Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: lift kernel socket check out of critical section
There is no need for the kern check to be in the critical section,
it only complicates the code and slows down the case where the
socket is being created by the kernel.
Lifting it out will also allow socket_create to share common template
code, with other socket_permission checks.
Signed-off-by: John Johansen <john.johansen@canonical.com>
+5
-1
+5
-1
security/apparmor/lsm.c
+5
-1
security/apparmor/lsm.c
···
1095
1095
1096
1096
AA_BUG(in_interrupt());
1097
1097
1098
+
if (kern)
1099
+
return 0;
1100
+
1098
1101
label = begin_current_label_crit_section();
1099
-
if (!(kern || unconfined(label)))
1102
+
if (!unconfined(label)) {
1100
1103
error = aa_af_perm(current_cred(), label, OP_CREATE,
1101
1104
AA_MAY_CREATE, family, type, protocol);
1105
+
}
1102
1106
end_current_label_crit_section(label);
1103
1107
1104
1108
return error;