apparmor: add more assertions for updates/merges to help catch errors

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 6c76628f75d819ff0b710f710d77d235a83710c8..738fe521875611a1ab0cf22b10ddb4477cbf99cb 100644 (file)
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -1061,8 +1061,11 @@ static struct aa_label *label_merge_insert(struct aa_label *new,
        AA_BUG(new->size < a->size + b->size);
 
        label_for_each_in_merge(i, a, b, next) {
+               AA_BUG(!next);
                if (profile_is_stale(next)) {
                        new->vec[k] = aa_get_newest_profile(next);
+                       AA_BUG(!new->vec[k]->label.proxy);
+                       AA_BUG(!new->vec[k]->label.proxy->label);
                        if (next->label.proxy != new->vec[k]->label.proxy)
                                invcount++;
                        k++;
@@ -2007,7 +2010,11 @@ static struct aa_label *__label_update(struct aa_label *label)
        ls = labels_set(label);
        write_lock_irqsave(&ls->lock, flags);
        for (i = 0; i < label->size; i++) {
+               AA_BUG(!label->vec[i]);
                new->vec[i] = aa_get_newest_profile(label->vec[i]);
+               AA_BUG(!new->vec[i]);
+               AA_BUG(!new->vec[i]->label.proxy);
+               AA_BUG(!new->vec[i]->label.proxy->label);
                if (new->vec[i]->label.proxy != label->vec[i]->label.proxy)
                        invcount++;
        }