Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: provide separate audit messages for file and policy checks
Improve policy load failure messages by identifying which dfa the
verification check failed in.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
+11
-5
+11
-5
security/apparmor/policy_unpack.c
+11
-5
security/apparmor/policy_unpack.c
···
1240
1240
if (!rules)
1241
1241
return 0;
1242
1242
1243
-
if ((rules->file.dfa && !verify_dfa_accept_index(rules->file.dfa,
1244
-
rules->file.size)) ||
1245
-
(rules->policy.dfa &&
1246
-
!verify_dfa_accept_index(rules->policy.dfa, rules->policy.size))) {
1243
+
if (rules->file.dfa && !verify_dfa_accept_index(rules->file.dfa,
1244
+
rules->file.size)) {
1247
1245
audit_iface(profile, NULL, NULL,
1248
-
"Unpack: Invalid named transition", NULL, -EPROTO);
1246
+
"Unpack: file Invalid named transition", NULL,
1247
+
-EPROTO);
1248
+
return -EPROTO;
1249
+
}
1250
+
if (rules->policy.dfa &&
1251
+
!verify_dfa_accept_index(rules->policy.dfa, rules->policy.size)) {
1252
+
audit_iface(profile, NULL, NULL,
1253
+
"Unpack: policy Invalid named transition", NULL,
1254
+
-EPROTO);
1249
1255
return -EPROTO;
1250
1256
}
1251
1257