diff options
| author | John Johansen <john.johansen@canonical.com> | 2012-02-16 09:20:33 -0500 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2012-03-14 09:15:25 -0400 |
| commit | 57fa1e18091e66b7e1002816523cb218196a882e (patch) | |
| tree | 29b4b3484fb17d60d7c6e24d107a74180ec815be /security/apparmor/file.c | |
| parent | 0fe1212d0539eb6c1e27d388711172d786e299cc (diff) | |
AppArmor: Move path failure information into aa_get_name and rename
Move the path name lookup failure messages into the main path name lookup
routine, as the information is useful in more than just aa_path_perm.
Also rename aa_get_name to aa_path_name as it is not getting a reference
counted object with a corresponding put fn.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'security/apparmor/file.c')
| -rw-r--r-- | security/apparmor/file.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index bba875c4d068..3022c0f4f0db 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c | |||
| @@ -278,22 +278,16 @@ int aa_path_perm(int op, struct aa_profile *profile, struct path *path, | |||
| 278 | int error; | 278 | int error; |
| 279 | 279 | ||
| 280 | flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); | 280 | flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); |
| 281 | error = aa_get_name(path, flags, &buffer, &name); | 281 | error = aa_path_name(path, flags, &buffer, &name, &info); |
| 282 | if (error) { | 282 | if (error) { |
| 283 | if (error == -ENOENT && is_deleted(path->dentry)) { | 283 | if (error == -ENOENT && is_deleted(path->dentry)) { |
| 284 | /* Access to open files that are deleted are | 284 | /* Access to open files that are deleted are |
| 285 | * give a pass (implicit delegation) | 285 | * give a pass (implicit delegation) |
| 286 | */ | 286 | */ |
| 287 | error = 0; | 287 | error = 0; |
| 288 | info = NULL; | ||
| 288 | perms.allow = request; | 289 | perms.allow = request; |
| 289 | } else if (error == -ENOENT) | 290 | } |
| 290 | info = "Failed name lookup - deleted entry"; | ||
| 291 | else if (error == -ESTALE) | ||
| 292 | info = "Failed name lookup - disconnected path"; | ||
| 293 | else if (error == -ENAMETOOLONG) | ||
| 294 | info = "Failed name lookup - name too long"; | ||
| 295 | else | ||
| 296 | info = "Failed name lookup"; | ||
| 297 | } else { | 291 | } else { |
| 298 | aa_str_perms(profile->file.dfa, profile->file.start, name, cond, | 292 | aa_str_perms(profile->file.dfa, profile->file.start, name, cond, |
| 299 | &perms); | 293 | &perms); |
| @@ -364,12 +358,14 @@ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, | |||
| 364 | lperms = nullperms; | 358 | lperms = nullperms; |
| 365 | 359 | ||
| 366 | /* buffer freed below, lname is pointer in buffer */ | 360 | /* buffer freed below, lname is pointer in buffer */ |
| 367 | error = aa_get_name(&link, profile->path_flags, &buffer, &lname); | 361 | error = aa_path_name(&link, profile->path_flags, &buffer, &lname, |
| 362 | &info); | ||
| 368 | if (error) | 363 | if (error) |
| 369 | goto audit; | 364 | goto audit; |
| 370 | 365 | ||
| 371 | /* buffer2 freed below, tname is pointer in buffer2 */ | 366 | /* buffer2 freed below, tname is pointer in buffer2 */ |
| 372 | error = aa_get_name(&target, profile->path_flags, &buffer2, &tname); | 367 | error = aa_path_name(&target, profile->path_flags, &buffer2, &tname, |
| 368 | &info); | ||
| 373 | if (error) | 369 | if (error) |
| 374 | goto audit; | 370 | goto audit; |
| 375 | 371 | ||