From d918ada2e561f9493ac7d2db17f2d1a3a34a9ab4 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Fri, 18 Mar 2016 06:05:26 -0700 Subject: [PATCH] Revert "UBUNTU: SAUCE: apparmor: Fix: query label file permission" BugLink: http://bugs.launchpad.net/bugs/1379535 This reverts commit 07e05b2781aa973f95f31d7cb7789a986ddc9583. Signed-off-by: Tim Gardner --- security/apparmor/apparmorfs.c | 18 ++++-------------- security/apparmor/file.c | 8 ++++---- security/apparmor/include/file.h | 2 -- 3 files changed, 8 insertions(+), 20 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index c5292a0418fc..0134368c5768 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -250,27 +250,17 @@ static ssize_t query_label(char *buf, size_t buf_len, dfa = profile->file.dfa; state = aa_dfa_match_len(dfa, profile->file.start, match_str + 1, match_len - 1); - aa_perms_clear(&tmp); - if (state) { - struct file_perms fperms = { }; - struct path_cond cond = { }; - fperms = aa_compute_fperms(dfa, state, &cond); - tmp.allow = fperms.allow; - tmp.audit = fperms.audit; - tmp.quiet = fperms.quiet; - tmp.kill = fperms.kill; - } } else if (profile->policy.dfa) { if (!PROFILE_MEDIATES_SAFE(profile, *match_str)) continue; /* no change to current perms */ dfa = profile->policy.dfa; state = aa_dfa_match_len(dfa, profile->policy.start[0], match_str, match_len); - if (state) - aa_compute_perms(dfa, state, &tmp); - else - aa_perms_clear(&tmp); } + if (state) + aa_compute_perms(dfa, state, &tmp); + else + aa_perms_clear(&tmp); aa_apply_modes_to_perms(profile, &tmp); aa_perms_accum_raw(&perms, &tmp); } diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 58ad159a153f..13fb2a6c34be 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -208,7 +208,7 @@ static u32 map_old_perms(u32 old) } /** - * aa_compute_fperms - convert dfa compressed perms to internal perms + * compute_perms - convert dfa compressed perms to internal perms * @dfa: dfa to compute perms for (NOT NULL) * @state: state in dfa * @cond: conditions to consider (NOT NULL) @@ -218,8 +218,8 @@ static u32 map_old_perms(u32 old) * * Returns: computed permission set */ -struct file_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, - struct path_cond *cond) +static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state, + struct path_cond *cond) { struct file_perms perms; @@ -273,7 +273,7 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, } state = aa_dfa_match(dfa, start, name); - *perms = aa_compute_fperms(dfa, state, cond); + *perms = compute_perms(dfa, state, cond); return state; } diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 57cc02311342..83f7000022e7 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -204,8 +204,6 @@ struct aa_file_rules { /* TODO: add delegate table */ }; -struct file_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, - struct path_cond *cond); unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, struct file_perms *perms); -- 2.39.5