diff options
author | John Johansen <john.johansen@canonical.com> | 2012-02-16 09:20:33 -0500 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2012-03-14 09:15:25 -0400 |
commit | 57fa1e18091e66b7e1002816523cb218196a882e (patch) | |
tree | 29b4b3484fb17d60d7c6e24d107a74180ec815be /security/apparmor/file.c | |
parent | 0fe1212d0539eb6c1e27d388711172d786e299cc (diff) |
AppArmor: Move path failure information into aa_get_name and rename
Move the path name lookup failure messages into the main path name lookup
routine, as the information is useful in more than just aa_path_perm.
Also rename aa_get_name to aa_path_name as it is not getting a reference
counted object with a corresponding put fn.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'security/apparmor/file.c')
-rw-r--r-- | security/apparmor/file.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index bba875c4d068..3022c0f4f0db 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c | |||
@@ -278,22 +278,16 @@ int aa_path_perm(int op, struct aa_profile *profile, struct path *path, | |||
278 | int error; | 278 | int error; |
279 | 279 | ||
280 | flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); | 280 | flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); |
281 | error = aa_get_name(path, flags, &buffer, &name); | 281 | error = aa_path_name(path, flags, &buffer, &name, &info); |
282 | if (error) { | 282 | if (error) { |
283 | if (error == -ENOENT && is_deleted(path->dentry)) { | 283 | if (error == -ENOENT && is_deleted(path->dentry)) { |
284 | /* Access to open files that are deleted are | 284 | /* Access to open files that are deleted are |
285 | * give a pass (implicit delegation) | 285 | * give a pass (implicit delegation) |
286 | */ | 286 | */ |
287 | error = 0; | 287 | error = 0; |
288 | info = NULL; | ||
288 | perms.allow = request; | 289 | perms.allow = request; |
289 | } else if (error == -ENOENT) | 290 | } |
290 | info = "Failed name lookup - deleted entry"; | ||
291 | else if (error == -ESTALE) | ||
292 | info = "Failed name lookup - disconnected path"; | ||
293 | else if (error == -ENAMETOOLONG) | ||
294 | info = "Failed name lookup - name too long"; | ||
295 | else | ||
296 | info = "Failed name lookup"; | ||
297 | } else { | 291 | } else { |
298 | aa_str_perms(profile->file.dfa, profile->file.start, name, cond, | 292 | aa_str_perms(profile->file.dfa, profile->file.start, name, cond, |
299 | &perms); | 293 | &perms); |
@@ -364,12 +358,14 @@ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, | |||
364 | lperms = nullperms; | 358 | lperms = nullperms; |
365 | 359 | ||
366 | /* buffer freed below, lname is pointer in buffer */ | 360 | /* buffer freed below, lname is pointer in buffer */ |
367 | error = aa_get_name(&link, profile->path_flags, &buffer, &lname); | 361 | error = aa_path_name(&link, profile->path_flags, &buffer, &lname, |
362 | &info); | ||
368 | if (error) | 363 | if (error) |
369 | goto audit; | 364 | goto audit; |
370 | 365 | ||
371 | /* buffer2 freed below, tname is pointer in buffer2 */ | 366 | /* buffer2 freed below, tname is pointer in buffer2 */ |
372 | error = aa_get_name(&target, profile->path_flags, &buffer2, &tname); | 367 | error = aa_path_name(&target, profile->path_flags, &buffer2, &tname, |
368 | &info); | ||
373 | if (error) | 369 | if (error) |
374 | goto audit; | 370 | goto audit; |
375 | 371 | ||