mode is unknown
apparmor: fix nnp subset test for unconfined
apparmor: remove useless aafs_create_symlink
apparmor: add proc subdir to attrs
apparmor: add consistency check between state and dfa diff encode flags
apparmor: add a valid state flags check
AppArmor: Remove semicolon
apparmor: Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint()

Linus Torvalds a2b44706 8b8c704d

+198 -119
+13
fs/proc/base.c
··· 2778 2778 LSM_DIR_OPS(smack); 2779 2779 #endif 2780 2780 2781 + #ifdef CONFIG_SECURITY_APPARMOR 2782 + static const struct pid_entry apparmor_attr_dir_stuff[] = { 2783 + ATTR("apparmor", "current", 0666), 2784 + ATTR("apparmor", "prev", 0444), 2785 + ATTR("apparmor", "exec", 0666), 2786 + }; 2787 + LSM_DIR_OPS(apparmor); 2788 + #endif 2789 + 2781 2790 static const struct pid_entry attr_dir_stuff[] = { 2782 2791 ATTR(NULL, "current", 0666), 2783 2792 ATTR(NULL, "prev", 0444), ··· 2797 2788 #ifdef CONFIG_SECURITY_SMACK 2798 2789 DIR("smack", 0555, 2799 2790 proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops), 2791 + #endif 2792 + #ifdef CONFIG_SECURITY_APPARMOR 2793 + DIR("apparmor", 0555, 2794 + proc_apparmor_attr_dir_inode_ops, proc_apparmor_attr_dir_ops), 2800 2795 #endif 2801 2796 }; 2802 2797
+13 -43
security/apparmor/apparmorfs.c
··· 341 341 } 342 342 343 343 /** 344 - * aafs_create_symlink - create a symlink in the apparmorfs filesystem 345 - * @name: name of dentry to create 346 - * @parent: parent directory for this dentry 347 - * @target: if symlink, symlink target string 348 - * @private: private data 349 - * @iops: struct of inode_operations that should be used 350 - * 351 - * If @target parameter is %NULL, then the @iops parameter needs to be 352 - * setup to handle .readlink and .get_link inode_operations. 353 - */ 354 - static struct dentry *aafs_create_symlink(const char *name, 355 - struct dentry *parent, 356 - const char *target, 357 - void *private, 358 - const struct inode_operations *iops) 359 - { 360 - struct dentry *dent; 361 - char *link = NULL; 362 - 363 - if (target) { 364 - if (!link) 365 - return ERR_PTR(-ENOMEM); 366 - } 367 - dent = aafs_create(name, S_IFLNK | 0444, parent, private, link, NULL, 368 - iops); 369 - if (IS_ERR(dent)) 370 - kfree(link); 371 - 372 - return dent; 373 - } 374 - 375 - /** 376 344 * aafs_remove - removes a file or directory from the apparmorfs filesystem 377 345 * 378 346 * @dentry: dentry of the file/directory/symlink to removed. ··· 592 624 593 625 void __aa_bump_ns_revision(struct aa_ns *ns) 594 626 { 595 - WRITE_ONCE(ns->revision, ns->revision + 1); 627 + WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1); 596 628 wake_up_interruptible(&ns->wait); 597 629 } 598 630 ··· 808 840 struct multi_transaction { 809 841 struct kref count; 810 842 ssize_t size; 811 - char data[0]; 843 + char data[]; 812 844 }; 813 845 814 846 #define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction)) ··· 1731 1763 } 1732 1764 1733 1765 if (profile->rawdata) { 1734 - dent = aafs_create_symlink("raw_sha1", dir, NULL, 1735 - profile->label.proxy, 1736 - &rawdata_link_sha1_iops); 1766 + dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, 1767 + profile->label.proxy, NULL, NULL, 1768 + &rawdata_link_sha1_iops); 1737 1769 if (IS_ERR(dent)) 1738 1770 goto fail; 1739 1771 aa_get_proxy(profile->label.proxy); 1740 1772 profile->dents[AAFS_PROF_RAW_HASH] = dent; 1741 1773 1742 - dent = aafs_create_symlink("raw_abi", dir, NULL, 1743 - profile->label.proxy, 1744 - &rawdata_link_abi_iops); 1774 + dent = aafs_create("raw_abi", S_IFLNK | 0444, dir, 1775 + profile->label.proxy, NULL, NULL, 1776 + &rawdata_link_abi_iops); 1745 1777 if (IS_ERR(dent)) 1746 1778 goto fail; 1747 1779 aa_get_proxy(profile->label.proxy); 1748 1780 profile->dents[AAFS_PROF_RAW_ABI] = dent; 1749 1781 1750 - dent = aafs_create_symlink("raw_data", dir, NULL, 1751 - profile->label.proxy, 1752 - &rawdata_link_data_iops); 1782 + dent = aafs_create("raw_data", S_IFLNK | 0444, dir, 1783 + profile->label.proxy, NULL, NULL, 1784 + &rawdata_link_data_iops); 1753 1785 if (IS_ERR(dent)) 1754 1786 goto fail; 1755 1787 aa_get_proxy(profile->label.proxy); ··· 2332 2364 static struct aa_sfs_entry aa_sfs_entry_policy[] = { 2333 2365 AA_SFS_DIR("versions", aa_sfs_entry_versions), 2334 2366 AA_SFS_FILE_BOOLEAN("set_load", 1), 2367 + /* number of out of band transitions supported */ 2368 + AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED), 2335 2369 { } 2336 2370 }; 2337 2371
+14 -25
security/apparmor/domain.c
··· 320 320 might_sleep(); 321 321 322 322 /* transition from exec match to xattr set */ 323 - state = aa_dfa_null_transition(profile->xmatch, state); 324 - 323 + state = aa_dfa_outofband_transition(profile->xmatch, state); 325 324 d = bprm->file->f_path.dentry; 326 325 327 326 for (i = 0; i < profile->xattr_count; i++) { ··· 329 330 if (size >= 0) { 330 331 u32 perm; 331 332 332 - /* Check the xattr value, not just presence */ 333 + /* 334 + * Check the xattr presence before value. This ensure 335 + * that not present xattr can be distinguished from a 0 336 + * length value or rule that matches any value 337 + */ 338 + state = aa_dfa_null_transition(profile->xmatch, state); 339 + /* Check xattr value */ 333 340 state = aa_dfa_match_len(profile->xmatch, state, value, 334 341 size); 335 342 perm = dfa_user_allow(profile->xmatch, state); ··· 345 340 } 346 341 } 347 342 /* transition to next element */ 348 - state = aa_dfa_null_transition(profile->xmatch, state); 343 + state = aa_dfa_outofband_transition(profile->xmatch, state); 349 344 if (size < 0) { 350 345 /* 351 346 * No xattr match, so verify if transition to ··· 625 620 bool *secure_exec) 626 621 { 627 622 struct aa_label *new = NULL; 628 - struct aa_profile *component; 629 - struct label_it i; 630 623 const char *info = NULL, *name = NULL, *target = NULL; 631 624 unsigned int state = profile->file.start; 632 625 struct aa_perms perms = {}; ··· 673 670 info = "profile transition not found"; 674 671 /* remove MAY_EXEC to audit as failure */ 675 672 perms.allow &= ~MAY_EXEC; 676 - } else { 677 - /* verify that each component's xattr requirements are 678 - * met, and fail execution otherwise 679 - */ 680 - label_for_each(i, new, component) { 681 - if (aa_xattrs_match(bprm, component, state) < 682 - 0) { 683 - error = -EACCES; 684 - info = "required xattrs not present"; 685 - perms.allow &= ~MAY_EXEC; 686 - aa_put_label(new); 687 - new = NULL; 688 - goto audit; 689 - } 690 - } 691 673 } 692 674 } else if (COMPLAIN_MODE(profile)) { 693 675 /* no exec permission - learning mode */ ··· 914 926 * aways results in a further reduction of permissions. 915 927 */ 916 928 if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) && 917 - !unconfined(label) && !aa_label_is_subset(new, ctx->nnp)) { 929 + !unconfined(label) && 930 + !aa_label_is_unconfined_subset(new, ctx->nnp)) { 918 931 error = -EPERM; 919 932 info = "no new privs"; 920 933 goto audit; ··· 1193 1204 * reduce restrictions. 1194 1205 */ 1195 1206 if (task_no_new_privs(current) && !unconfined(label) && 1196 - !aa_label_is_subset(new, ctx->nnp)) { 1207 + !aa_label_is_unconfined_subset(new, ctx->nnp)) { 1197 1208 /* not an apparmor denial per se, so don't log it */ 1198 1209 AA_DEBUG("no_new_privs - change_hat denied"); 1199 1210 error = -EPERM; ··· 1214 1225 * reduce restrictions. 1215 1226 */ 1216 1227 if (task_no_new_privs(current) && !unconfined(label) && 1217 - !aa_label_is_subset(previous, ctx->nnp)) { 1228 + !aa_label_is_unconfined_subset(previous, ctx->nnp)) { 1218 1229 /* not an apparmor denial per se, so don't log it */ 1219 1230 AA_DEBUG("no_new_privs - change_hat denied"); 1220 1231 error = -EPERM; ··· 1409 1420 * reduce restrictions. 1410 1421 */ 1411 1422 if (task_no_new_privs(current) && !unconfined(label) && 1412 - !aa_label_is_subset(new, ctx->nnp)) { 1423 + !aa_label_is_unconfined_subset(new, ctx->nnp)) { 1413 1424 /* not an apparmor denial per se, so don't log it */ 1414 1425 AA_DEBUG("no_new_privs - change_hat denied"); 1415 1426 error = -EPERM;
+6 -6
security/apparmor/file.c
··· 154 154 * is_deleted - test if a file has been completely unlinked 155 155 * @dentry: dentry of file to test for deletion (NOT NULL) 156 156 * 157 - * Returns: %1 if deleted else %0 157 + * Returns: true if deleted else false 158 158 */ 159 159 static inline bool is_deleted(struct dentry *dentry) 160 160 { 161 161 if (d_unlinked(dentry) && d_backing_inode(dentry)->i_nlink == 0) 162 - return 1; 163 - return 0; 162 + return true; 163 + return false; 164 164 } 165 165 166 166 static int path_name(const char *op, struct aa_label *label, ··· 353 353 * this is done as part of the subset test, where a hardlink must have 354 354 * a subset of permissions that the target has. 355 355 * 356 - * Returns: %1 if subset else %0 356 + * Returns: true if subset else false 357 357 */ 358 358 static inline bool xindex_is_subset(u32 link, u32 target) 359 359 { 360 360 if (((link & ~AA_X_UNSAFE) != (target & ~AA_X_UNSAFE)) || 361 361 ((link & AA_X_UNSAFE) && !(target & AA_X_UNSAFE))) 362 - return 0; 362 + return false; 363 363 364 - return 1; 364 + return true; 365 365 } 366 366 367 367 static int profile_path_link(struct aa_profile *profile,
+2
security/apparmor/include/label.h
··· 275 275 void aa_labelset_init(struct aa_labelset *ls); 276 276 void __aa_labelset_update_subtree(struct aa_ns *ns); 277 277 278 + void aa_label_destroy(struct aa_label *label); 278 279 void aa_label_free(struct aa_label *label); 279 280 void aa_label_kref(struct kref *kref); 280 281 bool aa_label_init(struct aa_label *label, int size, gfp_t gfp); 281 282 struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp); 282 283 283 284 bool aa_label_is_subset(struct aa_label *set, struct aa_label *sub); 285 + bool aa_label_is_unconfined_subset(struct aa_label *set, struct aa_label *sub); 284 286 struct aa_profile *__aa_label_next_not_in_set(struct label_it *I, 285 287 struct aa_label *set, 286 288 struct aa_label *sub);
+11
security/apparmor/include/match.h
··· 37 37 38 38 #define YYTH_MAGIC 0x1B5E783D 39 39 #define YYTH_FLAG_DIFF_ENCODE 1 40 + #define YYTH_FLAG_OOB_TRANS 2 41 + #define YYTH_FLAGS (YYTH_FLAG_DIFF_ENCODE | YYTH_FLAG_OOB_TRANS) 42 + 43 + #define MAX_OOB_SUPPORTED 1 40 44 41 45 struct table_set_header { 42 46 u32 th_magic; /* YYTH_MAGIC */ ··· 98 94 struct aa_dfa { 99 95 struct kref count; 100 96 u16 flags; 97 + u32 max_oob; 101 98 struct table_header *tables[YYTD_ID_TSIZE]; 102 99 }; 103 100 ··· 132 127 const char *str); 133 128 unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state, 134 129 const char c); 130 + unsigned int aa_dfa_outofband_transition(struct aa_dfa *dfa, 131 + unsigned int state); 135 132 unsigned int aa_dfa_match_until(struct aa_dfa *dfa, unsigned int start, 136 133 const char *str, const char **retpos); 137 134 unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start, ··· 188 181 189 182 #define MATCH_FLAG_DIFF_ENCODE 0x80000000 190 183 #define MARK_DIFF_ENCODE 0x40000000 184 + #define MATCH_FLAG_OOB_TRANSITION 0x20000000 185 + #define MATCH_FLAGS_MASK 0xff000000 186 + #define MATCH_FLAGS_VALID (MATCH_FLAG_DIFF_ENCODE | MATCH_FLAG_OOB_TRANSITION) 187 + #define MATCH_FLAGS_INVALID (MATCH_FLAGS_MASK & ~MATCH_FLAGS_VALID) 191 188 192 189 #endif /* __AA_MATCH_H */
+44 -16
security/apparmor/label.c
··· 309 309 } 310 310 311 311 312 - static void label_destroy(struct aa_label *label) 312 + void aa_label_destroy(struct aa_label *label) 313 313 { 314 - struct aa_label *tmp; 315 - 316 314 AA_BUG(!label); 317 315 318 316 if (!label_isprofile(label)) { ··· 326 328 } 327 329 } 328 330 329 - if (rcu_dereference_protected(label->proxy->label, true) == label) 330 - rcu_assign_pointer(label->proxy->label, NULL); 331 - 331 + if (label->proxy) { 332 + if (rcu_dereference_protected(label->proxy->label, true) == label) 333 + rcu_assign_pointer(label->proxy->label, NULL); 334 + aa_put_proxy(label->proxy); 335 + } 332 336 aa_free_secid(label->secid); 333 337 334 - tmp = rcu_dereference_protected(label->proxy->label, true); 335 - if (tmp == label) 336 - rcu_assign_pointer(label->proxy->label, NULL); 337 - 338 - aa_put_proxy(label->proxy); 339 338 label->proxy = (struct aa_proxy *) PROXY_POISON + 1; 340 339 } 341 340 ··· 341 346 if (!label) 342 347 return; 343 348 344 - label_destroy(label); 349 + aa_label_destroy(label); 345 350 kfree(label); 346 351 } 347 352 ··· 545 550 return __aa_label_next_not_in_set(&i, set, sub) == NULL; 546 551 } 547 552 553 + /** 554 + * aa_label_is_unconfined_subset - test if @sub is a subset of @set 555 + * @set: label to test against 556 + * @sub: label to test if is subset of @set 557 + * 558 + * This checks for subset but taking into account unconfined. IF 559 + * @sub contains an unconfined profile that does not have a matching 560 + * unconfined in @set then this will not cause the test to fail. 561 + * Conversely we don't care about an unconfined in @set that is not in 562 + * @sub 563 + * 564 + * Returns: true if @sub is special_subset of @set 565 + * else false 566 + */ 567 + bool aa_label_is_unconfined_subset(struct aa_label *set, struct aa_label *sub) 568 + { 569 + struct label_it i = { }; 570 + struct aa_profile *p; 571 + 572 + AA_BUG(!set); 573 + AA_BUG(!sub); 574 + 575 + if (sub == set) 576 + return true; 577 + 578 + do { 579 + p = __aa_label_next_not_in_set(&i, set, sub); 580 + if (p && !profile_unconfined(p)) 581 + break; 582 + } while (p); 583 + 584 + return p == NULL; 585 + } 548 586 549 587 550 588 /** ··· 1559 1531 1560 1532 label_for_each(i, label, profile) { 1561 1533 if (aa_ns_visible(ns, profile->ns, flags & FLAG_VIEW_SUBNS)) { 1562 - if (profile->mode == APPARMOR_UNCONFINED) 1534 + count++; 1535 + if (profile == profile->ns->unconfined) 1563 1536 /* special case unconfined so stacks with 1564 1537 * unconfined don't report as mixed. ie. 1565 1538 * profile_foo//&:ns1:unconfined (mixed) 1566 1539 */ 1567 1540 continue; 1568 - count++; 1569 1541 if (mode == -1) 1570 1542 mode = profile->mode; 1571 1543 else if (mode != profile->mode) ··· 1777 1749 AA_DEBUG("label print error"); 1778 1750 return; 1779 1751 } 1780 - seq_printf(f, "%s", str); 1752 + seq_puts(f, str); 1781 1753 kfree(str); 1782 1754 } else if (display_mode(ns, label, flags)) 1783 1755 seq_printf(f, "%s (%s)", label->hname, 1784 1756 label_modename(ns, label, flags)); 1785 1757 else 1786 - seq_printf(f, "%s", label->hname); 1758 + seq_puts(f, label->hname); 1787 1759 } 1788 1760 1789 1761 void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
+5
security/apparmor/lsm.c
··· 804 804 struct aa_sk_ctx *ctx = SK_CTX(sk); 805 805 struct aa_sk_ctx *new = SK_CTX(newsk); 806 806 807 + if (new->label) 808 + aa_put_label(new->label); 807 809 new->label = aa_get_label(ctx->label); 810 + 811 + if (new->peer) 812 + aa_put_label(new->peer); 808 813 new->peer = aa_get_label(ctx->peer); 809 814 } 810 815
+57 -1
security/apparmor/match.c
··· 97 97 th.td_flags == YYTD_DATA8)) 98 98 goto out; 99 99 100 + /* if we have a table it must have some entries */ 101 + if (th.td_lolen == 0) 102 + goto out; 100 103 tsize = table_size(th.td_lolen, th.td_flags); 101 104 if (bsize < tsize) 102 105 goto out; ··· 201 198 202 199 state_count = dfa->tables[YYTD_ID_BASE]->td_lolen; 203 200 trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen; 201 + if (state_count == 0) 202 + goto out; 204 203 for (i = 0; i < state_count; i++) { 205 204 if (!(BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE) && 206 205 (DEFAULT_TABLE(dfa)[i] >= state_count)) 207 206 goto out; 207 + if (BASE_TABLE(dfa)[i] & MATCH_FLAGS_INVALID) { 208 + pr_err("AppArmor DFA state with invalid match flags"); 209 + goto out; 210 + } 211 + if ((BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE)) { 212 + if (!(dfa->flags & YYTH_FLAG_DIFF_ENCODE)) { 213 + pr_err("AppArmor DFA diff encoded transition state without header flag"); 214 + goto out; 215 + } 216 + } 217 + if ((BASE_TABLE(dfa)[i] & MATCH_FLAG_OOB_TRANSITION)) { 218 + if (base_idx(BASE_TABLE(dfa)[i]) < dfa->max_oob) { 219 + pr_err("AppArmor DFA out of bad transition out of range"); 220 + goto out; 221 + } 222 + if (!(dfa->flags & YYTH_FLAG_OOB_TRANS)) { 223 + pr_err("AppArmor DFA out of bad transition state without header flag"); 224 + goto out; 225 + } 226 + } 208 227 if (base_idx(BASE_TABLE(dfa)[i]) + 255 >= trans_count) { 209 228 pr_err("AppArmor DFA next/check upper bounds error\n"); 210 229 goto out; ··· 329 304 goto fail; 330 305 331 306 dfa->flags = ntohs(*(__be16 *) (data + 12)); 332 - if (dfa->flags != 0 && dfa->flags != YYTH_FLAG_DIFF_ENCODE) 307 + if (dfa->flags & ~(YYTH_FLAGS)) 333 308 goto fail; 309 + 310 + /* 311 + * TODO: needed for dfa to support more than 1 oob 312 + * if (dfa->flags & YYTH_FLAGS_OOB_TRANS) { 313 + * if (hsize < 16 + 4) 314 + * goto fail; 315 + * dfa->max_oob = ntol(*(__be32 *) (data + 16)); 316 + * if (dfa->max <= MAX_OOB_SUPPORTED) { 317 + * pr_err("AppArmor DFA OOB greater than supported\n"); 318 + * goto fail; 319 + * } 320 + * } 321 + */ 322 + dfa->max_oob = 1; 334 323 335 324 data += hsize; 336 325 size -= hsize; ··· 530 491 match_char(state, def, base, next, check, equiv[(u8) c]); 531 492 } else 532 493 match_char(state, def, base, next, check, (u8) c); 494 + 495 + return state; 496 + } 497 + 498 + unsigned int aa_dfa_outofband_transition(struct aa_dfa *dfa, unsigned int state) 499 + { 500 + u16 *def = DEFAULT_TABLE(dfa); 501 + u32 *base = BASE_TABLE(dfa); 502 + u16 *next = NEXT_TABLE(dfa); 503 + u16 *check = CHECK_TABLE(dfa); 504 + u32 b = (base)[(state)]; 505 + 506 + if (!(b & MATCH_FLAG_OOB_TRANSITION)) 507 + return DFA_NOMATCH; 508 + 509 + /* No Equivalence class remapping for outofband transitions */ 510 + match_char(state, def, base, next, check, -1); 533 511 534 512 return state; 535 513 }
+1 -1
security/apparmor/path.c
··· 142 142 error = PTR_ERR(res); 143 143 *name = buf; 144 144 goto out; 145 - }; 145 + } 146 146 } else if (!our_mnt(path->mnt)) 147 147 connected = 0; 148 148
+1
security/apparmor/policy.c
··· 242 242 243 243 kzfree(profile->hash); 244 244 aa_put_loaddata(profile->rawdata); 245 + aa_label_destroy(&profile->label); 245 246 246 247 kzfree(profile); 247 248 }
+31 -27
security/apparmor/policy_unpack.c
··· 243 243 static bool unpack_X(struct aa_ext *e, enum aa_code code) 244 244 { 245 245 if (!inbounds(e, 1)) 246 - return 0; 246 + return false; 247 247 if (*(u8 *) e->pos != code) 248 - return 0; 248 + return false; 249 249 e->pos++; 250 - return 1; 250 + return true; 251 251 } 252 252 253 253 /** ··· 261 261 * name element in the stream. If @name is NULL any name element will be 262 262 * skipped and only the typecode will be tested. 263 263 * 264 - * Returns 1 on success (both type code and name tests match) and the read 264 + * Returns true on success (both type code and name tests match) and the read 265 265 * head is advanced past the headers 266 266 * 267 - * Returns: 0 if either match fails, the read head does not move 267 + * Returns: false if either match fails, the read head does not move 268 268 */ 269 269 static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name) 270 270 { ··· 289 289 290 290 /* now check if type code matches */ 291 291 if (unpack_X(e, code)) 292 - return 1; 292 + return true; 293 293 294 294 fail: 295 295 e->pos = pos; 296 - return 0; 296 + return false; 297 297 } 298 298 299 299 static bool unpack_u8(struct aa_ext *e, u8 *data, const char *name) ··· 306 306 if (data) 307 307 *data = get_unaligned((u8 *)e->pos); 308 308 e->pos += sizeof(u8); 309 - return 1; 309 + return true; 310 310 } 311 311 312 312 fail: 313 313 e->pos = pos; 314 - return 0; 314 + return false; 315 315 } 316 316 317 317 static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) ··· 324 324 if (data) 325 325 *data = le32_to_cpu(get_unaligned((__le32 *) e->pos)); 326 326 e->pos += sizeof(u32); 327 - return 1; 327 + return true; 328 328 } 329 329 330 330 fail: 331 331 e->pos = pos; 332 - return 0; 332 + return false; 333 333 } 334 334 335 335 static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name) ··· 342 342 if (data) 343 343 *data = le64_to_cpu(get_unaligned((__le64 *) e->pos)); 344 344 e->pos += sizeof(u64); 345 - return 1; 345 + return true; 346 346 } 347 347 348 348 fail: 349 349 e->pos = pos; 350 - return 0; 350 + return false; 351 351 } 352 352 353 353 static size_t unpack_array(struct aa_ext *e, const char *name) ··· 472 472 * @e: serialized data extent information (NOT NULL) 473 473 * @profile: profile to add the accept table to (NOT NULL) 474 474 * 475 - * Returns: 1 if table successfully unpacked 475 + * Returns: true if table successfully unpacked 476 476 */ 477 477 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) 478 478 { ··· 535 535 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) 536 536 goto fail; 537 537 } 538 - return 1; 538 + return true; 539 539 540 540 fail: 541 541 aa_free_domain_entries(&profile->file.trans); 542 542 e->pos = saved_pos; 543 - return 0; 543 + return false; 544 544 } 545 545 546 546 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile) ··· 565 565 goto fail; 566 566 } 567 567 568 - return 1; 568 + return true; 569 569 570 570 fail: 571 571 e->pos = pos; 572 - return 0; 572 + return false; 573 573 } 574 574 575 575 static bool unpack_secmark(struct aa_ext *e, struct aa_profile *profile) ··· 601 601 goto fail; 602 602 } 603 603 604 - return 1; 604 + return true; 605 605 606 606 fail: 607 607 if (profile->secmark) { ··· 613 613 } 614 614 615 615 e->pos = pos; 616 - return 0; 616 + return false; 617 617 } 618 618 619 619 static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) ··· 643 643 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) 644 644 goto fail; 645 645 } 646 - return 1; 646 + return true; 647 647 648 648 fail: 649 649 e->pos = pos; 650 - return 0; 650 + return false; 651 651 } 652 652 653 653 static u32 strhash(const void *data, u32 len, u32 seed) ··· 748 748 goto fail; 749 749 if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG)) 750 750 profile->mode = APPARMOR_COMPLAIN; 751 + else if (tmp == PACKED_MODE_ENFORCE) 752 + profile->mode = APPARMOR_ENFORCE; 751 753 else if (tmp == PACKED_MODE_KILL) 752 754 profile->mode = APPARMOR_KILL; 753 755 else if (tmp == PACKED_MODE_UNCONFINED) 754 756 profile->mode = APPARMOR_UNCONFINED; 757 + else 758 + goto fail; 755 759 if (!unpack_u32(e, &tmp, NULL)) 756 760 goto fail; 757 761 if (tmp) ··· 994 990 xtype = xindex & AA_X_TYPE_MASK; 995 991 index = xindex & AA_X_INDEX_MASK; 996 992 if (xtype == AA_X_TABLE && index >= table_size) 997 - return 0; 998 - return 1; 993 + return false; 994 + return true; 999 995 } 1000 996 1001 997 /* verify dfa xindexes are in range of transition tables */ ··· 1004 1000 int i; 1005 1001 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { 1006 1002 if (!verify_xindex(dfa_user_xindex(dfa, i), table_size)) 1007 - return 0; 1003 + return false; 1008 1004 if (!verify_xindex(dfa_other_xindex(dfa, i), table_size)) 1009 - return 0; 1005 + return false; 1010 1006 } 1011 - return 1; 1007 + return true; 1012 1008 } 1013 1009 1014 1010 /**