iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled

Browse Source 
Currently if sha1 hashing of policy is disabled a sha1 hash symlink
to the non-existent file is created. There is now reason to create
the symlink in this case so don't do it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2021-02-05 04:56:02 -08:00
parent 5bfcbd22ee
commit 482e8050aa
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
security/apparmor/apparmorfs.c
View File

@ -1736,14 +1736,15 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
if (profile->rawdata) { if (profile->rawdata) {
dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, if (aa_g_hash_policy) {
profile->label.proxy, NULL, NULL, dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir,
&rawdata_link_sha1_iops); profile->label.proxy, NULL, NULL,
if (IS_ERR(dent)) &rawdata_link_sha1_iops);
goto fail; if (IS_ERR(dent))
aa_get_proxy(profile->label.proxy); goto fail;
profile->dents[AAFS_PROF_RAW_HASH] = dent; aa_get_proxy(profile->label.proxy);
profile->dents[AAFS_PROF_RAW_HASH] = dent;
}
dent = aafs_create("raw_abi", S_IFLNK | 0444, dir, dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
profile->label.proxy, NULL, NULL, profile->label.proxy, NULL, NULL,
&rawdata_link_abi_iops); &rawdata_link_abi_iops);