mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

parser: place perm on name as well as name && label combination

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2022-03-27 21:19:33 -07:00
committed by Georgia Garcia
parent 1aa474b25c
commit 6e74b7957b
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
parser/mqueue.cc
View File

@@ -191,7 +191,7 @@ int mqueue_rule::gen_policy_re(Profile &prof)
if (qtype == mqueue_posix && !features_supports_posix_mqueue) { if (qtype == mqueue_posix && !features_supports_posix_mqueue) {
warn_once(prof.name); warn_once(prof.name);
// return RULE_NOT_SUPPORTED; return RULE_NOT_SUPPORTED;
} else if (qtype == mqueue_sysv && !features_supports_sysv_mqueue) { } else if (qtype == mqueue_sysv && !features_supports_sysv_mqueue) {
warn_once(prof.name); warn_once(prof.name);
// return RULE_NOT_SUPPORTED; // return RULE_NOT_SUPPORTED;
@@ -231,8 +231,13 @@ int mqueue_rule::gen_policy_re(Profile &prof)
} }
if (mode & AA_VALID_POSIX_MQ_PERMS) { if (mode & AA_VALID_POSIX_MQ_PERMS) {
if (!prof.policy.rules->add_rule_vec(deny, mode, audit, size, vec, /* store perms at name match so label doesn't need
dfaflags, false)) * to be checked
*/
if (!label && !prof.policy.rules->add_rule_vec(deny, mode, audit, 1, vec, dfaflags, false))
goto fail;
/* also provide label match with perm */
if (!prof.policy.rules->add_rule_vec(deny, mode, audit, size, vec, dfaflags, false))
goto fail; goto fail;
} }
} }