Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: remove apply_modes_to_perms from label_match
The modes shouldn't be applied at the point of label match, it just
results in them being applied multiple times. Instead they should be
applied after which is already being done by all callers so it can
just be dropped from label_match.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
-3
-3
security/apparmor/label.c
-3
security/apparmor/label.c
···
1317
1317
goto fail;
1318
1318
}
1319
1319
*perms = *aa_lookup_perms(rules->policy, state);
1320
-
aa_apply_modes_to_perms(profile, perms);
1321
1320
if ((perms->allow & request) != request)
1322
1321
return -EACCES;
1323
1322
···
1369
1370
1370
1371
next:
1371
1372
tmp = *aa_lookup_perms(rules->policy, state);
1372
-
aa_apply_modes_to_perms(profile, &tmp);
1373
1373
aa_perms_accum(perms, &tmp);
1374
1374
label_for_each_cont(i, label, tp) {
1375
1375
if (!aa_ns_visible(profile->ns, tp->ns, subns))
···
1377
1379
if (!state)
1378
1380
goto fail;
1379
1381
tmp = *aa_lookup_perms(rules->policy, state);
1380
-
aa_apply_modes_to_perms(profile, &tmp);
1381
1382
aa_perms_accum(perms, &tmp);
1382
1383
}
1383
1384