apparmor: make signal label match work when matching stacked labels
BugLink: http://bugs.launchpad.net/bugs/1763427
Given a label with a profile stack of
A//&B or A//&C ...
A ptrace rule should be able to specify a generic trace pattern with
a rule like
signal send A//&**,
however this is failing because while the correct label match routine
is called, it is being done post label decomposition so it is always
being done against a profile instead of the stacked label.
To fix this refactor the cross check to pass the full peer label in to
the label_match.
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit
3dc6b1ce6861ebf40b68ab4b752a05584a1f99bf
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
projects / mirror_ubuntu-bionic-kernel.git / commit