Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
Kernel
提交
76a1d263
K
Kernel
项目概览
openeuler
/
Kernel
1 年多 前同步成功
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
Kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
76a1d263
编写于
6月 09, 2017
作者:
J
John Johansen
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
apparmor: switch getprocattr to using label_print fns()
Signed-off-by:
N
John Johansen
<
john.johansen@canonical.com
>
上级
637f688d
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
27 addition
and
37 deletion
+27
-37
security/apparmor/include/procattr.h
security/apparmor/include/procattr.h
+1
-1
security/apparmor/lsm.c
security/apparmor/lsm.c
+1
-1
security/apparmor/procattr.c
security/apparmor/procattr.c
+25
-35
未找到文件。
security/apparmor/include/procattr.h
浏览文件 @
76a1d263
...
...
@@ -15,7 +15,7 @@
#ifndef __AA_PROCATTR_H
#define __AA_PROCATTR_H
int
aa_getprocattr
(
struct
aa_
profile
*
profile
,
char
**
string
);
int
aa_getprocattr
(
struct
aa_
label
*
label
,
char
**
string
);
int
aa_setprocattr_changehat
(
char
*
args
,
size_t
size
,
int
flags
);
#endif
/* __AA_PROCATTR_H */
security/apparmor/lsm.c
浏览文件 @
76a1d263
...
...
@@ -522,7 +522,7 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
error
=
-
EINVAL
;
if
(
label
)
error
=
aa_getprocattr
(
label
s_profile
(
label
)
,
value
);
error
=
aa_getprocattr
(
label
,
value
);
aa_put_label
(
label
);
put_cred
(
cred
);
...
...
security/apparmor/procattr.c
浏览文件 @
76a1d263
...
...
@@ -34,51 +34,41 @@
*
* Returns: size of string placed in @string else error code on failure
*/
int
aa_getprocattr
(
struct
aa_
profile
*
profile
,
char
**
string
)
int
aa_getprocattr
(
struct
aa_
label
*
label
,
char
**
string
)
{
char
*
str
;
int
len
=
0
,
mode_len
=
0
,
ns_len
=
0
,
name_len
;
const
char
*
mode_str
=
aa_profile_mode_names
[
profile
->
mode
];
const
char
*
ns_name
=
NULL
;
struct
aa_ns
*
ns
=
profile
->
ns
;
struct
aa_ns
*
ns
=
labels_ns
(
label
);
struct
aa_ns
*
current_ns
=
aa_get_current_ns
();
char
*
s
;
int
len
;
if
(
!
aa_ns_visible
(
current_ns
,
ns
,
true
))
if
(
!
aa_ns_visible
(
current_ns
,
ns
,
true
))
{
aa_put_ns
(
current_ns
);
return
-
EACCES
;
}
ns_name
=
aa_ns_name
(
current_ns
,
ns
,
true
);
ns_len
=
strlen
(
ns_name
);
/* if the visible ns_name is > 0 increase size for : :// seperator */
if
(
ns_len
)
ns_len
+=
4
;
/* unconfined profiles don't have a mode string appended */
if
(
!
profile_unconfined
(
profile
))
mode_len
=
strlen
(
mode_str
)
+
3
;
/* + 3 for _() */
len
=
aa_label_snxprint
(
NULL
,
0
,
current_ns
,
label
,
FLAG_SHOW_MODE
|
FLAG_VIEW_SUBNS
|
FLAG_HIDDEN_UNCONFINED
);
AA_BUG
(
len
<
0
);
name_len
=
strlen
(
profile
->
base
.
hname
);
len
=
mode_len
+
ns_len
+
name_len
+
1
;
/* + 1 for \n */
s
=
str
=
kmalloc
(
len
+
1
,
GFP_KERNEL
);
/* + 1 \0 */
if
(
!
str
)
*
string
=
kmalloc
(
len
+
2
,
GFP_KERNEL
);
if
(
!*
string
)
{
aa_put_ns
(
current_ns
);
return
-
ENOMEM
;
}
if
(
ns_len
)
{
/* skip over prefix current_ns->base.hname and separating // */
sprintf
(
s
,
":%s://"
,
ns_name
);
s
+=
ns_len
;
len
=
aa_label_snxprint
(
*
string
,
len
+
2
,
current_ns
,
label
,
FLAG_SHOW_MODE
|
FLAG_VIEW_SUBNS
|
FLAG_HIDDEN_UNCONFINED
);
if
(
len
<
0
)
{
aa_put_ns
(
current_ns
);
return
len
;
}
if
(
profile_unconfined
(
profile
))
/* mode string not being appended */
sprintf
(
s
,
"%s
\n
"
,
profile
->
base
.
hname
);
else
sprintf
(
s
,
"%s (%s)
\n
"
,
profile
->
base
.
hname
,
mode_str
);
*
string
=
str
;
aa_put_ns
(
current_ns
);
/* NOTE: len does not include \0 of string, not saved as part of file */
return
len
;
(
*
string
)[
len
]
=
'\n'
;
(
*
string
)[
len
+
1
]
=
0
;
aa_put_ns
(
current_ns
);
return
len
+
1
;
}
/**
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录