diff options
| author | John Johansen <john.johansen@canonical.com> | 2013-08-14 14:27:36 -0400 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2013-08-14 14:42:08 -0400 |
| commit | f8eb8a1324e81927b2c64823b2fc38386efd3fef (patch) | |
| tree | 78ef80523807aeb5b084b29f8b698601c71292b2 /security/apparmor/policy_unpack.c | |
| parent | 84f1f787421cd83bb7dfb34d584586f6a5fe7baa (diff) | |
apparmor: add the ability to report a sha1 hash of loaded policy
Provide userspace the ability to introspect a sha1 hash value for each
profile currently loaded.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
| -rw-r--r-- | security/apparmor/policy_unpack.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index bdaef2e1b2a0..a689f10930b5 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include "include/apparmor.h" | 24 | #include "include/apparmor.h" |
| 25 | #include "include/audit.h" | 25 | #include "include/audit.h" |
| 26 | #include "include/context.h" | 26 | #include "include/context.h" |
| 27 | #include "include/crypto.h" | ||
| 27 | #include "include/match.h" | 28 | #include "include/match.h" |
| 28 | #include "include/policy.h" | 29 | #include "include/policy.h" |
| 29 | #include "include/policy_unpack.h" | 30 | #include "include/policy_unpack.h" |
| @@ -758,10 +759,12 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns) | |||
| 758 | 759 | ||
| 759 | *ns = NULL; | 760 | *ns = NULL; |
| 760 | while (e.pos < e.end) { | 761 | while (e.pos < e.end) { |
| 762 | void *start; | ||
| 761 | error = verify_header(&e, e.pos == e.start, ns); | 763 | error = verify_header(&e, e.pos == e.start, ns); |
| 762 | if (error) | 764 | if (error) |
| 763 | goto fail; | 765 | goto fail; |
| 764 | 766 | ||
| 767 | start = e.pos; | ||
| 765 | profile = unpack_profile(&e); | 768 | profile = unpack_profile(&e); |
| 766 | if (IS_ERR(profile)) { | 769 | if (IS_ERR(profile)) { |
| 767 | error = PTR_ERR(profile); | 770 | error = PTR_ERR(profile); |
| @@ -769,16 +772,18 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns) | |||
| 769 | } | 772 | } |
| 770 | 773 | ||
| 771 | error = verify_profile(profile); | 774 | error = verify_profile(profile); |
| 772 | if (error) { | 775 | if (error) |
| 773 | aa_free_profile(profile); | 776 | goto fail_profile; |
| 774 | goto fail; | 777 | |
| 775 | } | 778 | error = aa_calc_profile_hash(profile, e.version, start, |
| 779 | e.pos - start); | ||
| 780 | if (error) | ||
| 781 | goto fail_profile; | ||
| 776 | 782 | ||
| 777 | ent = aa_load_ent_alloc(); | 783 | ent = aa_load_ent_alloc(); |
| 778 | if (!ent) { | 784 | if (!ent) { |
| 779 | error = -ENOMEM; | 785 | error = -ENOMEM; |
| 780 | aa_put_profile(profile); | 786 | goto fail_profile; |
| 781 | goto fail; | ||
| 782 | } | 787 | } |
| 783 | 788 | ||
| 784 | ent->new = profile; | 789 | ent->new = profile; |
| @@ -787,6 +792,9 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns) | |||
| 787 | 792 | ||
| 788 | return 0; | 793 | return 0; |
| 789 | 794 | ||
| 795 | fail_profile: | ||
| 796 | aa_put_profile(profile); | ||
| 797 | |||
| 790 | fail: | 798 | fail: |
| 791 | list_for_each_entry_safe(ent, tmp, lh, list) { | 799 | list_for_each_entry_safe(ent, tmp, lh, list) { |
| 792 | list_del_init(&ent->list); | 800 | list_del_init(&ent->list); |