diff options
| author |   Mauro Carvalho Chehab <mchehab@redhat.com> | 2012-03-27 11:32:29 -0300 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab@redhat.com> | 2012-03-27 11:32:29 -0300 |
| commit | 50953e0640b3473dcb409d5d0d938c2742c93b0d (patch) | |
| tree | 3b0dc374e61564fbbd8adff92c8fae16fdeb423a /security/apparmor/file.c | |
| parent | [media] update CARDLIST.em28xx (diff) | |
| parent | poll: add poll_requested_events() and poll_does_not_wait() functions (diff) | |
| download | linux-dev-50953e0640b3473dcb409d5d0d938c2742c93b0d.tar.xz linux-dev-50953e0640b3473dcb409d5d0d938c2742c93b0d.zip | |
Merge branch 'poll' into staging/for_v3.4
* poll: (5970 commits)
poll: add poll_requested_events() and poll_does_not_wait() functions
crc32: select an algorithm via Kconfig
crc32: add self-test code for crc32c
crypto: crc32c should use library implementation
crc32: bolt on crc32c
crc32: add note about this patchset to crc32.c
crc32: optimize loop counter for x86
crc32: add slice-by-8 algorithm to existing code
crc32: make CRC_*_BITS definition correspond to actual bit counts
crc32: fix mixing of endian-specific types
crc32: miscellaneous cleanups
crc32: simplify unit test code
crc32: move long comment about crc32 fundamentals to Documentation/
crc32: remove two instances of trailing whitespaces
checkpatch: check for quoted strings broken across lines
checkpatch: whitespace - add/remove blank lines
checkpatch: warn on use of yield()
checkpatch: add --strict tests for braces, comments and casts
checkpatch: add [] to type extensions
checkpatch: high precedence operators do not require additional parentheses in #defines
...
Diffstat (limited to 'security/apparmor/file.c')
| -rw-r--r-- | security/apparmor/file.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 7312db741219..3022c0f4f0db 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -173,8 +173,6 @@ static u32 map_old_perms(u32 old) if (old & 0x40) /* AA_EXEC_MMAP */ new |= AA_EXEC_MMAP; - new |= AA_MAY_META_READ; - return new; } @@ -212,6 +210,7 @@ static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state, perms.quiet = map_old_perms(dfa_other_quiet(dfa, state)); perms.xindex = dfa_other_xindex(dfa, state); } + perms.allow |= AA_MAY_META_READ; /* change_profile wasn't determined by ownership in old mapping */ if (ACCEPT_TABLE(dfa)[state] & 0x80000000) @@ -279,22 +278,16 @@ int aa_path_perm(int op, struct aa_profile *profile, struct path *path, int error; flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); - error = aa_get_name(path, flags, &buffer, &name); + error = aa_path_name(path, flags, &buffer, &name, &info); if (error) { if (error == -ENOENT && is_deleted(path->dentry)) { /* Access to open files that are deleted are * give a pass (implicit delegation) */ error = 0; + info = NULL; perms.allow = request; - } else if (error == -ENOENT) - info = "Failed name lookup - deleted entry"; - else if (error == -ESTALE) - info = "Failed name lookup - disconnected path"; - else if (error == -ENAMETOOLONG) - info = "Failed name lookup - name too long"; - else - info = "Failed name lookup"; + } } else { aa_str_perms(profile->file.dfa, profile->file.start, name, cond, &perms); @@ -365,12 +358,14 @@ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, lperms = nullperms; /* buffer freed below, lname is pointer in buffer */ - error = aa_get_name(&link, profile->path_flags, &buffer, &lname); + error = aa_path_name(&link, profile->path_flags, &buffer, &lname, + &info); if (error) goto audit; /* buffer2 freed below, tname is pointer in buffer2 */ - error = aa_get_name(&target, profile->path_flags, &buffer2, &tname); + error = aa_path_name(&target, profile->path_flags, &buffer2, &tname, + &info); if (error) goto audit; |