summaryrefslogtreecommitdiff
path: root/security/apparmor/lsm.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 16:02:25 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:43 -0700
commitaebd873e8d3e34757c9295eef074d1be229f5893 (patch)
treee4655a4726e7ce1ce878bbbccc80cf5fa5b33f22 /security/apparmor/lsm.c
parent98c3d182321d489d8bfaa596127020ec3027edb2 (diff)
downloadlwn-aebd873e8d3e34757c9295eef074d1be229f5893.tar.gz
lwn-aebd873e8d3e34757c9295eef074d1be229f5893.zip
apparmor: refactor path name lookup and permission checks around labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
-rw-r--r--security/apparmor/lsm.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 011fbb009663..d0c5721aa8b3 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -196,8 +196,7 @@ static int common_perm(const char *op, const struct path *path, u32 mask,
label = __begin_current_label_crit_section();
if (!unconfined(label))
- error = aa_path_perm(op, labels_profile(label), path, 0, mask,
- cond);
+ error = aa_path_perm(op, label, path, 0, mask, cond);
__end_current_label_crit_section(label);
return error;
@@ -359,15 +358,12 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d
d_backing_inode(old_dentry)->i_mode
};
- error = aa_path_perm(OP_RENAME_SRC, labels_profile(label),
- &old_path, 0,
+ error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,
MAY_READ | AA_MAY_GETATTR | MAY_WRITE |
AA_MAY_SETATTR | AA_MAY_DELETE,
&cond);
if (!error)
- error = aa_path_perm(OP_RENAME_DEST,
- labels_profile(label),
- &new_path,
+ error = aa_path_perm(OP_RENAME_DEST, label, &new_path,
0, MAY_WRITE | AA_MAY_SETATTR |
AA_MAY_CREATE, &cond);
@@ -416,8 +412,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
struct inode *inode = file_inode(file);
struct path_cond cond = { inode->i_uid, inode->i_mode };
- error = aa_path_perm(OP_OPEN, labels_profile(label),
- &file->f_path, 0,
+ error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,
aa_map_file_to_perms(file), &cond);
/* todo cache full allowed permissions set and state */
fctx->allow = aa_map_file_to_perms(file);