From b79473f2de3eb3320e2a145da8a2ea03c7331784 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Mon, 16 Jan 2017 00:42:47 -0800 Subject: [PATCH] apparmor: Make aa_remove_profile() callable from a different view This is prep work for fs operations being able to remove namespaces. Signed-off-by: John Johansen --- security/apparmor/apparmorfs.c | 3 ++- security/apparmor/include/policy.h | 2 +- security/apparmor/policy.c | 7 ++++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 2501a65fe7d3..14b96a44a3f5 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -180,7 +180,8 @@ static ssize_t profile_remove(struct file *f, const char __user *buf, error = PTR_ERR(data); if (!IS_ERR(data)) { data[size] = 0; - error = aa_remove_profiles(data, size); + error = aa_remove_profiles(__aa_current_profile()->ns, data, + size); kvfree(data); } diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index 3527e3f5a099..8fcfb3c78d21 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h @@ -187,7 +187,7 @@ struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name); ssize_t aa_replace_profiles(struct aa_ns *view, void *udata, size_t size, bool noreplace); -ssize_t aa_remove_profiles(char *name, size_t size); +ssize_t aa_remove_profiles(struct aa_ns *view, char *name, size_t size); void __aa_profile_list_release(struct list_head *head); #define PROF_ADD 1 diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 046edecc4c8a..0314faeacccd 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -944,6 +944,7 @@ ssize_t aa_replace_profiles(struct aa_ns *view, void *udata, size_t size, /** * aa_remove_profiles - remove profile(s) from the system + * @view: namespace the remove is being done from * @fqname: name of the profile or namespace to remove (NOT NULL) * @size: size of the name * @@ -954,9 +955,9 @@ ssize_t aa_replace_profiles(struct aa_ns *view, void *udata, size_t size, * * Returns: size of data consume else error code if fails */ -ssize_t aa_remove_profiles(char *fqname, size_t size) +ssize_t aa_remove_profiles(struct aa_ns *view, char *fqname, size_t size) { - struct aa_ns *root, *ns = NULL; + struct aa_ns *root = NULL, *ns = NULL; struct aa_profile *profile = NULL; const char *name = fqname, *info = NULL; ssize_t error = 0; @@ -967,7 +968,7 @@ ssize_t aa_remove_profiles(char *fqname, size_t size) goto fail; } - root = aa_current_profile()->ns; + root = view; if (fqname[0] == ':') { char *ns_name; -- GitLab