From 73f488cd903938e78979d50e081a0314ad142351 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Tue, 12 Dec 2017 15:28:05 -0800 Subject: apparmor: convert attaching profiles via xattrs to use dfa matching This converts profile attachment based on xattrs to a fixed extended conditional using dfa matching. This has a couple of advantages - pattern matching can be used for the xattr match - xattrs can be optional for an attachment or marked as required - the xattr attachment conditional will be able to be combined with other extended conditionals when the flexible extended conditional work lands. The xattr fixed extended conditional is appended to the xmatch conditional. If an xattr attachment is specified the profile xmatch will be generated regardless of whether there is a pattern match on the executable name. Signed-off-by: John Johansen Acked-by: Seth Arnold --- security/apparmor/policy.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'security/apparmor/policy.c') diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 7fee546ba10d..c07493ce2376 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -228,13 +228,9 @@ void aa_free_profile(struct aa_profile *profile) aa_free_cap_rules(&profile->caps); aa_free_rlimit_rules(&profile->rlimits); - for (i = 0; i < profile->xattr_count; i++) { + for (i = 0; i < profile->xattr_count; i++) kzfree(profile->xattrs[i]); - kzfree(profile->xattr_values[i]); - } kzfree(profile->xattrs); - kzfree(profile->xattr_lens); - kzfree(profile->xattr_values); kzfree(profile->dirname); aa_put_dfa(profile->xmatch); aa_put_dfa(profile->policy.dfa); -- cgit v1.2.3-59-g8ed1b