Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: switch signal mediation to use RULE_MEDIATES
Currently signal mediation is using a hard coded form of the
RULE_MEDIATES check. This hides the intended semantics, and means this
specific check won't pickup any changes or improvements made in the
RULE_MEDIATES check. Switch to using RULE_MEDIATES().
Signed-off-by: John Johansen <john.johansen@canonical.com>
+5
-5
+5
-5
security/apparmor/ipc.c
+5
-5
security/apparmor/ipc.c
···
85
85
struct aa_perms perms;
86
86
aa_state_t state;
87
87
88
-
if (profile_unconfined(profile) ||
89
-
!ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL))
88
+
if (profile_unconfined(profile))
90
89
return 0;
91
90
92
91
ad->subj_cred = cred;
93
92
ad->peer = peer;
94
93
/* TODO: secondary cache check <profile, profile, perm> */
95
-
state = aa_dfa_next(rules->policy->dfa,
96
-
rules->policy->start[AA_CLASS_SIGNAL],
97
-
ad->signal);
94
+
state = RULE_MEDIATES(rules, AA_CLASS_SIGNAL);
95
+
if (!state)
96
+
return 0;
97
+
state = aa_dfa_next(rules->policy->dfa, state, ad->signal);
98
98
aa_label_match(profile, rules, peer, state, false, request, &perms);
99
99
aa_apply_modes_to_perms(profile, &perms);
100
100
return aa_check_perms(profile, &perms, request, ad, audit_signal_cb);