Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
raspberrypi-kernel
提交
1741e9eb
R
raspberrypi-kernel
项目概览
openeuler
/
raspberrypi-kernel
通知
13
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
raspberrypi-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
1741e9eb
编写于
1月 16, 2017
作者:
J
John Johansen
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
apparmor: add strn version of lookup_profile fn
Signed-off-by:
N
John Johansen
<
john.johansen@canonical.com
>
上级
8399588a
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
27 addition
and
11 deletion
+27
-11
security/apparmor/include/policy.h
security/apparmor/include/policy.h
+2
-0
security/apparmor/policy.c
security/apparmor/policy.c
+25
-11
未找到文件。
security/apparmor/include/policy.h
浏览文件 @
1741e9eb
...
@@ -177,6 +177,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
...
@@ -177,6 +177,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
void
aa_free_profile
(
struct
aa_profile
*
profile
);
void
aa_free_profile
(
struct
aa_profile
*
profile
);
void
aa_free_profile_kref
(
struct
kref
*
kref
);
void
aa_free_profile_kref
(
struct
kref
*
kref
);
struct
aa_profile
*
aa_find_child
(
struct
aa_profile
*
parent
,
const
char
*
name
);
struct
aa_profile
*
aa_find_child
(
struct
aa_profile
*
parent
,
const
char
*
name
);
struct
aa_profile
*
aa_lookupn_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
,
size_t
n
);
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
struct
aa_profile
*
aa_match_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
struct
aa_profile
*
aa_match_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
...
...
security/apparmor/policy.c
浏览文件 @
1741e9eb
...
@@ -427,9 +427,10 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
...
@@ -427,9 +427,10 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
}
}
/**
/**
* __lookup_profile - lookup the profile matching @hname
* __lookup
n
_profile - lookup the profile matching @hname
* @base: base list to start looking up profile name from (NOT NULL)
* @base: base list to start looking up profile name from (NOT NULL)
* @hname: hierarchical profile name (NOT NULL)
* @hname: hierarchical profile name (NOT NULL)
* @n: length of @hname
*
*
* Requires: rcu_read_lock be held
* Requires: rcu_read_lock be held
*
*
...
@@ -437,53 +438,66 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
...
@@ -437,53 +438,66 @@ static struct aa_policy *__lookup_parent(struct aa_ns *ns,
*
*
* Do a relative name lookup, recursing through profile tree.
* Do a relative name lookup, recursing through profile tree.
*/
*/
static
struct
aa_profile
*
__lookup_profile
(
struct
aa_policy
*
base
,
static
struct
aa_profile
*
__lookup
n
_profile
(
struct
aa_policy
*
base
,
const
char
*
hname
)
const
char
*
hname
,
size_t
n
)
{
{
struct
aa_profile
*
profile
=
NULL
;
struct
aa_profile
*
profile
=
NULL
;
char
*
split
;
c
onst
c
har
*
split
;
for
(
split
=
strstr
(
hname
,
"//"
);
split
;)
{
for
(
split
=
strnstr
(
hname
,
"//"
,
n
);
split
;
split
=
strnstr
(
hname
,
"//"
,
n
))
{
profile
=
__strn_find_child
(
&
base
->
profiles
,
hname
,
profile
=
__strn_find_child
(
&
base
->
profiles
,
hname
,
split
-
hname
);
split
-
hname
);
if
(
!
profile
)
if
(
!
profile
)
return
NULL
;
return
NULL
;
base
=
&
profile
->
base
;
base
=
&
profile
->
base
;
n
-=
split
+
2
-
hname
;
hname
=
split
+
2
;
hname
=
split
+
2
;
split
=
strstr
(
hname
,
"//"
);
}
}
profile
=
__find_child
(
&
base
->
profiles
,
hname
);
if
(
n
)
return
__strn_find_child
(
&
base
->
profiles
,
hname
,
n
);
return
NULL
;
}
return
profile
;
static
struct
aa_profile
*
__lookup_profile
(
struct
aa_policy
*
base
,
const
char
*
hname
)
{
return
__lookupn_profile
(
base
,
hname
,
strlen
(
hname
));
}
}
/**
/**
* aa_lookup_profile - find a profile by its full or partial name
* aa_lookup_profile - find a profile by its full or partial name
* @ns: the namespace to start from (NOT NULL)
* @ns: the namespace to start from (NOT NULL)
* @hname: name to do lookup on. Does not contain namespace prefix (NOT NULL)
* @hname: name to do lookup on. Does not contain namespace prefix (NOT NULL)
* @n: size of @hname
*
*
* Returns: refcounted profile or NULL if not found
* Returns: refcounted profile or NULL if not found
*/
*/
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
)
struct
aa_profile
*
aa_lookupn_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
,
size_t
n
)
{
{
struct
aa_profile
*
profile
;
struct
aa_profile
*
profile
;
rcu_read_lock
();
rcu_read_lock
();
do
{
do
{
profile
=
__lookup
_profile
(
&
ns
->
base
,
hname
);
profile
=
__lookup
n_profile
(
&
ns
->
base
,
hname
,
n
);
}
while
(
profile
&&
!
aa_get_profile_not0
(
profile
));
}
while
(
profile
&&
!
aa_get_profile_not0
(
profile
));
rcu_read_unlock
();
rcu_read_unlock
();
/* the unconfined profile is not in the regular profile list */
/* the unconfined profile is not in the regular profile list */
if
(
!
profile
&&
str
cmp
(
hname
,
"unconfined"
)
==
0
)
if
(
!
profile
&&
str
ncmp
(
hname
,
"unconfined"
,
n
)
==
0
)
profile
=
aa_get_newest_profile
(
ns
->
unconfined
);
profile
=
aa_get_newest_profile
(
ns
->
unconfined
);
/* refcount released by caller */
/* refcount released by caller */
return
profile
;
return
profile
;
}
}
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
)
{
return
aa_lookupn_profile
(
ns
,
hname
,
strlen
(
hname
));
}
/**
/**
* replacement_allowed - test to see if replacement is allowed
* replacement_allowed - test to see if replacement is allowed
* @profile: profile to test if it can be replaced (MAYBE NULL)
* @profile: profile to test if it can be replaced (MAYBE NULL)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录