提交 76a1d263 编写于 作者: J John Johansen

apparmor: switch getprocattr to using label_print fns()

Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
上级 637f688d
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
#ifndef __AA_PROCATTR_H #ifndef __AA_PROCATTR_H
#define __AA_PROCATTR_H #define __AA_PROCATTR_H
int aa_getprocattr(struct aa_profile *profile, char **string); int aa_getprocattr(struct aa_label *label, char **string);
int aa_setprocattr_changehat(char *args, size_t size, int flags); int aa_setprocattr_changehat(char *args, size_t size, int flags);
#endif /* __AA_PROCATTR_H */ #endif /* __AA_PROCATTR_H */
...@@ -522,7 +522,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, ...@@ -522,7 +522,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
error = -EINVAL; error = -EINVAL;
if (label) if (label)
error = aa_getprocattr(labels_profile(label), value); error = aa_getprocattr(label, value);
aa_put_label(label); aa_put_label(label);
put_cred(cred); put_cred(cred);
......
...@@ -34,51 +34,41 @@ ...@@ -34,51 +34,41 @@
* *
* Returns: size of string placed in @string else error code on failure * Returns: size of string placed in @string else error code on failure
*/ */
int aa_getprocattr(struct aa_profile *profile, char **string) int aa_getprocattr(struct aa_label *label, char **string)
{ {
char *str; struct aa_ns *ns = labels_ns(label);
int len = 0, mode_len = 0, ns_len = 0, name_len;
const char *mode_str = aa_profile_mode_names[profile->mode];
const char *ns_name = NULL;
struct aa_ns *ns = profile->ns;
struct aa_ns *current_ns = aa_get_current_ns(); struct aa_ns *current_ns = aa_get_current_ns();
char *s; int len;
if (!aa_ns_visible(current_ns, ns, true)) if (!aa_ns_visible(current_ns, ns, true)) {
aa_put_ns(current_ns);
return -EACCES; return -EACCES;
}
ns_name = aa_ns_name(current_ns, ns, true); len = aa_label_snxprint(NULL, 0, current_ns, label,
ns_len = strlen(ns_name); FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
FLAG_HIDDEN_UNCONFINED);
/* if the visible ns_name is > 0 increase size for : :// seperator */ AA_BUG(len < 0);
if (ns_len)
ns_len += 4;
/* unconfined profiles don't have a mode string appended */
if (!profile_unconfined(profile))
mode_len = strlen(mode_str) + 3; /* + 3 for _() */
name_len = strlen(profile->base.hname); *string = kmalloc(len + 2, GFP_KERNEL);
len = mode_len + ns_len + name_len + 1; /* + 1 for \n */ if (!*string) {
s = str = kmalloc(len + 1, GFP_KERNEL); /* + 1 \0 */ aa_put_ns(current_ns);
if (!str)
return -ENOMEM; return -ENOMEM;
}
if (ns_len) { len = aa_label_snxprint(*string, len + 2, current_ns, label,
/* skip over prefix current_ns->base.hname and separating // */ FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
sprintf(s, ":%s://", ns_name); FLAG_HIDDEN_UNCONFINED);
s += ns_len; if (len < 0) {
aa_put_ns(current_ns);
return len;
} }
if (profile_unconfined(profile))
/* mode string not being appended */
sprintf(s, "%s\n", profile->base.hname);
else
sprintf(s, "%s (%s)\n", profile->base.hname, mode_str);
*string = str;
aa_put_ns(current_ns);
/* NOTE: len does not include \0 of string, not saved as part of file */ (*string)[len] = '\n';
return len; (*string)[len + 1] = 0;
aa_put_ns(current_ns);
return len + 1;
} }
/** /**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册