Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: cleanup: attachment perm lookup to use lookup_perms()
Remove another case of code duplications. Switch to using the generic
routine instead of the current custom checks.
Signed-off-by: John Johansen <john.johansen@canonical.com>
+6
-8
+6
-8
security/apparmor/domain.c
+6
-8
security/apparmor/domain.c
···
323
323
size = vfs_getxattr_alloc(&nop_mnt_idmap, d, attach->xattrs[i],
324
324
&value, value_size, GFP_KERNEL);
325
325
if (size >= 0) {
326
-
u32 index, perm;
326
+
struct aa_perms *perms;
327
327
328
328
/*
329
329
* Check the xattr presence before value. This ensure
···
335
335
/* Check xattr value */
336
336
state = aa_dfa_match_len(attach->xmatch->dfa, state,
337
337
value, size);
338
-
index = ACCEPT_TABLE(attach->xmatch->dfa)[state];
339
-
perm = attach->xmatch->perms[index].allow;
340
-
if (!(perm & MAY_EXEC)) {
338
+
perms = aa_lookup_perms(attach->xmatch, state);
339
+
if (!(perms->allow & MAY_EXEC)) {
341
340
ret = -EINVAL;
342
341
goto out;
343
342
}
···
414
415
if (attach->xmatch->dfa) {
415
416
unsigned int count;
416
417
aa_state_t state;
417
-
u32 index, perm;
418
+
struct aa_perms *perms;
418
419
419
420
state = aa_dfa_leftmatch(attach->xmatch->dfa,
420
421
attach->xmatch->start[AA_CLASS_XMATCH],
421
422
name, &count);
422
-
index = ACCEPT_TABLE(attach->xmatch->dfa)[state];
423
-
perm = attach->xmatch->perms[index].allow;
423
+
perms = aa_lookup_perms(attach->xmatch, state);
424
424
/* any accepting state means a valid match. */
425
-
if (perm & MAY_EXEC) {
425
+
if (perms->allow & MAY_EXEC) {
426
426
int ret = 0;
427
427
428
428
if (count < candidate_len)