mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-05 16:55:32 +00:00
96 lines
3.1 KiB
Diff
96 lines
3.1 KiB
Diff
|
make change_hat, change_profile explicit to current instead of a generic
|
||
|
|
task.
|
||
|
|
|
||
|
|
---
|
||
|
|
security/apparmor/main.c | 27 ++++++++++++---------------
|
||
|
|
1 file changed, 12 insertions(+), 15 deletions(-)
|
||
|
|
|
||
|
|
--- a/security/apparmor/main.c
|
||
|
|
+++ b/security/apparmor/main.c
|
||
|
|
@@ -929,8 +929,7 @@ repeat:
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
-static int do_change_profile(struct task_struct *task, const char *name,
|
||
|
|
- u64 cookie, int restore_profile,
|
||
|
|
+static int do_change_profile(const char *name, u64 cookie, int restore_profile,
|
||
|
|
struct aa_audit *sa)
|
||
|
|
{
|
||
|
|
struct aa_profile *profile = NULL, *previous_profile = NULL;
|
||
|
|
@@ -947,7 +946,7 @@ static int do_change_profile(struct task
|
||
|
|
if (!profile && !restore_profile)
|
||
|
|
profile = aa_dup_profile(null_complain_profile);
|
||
|
|
|
||
|
|
- cxt = lock_task_and_profiles(task, profile);
|
||
|
|
+ cxt = lock_task_and_profiles(current, profile);
|
||
|
|
if (!cxt) {
|
||
|
|
error = -EPERM;
|
||
|
|
goto out;
|
||
|
|
@@ -959,7 +958,7 @@ static int do_change_profile(struct task
|
||
|
|
sa->info = "killing process";
|
||
|
|
aa_audit_reject(profile, sa);
|
||
|
|
/* terminate process */
|
||
|
|
- (void)send_sig_info(SIGKILL, NULL, task);
|
||
|
|
+ (void)send_sig_info(SIGKILL, NULL, current);
|
||
|
|
goto out;
|
||
|
|
}
|
||
|
|
|
||
|
|
@@ -968,7 +967,7 @@ static int do_change_profile(struct task
|
||
|
|
previous_profile = cxt->profile;
|
||
|
|
}
|
||
|
|
|
||
|
|
- if ((task->ptrace & PT_PTRACED) && aa_may_ptrace(cxt, profile)) {
|
||
|
|
+ if ((current->ptrace & PT_PTRACED) && aa_may_ptrace(cxt, profile)) {
|
||
|
|
error = -EACCES;
|
||
|
|
goto out;
|
||
|
|
}
|
||
|
|
@@ -985,15 +984,15 @@ static int do_change_profile(struct task
|
||
|
|
if (APPARMOR_AUDIT(cxt))
|
||
|
|
aa_audit_message(cxt->profile, sa, AUDIT_APPARMOR_AUDIT);
|
||
|
|
if (restore_profile)
|
||
|
|
- aa_change_task_context(task, new_cxt, profile, 0, NULL);
|
||
|
|
+ aa_change_task_context(current, new_cxt, profile, 0, NULL);
|
||
|
|
else
|
||
|
|
- aa_change_task_context(task, new_cxt, profile, cookie,
|
||
|
|
+ aa_change_task_context(current, new_cxt, profile, cookie,
|
||
|
|
previous_profile);
|
||
|
|
|
||
|
|
out:
|
||
|
|
- if (aa_task_context(task) != new_cxt)
|
||
|
|
+ if (aa_task_context(current) != new_cxt)
|
||
|
|
aa_free_task_context(new_cxt);
|
||
|
|
- unlock_task_and_profiles(task, cxt, profile);
|
||
|
|
+ unlock_task_and_profiles(current, cxt, profile);
|
||
|
|
aa_put_profile(profile);
|
||
|
|
return error;
|
||
|
|
}
|
||
|
|
@@ -1037,11 +1036,10 @@ int aa_change_profile(const char *name,
|
||
|
|
mutex_unlock(&aa_interface_lock);
|
||
|
|
return -EACCES;
|
||
|
|
}
|
||
|
|
- error = do_change_profile(current, name, cookie, 0, &sa);
|
||
|
|
+ error = do_change_profile(name, cookie, 0, &sa);
|
||
|
|
} else {
|
||
|
|
if (cxt->previous_profile)
|
||
|
|
- error = do_change_profile(current,
|
||
|
|
- cxt->previous_profile->name,
|
||
|
|
+ error = do_change_profile(cxt->previous_profile->name,
|
||
|
|
cookie, 1, &sa);
|
||
|
|
/* else
|
||
|
|
* Ignore change_profile to restore_previous profile when
|
||
|
|
@@ -1099,12 +1097,11 @@ int aa_change_hat(const char *hat_name,
|
||
|
|
return -ENOMEM;
|
||
|
|
}
|
||
|
|
sprintf(name, "%s//%s", profile_name, hat_name);
|
||
|
|
- error = do_change_profile(current, name, cookie, 0, &sa);
|
||
|
|
+ error = do_change_profile(name, cookie, 0, &sa);
|
||
|
|
kfree(name);
|
||
|
|
} else {
|
||
|
|
if (cxt->previous_profile)
|
||
|
|
- error = do_change_profile(current,
|
||
|
|
- cxt->previous_profile->name,
|
||
|
|
+ error = do_change_profile(cxt->previous_profile->name,
|
||
|
|
cookie, 1, &sa);
|
||
|
|
/* else
|
||
|
|
* Ignore change_hat to restore profile when there is
|